Upgrade helix-core to 1.4.3 to address CVE-2023-38647

ShahimSharafudeen · ShahimSharafudeen · commit c5b064727cce · 2025-08-21T17:00:47.000+05:30
diff --git a/pom.xml b/pom.xml
@@ -90,6 +90,7 @@
         <dep.commons.lang3.version>3.18.0</dep.commons.lang3.version>
         <dep.guice.version>6.0.0</dep.guice.version>
         <dep.arrow.version>17.0.0</dep.arrow.version>
+        <dep.helix.version>1.4.3</dep.helix.version>
 
         <!--
           America/Bahia_Banderas has:
@@ -1990,6 +1991,13 @@
                 </exclusions>
             </dependency>
 
+            <!-- Add the helix-core dependency to the root pom.xml to upgrade the transitive helix-core version used by the Presto Pinot driver-->
+            <dependency>
+                <groupId>org.apache.helix</groupId>
+                <artifactId>helix-core</artifactId>
+                <version>${dep.helix.version}</version>
+            </dependency>
+
             <dependency>
                 <groupId>org.apache.httpcomponents</groupId>
                 <artifactId>httpclient</artifactId>
