Ingestion Workflow merge requests
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests
2021-05-18T14:45:34Z
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/116
Draft: Aws multitenant v2
2021-05-18T14:45:34Z
Spencer Sutton
suttonsp@amazon.com
Draft: Aws multitenant v2
Spencer Sutton
suttonsp@amazon.com
Spencer Sutton
suttonsp@amazon.com
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/154
Updating OSDU dependencies
2021-09-03T20:37:37Z
David Diederich
d.diederich@opengroup.org
Updating OSDU dependencies
Updating OSDU dependencies, to maintain use of the latest release among those that were previously doing so
Updating OSDU dependencies, to maintain use of the latest release among those that were previously doing so
M8 - Release 0.11
David Diederich
d.diederich@opengroup.org
David Diederich
d.diederich@opengroup.org
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/256
Upgrade First Party Library Dependencies for Release 0.14
2022-04-05T10:40:12Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.14
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 21d97910387c6005e8159043ef7833b0f9ab9cd0
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.14.0-rc2 | 0.0.28 |
| core-lib-gcp | 0.14.0-rc2 | |
| os-core-lib-aws | 0.13.0 | 0.10.0 |
| obm | 0.13.1-SNAPSHOT | |
| oqm | 0.13.0-SNAPSHOT | |
| os-core-common | 0.13.0 | 0.13.0, 0.10.0 |
| os-core-lib-ibm | 0.13.0 | 0.8.0 |
| osm | 0.13.0-SNAPSHOT | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: f7c942ea2b624e3279f058cb8d4085126aad5a9b
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ------ | -------------- |
| core-lib-azure | 0.14.0 | 0.0.28 |
| core-lib-gcp | 0.14.0 | |
| os-core-lib-aws | 0.14.0 | 0.10.0 |
| obm | 0.14.0 | |
| oqm | 0.14.0 | |
| os-core-common | 0.14.0 | 0.14.0, 0.10.0 |
| os-core-lib-ibm | 0.14.0 | 0.8.0 |
| osm | 0.14.0 | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
M11 - Release 0.14
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/265
Do not mark a workflow as 'failed' if the status is set to 'finished'
2022-04-18T18:24:38Z
Morris Estepa
Do not mark a workflow as 'failed' if the status is set to 'finished'
commit 4bf7df95
Author: Morris Estepa <estepamo@amazon.com>
Date: Wed Apr 13 2022 16:49:37 GMT-0500 (Central Daylight Time)
Revert "Change finished to success when the status passed to the service is finished."
This reverts comm...
commit 4bf7df95
Author: Morris Estepa <estepamo@amazon.com>
Date: Wed Apr 13 2022 16:49:37 GMT-0500 (Central Daylight Time)
Revert "Change finished to success when the status passed to the service is finished."
This reverts commit 6bc84f170260675f76428f3424ecb6b544fa4f01.
commit 6bc84f17
Author: Morris Estepa <estepamo@amazon.com>
Date: Wed Apr 13 2022 16:14:35 GMT-0500 (Central Daylight Time)
Change finished to success when the status passed to the service is finished.
commit 90bd0994
Author: Morris Estepa <estepamo@amazon.com>
Date: Wed Apr 13 2022 14:15:10 GMT-0500 (Central Daylight Time)
Remove unused vars; add copyright.
commit b6db3862
Author: Morris Estepa <estepamo@amazon.com>
Date: Tue Apr 12 2022 16:59:38 GMT-0500 (Central Daylight Time)
Implement GSM
Morris Estepa
Morris Estepa
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/323
Upgrade First Party Library Dependencies for Release 0.16
2022-08-16T17:59:52Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.16
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 1b5ce3070f78fc4a841581943a97cd9b72c95522
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------- | --------------------- |
| core-lib-azure | 0.14.0-rc2 | 0.0.28 |
| core-lib-gcp | 0.16.0-rc1 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.8.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.3.12 | 5.2.2.RELEASE, 5.3.12 |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: dfd4c16417e321058abd9a83986e8135574136d7
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------- | --------------------- |
| core-lib-azure | 0.14.0-rc2 | 0.0.28 |
| core-lib-gcp | 0.16.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.16.0 | |
| oqm | 0.16.0 | |
| os-core-common | 0.16.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0 | 0.8.0 |
| osm | 0.16.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.3.12 | 5.2.2.RELEASE, 5.3.12 |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
```
M13 - Release 0.16
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/270
Cherry pick AWS GSM changes into release/0.14
2022-08-16T21:33:53Z
Morris Estepa
Cherry pick AWS GSM changes into release/0.14
Morris Estepa
Morris Estepa
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/340
Upgrade First Party Library Dependencies for Release 0.17
2022-10-05T05:59:07Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.17
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 217e0e3e4c4ab331bbcc13591349061681993ad8
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------------------- | --------------------- |
| core-lib-azure | 0.14.0-rc2 | 0.0.28 |
| core-lib-gcp | 0.17.0-rc4 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.17.0-rc2 | |
| oqm | 0.17.0-rc1 | |
| os-core-common | 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.8.0 |
| osm | 0.17.0-rc1 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.2.22.RELEASE, 5.3.22 | 5.2.2.RELEASE, 5.3.12 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.15.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
│ └─ org.opengroup.osdu.workflow-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.14.0-rc2
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow-test-gcp == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.workflow-test-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
└─ org.opengroup.osdu.workflow-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.spring-webmvc == 5.2.2.RELEASE
```
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ └─ io.springfox.springfox-boot-starter == 3.0.0
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
├─ org.opengroup.osdu.workflow-test-gcp == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow-test-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
└─ org.opengroup.osdu.workflow-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: c6d06500dd770da88190732ad7c1f79947e9e33e
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------------------- | --------------------- |
| core-lib-azure | 0.14.0-rc2 | 0.0.28 |
| core-lib-gcp | 0.17.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.17.0 | |
| oqm | 0.17.0 | |
| os-core-common | 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.8.0 |
| osm | 0.17.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.2.22.RELEASE, 5.3.22 | 5.2.2.RELEASE, 5.3.12 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.15.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
│ └─ org.opengroup.osdu.workflow-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.14.0-rc2
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow-test-gcp == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.workflow-test-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
└─ org.opengroup.osdu.workflow-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.spring-webmvc == 5.2.2.RELEASE
```
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ └─ io.springfox.springfox-boot-starter == 3.0.0
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
├─ org.opengroup.osdu.workflow-test-gcp == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow-test-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
└─ org.opengroup.osdu.workflow-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.17.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
```
M14 - Release 0.17
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/379
Upgrade First Party Library Dependencies for Release 0.19
2023-02-18T07:29:31Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.19
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 34dec346f3a3655345dd270c4d52ad3119736998
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------------------- | --------------------- |
| core-lib-azure | 0.14.0-rc2 | 0.0.28 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.8.0 |
| osm | 0.18.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.2.22.RELEASE, 5.3.22 | 5.2.2.RELEASE, 5.3.12 |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.15.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
│ └─ org.opengroup.osdu.workflow-ibm == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.20.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.14.0-rc2
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow-test-gc == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.workflow-test-ibm == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
└─ org.opengroup.osdu.workflow-test-anthos == 0.20.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.spring-webmvc == 5.2.2.RELEASE
```
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ └─ io.springfox.springfox-boot-starter == 3.0.0
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
├─ org.opengroup.osdu.workflow-test-gc == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.20.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow-test-ibm == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
└─ org.opengroup.osdu.workflow-test-anthos == 0.20.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 3ec12fc8dcc1a056e0c2abbed7fa3ca53de2e367
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------------------- | --------------------- |
| core-lib-azure | 0.14.0-rc2 | 0.0.28 |
| core-lib-gcp | 0.19.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.19.0 | |
| oqm | 0.19.0 | |
| os-core-common | 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.8.0 |
| osm | 0.19.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.2.22.RELEASE, 5.3.22 | 5.2.2.RELEASE, 5.3.12 |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.15.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.2.11.RELEASE
│ │ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
│ └─ org.opengroup.osdu.workflow-ibm == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.20.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.14.0-rc2
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow-test-gc == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.workflow-test-ibm == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
└─ org.opengroup.osdu.workflow-test-anthos == 0.20.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.spring-webmvc == 5.2.2.RELEASE
```
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ └─ io.springfox.springfox-boot-starter == 3.0.0
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
├─ org.opengroup.osdu.workflow-test-gc == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.20.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow-test-ibm == 0.20.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
└─ org.opengroup.osdu.workflow-test-anthos == 0.20.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.20.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
```
M16 - Release 0.19
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/421
Merge useragent changes
2023-05-12T16:34:03Z
Madalyn Marabella
Merge useragent changes
adding useragent changes
adding useragent changes
M18 - Release 0.21
Abhay Joshi
Abhay Joshi
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/401
Full Upgrade of First Party Library Dependencies for Release 0.20
2023-05-22T15:17:48Z
David Diederich
d.diederich@opengroup.org
Full Upgrade of First Party Library Dependencies for Release 0.20
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: ad4e2951c9d4004fb28604322f95c742906dbbb8
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------------------------------- | --------------------- |
| core-lib-azure | 0.14.0-rc2 | 0.0.28 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.19.0-rc3 | 0.14.0-rc2 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.19.0-rc8 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.8.0 |
| osm | 0.18.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.2.22.RELEASE, 5.3.24, 5.3.22 | 5.2.2.RELEASE, 5.3.12 |
| (3rd Party) org.yaml.snakeyaml | 1.25, 2.0 | 1.25, 1.27 |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.19.0-rc8
│ │ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
│ └─ org.opengroup.osdu.workflow-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.21.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.14.0-rc2
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.workflow-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
└─ org.opengroup.osdu.workflow-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.spring-webmvc == 5.2.2.RELEASE
```
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.springframework.cloud.spring-cloud-starter == 2.2.2.RELEASE
│ │ └─ org.springframework.boot.spring-boot-starter == 2.2.11.RELEASE
│ │ └─ org.yaml.snakeyaml == 1.25
│ ├─ org.opengroup.osdu.workflow-aws == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.workflow-core == 0.21.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.25
│ └─ org.opengroup.osdu.workflow-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.21.0-SNAPSHOT
│ └─ org.yaml.snakeyaml == 1.25
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.14.0-rc2
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
├─ org.opengroup.osdu.workflow-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.boot.spring-boot-starter == 2.4.12
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.workflow-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.8.0
│ └─ org.springframework.boot.spring-boot-starter-security == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
└─ org.opengroup.osdu.workflow-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
└─ org.yaml.snakeyaml == 1.25
```
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ └─ io.springfox.springfox-boot-starter == 3.0.0
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
├─ org.opengroup.osdu.workflow-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.21.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
└─ org.opengroup.osdu.workflow-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: da526b77c99d93cb37e06a34420722ff6652514a
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------------------------------- | --------------------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.20.0 | |
| os-core-lib-aws | 0.20.0 | 0.20.0 |
| obm | 0.20.0 | |
| oqm | 0.20.0 | |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| osm | 0.20.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.2.22.RELEASE, 5.3.24, 5.3.22 | 5.2.2.RELEASE, 5.3.22 |
| (3rd Party) org.yaml.snakeyaml | 1.25, 2.0 | 1.25, 1.27 |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ │ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
│ └─ org.opengroup.osdu.workflow-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.21.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.20.0
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
└─ org.opengroup.osdu.workflow-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.20.1
└─ org.springframework.spring-webmvc == 5.2.2.RELEASE
```
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.springframework.cloud.spring-cloud-starter == 2.2.2.RELEASE
│ │ └─ org.springframework.boot.spring-boot-starter == 2.2.11.RELEASE
│ │ └─ org.yaml.snakeyaml == 1.25
│ ├─ org.opengroup.osdu.workflow-aws == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.workflow-core == 0.21.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.25
│ └─ org.opengroup.osdu.workflow-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.21.0-SNAPSHOT
│ └─ org.yaml.snakeyaml == 1.25
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.20.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
├─ org.opengroup.osdu.workflow-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.20.0
│ └─ org.redisson.redisson == 3.15.3
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.workflow-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.20.0
│ └─ org.yaml.snakeyaml == 1.25
└─ org.opengroup.osdu.workflow-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.20.1
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
└─ org.yaml.snakeyaml == 1.25
```
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ └─ io.springfox.springfox-boot-starter == 3.0.0
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
├─ org.opengroup.osdu.workflow-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow.workflow-test-azure == 0.21.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
├─ org.opengroup.osdu.workflow-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
└─ org.opengroup.osdu.workflow-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.21.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
```
M18 - Release 0.21
David Diederich
d.diederich@opengroup.org
Srinivasan Narayanan
David Diederich
d.diederich@opengroup.org
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/437
Upgrade First Party Library Dependencies for Release 0.21
2023-05-31T19:02:43Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.21
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 312c2cd50dd5d714839aebdd11f55b9a88c866b5
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------------------------------- | ---------------- |
| core-lib-azure | 0.14.0-rc2 | |
| core-lib-gc | 0.21.0-rc5 | |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| obm | 0.21.0-rc2 | |
| oqm | 0.21.0-rc4 | |
| os-core-common | 0.19.0-rc8, 0.21.0-rc5 | 0.13.0, 0.20.1 |
| os-core-lib-ibm | 0.16.0-rc1 | |
| osm | 0.21.0-rc3 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.2.22.RELEASE, 5.3.24, 5.3.22 | 5.2.2.RELEASE |
| (3rd Party) org.yaml.snakeyaml | 1.25, 2.0 | 1.25 |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.19.0-rc8
│ │ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
│ └─ org.opengroup.osdu.workflow-ibm == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.22.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0-rc5
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
└─ org.opengroup.osdu.workflow-test-gc == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.spring-webmvc == 5.2.2.RELEASE
```
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.springframework.cloud.spring-cloud-starter == 2.2.2.RELEASE
│ │ └─ org.springframework.boot.spring-boot-starter == 2.2.11.RELEASE
│ │ └─ org.yaml.snakeyaml == 1.25
│ └─ org.opengroup.osdu.workflow-gc == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.22.0-SNAPSHOT
│ └─ org.yaml.snakeyaml == 1.25
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0-rc5
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
└─ org.opengroup.osdu.workflow-test-gc == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
└─ org.yaml.snakeyaml == 1.25
```
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ └─ io.springfox.springfox-boot-starter == 3.0.0
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
└─ org.opengroup.osdu.workflow-test-gc == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 601744bde895a411c1de507273ed6e305d385e14
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------------------------------- | ---------------- |
| core-lib-azure | 0.14.0-rc2 | |
| core-lib-gc | 0.21.0 | |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| obm | 0.21.0 | |
| oqm | 0.21.0 | |
| os-core-common | 0.19.0-rc8, 0.21.0 | 0.13.0, 0.21.0 |
| os-core-lib-ibm | 0.16.0-rc1 | |
| osm | 0.21.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.10.5, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.2.10.RELEASE, 5.2.22.RELEASE, 5.3.24, 5.3.22 | 5.2.2.RELEASE |
| (3rd Party) org.yaml.snakeyaml | 1.25, 2.0 | 1.25 |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.19.0-rc8
│ │ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
│ └─ org.opengroup.osdu.workflow-ibm == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.22.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.2.10.RELEASE
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0
│ └─ org.springframework.spring-webmvc == 5.2.2.RELEASE
└─ org.opengroup.osdu.workflow-test-gc == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.spring-webmvc == 5.2.2.RELEASE
```
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ io.springfox.springfox-boot-starter == 3.0.0
│ │ └─ org.springframework.cloud.spring-cloud-starter == 2.2.2.RELEASE
│ │ └─ org.springframework.boot.spring-boot-starter == 2.2.11.RELEASE
│ │ └─ org.yaml.snakeyaml == 1.25
│ └─ org.opengroup.osdu.workflow-gc == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.workflow-core == 0.22.0-SNAPSHOT
│ └─ org.yaml.snakeyaml == 1.25
└─ testing/
├─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
├─ org.opengroup.osdu.workflow.workflow-test-aws == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
│ └─ org.yaml.snakeyaml == 1.25
└─ org.opengroup.osdu.workflow-test-gc == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.2.2.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.2.2.RELEASE
└─ org.yaml.snakeyaml == 1.25
```
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
├─ _Root_
│ └─ io.springfox.springfox-boot-starter == 3.0.0
│ └─ com.fasterxml.jackson.core.jackson-databind == 2.10.5
└─ testing/
└─ org.opengroup.osdu.workflow-test-gc == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.workflow-test-core == 0.22.0-SNAPSHOT
└─ com.fasterxml.jackson.core.jackson-databind == 2.10.1
```
M18 - Release 0.21
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/459
Upgrade First Party Library Dependencies for Release 0.22
2023-07-18T07:07:35Z
Chad Leong
Upgrade First Party Library Dependencies for Release 0.22
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 3b6262fcd211d4d32b407cd34b0f559693e4e759
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | --------------------- |
| core-lib-azure | 0.22.0-rc2 | 0.0.28 |
| core-lib-gc | 0.21.0-rc5 | |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| obm | 0.21.0-rc2 | |
| oqm | 0.21.0-rc4 | |
| os-core-common | 0.19.0-rc8, 0.21.0-rc5 | 0.13.0, 0.20.1 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.8.0 |
| osm | 0.21.0-rc3 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.5, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.28, 5.3.24, 5.3.22 | 5.2.2.RELEASE, 5.3.12 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.25, 1.27 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 30545ff1dee893be51df535b18cc1ac2c3bd6288
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | --------------------- |
| core-lib-azure | 0.22.0 | 0.0.28 |
| core-lib-gc | 0.21.0-rc5 | |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| obm | 0.21.0-rc2 | |
| oqm | 0.21.0-rc4 | |
| os-core-common | 0.19.0-rc8, 0.21.0-rc5 | 0.13.0, 0.20.1 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.8.0 |
| osm | 0.21.0-rc3 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.5, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.28, 5.3.24, 5.3.22 | 5.2.2.RELEASE, 5.3.12 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.25, 1.27 |
M19 - Release 0.22
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/470
aws-sync-dev-to-master
2023-08-19T02:35:11Z
Long Cheng
aws-sync-dev-to-master
M20 - Release 0.23
Long Cheng
Long Cheng
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/508
Cherry-pick 'Full Upgrade of First Party Library Dependencies for Release 0.2...
2023-12-16T09:50:45Z
David Diederich
d.diederich@opengroup.org
Cherry-pick 'Full Upgrade of First Party Library Dependencies for Release 0.25' into release/0.25
**Original MR**: !504
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...
**Original MR**: !504
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/pipelines/new?ref=cherry-pick-for-504)
M22 - Release 0.25
David Diederich
d.diederich@opengroup.org
Chad Leong
Srinivasan Narayanan
David Diederich
d.diederich@opengroup.org
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/504
Full Upgrade of First Party Library Dependencies for Release 0.25
2023-12-15T20:09:01Z
David Diederich
d.diederich@opengroup.org
Full Upgrade of First Party Library Dependencies for Release 0.25
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 5d7181d2567c65708bba59cc912dabbabd46f0ae
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | --------------------- |
| core-lib-azure | 0.24.0 | 0.0.28 |
| core-lib-gc | 0.24.0 | |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| oqm | 0.24.0 | |
| os-core-common | 0.24.0 | 0.24.0, 0.23.0 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 |
| osm | 0.24.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.5, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.28, 5.3.24, 5.3.22 | 5.2.2.RELEASE, 5.3.22 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.25, 1.30 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 9a416eb3e8df24830cc9232b808d27e6048524ae
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | --------------------- |
| core-lib-azure | 0.25.0 | 0.0.28 |
| core-lib-gc | 0.25.0 | |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| oqm | 0.25.0 | |
| os-core-common | 0.25.0 | 0.25.0, 0.23.0 |
| os-core-lib-ibm | 0.25.0 | 0.25.0 |
| osm | 0.25.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.5, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.10.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.12.1 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.12.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.28, 5.3.24, 5.3.22 | 5.2.2.RELEASE, 5.3.30 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.25, 1.30 |
M22 - Release 0.25
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/500
AWS - Code quality enhancement
2023-12-01T22:51:38Z
Guillaume Caillet
AWS - Code quality enhancement
AWS change only
AWS change only
M22 - Release 0.25
Guillaume Caillet
Guillaume Caillet
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/499
AWS - Merge from dev
2023-11-27T15:27:44Z
Guillaume Caillet
AWS - Merge from dev
AWS changes only. No changes on core logic or other CSP.
* Add or update License header
* Upgrade buildspec
AWS changes only. No changes on core logic or other CSP.
* Add or update License header
* Upgrade buildspec
M22 - Release 0.25
Guillaume Caillet
Guillaume Caillet
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/494
aws merge
2023-10-20T16:16:21Z
Yunhua Koglin
aws merge
adding useragent changes
adding useragent changes
M22 - Release 0.25
Yunhua Koglin
Jiman Kim
Yunhua Koglin
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/493
Cherry-pick 'Full Upgrade of First Party Library Dependencies' into release/0.24
2023-10-20T12:16:21Z
Chad Leong
Cherry-pick 'Full Upgrade of First Party Library Dependencies' into release/0.24
**Original MR**: !489
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...
**Original MR**: !489
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/pipelines/new?ref=cherry-pick-for-489)
M21 - Release 0.24
David Diederich
d.diederich@opengroup.org
Chad Leong
Srinivasan Narayanan
David Diederich
d.diederich@opengroup.org
https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/merge_requests/491
Cherry-pick 'Full Upgrade of First Party Library Dependencies' into release/0.24
2023-10-20T07:44:38Z
David Diederich
d.diederich@opengroup.org
Cherry-pick 'Full Upgrade of First Party Library Dependencies' into release/0.24
**Original MR**: !482
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...
**Original MR**: !482
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/data-flow/ingestion/ingestion-workflow/-/pipelines/new?ref=cherry-pick-for-482)
M21 - Release 0.24
David Diederich
d.diederich@opengroup.org
Chad Leong
Srinivasan Narayanan
David Diederich
d.diederich@opengroup.org