Skip to content

upgrade dependencies to make it compatible with AD #4412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: feature/mcorr
Choose a base branch
from
Open

upgrade dependencies to make it compatible with AD #4412

wants to merge 1 commit into from
+6 −3

Conversation

@jackiehanyang
Copy link
Collaborator

@jackiehanyang jackiehanyang commented Nov 11, 2025

Description

In AD Detection Insights feature, we're calling ml-commons metrics correlation algorithm from AD which adds ml-commons as a runtime dependency. So making some dependency updates to make AD and ml-commons run in the same JVM runtime inside that container and communicate via transport actions.

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@jackiehanyang jackiehanyang had a problem deploying to ml-commons-cicd-env-require-approval November 11, 2025 20:10 — with GitHub Actions Error
@jackiehanyang jackiehanyang had a problem deploying to ml-commons-cicd-env-require-approval November 11, 2025 20:10 — with GitHub Actions Failure
@jackiehanyang jackiehanyang had a problem deploying to ml-commons-cicd-env-require-approval November 11, 2025 20:10 — with GitHub Actions Error
@jackiehanyang jackiehanyang had a problem deploying to ml-commons-cicd-env-require-approval November 11, 2025 20:10 — with GitHub Actions Failure
dhrubo-os
dhrubo-os reviewed Nov 11, 2025
View reviewed changes
build.gradle
configurations.all {
// Force spotless depending on newer version of guava due to CVE-2023-2976. Remove after spotless upgrades.
resolutionStrategy.force "com.google.guava:guava:32.1.3-jre"
resolutionStrategy.force "com.google.guava:guava:33.4.5-jre"
Copy link
Collaborator

@dhrubo-os dhrubo-os Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May be both plugins can take version from core: https://github.com/opensearch-project/OpenSearch/blob/main/gradle/libs.versions.toml#L23 ?

Copy link
Collaborator Author

@jackiehanyang jackiehanyang Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, AD needs it for a resource permission related change from security plugin side - opensearch-project/anomaly-detection@ee8e38d They are planning to make this change for all plugins just AD is the first one onboarded

rithin-pullela-aws
rithin-pullela-aws approved these changes Nov 28, 2025
View reviewed changes
build.gradle
configurations.all {
// Force spotless depending on newer version of guava due to CVE-2023-2976. Remove after spotless upgrades.
resolutionStrategy.force "com.google.guava:guava:32.1.3-jre"
resolutionStrategy.force "com.google.guava:guava:33.4.5-jre"
Copy link
Contributor

@rithin-pullela-aws rithin-pullela-aws Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT:
We are forcing the newer version in the root module, but looks like other modules still declare older versions 32.1.3
Should we change it in all the packages as well? This would be more for overall consistency since the resolutionStrategy.force in the root module would ensure all the modules use the latest version declared here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dhrubo-os dhrubo-os dhrubo-os left review comments

@b4sjoo b4sjoo Awaiting requested review from b4sjoo b4sjoo is a code owner

@mingshl mingshl Awaiting requested review from mingshl mingshl is a code owner

@jngz-es jngz-es Awaiting requested review from jngz-es jngz-es is a code owner

@model-collapse model-collapse Awaiting requested review from model-collapse model-collapse is a code owner

@rbhavna rbhavna Awaiting requested review from rbhavna rbhavna is a code owner

@ylwu-amzn ylwu-amzn Awaiting requested review from ylwu-amzn ylwu-amzn is a code owner

@zane-neo zane-neo Awaiting requested review from zane-neo zane-neo is a code owner

@Zhangxunmt Zhangxunmt Awaiting requested review from Zhangxunmt Zhangxunmt is a code owner

@austintlee austintlee Awaiting requested review from austintlee austintlee is a code owner

@HenryL27 HenryL27 Awaiting requested review from HenryL27 HenryL27 is a code owner

@sam-herman sam-herman Awaiting requested review from sam-herman sam-herman is a code owner

@xinyual xinyual Awaiting requested review from xinyual xinyual is a code owner

@pyek-bot pyek-bot Awaiting requested review from pyek-bot pyek-bot is a code owner

+1 more reviewer

@rithin-pullela-aws rithin-pullela-aws rithin-pullela-aws approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jackiehanyang @dhrubo-os @rithin-pullela-aws