Remove SNAPSHOT dependencies
This automated MR removes usage of SNAPSHOT
versions in the first party library dependencies.
Since SNAPSHOT
dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
Dependency Information Before the Upgrade
Branch: master
SHA: 0d700d64bcce2f23f18695c879c9f758046781d4
Maven: 0.17.0-SNAPSHOT
Maven Dependencies | Root | testing/ |
---|---|---|
core-lib-azure | 0.15.0-rc4 | 0.15.0-rc4 |
core-lib-gcp | 0.16.0-rc1 | |
os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
obm | 0.15.0 | |
oqm | 0.15.0 | |
os-core-common | 0.13.0, 0.15.0-rc4 | 0.13.0, 0.15.0-rc4 |
os-core-lib-ibm | 0.15.2 | |
osm | 0.15.0 | |
(3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.1, 2.10.5, 2.13.2.2 | 2.13.2.2, 2.10.2 |
(3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.12.1 |
(3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
(3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
(3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.12.1 |
(3rd Party) org.springframework.spring-webmvc | 5.2.8.RELEASE | 5.2.8.RELEASE |
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
│ ├─ org.opengroup.osdu.csv-parser-azure == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
│ ├─ org.opengroup.osdu.csv-parser-gcp == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
│ ├─ org.opengroup.osdu.csv-parser-ibm == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
│ └─ org.opengroup.osdu.csv-parser-aws == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
└─ testing/
├─ org.opengroup.osdu.csv-parser-core-test == 0.17.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.5.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.5.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
├─ org.opengroup.osdu.csv-parser-azure-test == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-azure == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.5.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
└─ org.opengroup.osdu.csv-parser-aws-test == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.5.RELEASE
└─ org.springframework.spring-webmvc == 5.2.8.RELEASE
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ ├─ org.opengroup.osdu.csv-parser-gcp == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
│ └─ org.opengroup.osdu.csv-parser-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
└─ org.opengroup.osdu.csv-parser-azure-test == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.csv-parser-azure == 0.17.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.2
Dependency Information After the Upgrade
Branch: remove-snapshot-dependencies
SHA: 604720de9f52d089463dc24318d0f6ecccb7d2d9
Maven: 0.17.0-SNAPSHOT
Maven Dependencies | Root | testing/ |
---|---|---|
core-lib-azure | 0.15.0-rc4 | 0.15.0-rc4 |
core-lib-gcp | 0.16.0-rc1 | 0.16.0, 0.16.0-rc1 |
os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
obm | 0.15.0 | 0.16.0, 0.15.0 |
oqm | 0.15.0 | 0.16.0, 0.15.0 |
os-core-common | 0.13.0, 0.15.0-rc4 | 0.13.0, 0.15.0-rc4, 0.16.1 |
os-core-lib-ibm | 0.15.2 | 0.13.0 |
osm | 0.15.0 | 0.16.0, 0.15.0 |
(3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.1, 2.10.5, 2.13.2.2 | 2.13.2.2, 2.10.2 |
(3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.12.1 |
(3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
(3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
(3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.12.1 |
(3rd Party) org.springframework.spring-webmvc | 5.2.8.RELEASE | 5.2.8.RELEASE |
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
│ ├─ org.opengroup.osdu.csv-parser-azure == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
│ ├─ org.opengroup.osdu.csv-parser-gcp == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
│ ├─ org.opengroup.osdu.csv-parser-ibm == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
│ └─ org.opengroup.osdu.csv-parser-aws == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
└─ testing/
├─ org.opengroup.osdu.csv-parser-core-test == 0.17.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.5.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.5.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
├─ org.opengroup.osdu.csv-parser-azure-test == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-azure == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.5.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
├─ org.opengroup.osdu.csv-parser-aws-test == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.5.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
├─ org.opengroup.osdu.csv-parser-gcp-test == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.16.1
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
├─ org.opengroup.osdu.csv-parser-ibm-test == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.13.0
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.5.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.8.RELEASE
└─ org.opengroup.osdu.csv-parser-anthos-test == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.16.1
└─ org.springframework.spring-webmvc == 5.2.8.RELEASE
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ ├─ org.opengroup.osdu.csv-parser-gcp == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ │ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
│ └─ org.opengroup.osdu.csv-parser-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-core == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
├─ org.opengroup.osdu.csv-parser-azure-test == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.csv-parser-azure == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.2
├─ org.opengroup.osdu.csv-parser-gcp-test == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.16.1
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.2
├─ org.opengroup.osdu.csv-parser-ibm-test == 0.17.0-SNAPSHOT
│ └─ com.amazonaws.aws-java-sdk-core == 1.11.1018
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.2
└─ org.opengroup.osdu.csv-parser-anthos-test == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.16.1
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.2