App Platform: Pin bleve to fix CVE-2022-31022
This pins Bleve to a soon-to-be v2.5.0 commit.
Fixes CVE-2022-31022. We can unpin when v2.5.0 releases (likely March 25th).
We do not need any new features or similar, though there are some fixes that are nice to receive.
We will **not** backport this fix farther as we aren't actually vulnerable to anything via CVE-2022-31022; we never use its code, nor does Bleve. The reason we are fixing this is to get Trivy to stop complaining.
Mariell Hoversholm
5c0ee5cfcc