From 06f01f1d9284b1898a020836caa7dfb25e91bf75 Mon Sep 17 00:00:00 2001
From: Eric Wei <menwe@amazon.com>
Date: Wed, 4 Dec 2024 09:49:30 -0800
Subject: [PATCH] [CVE] Address CVE-2023-6378 issue (#1053)

Signed-off-by: Eric <menwe@amazon.com>
---
 .../reports-scheduler-test-and-build-workflow.yml          | 2 +-
 build.gradle                                               | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/reports-scheduler-test-and-build-workflow.yml b/.github/workflows/reports-scheduler-test-and-build-workflow.yml
index 3c290177..2440671e 100644
--- a/.github/workflows/reports-scheduler-test-and-build-workflow.yml
+++ b/.github/workflows/reports-scheduler-test-and-build-workflow.yml
@@ -3,7 +3,7 @@ name: Test and Build Reports Scheduler
 on: [push, pull_request]
 
 env:
-  OPENSEARCH_VERSION: '1.3.5-SNAPSHOT'
+  OPENSEARCH_VERSION: '1.3.20-SNAPSHOT'
 
 jobs:
   linux-build:
diff --git a/build.gradle b/build.gradle
index 9f79707e..3f0d0fa2 100644
--- a/build.gradle
+++ b/build.gradle
@@ -146,7 +146,12 @@ dependencies {
     testCompile "org.mockito:mockito-core:3.12.4"
     testCompile 'com.google.code.gson:gson:2.8.9'
 
-    ktlint "com.pinterest:ktlint:0.45.1"
+    add("ktlint", "com.pinterest:ktlint:0.45.1") {
+        exclude group: "ch.qos.logback", module: "logback-classic"
+        exclude group: "ch.qos.logback", module: "logback-core"
+    }
+    add("ktlint", "ch.qos.logback:logback-core:1.2.13")
+    add("ktlint", "ch.qos.logback:logback-classic:1.2.13")
 }
 
 javadoc.enabled = false // turn off javadoc as it barfs on Kotlin code