CVE fix: beanutils (opensearch-project#4062)

* fix: cve

Signed-off-by: Pavan Yekbote <[email protected]>

* force beanutils version

Signed-off-by: Pavan Yekbote <[email protected]>

* Trigger Build

Signed-off-by: Pavan Yekbote <[email protected]>

* Trigger Build

Signed-off-by: Pavan Yekbote <[email protected]>

---------

Signed-off-by: Pavan Yekbote <[email protected]>
Co-authored-by: Dhrubo Saha <[email protected]>

Author: pyek-bot

ml-algorithms/build.gradle

@@ -54,6 +54,7 @@ dependencies {
     }
     // Multi-tenant SDK Client
     implementation "org.opensearch:opensearch-remote-metadata-sdk:${opensearch_build}"
+    implementation 'commons-beanutils:commons-beanutils:1.11.0'
 
     def os = DefaultNativePlatform.currentOperatingSystem
     //arm/macos doesn't support GPU

plugin/build.gradle

@@ -434,6 +434,7 @@ configurations.all {
     resolutionStrategy.force "org.opensearch:opensearch:${opensearch_version}"
     resolutionStrategy.force "org.bouncycastle:bcprov-jdk18on:1.78.1"
     resolutionStrategy.force 'io.projectreactor:reactor-core:3.7.0'
+    resolutionStrategy.force 'commons-beanutils:commons-beanutils:1.11.0'
 }
 
 apply plugin: 'com.netflix.nebula.ospackage'
@@ -663,12 +664,3 @@ forbiddenPatterns {
     exclude '**/*.pdf'
     exclude '**/*.jpg'
 }
-
-configurations {
-    runtimeClasspath {
-        resolutionStrategy {
-            // CVE-48734: tribuo-clustering-kmeans:'4.2.1 causes a transitive dependency on beanutils:1.94
-            force 'commons-beanutils:commons-beanutils:1.11.0'
-        }
-    }
-}