From 2e4fd8df749bd2e988c2aeb881d3229b9d611506 Mon Sep 17 00:00:00 2001
From: Naveen Tatikonda <navtat@amazon.com>
Date: Mon, 27 Nov 2023 14:22:54 +0530
Subject: [PATCH] Fix Spotless Transitive Dependency and bump aiohttp to fix
 CVE

Signed-off-by: Naveen Tatikonda <navtat@amazon.com>
---
 benchmarks/osb/requirements.txt | 2 +-
 build.gradle                    | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/benchmarks/osb/requirements.txt b/benchmarks/osb/requirements.txt
index 1bf7aadbb..7d7cfcf67 100644
--- a/benchmarks/osb/requirements.txt
+++ b/benchmarks/osb/requirements.txt
@@ -4,7 +4,7 @@
 #
 #    pip-compile
 #
-aiohttp==3.8.5
+aiohttp==3.8.6
     # via opensearch-py
 aiosignal==1.2.0
     # via aiohttp
diff --git a/build.gradle b/build.gradle
index a273f86ed..6a47fa92c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -25,6 +25,11 @@ buildscript {
 
     dependencies {
         classpath "${opensearch_group}.gradle:build-tools:${opensearch_version}"
+        configurations.all {
+            resolutionStrategy {
+                force("org.eclipse.platform:org.eclipse.core.runtime:3.29.0") // for spotless transitive dependency CVE (for 3.26.100)
+            }
+        }
     }
 }