force runtime class path commons-beanutils:commons-beanutils:1.11.0 to avoid transitive dependency (opensearch-project#3935) (opensearch-project#3995)

brianf-aws · web-flow · commit 74a13e81bd8d · 2025-07-18T14:01:37.000-07:00
(cherry picked from commit ab5f064) Signed-off-by: Brian Flores <iflorbri@amazon.com>
diff --git a/ml-algorithms/build.gradle b/ml-algorithms/build.gradle
@@ -104,7 +104,6 @@ configurations.all {
     resolutionStrategy.force 'commons-beanutils:commons-beanutils:1.11.0'
 }
 
-
 jacocoTestReport {
     reports {
         xml.getRequired().set(true)
diff --git a/plugin/build.gradle b/plugin/build.gradle
@@ -690,3 +690,12 @@ forbiddenPatterns {
     exclude '**/*.pdf'
     exclude '**/*.jpg'
 }
+
+configurations {
+    runtimeClasspath {
+        resolutionStrategy {
+            // CVE-48734: tribuo-clustering-kmeans:'4.2.1 causes a transitive dependency on beanutils:1.94
+            force 'commons-beanutils:commons-beanutils:1.11.0'
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,6 @@ configurations.all {`
`104`	`104`	`resolutionStrategy.force 'commons-beanutils:commons-beanutils:1.11.0'`
`105`	`105`	`}`
`106`	`106`
`107`		`-`
`108`	`107`	`jacocoTestReport {`
`109`	`108`	`reports {`
`110`	`109`	`xml.getRequired().set(true)`