Move HttpClientFactory to common to expose to other components #4175
+84
−60
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zane-neo
requested review from
HenryL27,
Zhangxunmt,
austintlee,
b4sjoo,
dhrubo-os,
jngz-es,
mingshl,
model-collapse,
pyek-bot,
rbhavna,
sam-herman,
xinyual and
ylwu-amzn
as code owners
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
ylwu-amzn
force-pushed
the
fix-websearchtool-security-issue
branch
from
f99633b to
4bce041
Compare
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
ylwu-amzn
reviewed
Sep 17, 2025
common/build.gradle
Outdated
| compileOnly group: 'com.networknt' , name: 'json-schema-validator', version: '1.4.0' | ||
| // Multi-tenant SDK Client | ||
| compileOnly "org.opensearch:opensearch-remote-metadata-sdk:${opensearch_build}" | ||
| compileOnly (group: 'software.amazon.awssdk', name: 'netty-nio-client', version: "2.30.18") { |
There was a problem hiding this comment.
Any impact to other plugins which depend on ml-commons? Like neural-search, flow-framework
There was a problem hiding this comment.
For now it's only skills.
There was a problem hiding this comment.
@dbwiddis I know you wanted dependent plugins to get informed if in ml-commons we change any dependencies.
There was a problem hiding this comment.
Thanks @dhrubo-os .
@zane-neo Highly recommend you use the version from the OpenSearch version catalog for any awssdk components. I believe 2.30.18 is CVE-impacted. (see https://mvnrepository.com/artifact/software.amazon.awssdk/netty-nio-client/2.30.18)
There was a problem hiding this comment.
There was a problem hiding this comment.
We have quite a few places using hard coded versions of amazon.awssdk, I prefer we change all these in a separate PR:
(base) zaniu@bcd07465d161:~/Documents/code/ml-commons$ grep 'amazon.awssdk' **/*.gradle
common/build.gradle: compileOnly (group: 'software.amazon.awssdk', name: 'netty-nio-client', version: ${versions.aws}) {
ml-algorithms/build.gradle: implementation platform('software.amazon.awssdk:bom:2.30.18')
ml-algorithms/build.gradle: api 'software.amazon.awssdk:auth:2.30.18'
ml-algorithms/build.gradle: implementation 'software.amazon.awssdk:apache-client'
ml-algorithms/build.gradle: compileOnly group: 'software.amazon.awssdk', name: 'aws-core', version: "2.30.18"
ml-algorithms/build.gradle: compileOnly group: 'software.amazon.awssdk', name: 's3', version: "2.30.18"
ml-algorithms/build.gradle: compileOnly group: 'software.amazon.awssdk', name: 'regions', version: "2.30.18"
ml-algorithms/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:bom:2.30.18'
plugin/build.gradle: implementation group: 'software.amazon.awssdk', name: 'aws-core', version: "2.30.18"
plugin/build.gradle: implementation group: 'software.amazon.awssdk', name: 's3', version: "2.30.18"
plugin/build.gradle: implementation group: 'software.amazon.awssdk', name: 'regions', version: "2.30.18"
plugin/build.gradle: implementation group: 'software.amazon.awssdk', name: 'aws-xml-protocol', version: "2.30.18"
plugin/build.gradle: implementation group: 'software.amazon.awssdk', name: 'aws-query-protocol', version: "2.30.18"
plugin/build.gradle: implementation group: 'software.amazon.awssdk', name: 'protocol-core', version: "2.30.18"
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:bom:2.30.31'
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:auth:2.30.31'
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:aws-core:2.30.31'
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:aws-query-protocol:2.30.31'
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:aws-xml-protocol:2.30.31'
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:protocol-core:2.30.31'
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:regions:2.30.31'
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:netty-nio-client:2.30.31'
plugin/build.gradle: resolutionStrategy.force 'software.amazon.awssdk:s3:2.30.31'
There was a problem hiding this comment.
I prefer we change all these in a separate PR:
Didn't this PR fix most of them? https://github.com/opensearch-project/ml-commons/pull/4210/files
We can't release 3.3.0 with these CVE-impacted versions and time is short.
There was a problem hiding this comment.
@dbwiddis I've made change to the versions, please take a look again.
|
CI failed |
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
The CI failed since opensearch-remote-metadata-sdk used ThreadContextAccess which is not for public use, I've created this PR to fix: opensearch-project/opensearch-remote-metadata-sdk#254 |
ylwu-amzn
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
Signed-off-by: zane-neo <[email protected]>
zane-neo
force-pushed
the
fix-websearchtool-security-issue
branch
from
1e0862e to
d4df6d6
Compare
zane-neo
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
zane-neo
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
dhrubo-os
approved these changes
Sep 30, 2025
zane-neo
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
zane-neo
temporarily deployed
to
ml-commons-cicd-env
GitHub Actions
Inactive
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
xinyual
approved these changes
Sep 30, 2025
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Failure
zane-neo
had a problem deploying
to
ml-commons-cicd-env
GitHub Actions
Error
|
Failure ITs are flaky |
5 tasks
brianf-aws
pushed a commit
to brianf-aws/ml-commons
that referenced
this pull request
Oct 22, 2025
…earch-project#4175) * Move HttpClientFactory to common to expose to other componenets Signed-off-by: zane-neo <[email protected]> * optimize code for better maintainability Signed-off-by: zane-neo <[email protected]> * Optimize code and increase UT coverage Signed-off-by: zane-neo <[email protected]> * Address comments Signed-off-by: zane-neo <[email protected]> * Use amazon aws version from opensearch core Signed-off-by: zane-neo <[email protected]> * address comments Signed-off-by: zane-neo <[email protected]> --------- Signed-off-by: zane-neo <[email protected]>
5 tasks
brianf-aws
pushed a commit
to brianf-aws/ml-commons
that referenced
this pull request
Oct 23, 2025
…earch-project#4175) * Move HttpClientFactory to common to expose to other componenets Signed-off-by: zane-neo <[email protected]> * optimize code for better maintainability Signed-off-by: zane-neo <[email protected]> * Optimize code and increase UT coverage Signed-off-by: zane-neo <[email protected]> * Address comments Signed-off-by: zane-neo <[email protected]> * Use amazon aws version from opensearch core Signed-off-by: zane-neo <[email protected]> * address comments Signed-off-by: zane-neo <[email protected]> --------- Signed-off-by: zane-neo <[email protected]>
brianf-aws
pushed a commit
to brianf-aws/ml-commons
that referenced
this pull request
Oct 24, 2025
…earch-project#4175) * Move HttpClientFactory to common to expose to other componenets Signed-off-by: zane-neo <[email protected]> * optimize code for better maintainability Signed-off-by: zane-neo <[email protected]> * Optimize code and increase UT coverage Signed-off-by: zane-neo <[email protected]> * Address comments Signed-off-by: zane-neo <[email protected]> * Use amazon aws version from opensearch core Signed-off-by: zane-neo <[email protected]> * address comments Signed-off-by: zane-neo <[email protected]> --------- Signed-off-by: zane-neo <[email protected]> Signed-off-by: Brian Flores <[email protected]>
brianf-aws
pushed a commit
to brianf-aws/ml-commons
that referenced
this pull request
Oct 27, 2025
…earch-project#4175) * Move HttpClientFactory to common to expose to other componenets Signed-off-by: zane-neo <[email protected]> * optimize code for better maintainability Signed-off-by: zane-neo <[email protected]> * Optimize code and increase UT coverage Signed-off-by: zane-neo <[email protected]> * Address comments Signed-off-by: zane-neo <[email protected]> * Use amazon aws version from opensearch core Signed-off-by: zane-neo <[email protected]> * address comments Signed-off-by: zane-neo <[email protected]> --------- Signed-off-by: zane-neo <[email protected]> Signed-off-by: Brian Flores <[email protected]>
mingshl
pushed a commit
that referenced
this pull request
Oct 27, 2025
* Increment version to 2.19.4-SNAPSHOT Signed-off-by: opensearch-ci-bot <[email protected]> Signed-off-by: Brian Flores <[email protected]> * fix CVE-2025-55163, CVE-2025-48924 (#4298) * address commons-lang3 CVE-2025-48924 Signed-off-by: Brian Flores <[email protected]> * pin netty to 4.2.5.Final version address CVE-2025-55163 Signed-off-by: Brian Flores <[email protected]> * force all subProjects to use updated common-lang3 version Signed-off-by: Brian Flores <[email protected]> --------- Signed-off-by: Brian Flores <[email protected]> * Move HttpClientFactory to common to expose to other components (#4175) * Move HttpClientFactory to common to expose to other componenets Signed-off-by: zane-neo <[email protected]> * optimize code for better maintainability Signed-off-by: zane-neo <[email protected]> * Optimize code and increase UT coverage Signed-off-by: zane-neo <[email protected]> * Address comments Signed-off-by: zane-neo <[email protected]> * Use amazon aws version from opensearch core Signed-off-by: zane-neo <[email protected]> * address comments Signed-off-by: zane-neo <[email protected]> --------- Signed-off-by: zane-neo <[email protected]> Signed-off-by: Brian Flores <[email protected]> * use mainline versions.aws via hardcode Signed-off-by: Brian Flores <[email protected]> * address CVE-2025-58057 Signed-off-by: Brian Flores <[email protected]> * fix code format Signed-off-by: Brian Flores <[email protected]> * empty commit to trigger CI Signed-off-by: Brian Flores <[email protected]> * Fix claude model it (#4167) * fix model it by replace claude v1/v2 Signed-off-by: xinyual <[email protected]> * remove useless change Signed-off-by: xinyual <[email protected]> --------- Signed-off-by: xinyual <[email protected]> Signed-off-by: Brian Flores <[email protected]> * Don't convert schema-defined strings to other types during validation (#3761) Signed-off-by: Daniel Widdis <[email protected]> Signed-off-by: Brian Flores <[email protected]> * fix Cohere IT (#4174) * fix Cohere IT Signed-off-by: xinyual <[email protected]> * apply spotless Signed-off-by: xinyual <[email protected]> * delete useless it Signed-off-by: xinyual <[email protected]> --------- Signed-off-by: xinyual <[email protected]> Signed-off-by: Brian Flores <[email protected]> --------- Signed-off-by: opensearch-ci-bot <[email protected]> Signed-off-by: Brian Flores <[email protected]> Signed-off-by: zane-neo <[email protected]> Signed-off-by: xinyual <[email protected]> Signed-off-by: Daniel Widdis <[email protected]> Co-authored-by: opensearch-ci-bot <[email protected]> Co-authored-by: zane-neo <[email protected]> Co-authored-by: Xinyuan Lu <[email protected]> Co-authored-by: Daniel Widdis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Move HttpClientFactory to common to expose to other components(skills)
Related Issues
Resolves #[Issue number to be closed when this PR is merged]
Check List
--signoff.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.