Simplify MR process for lib version upgrade

Existing Practice / Background

Currently in PMC MR process, changes to common code require at least 2 CSP teams’ approval before merge. Common Code has been interpreted to include all code in the *-core/ directories, the core common library, and all shared build scripts / dependency lists.

Motivation

Many of these reviews would be quick to perform, but they still require a mental context switch for the developers. Thus gathering these approvals can take some amounts of time, due to limited availability of the developers.

However, maintaining a secure system requires that dependencies are frequently and quickly updated. First-party dependencies -- that is, OSDU libraries -- should be updated as soon as possible to keep the system consistent and apply bugfixes across all services quickly. Third-party dependencies may also necessitate quick updates across all services, especially in the case of critical security vulnerabilities. Efficient deployment of these kinds of upgrades is more valuable than the extra reviews.

Simplified Procedures

For MRs that only include changes to the library dependencies and minor/obvious code changes to implement the dependency upgrade can be merged by maintainers on the basis of a passing pipeline, without requiring additional approvals.

• “Minor/obvious” code changes include things like changing package names, updating call signatures in ways that do not affect the semantics of the call, etc. The MR author must use their discretion on whether the changes are minor or not; when in doubt, they should seek approval from the other teams.