Update security analytics common jar after fixing CVE-2025-67735.

[AWSHurneyt]

Description

Update security analytics common jar after fixing CVE-2025-67735.

The CVE was resolved in that package with PR https://github.com/opensearch-project/security-analytics-commons/pull/30

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

• New functionality includes testing.
• New functionality has been documented.
• API changes companion pull request created.
• Commits are signed per the DCO using --signoff.
• Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[cwperks]

@AWSHurneyt when can we remove this jar and create a lib instead?

[AWSHurneyt]

@AWSHurneyt when can we remove this jar and create a lib instead?

@cwperks I'll discuss this with my team during our sprint planning this week.

[AWSHurneyt]

The JDK 21 and JDK 25 Build and Test workflows have been failing in previous PRs as well, and should not be related this jar update.
https://github.com/opensearch-project/security-analytics/pull/1638/checks

The team will investigate those failure separately.

[opensearch-trigger-bot]

The backport to 2.19 failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security-analytics/backport-2.19 2.19
# Navigate to the new working tree
pushd ../.worktrees/security-analytics/backport-2.19
# Create a new branch
git switch --create backport-1653-to-2.19
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 ed0de63b1077d89cbe007f6570b01c58afd62800
# Push it to GitHub
git push --set-upstream origin backport-1653-to-2.19
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security-analytics/backport-2.19

Then, create a pull request where the base branch is 2.19 and the compare/head branch is backport-1653-to-2.19.

[andrross]

@AWSHurneyt when can we remove this jar and create a lib instead?

@cwperks I'll discuss this with my team during our sprint planning this week.

Or just move the code into this repo! If the library is not shared you don't need the overhead of another repository. Even if it is shared you don't necessary need another repository because you could publish the library as a separate jar from this repo.

[AWSHurneyt]

@AWSHurneyt when can we remove this jar and create a lib instead?

@cwperks I'll discuss this with my team during our sprint planning this week.

Or just move the code into this repo! If the library is not shared you don't need the overhead of another repository. Even if it is shared you don't necessary need another repository because you could publish the library as a separate jar from this repo.

@andrross @cwperks Agreed. I created this issue to track moving that package to security analytics.
https://github.com/opensearch-project/security-analytics-commons/issues/32