moved the pinning to the core gradle file where the commons-validator dependency is present (#1892)

Signed-off-by: Amardeepsingh Siglani <[email protected]>

Author: amsiglan

alerting/build.gradle

@@ -105,8 +105,6 @@ configurations.all {
         force "commons-logging:commons-logging:${versions.commonslogging}"
         // force the version until OpenSearch upgrade to an invulnerable one, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379
         force "commons-codec:commons-codec:1.13"
-        // force commons-beanutils to a non-vulnerable version
-        force "commons-beanutils:commons-beanutils:1.11.0"
 
         force "org.slf4j:slf4j-api:${versions.slf4j}" //Needed for http5
 

core/build.gradle

@@ -8,6 +8,15 @@ apply plugin: 'opensearch.java-rest-test'
 apply plugin: 'org.jetbrains.kotlin.jvm'
 apply plugin: 'jacoco'
 
+configurations{
+    all {
+        resolutionStrategy {
+            // force commons-beanutils to a non-vulnerable version
+            force "commons-beanutils:commons-beanutils:1.11.0"
+        }
+    }
+}
+
 dependencies {
     compileOnly "org.opensearch:opensearch:${opensearch_version}"
     implementation "org.jetbrains.kotlin:kotlin-stdlib:${kotlin_version}"