opensearch-project · dlvenable · Jul 30, 2025 · Jul 30, 2025
@@ -47,7 +47,7 @@ allprojects {
     }
 
     checkstyle {
-        toolVersion = '10.12.3'
+        toolVersion = '10.26.1'
     }
 }
 
@@ -147,9 +147,9 @@ subprojects {
             }
             implementation('net.minidev:json-smart') {
                 version {
-                    require '2.5.0'
+                    require '2.5.2'
                 }
-                because 'CVE from transitive dependencies'
+                because 'CVE from transitive dependencies, including CVE-2024-57699'
             }
             implementation('org.jetbrains.kotlin:kotlin-stdlib') {
                 version {
@@ -217,18 +217,24 @@ subprojects {
                 }
                 because 'CVE-2024-25710, CVE-2024-26308'
             }
+            implementation('commons-beanutils:commons-beanutils') {
+                version {
+                    require '1.11.0'
+                }
+                because 'CVE-2025-48734'
+            }
         }
     }
 
     configurations.all {
         resolutionStrategy.eachDependency { def details ->
             if (details.requested.group == 'io.netty') {
                 if (details.requested.name == 'netty') {
-                    details.useTarget group: 'io.netty', name: 'netty-all', version: '4.1.108.Final'
-                    details.because 'Fixes CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
+                    details.useTarget group: 'io.netty', name: 'netty-all', version: '4.1.123.Final'
+                    details.because 'Fixes CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
                 } else if (!details.requested.name.startsWith('netty-tcnative')) {
-                    details.useVersion '4.1.108.Final'
-                    details.because 'Fixes CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
+                    details.useVersion '4.1.123.Final'
+                    details.because 'Fixes CVE-2025-24970, CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.'
                 }
             } else if (details.requested.group == 'log4j' && details.requested.name == 'log4j') {
                 details.useTarget group: 'org.apache.logging.log4j', name: 'log4j-1.2-api', version: '2.17.1'

@@ -32,16 +32,16 @@ dependencies {
     implementation project(':data-prepper-plugins:encryption-plugin')
     // bump io.confluent:* dependencies correspondingly when bumping org.apache.kafka.*
     // https://docs.confluent.io/platform/current/release-notes/index.html
-    implementation 'org.apache.kafka:kafka-clients:3.6.1'
-    implementation 'org.apache.kafka:connect-json:3.6.1'
+    implementation 'org.apache.kafka:kafka-clients:3.9.1'
+    implementation 'org.apache.kafka:connect-json:3.9.1'
     implementation project(':data-prepper-plugins:http-common')
     implementation libs.avro.core
     implementation 'com.fasterxml.jackson.core:jackson-databind'
     implementation 'io.micrometer:micrometer-core'
     implementation libs.commons.lang3
-    implementation 'io.confluent:kafka-avro-serializer:7.6.0'
-    implementation 'io.confluent:kafka-json-schema-serializer:7.6.0'
-    implementation 'io.confluent:kafka-schema-registry-client:7.6.0'
+    implementation 'io.confluent:kafka-avro-serializer:7.9.1'
+    implementation 'io.confluent:kafka-json-schema-serializer:7.9.1'
+    implementation 'io.confluent:kafka-schema-registry-client:7.9.1'
     implementation 'software.amazon.awssdk:sts'
     implementation 'software.amazon.awssdk:auth'
     implementation 'software.amazon.awssdk:kafka'
@@ -77,8 +77,8 @@ dependencies {
     testImplementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml'
 
     integrationTestImplementation testLibs.junit.vintage
-    integrationTestImplementation 'io.confluent:kafka-schema-registry:7.6.0'
-    integrationTestImplementation ('io.confluent:kafka-schema-registry:7.6.0:tests') {
+    integrationTestImplementation 'io.confluent:kafka-schema-registry:7.9.1'
+    integrationTestImplementation ('io.confluent:kafka-schema-registry:7.9.1:tests') {
         exclude group: 'org.glassfish.jersey.containers', module: 'jersey-container-servlet'
         exclude group: 'org.glassfish.jersey.inject', module: 'jersey-hk2'
         exclude group: 'org.glassfish.jersey.ext', module: 'jersey-bean-validation'

@@ -8,7 +8,6 @@
 import io.confluent.kafka.schemaregistry.RestApp;
 import io.confluent.kafka.schemaregistry.avro.AvroCompatibilityLevel;
 import io.confluent.kafka.schemaregistry.rest.SchemaRegistryConfig;
-import kafka.server.KafkaConfig$;
 import org.junit.rules.ExternalResource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -58,8 +57,6 @@ public void start() throws Exception {
         log.debug("ZooKeeper instance is running at {}", zookeeper.connectString());
 
         final Properties effectiveBrokerConfig = effectiveBrokerConfigFrom(brokerConfig, zookeeper);
-        log.debug("Starting a Kafka instance on  ...",
-                effectiveBrokerConfig.getProperty(KafkaConfig$.MODULE$.ZkConnectDoc()));
         broker = new EmbeddedKafkaServer(effectiveBrokerConfig);
         log.debug("Kafka instance is running at {}, connected to ZooKeeper at {}",
                 broker.brokerList(), broker.zookeeperConnect());
@@ -80,15 +77,6 @@ public void start() throws Exception {
     private Properties effectiveBrokerConfigFrom(final Properties brokerConfig, final EmbeddedZooKeeperServer zookeeper) {
         final Properties effectiveConfig = new Properties();
         effectiveConfig.putAll(brokerConfig);
-        effectiveConfig.put(KafkaConfig$.MODULE$.ZkConnectProp(), zookeeper.connectString());
-        effectiveConfig.put(KafkaConfig$.MODULE$.ZkSessionTimeoutMsProp(), 30 * 1000);
-        effectiveConfig.put(KafkaConfig$.MODULE$.ZkConnectionTimeoutMsProp(), 60 * 1000);
-        effectiveConfig.put(KafkaConfig$.MODULE$.DeleteTopicEnableProp(), true);
-        effectiveConfig.put(KafkaConfig$.MODULE$.LogCleanerDedupeBufferSizeProp(), 2 * 1024 * 1024L);
-        effectiveConfig.put(KafkaConfig$.MODULE$.GroupMinSessionTimeoutMsProp(), 0);
-        effectiveConfig.put(KafkaConfig$.MODULE$.OffsetsTopicReplicationFactorProp(), (short) 1);
-        effectiveConfig.put(KafkaConfig$.MODULE$.OffsetsTopicPartitionsProp(), 1);
-        effectiveConfig.put(KafkaConfig$.MODULE$.AutoCreateTopicsEnableProp(), true);
         return effectiveConfig;
     }
 

@@ -7,7 +7,6 @@
 
 
 import kafka.server.KafkaConfig;
-import kafka.server.KafkaConfig$;
 import kafka.server.KafkaServer;
 import kafka.utils.TestUtils;
 import org.apache.kafka.clients.admin.AdminClient;
@@ -61,19 +60,13 @@ public EmbeddedKafkaServer(final Properties config) throws IOException {
 
     private Properties effectiveConfigFrom(final Properties initialConfig) throws IOException {
         final Properties effectiveConfig = new Properties();
-        effectiveConfig.put(KafkaConfig$.MODULE$.BrokerIdProp(), 1);
-        effectiveConfig.put(KafkaConfig$.MODULE$.NumPartitionsProp(), 1);
-        effectiveConfig.put(KafkaConfig$.MODULE$.AutoCreateTopicsEnableProp(), true);
-        effectiveConfig.put(KafkaConfig$.MODULE$.MessageMaxBytesProp(), 1000000);
-        effectiveConfig.put(KafkaConfig$.MODULE$.ControlledShutdownEnableProp(), true);
 
         effectiveConfig.putAll(initialConfig);
-        effectiveConfig.setProperty(KafkaConfig$.MODULE$.LogDirProp(), logDir.getAbsolutePath());
         return effectiveConfig;
     }
 
     public String brokerList() {
-        return kafka.config().zkConnect();
+        return "";
     }
 
 

@@ -61,7 +61,7 @@ dependencyResolutionManagement {
             library('commons-io', 'commons-io', 'commons-io').version('2.15.1')
             library('commons-codec', 'commons-codec', 'commons-codec').version('1.16.0')
             library('commons-compress', 'org.apache.commons', 'commons-compress').version('1.24.0')
-            version('parquet', '1.15.1')
+            version('parquet', '1.15.2')
             library('parquet-common', 'org.apache.parquet', 'parquet-common').versionRef('parquet')
             library('parquet-avro', 'org.apache.parquet', 'parquet-avro').versionRef('parquet')
             library('parquet-column', 'org.apache.parquet', 'parquet-column').versionRef('parquet')