backport: Address CVE-2022-42889 by updating commons-text (#520)

Signed-off-by: Xun Zhang <[email protected]>
opensearch-project · Nov 3, 2022 · e8a5abf · e8a5abf
1 parent 6286341
commit e8a5abf
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/ml-algorithms/build.gradle b/ml-algorithms/build.gradle
@@ -30,6 +30,7 @@ dependencies {
     testCompile group: 'junit', name: 'junit', version: '4.12'
     testImplementation group: 'org.mockito', name: 'mockito-core', version: '3.9.0'
     testImplementation group: 'org.mockito', name: 'mockito-inline', version: '3.9.0'
+    implementation group: 'org.apache.commons', name: 'commons-text', version: '1.10.0'
 }
 
 jacocoTestReport {

diff --git a/plugin/build.gradle b/plugin/build.gradle
@@ -47,6 +47,7 @@ dependencies {
     compile("com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}")
     implementation group: 'com.google.guava', name: 'guava', version: '31.0.1-jre'
     implementation group: 'com.google.code.gson', name: 'gson', version: '2.9.0'
+    implementation group: 'org.apache.commons', name: 'commons-text', version: '1.10.0'
 
     checkstyle "com.puppycrawl.tools:checkstyle:${project.checkstyle.toolVersion}"
 }
@@ -253,6 +254,7 @@ configurations.all {
     resolutionStrategy.force 'junit:junit:4.12'
     resolutionStrategy.force 'org.apache.commons:commons-lang3:3.10'
     resolutionStrategy.force 'commons-logging:commons-logging:1.2'
+    resolutionStrategy.force 'org.apache.commons:commons-text:1.10.0'
     // Resolve conflict with org.opensearch:opensearch:1.3.4-SNAPSHOT which using 2.13.2
     // resolutionStrategy.force 'com.fasterxml.jackson.core:jackson-databind:2.13.2.2'
 }