CVE fixes for v1.3.13 release (#488)

* Address CVE-2023-32731, CVE-2023-1428

Signed-off-by: Khushboo Rajput <[email protected]>

* Address CVE-2023-32732 update gRPC netty and protobuf dependency version

Signed-off-by: Khushboo Rajput <[email protected]>

* Update gson to v2.10.1

Signed-off-by: Khushboo Rajput <[email protected]>

---------

Signed-off-by: Khushboo Rajput <[email protected]>

build.gradle

@@ -182,15 +182,15 @@ jacocoTestCoverageVerification {
                 }
             }
         }
-    } 
+    }
     else {
         violationRules {
             rule {
                 limit {
                     minimum = 0.7
                 }
             }
-        }    
+        }
     }
 }
 
@@ -327,7 +327,7 @@ dependencies {
     compile 'org.bouncycastle:bcpkix-jdk15to18:1.74'
     compile 'org.xerial:sqlite-jdbc:3.41.2.2'
     compile 'com.google.guava:guava:32.0.1-jre'
-    compile 'com.google.code.gson:gson:2.9.0'
+    compile 'com.google.code.gson:gson:2.10.1'
     compile 'org.checkerframework:checker-qual:3.33.0'
     compile "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"
     compile "com.fasterxml.jackson.core:jackson-databind:${jacksonDataBindVersion}"
@@ -337,9 +337,9 @@ dependencies {
     compile group: 'commons-io', name: 'commons-io', version: '2.7'
     compile group: 'com.google.errorprone', name: 'error_prone_annotations', version: '2.9.0'
     compile group: 'com.google.protobuf', name: 'protobuf-java', version: '3.21.8'
-    implementation 'io.grpc:grpc-netty:1.49.0'
-    implementation 'io.grpc:grpc-protobuf:1.49.0'
-    implementation 'io.grpc:grpc-stub:1.49.0'
+    implementation 'io.grpc:grpc-netty:1.56.0'
+    implementation 'io.grpc:grpc-protobuf:1.56.0'
+    implementation 'io.grpc:grpc-stub:1.56.0'
 
     implementation 'javax.annotation:javax.annotation-api:1.3.2'
     implementation("io.netty:netty-transport-native-unix-common:${nettyVersion}") {

src/main/java/org/opensearch/performanceanalyzer/decisionmaker/deciders/CacheHealthDecider.java

@@ -78,8 +78,7 @@ public Decision operate() {
 
         for (final ResourceEnum cacheType : modifyCacheActionPriorityList) {
             BaseClusterRca baseClusterRcaMap = cacheTypeBaseClusterRcaMap.get(cacheType);
-            if (baseClusterRcaMap == null)
-                continue;
+            if (baseClusterRcaMap == null) continue;
             getActionsFromRca(baseClusterRcaMap, impactedNodes).forEach(decision::addAction);
         }
         return decision;