Fix for CVE-2976 + add CVE checker (opensearch-project#624)

* Fix for CVE-2976 + add CVE checker Signed-off-by: Omar Khasawneh <okhasawn@amazon.com> * Updated Changelog Signed-off-by: Omar Khasawneh <okhasawn@amazon.com> --------- Signed-off-by: Omar Khasawneh <okhasawn@amazon.com>
VachaShah · Sep 15, 2023 · d09bb4e · d09bb4e
1 parent 86b6988
commit d09bb4e
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -43,6 +43,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Fixed
  - [BUG] JarHell caused by latest software.amazon.awssdk 2.20.141 ([#616](https://github.com/opensearch-project/opensearch-java/pull/616))
 - Don't over-allocate in HeapBufferedAsyncEntityConsumer in order to consume the response ([#620](https://github.com/opensearch-project/opensearch-java/pull/620))
+- Fixed CVE-2976 + added CVE checker ([#624](https://github.com/opensearch-project/opensearch-java/pull/624))
 
 ### Security
 

diff --git a/java-client/build.gradle.kts b/java-client/build.gradle.kts
@@ -52,8 +52,10 @@ plugins {
     checkstyle
     `maven-publish`
     id("com.github.jk1.dependency-license-report") version "2.5"
+    id("org.owasp.dependencycheck") version "8.4.0"
 }
 apply(plugin = "opensearch.repositories")
+apply(plugin = "org.owasp.dependencycheck")
 
 configurations {
     all {
@@ -62,7 +64,7 @@ configurations {
 }
 
 checkstyle {
-    toolVersion = "10.0"
+    toolVersion = "10.12.3"
 }
 
 java {