[Backport 1.3] Fix dependencies (opensearch-project#6036)

* Upgrade snake_yaml to fix CVE Signed-off-by: Ryan Bogan <rbogan@amazon.com> * Upgrade kotlin and jetty libraries Signed-off-by: Ryan Bogan <rbogan@amazon.com> * Update CHANGELOG Signed-off-by: Ryan Bogan <rbogan@amazon.com> Signed-off-by: Ryan Bogan <rbogan@amazon.com>
reta · Jan 27, 2023 · 2ac1c13 · 2ac1c13
1 parent 1b2a48d
commit 2ac1c13
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -67,6 +67,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bump hadoop-minicluster to 3.3.4 ([#6034](https://github.com/opensearch-project/OpenSearch/pull/6034))
 - Bump aws-java-sdk to 1.12.270 ([#6035](https://github.com/opensearch-project/OpenSearch/pull/6035))
 - Bump reactor-netty-http to 1.0.24 in repository-azure ([#4880](https://github.com/opensearch-project/OpenSearch/pull/4880))
+- Upgrade jetty-http, kotlin-stdlib and snakeyaml ([#4981](https://github.com/opensearch-project/OpenSearch/pull/4981))
 
 ### Changed
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))

diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
@@ -114,6 +114,7 @@ dependencies {
   api 'com.github.jengelman.gradle.plugins:shadow:6.0.0'
   api 'de.thetaphi:forbiddenapis:3.2'
   api 'com.avast.gradle:gradle-docker-compose-plugin:0.14.12'
+  api "org.yaml:snakeyaml:${props.getProperty('snakeyaml')}"
   api 'org.apache.maven:maven-model:3.6.2'
   api 'com.networknt:json-schema-validator:1.0.36'
   api "com.fasterxml.jackson.core:jackson-databind:${props.getProperty('jackson_databind')}"

diff --git a/buildSrc/version.properties b/buildSrc/version.properties
@@ -17,6 +17,7 @@ slf4j             = 1.6.2
 jdom2             = 2.0.6.1
 jettison          = 1.5.3
 woodstox          = 6.4.0
+kotlin            = 1.7.10
 
 # when updating the JNA version, also update the version in buildSrc/build.gradle
 jna               = 5.5.0

diff --git a/test/fixtures/hdfs-fixture/build.gradle b/test/fixtures/hdfs-fixture/build.gradle
@@ -48,4 +48,6 @@ dependencies {
   api "com.fasterxml.woodstox:woodstox-core:${versions.woodstox}"
   api 'net.minidev:json-smart:2.4.8'
   api 'org.apache.zookeeper:zookeeper:3.8.0'
+  api "org.jetbrains.kotlin:kotlin-stdlib:${versions.kotlin}"
+  api 'org.eclipse.jetty:jetty-server:9.4.49.v20220914'
 }