From 2e863d13c15f26b7e03a92fde0c9b7082142c75d Mon Sep 17 00:00:00 2001
From: Martin Gaievski <gaievski@amazon.com>
Date: Wed, 6 Dec 2023 09:29:00 -0800
Subject: [PATCH] Upversion all dependencies in hope of fixing CVEs

Signed-off-by: Martin Gaievski <gaievski@amazon.com>
---
 CHANGELOG.md | 2 +-
 build.gradle | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4d5068e8b..3f02272c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,7 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Infrastructure
 ### Documentation
 ### Maintenance
-Added support for jdk-21 ([#500](https://github.com/opensearch-project/neural-search/pull/500)))
+- Added support for jdk-21 ([#500](https://github.com/opensearch-project/neural-search/pull/500)))
 ### Refactoring
 
 ## [Unreleased 2.x](https://github.com/opensearch-project/neural-search/compare/2.11...2.x)
diff --git a/build.gradle b/build.gradle
index 7ee6faa07..f740c264c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -144,14 +144,14 @@ dependencies {
     zipArchive group: 'org.opensearch.plugin', name:'opensearch-ml-plugin', version: "${opensearch_build}"
     compileOnly fileTree(dir: knnJarDirectory, include: '*.jar')
     api group: 'org.opensearch', name:'opensearch-ml-client', version: "${opensearch_build}"
-    implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.10'
+    implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.14.0'
     // ml-common excluded reflection for runtime so we need to add it by ourselves.
     // https://github.com/opensearch-project/ml-commons/commit/464bfe34c66d7a729a00dd457f03587ea4e504d9
     // TODO: Remove following three lines of dependencies if ml-common include them in their jar
-    runtimeOnly group: 'org.reflections', name: 'reflections', version: '0.9.12'
+    runtimeOnly group: 'org.reflections', name: 'reflections', version: '0.10.2'
     runtimeOnly group: 'org.javassist', name: 'javassist', version: '3.29.2-GA'
     runtimeOnly group: 'org.opensearch', name: 'common-utils', version: "${opensearch_build}"
-    runtimeOnly group: 'org.apache.commons', name: 'commons-text', version: '1.10.0'
+    runtimeOnly group: 'org.apache.commons', name: 'commons-text', version: '1.11.0'
     runtimeOnly group: 'com.google.code.gson', name: 'gson', version: '2.10.1'
     runtimeOnly group: 'org.json', name: 'json', version: '20231013'
 }