[CVE-2023] fix multiple CVE issues (#519)

* [CVE-2023] fix multiple cve issues Signed-off-by: Chenyang Ji <[email protected]> * remove checkstyle Signed-off-by: Chenyang Ji <[email protected]> --------- Signed-off-by: Chenyang Ji <[email protected]>
opensearch-project · Aug 4, 2023 · 741fd94 · 741fd94
1 parent d28290a
commit 741fd94
Show file tree

Hide file tree

Showing 50 changed files with 27 additions and 309 deletions.
diff --git a/build.gradle b/build.gradle
@@ -29,16 +29,9 @@ plugins {
     id 'com.github.spotbugs' version '4.8.0'
     id 'jacoco'
     id 'com.diffplug.spotless' version '5.11.0'
-    id 'checkstyle'
-}
-
-checkstyle {
-    toolVersion = '9.3'
-    configFile file("checkstyle/checkstyle.xml")
 }
 
 spotbugsMain {
-    excludeFilter = file("checkstyle/findbugs-exclude.xml")
     effort = 'max'
     ignoreFailures = true
 
@@ -205,9 +198,6 @@ jacocoTestCoverageVerification {
 // to run coverage verification during the build (and fail when appropriate)
 check.dependsOn jacocoTestCoverageVerification
 
-checkstyleMain.enabled = false
-checkstyleTest.enabled = false
-
 dependencies {
     if (JavaVersion.current() <= JavaVersion.VERSION_1_8) {
         compile files("${System.properties['java.home']}/../lib/tools.jar")
@@ -240,13 +230,13 @@ dependencies {
         }
     }
 
-    compile('com.google.guava:guava:30.1-jre') {
+    compile('com.google.guava:guava:32.0.1-jre') {
         force = 'true'
     }
     compile 'org.jooq:jooq:3.10.8'
     compile 'org.apache.commons:commons-lang3:3.9'
-    compile 'org.bouncycastle:bcprov-jdk15on:1.70'
-    compile 'org.bouncycastle:bcpkix-jdk15on:1.70'
+    compile 'org.bouncycastle:bcprov-jdk15to18:1.74'
+    compile 'org.bouncycastle:bcpkix-jdk15to18:1.74'
     compile "org.opensearch:performanceanalyzer-rca:${version}"
     compile "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"
     compile "com.fasterxml.jackson.core:jackson-databind:${jacksonDataBindVersion}"

diff --git a/checkstyle/checkstyle.xml b/checkstyle/checkstyle.xml
diff --git a/checkstyle/findbugs-exclude.xml b/checkstyle/findbugs-exclude.xml
diff --git a/licenses/bcpkix-jdk15on-1.70.jar.sha1 b/licenses/bcpkix-jdk15on-1.70.jar.sha1
diff --git a/licenses/bcpkix-jdk15to18-1.74.jar.sha1 b/licenses/bcpkix-jdk15to18-1.74.jar.sha1
@@ -0,0 +1 @@
+a29da9d05899555ecc567a3b4ffb03fe656d6084
diff --git a/licenses/bcprov-jdk15on-1.70.jar.sha1 b/licenses/bcprov-jdk15on-1.70.jar.sha1
diff --git a/licenses/bcprov-jdk15to18-1.74.jar.sha1 b/licenses/bcprov-jdk15to18-1.74.jar.sha1
@@ -0,0 +1 @@
+b1a91d0d102042e4ec02084384e1b52b73f125ab
diff --git a/licenses/bcutil-jdk15on-1.70.jar.sha1 b/licenses/bcutil-jdk15on-1.70.jar.sha1
diff --git a/licenses/bcutil-jdk15to18-1.74.jar.sha1 b/licenses/bcutil-jdk15to18-1.74.jar.sha1
@@ -0,0 +1 @@
+d5596e3018ae86eb72b7e3deefcdf096f173d0d3
diff --git a/licenses/checker-qual-3.33.0.jar.sha1 b/licenses/checker-qual-3.33.0.jar.sha1
@@ -0,0 +1 @@
+de2b60b62da487644fc11f734e73c8b0b431238f
diff --git a/licenses/checker-qual-3.5.0.jar.sha1 b/licenses/checker-qual-3.5.0.jar.sha1
diff --git a/licenses/commons-lang3-3.12.0.jar.sha1 b/licenses/commons-lang3-3.12.0.jar.sha1
@@ -0,0 +1 @@
+c6842c86792ff03b9f1d1fe2aab8dc23aa6c6f0e
diff --git a/licenses/commons-lang3-3.9.jar.sha1 b/licenses/commons-lang3-3.9.jar.sha1
diff --git a/licenses/guava-30.1-jre.jar.sha1 b/licenses/guava-30.1-jre.jar.sha1
diff --git a/licenses/guava-32.0.1-jre.jar.sha1 b/licenses/guava-32.0.1-jre.jar.sha1
@@ -0,0 +1 @@
+6e5d51a72d142f2d40a57dfb897188b36a95b489
diff --git a/licenses/j2objc-annotations-1.3.jar.sha1 b/licenses/j2objc-annotations-1.3.jar.sha1
diff --git a/licenses/j2objc-annotations-2.8.jar.sha1 b/licenses/j2objc-annotations-2.8.jar.sha1
@@ -0,0 +1 @@
+c85270e307e7b822f1086b93689124b89768e273
diff --git a/licenses/jackson-annotations-2.14.1.jar.sha1 b/licenses/jackson-annotations-2.14.1.jar.sha1
diff --git a/licenses/jackson-annotations-2.14.2.jar.sha1 b/licenses/jackson-annotations-2.14.2.jar.sha1
@@ -0,0 +1 @@
+a7aae9525864930723e3453ab799521fdfd9d873
diff --git a/licenses/jackson-databind-2.14.1.jar.sha1 b/licenses/jackson-databind-2.14.1.jar.sha1
diff --git a/licenses/jackson-databind-2.14.2.jar.sha1 b/licenses/jackson-databind-2.14.2.jar.sha1
@@ -0,0 +1 @@
+01e71fddbc80bb86f71a6345ac1e8ab8a00e7134
diff --git a/licenses/jackson-module-paranamer-2.14.1.jar.sha1 b/licenses/jackson-module-paranamer-2.14.1.jar.sha1
diff --git a/licenses/jackson-module-paranamer-2.14.2.jar.sha1 b/licenses/jackson-module-paranamer-2.14.2.jar.sha1
@@ -0,0 +1 @@
+1258e1272442006d5bf67331a3701d6d768bafcb
diff --git a/licenses/netty-buffer-4.1.84.Final.jar.sha1 b/licenses/netty-buffer-4.1.84.Final.jar.sha1
diff --git a/licenses/netty-buffer-4.1.96.Final.jar.sha1 b/licenses/netty-buffer-4.1.96.Final.jar.sha1
@@ -0,0 +1 @@
+4b80fffbe77485b457bf844289bf1801f61b9e91
diff --git a/licenses/netty-codec-4.1.84.Final.jar.sha1 b/licenses/netty-codec-4.1.84.Final.jar.sha1
diff --git a/licenses/netty-codec-4.1.96.Final.jar.sha1 b/licenses/netty-codec-4.1.96.Final.jar.sha1
@@ -0,0 +1 @@
+9cfe430f8b14e7ba86969d8e1126aa0aae4d18f0
diff --git a/licenses/netty-codec-http-4.1.84.Final.jar.sha1 b/licenses/netty-codec-http-4.1.84.Final.jar.sha1
diff --git a/licenses/netty-codec-http-4.1.96.Final.jar.sha1 b/licenses/netty-codec-http-4.1.96.Final.jar.sha1
@@ -0,0 +1 @@
+a4d0d95df5026965c454902ef3d6d84b81f89626
diff --git a/licenses/netty-codec-http2-4.1.84.Final.jar.sha1 b/licenses/netty-codec-http2-4.1.84.Final.jar.sha1