entitlements-ibm merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests2022-12-14T21:44:57Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/20jar type vulnerability fix for entitlements-ibm2022-12-14T21:44:57ZPintu Guptajar type vulnerability fix for entitlements-ibmIn this MR Following CVE ahs been fixed.
| cve | link |
|------------------|-------------------------------------------------|
| PRISMA-2022-0239 | https://github.com/square/okhttp...In this MR Following CVE ahs been fixed.
| cve | link |
|------------------|-------------------------------------------------|
| PRISMA-2022-0239 | https://github.com/square/okhttp/issues/6738 |
| CVE-2022-42003 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 |
| CVE-2022-42004 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 |
| CVE-2022-22965 | https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
| CVE-2022-22965 | https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
| CVE-2022-25857 | https://nvd.nist.gov/vuln/detail/CVE-2022-25857 |
| CVE-2022-42252 | https://nvd.nist.gov/vuln/detail/CVE-2022-42252 |M16 - Release 0.19Pintu GuptaPintu Guptahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/19Resolve "Upgrade Core Common Dependency"2021-07-20T21:46:00ZDavid Diederichd.diederich@opengroup.orgResolve "Upgrade Core Common Dependency"Closes #2
See osdu/platform&9 for more details.
## MR's Raison d'ĂȘtre
This MR updates the core common dependency to use the latest released version of the library. Keeping our library usage at the latest helps avoid subtle incompatib...Closes #2
See osdu/platform&9 for more details.
## MR's Raison d'ĂȘtre
This MR updates the core common dependency to use the latest released version of the library. Keeping our library usage at the latest helps avoid subtle incompatibility bugs from creeping in, and ensures that all Data Platform code is staying current with bug fixes and performance improvements in the core libraries.
*Dependency Table, after the application of this MR's changes*
| Maven Dependencies | _Root POM_ | integration-tests/ |
| ------------------ | ---------- | ------------------ |
| os-core-lib-ibm | 0.7.0 | |
| os-core-common | 0.9.0 | 0.9.0 |
## Housekeeping Updates
### FOSSA Update
This MR also updates the FOSSA attributions, since these need to be kept up to date on every MR. Changes are expected whenever the library dependencies are updated.M7 - Release 0.10David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/18Switching the dependencies to release versions2021-03-19T06:54:11ZDavid Diederichd.diederich@opengroup.orgSwitching the dependencies to release versionsThis changes the library dependencies to use released versions of the core libraries.
They were previously depending on SNAPSHOT versions, which are less stable versions.
More importantly, the SNAPSHOT versions are periodically purged fr...This changes the library dependencies to use released versions of the core libraries.
They were previously depending on SNAPSHOT versions, which are less stable versions.
More importantly, the SNAPSHOT versions are periodically purged from the system to save disk space -- this happened recently.
Since these libraries no longer exist on community, building becomes difficult.
This MR moves those dependencies to a release version, which is better going forward and allows FOSSA to do the build and get good dependency information.
For the change in the main pom, I assert that there are no substantial changes between the SNAPSHOT version I moved from and the latest release version that I moved to.
It's difficult to know which commit the SNAPSHOT dependency linked to, since it moved many times, but here are the differences from the last time the SNAPSHOT dependency was listed and the one commit that has the release version (0.7.0).
All of these changes were from me, updating versions and references as part of the release process.
- [IBM Differences from v0.3.8-SNAPSHOT to 0.7.0](https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/compare/42d057eeee8f0299e7f90f1158c24f7fc0187dbc...v0.7.0)
For the testing change, version 0.0.10-SNAPSHOT of core common predates development on community. There have been quite a few changes since then. I can only guess that the jar file was directly loaded after being compiled on another system.David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/17Cherry-pick "json ignore fix added for groupEmail" to release/0.52021-02-13T02:23:36ZDavid Diederichd.diederich@opengroup.orgCherry-pick "json ignore fix added for groupEmail" to release/0.5This merges !16 into the release/0.5 branch. It will be used to create a new patch of the entitlements-ibm service, which is needed to fix a broken test in the File service.This merges !16 into the release/0.5 branch. It will be used to create a new patch of the entitlements-ibm service, which is needed to fix a broken test in the File service.David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/16ison ignore fix added for groupEmail2021-02-12T17:47:31ZGokul Nagareison ignore fix added for groupEmailAnuj GuptaAnuj Guptahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/15json ignore fix added for groupEmail property2021-02-12T11:16:34ZGokul Nagarejson ignore fix added for groupEmail propertyAnuj GuptaAnuj Guptahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/14Ibm cherry picks for 0.52021-02-11T04:01:14ZDavid Diederichd.diederich@opengroup.orgIbm cherry picks for 0.5This MR includes the content from MRs !12 and !13, applied on top of the release changes (and without bringing in any of the changes to master that are not desired).This MR includes the content from MRs !12 and !13, applied on top of the release changes (and without bringing in any of the changes to master that are not desired).David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/13ibm-deploy-only.yml created2021-02-11T03:44:09ZKaliprasanna Basuibm-deploy-only.yml createdupdated cloud-providers/ibm-deploy-only.yml @kalibas1updated cloud-providers/ibm-deploy-only.yml @kalibas1Anuj GuptaKaliprasanna BasuAnuj Guptahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/12Entitlement role fix12021-02-11T03:44:09ZGokul NagareEntitlement role fix1Anuj GuptaAnuj Guptahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/11Entitlement role fix2021-02-09T06:21:53ZGokul NagareEntitlement role fixAnuj GuptaAnuj Guptahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/10Latest IBM Code with health check2021-02-04T04:40:54ZAnuj GuptaLatest IBM Code with health checkhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/9Update fossa notice2021-01-06T08:52:55ZDavid Diederichd.diederich@opengroup.orgUpdate fossa noticehttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/8IBM security code fix2020-11-09T10:53:00ZBhushan RadeIBM security code fixSecurity code fix for ibm
disable session management
partition id validation for all rest API except GET /groupsSecurity code fix for ibm
disable session management
partition id validation for all rest API except GET /groupsAnuj GuptaAnuj Guptahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/7ibm fixes for entitlement2020-10-05T09:47:48ZShrikant Gargibm fixes for entitlementAnuj GuptaAnuj Guptahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/6Ibm ent fix2020-09-14T14:10:01ZAnuj GuptaIbm ent fix@alanbraz-ibm Please approve MR as it has fixes which will fix the workflow and file integration test fixes.
CC: @shrikgar , @gokul_nagare@alanbraz-ibm Please approve MR as it has fixes which will fix the workflow and file integration test fixes.
CC: @shrikgar , @gokul_nagareAlan BrazAlan Brazhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/5merging with lastest ent ibm fix2020-09-04T03:38:19ZAnuj Guptamerging with lastest ent ibm fixAlan BrazAlan Brazhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/4update core lib version2020-06-30T19:14:42ZAlan Brazupdate core lib versionAlan BrazAlan Brazhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/2enable ibm cicd2020-06-04T17:00:19ZAlan Brazenable ibm cicdDavid Diederichd.diederich@opengroup.orgethiraj krishnamanaiduDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements-ibm/-/merge_requests/1Pipeline cleanup2020-06-03T19:36:22ZDavid Diederichd.diederich@opengroup.orgPipeline cleanupThis MR updates the pipeline file to use individual includes instead of aggregate ones, and also updates tho FOSSA NOTICE file to pass the basic pipeline features.This MR updates the pipeline file to use individual includes instead of aggregate ones, and also updates tho FOSSA NOTICE file to pass the basic pipeline features.