Fix 2.19.5 Build Failures

[mengweieric]

Description

Fixed below build failure.

> Task :opensearch-sql-plugin:compileJava FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':opensearch-sql-plugin:compileJava'.
> Could not resolve all dependencies for configuration ':opensearch-sql-plugin:compileClasspath'.
   > Conflict found for the following module:
       - com.google.errorprone:error_prone_annotations between versions 2.45.0, 2.21.1 and 2.38.0

* Try:
> Run with :opensearch-sql-plugin:dependencyInsight --configuration compileClasspath
  --dependency com.google.errorprone:error_prone_annotations to get more insight on how to solve the conflict.

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

• New functionality includes testing.
• New functionality has been documented.
• New functionality has javadoc added.
• New functionality has a user manual doc added.
• New PPL command checklist all confirmed.
• API changes companion pull request created.
• Commits are signed per the DCO using --signoff or -s.
• Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 0f77834.

Path	Line	Severity	Description
plugin/build.gradle	118	medium	Forces 'com.google.errorprone:error_prone_annotations' to version 2.45.0, which is an unusually high version number. As of early 2025, the latest known releases were in the 2.28-2.30 range. Forcing a non-existent or future version string is a known supply chain attack vector: if a malicious actor publishes a package at that exact version to a public registry, this pinned resolution would pull it in automatically. The change is unrelated to any described feature and error_prone_annotations (a compile-time annotation library) rarely requires forced version resolution. Verify this version exists in your artifact registry and that the dependency is genuinely needed.

The table above displays the top 10 most important findings.

Total: 1 | Critical: 0 | High: 0 | Medium: 1 | Low: 0

---

Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.

---

⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

[dai-chen]

Please check CI failure.

[github-actions]

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 845367e.

Path	Line	Severity	Description
doctest/build.gradle	28	medium	Branch switched from 'main' to '1.0-legacy' for sql-cli dependency. Pinning to a legacy/unmaintained branch can introduce known vulnerabilities and may prevent security patches from being applied. While potentially legitimate for stability, it warrants review to confirm this is intentional and that the legacy branch is not compromised.
build.gradle	126	low	Forcing com.google.errorprone:error_prone_annotations to version 2.45.0, which is an unusually high version number (latest known stable releases are in the 2.x low-to-mid range). If this version does not exist in official repositories, a malicious artifact with that version string could be substituted. Should be verified against the official Maven Central release history.

The table above displays the top 10 most important findings.

Total: 2 | Critical: 0 | High: 0 | Medium: 1 | Low: 1

---

Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.

---

⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🧪 PR contains tests

🔒 No security concerns identified

✅ No TODO sections

🔀 Multiple PR themes Sub-PR theme: Fix Prometheus test URI configuration Relevant files: prometheus/src/test/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactoryTest.java Sub-PR theme: Fix sql-cli install path in bootstrap script Relevant files: doctest/bootstrap.sh

⚡ Recommended focus areas for review URI Change The test URI was changed from https://test.com to http://localhost:9090. This changes the test from using HTTPS to HTTP and from an external host to localhost. Verify that this change is intentional and that the deny-list validation logic still behaves correctly with a localhost URI, as the original test may have been specifically testing with an external HTTPS URI. properties.put("prometheus.uri", "http://localhost:9090"); Path Change The install path for sql-cli was changed from ./sql-cli (relative to current working directory) to $DIR/sql-cli (relative to the script's directory). Verify that $DIR is correctly set earlier in the script and that $DIR/sql-cli always resolves to the correct location regardless of where the script is invoked from. $DIR/.venv/bin/pip install -e $DIR/sql-cli

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Quote path variable to handle spaces When $DIR contains spaces or special characters, the unquoted variable expansion will cause the path to be split incorrectly. Quote the path to handle such cases safely. doctest/bootstrap.sh [24] -$DIR/.venv/bin/pip install -e $DIR/sql-cli +$DIR/.venv/bin/pip install -e "$DIR/sql-cli" Suggestion importance[1-10]: 5 __ Why: Quoting $DIR/sql-cli is a valid shell scripting best practice to handle paths with spaces or special characters. However, the same pattern is used unquoted throughout the rest of the script (e.g., $DIR/.venv/bin/pip), so this is a minor/partial improvement.	Low