exclude <v32 version of google guava dependency from google java form…

…at and add google guava 32.0.1 to resolve CVE CVE-2023-2976 (#1094) Signed-off-by: Surya Sashank Nistala <[email protected]> (cherry picked from commit 778e7ce) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-project · Aug 17, 2023 · f1a1206 · f1a1206
1 parent abf1a7b
commit f1a1206
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/core/build.gradle b/core/build.gradle
@@ -14,7 +14,10 @@ dependencies {
     api "org.jetbrains.kotlin:kotlin-stdlib-jdk8:${kotlin_version}"
     implementation "com.cronutils:cron-utils:9.1.6"
     api "org.opensearch.client:opensearch-rest-client:${opensearch_version}"
-    implementation 'com.google.googlejavaformat:google-java-format:1.10.0'
+    implementation('com.google.googlejavaformat:google-java-format:1.10.0')  {
+        exclude group: 'com.google.guava'
+    }
+    implementation 'com.google.guava:guava:32.0.1-jre'
     api "org.opensearch:common-utils:${common_utils_version}@jar"
     implementation 'commons-validator:commons-validator:1.7'