[Backport 2.x] Force newer version of Eclipse core transitive depende…

…ncy (resolves CVE-2023-4218) (opensearch-project#3739) Backport b72a9cf from opensearch-project#3737. Signed-off-by: Daniel Widdis <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
peternied · Nov 17, 2023 · 84ae193 · 84ae193
1 parent b7df32d
commit 84ae193
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/.github/workflows/code-hygiene.yml b/.github/workflows/code-hygiene.yml
@@ -22,7 +22,7 @@ jobs:
       - uses: actions/setup-java@v3
         with:
           distribution: temurin # Temurin is a distribution of adoptium
-          java-version: 11
+          java-version: 17
 
       - uses: gradle/gradle-build-action@v2
         with:

diff --git a/build.gradle b/build.gradle
@@ -491,6 +491,9 @@ configurations {
             // for spotbugs dependency conflict
             force "org.apache.commons:commons-lang3:${versions.commonslang}"
 
+            // for spotless transitive dependency CVE
+            force "org.eclipse.platform:org.eclipse.core.runtime:3.29.0"
+
             // For integrationTest
             force "org.apache.httpcomponents:httpclient-cache:4.5.13"
             force "org.apache.httpcomponents:httpclient:4.5.13"