From 88b36076d593c2a96668a73eda3143b8571eb917 Mon Sep 17 00:00:00 2001
From: Eric Wei <menwe@amazon.com>
Date: Wed, 4 Dec 2024 09:49:30 -0800
Subject: [PATCH] [CVE] Address CVE-2023-6378 issue (#1053)

Signed-off-by: Eric <menwe@amazon.com>
(cherry picked from commit 06f01f1d9284b1898a020836caa7dfb25e91bf75)
---
 .../reports-scheduler-test-and-build-workflow.yml          | 2 +-
 reports-scheduler/build.gradle                             | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/reports-scheduler-test-and-build-workflow.yml b/.github/workflows/reports-scheduler-test-and-build-workflow.yml
index 979edf98..d61805b0 100644
--- a/.github/workflows/reports-scheduler-test-and-build-workflow.yml
+++ b/.github/workflows/reports-scheduler-test-and-build-workflow.yml
@@ -3,7 +3,7 @@ name: Test and Build Reports Scheduler
 on: [push, pull_request]
 
 env:
-  OPENSEARCH_VERSION: '1.3.5-SNAPSHOT'
+  OPENSEARCH_VERSION: '1.3.20-SNAPSHOT'
 
 jobs:
   linux-build:
diff --git a/reports-scheduler/build.gradle b/reports-scheduler/build.gradle
index 974bd94c..2ee133f1 100644
--- a/reports-scheduler/build.gradle
+++ b/reports-scheduler/build.gradle
@@ -145,7 +145,12 @@ dependencies {
     testCompile "org.mockito:mockito-core:3.12.4"
     testCompile 'com.google.code.gson:gson:2.8.9'
 
-    ktlint "com.pinterest:ktlint:0.45.1"
+    add("ktlint", "com.pinterest:ktlint:0.45.1") {
+        exclude group: "ch.qos.logback", module: "logback-classic"
+        exclude group: "ch.qos.logback", module: "logback-core"
+    }
+    add("ktlint", "ch.qos.logback:logback-core:1.2.13")
+    add("ktlint", "ch.qos.logback:logback-classic:1.2.13")
 }
 
 javadoc.enabled = false // turn off javadoc as it barfs on Kotlin code