Enforce up-to-date Guava in buildSrc (#9335)

Guava is a transitive dependency of spotless via google-java-format, the version that was being pulled in has CVE-2023-2976. While this would not affect end users it causes excess alerts. Signed-off-by: Thomas Farr <[email protected]>
opensearch-project · Aug 15, 2023 · 1342578 · 1342578
1 parent 9dca96d
commit 1342578
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
@@ -135,6 +135,12 @@ dependencies {
   }
 }
 
+configurations.all {
+  resolutionStrategy {
+    force "com.google.guava:guava:${props.getProperty('guava')}"
+  }
+}
+
 /*****************************************************************************
  *                         Bootstrap repositories                            *
  *****************************************************************************/