Bump org.opensearch:opensearch-core from current to 3.0.0 in /buildSrc/src/testKit/thirdPartyAudit

[dependabot]

Bumps org.opensearch:opensearch-core from current to 3.0.0.

Release notes

Sourced from org.opensearch:opensearch-core's releases.

3.0.0

2025-04-28 Version 3.0.0 Release Notes

[3.0.0]

Breaking Changes

• Upgrade to Lucene 10.1.0 - PR (#16366)
• JDK21 as minimum supported Java runtime (#10745)
• Remove deprecated terms from Java API (#5214)
• JPMS Support (Eliminate top level split packages ) Phase-0 only (#8110)
• Add ThreadContextPermission for stashAndMergeHeaders and stashWithOrigin (#15039)
• Add ThreadContextPermission for markAsSystemContext and allow core to perform the method (#15016)
• Migrate client transports to Apache HttpClient / Core 5.x (#4459)
• Validation changes on the Bulk Index API like enforcing 512 byte _id size limit (#6595)
• Ability to use the node as coordinating node by passing node.roles as empty array (#3412)
• Treat Setting value with empty array string as empty array (#10625)
• Ensure Jackson default maximums introduced in 2.16.0 do not conflict with OpenSearch settings (#11811)
• Setting a maximum depth for nested queries (#11670)
• Fix interchanged formats of total_indexing_buffer_in_bytes and total_indexing_buffer (#17070)
• Cleanup deprecated thread pool settings (#2595)
• Replace "blacklist/whitelist" terminology in Java APIs (#1683)
• Remove deprecated methods from JodaCompatibleZonedDateTime which are called by scripts (#3346)
• List of deprecated code removal in 3.0- partially done (#2773)
• Remove mmap.extensions setting (#9392)
• Remove COMPAT locale provider (#13988)
• Remove transport-nio plugin (#16887)
• Deprecate CamelCase PathHierarchy tokenizer name (#10894)
• Rename Class ending with Plugin to Module under modules dir (#4042)
• Remove deprecated batch_size parameter from _bulk (#14283)
• Unset discovery nodes for every transport node actions request (#17682)

Added

• Support for HTTP/2 (server-side) (#3847)
• Allow mmap to use new JDK-19 preview APIs in Apache Lucene 9.4+ (#5151)
• Add events correlation engine plugin (#6854)
• Implement on behalf of token passing for extensions (#8679, #10664)
• Provide service accounts tokens to extensions (#9618)
• GHA to verify checklist items completion in PR descriptions (#10800)
• [WLM] Add WLM support for search scroll API (#16981)
• Views, simplify data access and manipulation by providing a virtual layer over one or more indices (#11957)
• Add systemd configurations to strengthen OS core security (#17107)
• Added pull-based Ingestion (APIs, for ingestion source, a Kafka plugin, and IngestionEngine that pulls data from the ingestion source) (#16958)
• Added ConfigurationUtils to core for the ease of configuration parsing #17223
• Add cluster and index level settings to limit the total primary shards per node and per index #17295
• Add execution_hint to cardinality aggregator request (#17312)
• Arrow Flight RPC plugin with Flight server bootstrap logic and client for internode communication (#16962)
• Added offset management for the pull-based Ingestion (#17354)
• Added integ tests for systemd configs (#17410)
• Add filter function for AbstractQueryBuilder, BoolQueryBuilder, ConstantScoreQueryBuilder(#17409)
• [Star Tree] [Search] Resolving keyword & numeric bucket aggregation with metric aggregation using star-tree (#17165)
• Added error handling support for the pull-based ingestion (#17427)

... (truncated)

Changelog

Sourced from org.opensearch:opensearch-core's changelog.

CHANGELOG

All notable changes to this project are documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning. See the CONTRIBUTING guide for instructions on how to add changelog entries.

Unreleased 3.x

Added

• Add support for linux riscv64 platform (#18156)
• [Rule based auto-tagging] Add get rule API (#17336)
• Implement parallel shard refresh behind cluster settings (#17782)
• Bump OpenSearch Core main branch to 3.0.0 (#18039)
• Update API of Message in index to add the timestamp for lag calculation in ingestion polling (#17977)
• Add composite directory factory (#17988)
• Add pull-based ingestion error metrics and make internal queue size configurable (#18088)
• Adding support for derive source feature and implementing it for various type of field mappers (#17759)
• [Security Manager Replacement] Enhance Java Agent to intercept newByteChannel (#17989)
• Enabled Async Shard Batch Fetch by default (#18139)
• Allow to get the search request from the QueryCoordinatorContext (#17818)
• Improve sort-query performance by retaining the default totalHitsThreshold for approximated match_all queries (#18189)
• Enable testing for ExtensiblePlugins using classpath plugins (#16908)

Changed

Dependencies

• Bump com.google.code.gson:gson from 2.12.1 to 2.13.0 (#17923)
• Bump com.github.spotbugs:spotbugs-annotations from 4.9.0 to 4.9.3 (#17922)
• Bump com.microsoft.azure:msal4j from 1.18.0 to 1.20.0 (#17925)
• Update Apache HttpClient5 and HttpCore5 (CVE-2025-27820) (#18152)
• Bump org.apache.commons:commons-collections4 from 4.4 to 4.5.0 (#18101)
• Bump netty from 4.1.118.Final to 4.1.121.Final (#18192)
• Bump org.apache.commons:commons-configuration2 from 2.11.0 to 2.12.0 (#18103)
• Bump com.nimbusds:nimbus-jose-jwt from 10.0.2 to 10.2 (#18104)
• Bump org.apache.commons:commons-text from 1.13.0 to 1.13.1 (#18102)

Deprecated

Removed

Fixed

• Fix simultaneously creating a snapshot and updating the repository can potentially trigger an infinite loop (#17532)
• Remove package org.opensearch.transport.grpc and replace with org.opensearch.plugin.transport.grpc (#18031)
• Fix the native plugin installation error cause by the pgp public key change (#18147)
• Fix object field exists query (#17843)
• Use Bad Request status for InputCoercionException (#18161)
• Null check field names in QueryStringQueryBuilder (#18194)
• Avoid NPE if on SnapshotInfo if 'shallow' boolean not present (#18187)

Security

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Superseded by #255.