Force version of logback-core and logback-classic to 1.2.13

[mch2]

Description

hdfs-fixture has more vulnerable dependencies brought in from hadoop-minicluster. This time logback-core and logback-classic - https://nvd.nist.gov/vuln/detail/CVE-2023-6378.

This forces the version to 1.2.13 to resolve the CVE.

Related Issues

Resolves https://nvd.nist.gov/vuln/detail/CVE-2023-6378

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
• Commits are signed per the DCO using --signoff
• Commit changes are listed out in CHANGELOG.md file (See: Changelog)
• Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

Compatibility status:

Checks if related components are compatible with change 574bb9d

Incompatible components

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/sql.git]

[github-actions]

❌ Gradle check result for 574bb9d: null

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❕ Gradle check result for 96cf53b: UNSTABLE

• TEST FAILURES:

      1 org.opensearch.remotestore.RemoteIndexPrimaryRelocationIT.testPrimaryRelocationWhileIndexing

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (effc9bc) 71.46% compared to head (96cf53b) 71.25%.
Report is 6 commits behind head on main.

❗ Current head 96cf53b differs from pull request most recent head 574bb9d. Consider uploading reports for the commit 574bb9d to get more accurate results

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #11521      +/-   ##
============================================
- Coverage     71.46%   71.25%   -0.21%     
+ Complexity    59176    59058     -118     
============================================
  Files          4903     4903              
  Lines        277987   277990       +3     
  Branches      40382    40383       +1     
============================================
- Hits         198662   198091     -571     
- Misses        62805    63422     +617     
+ Partials      16520    16477      -43     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mch2]

Gc passes here though reported as a failure

[opensearch-trigger-bot]

The backport to 1.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-1.x 1.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-1.x
# Create a new branch
git switch --create backport/backport-11521-to-1.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 c1b3a731013cee38d43ee6b02b7f97b4978246f6
# Push it to GitHub
git push --set-upstream origin backport/backport-11521-to-1.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-1.x

Then, create a pull request where the base branch is 1.x and the compare/head branch is backport/backport-11521-to-1.x.

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.x
# Create a new branch
git switch --create backport/backport-11521-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 c1b3a731013cee38d43ee6b02b7f97b4978246f6
# Push it to GitHub
git push --set-upstream origin backport/backport-11521-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-11521-to-2.x.