Entitlements merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests2023-06-01T11:32:39Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/495Upgrade First Party Library Dependencies for Release 0.212023-06-01T11:32:39ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.21This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 179d3594a892e64d62bf024c8ce90ef323be0097
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | ---------- | --------------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.20.0 | |
| core-test-lib-gcp | | 0.20.0 |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.27, 1.30, 2.0 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 699dbc16664ae80fbd482ac788fb8c0dc0a9b5a9
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | ------ | --------------- |
| core-lib-azure | 0.21.0 | 0.21.0 |
| core-lib-gc | 0.21.0 | |
| core-test-lib-gcp | | 0.21.0 |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| os-core-common | 0.21.0 | 0.21.0 |
| os-core-lib-ibm | 0.21.0 | 0.21.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.27, 1.30, 2.0 |M18 - Release 0.21https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/362Upgrade First Party Library Dependencies for Release 0.172022-10-04T05:12:58ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.17This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 736389b93fea94ec5daf2483135102e3f5db9c3f
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ----------- | -------------- |
| core-lib-azure | 0.17.0-rc14 | 0.6.2 |
| core-lib-gcp | 0.16.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.16.1 | 0.16.1 |
| os-core-common | 0.16.0 | 0.16.0 |
| os-core-lib-ibm | 0.16.0 | 0.16.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.22 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: e9de41e5b1736cd3e7132ebbd563a050ef88dba3
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------- | -------------- |
| core-lib-azure | 0.17.0 | 0.6.2 |
| core-lib-gcp | 0.17.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.17.0 | 0.17.0 |
| os-core-common | 0.17.0 | 0.17.0 |
| os-core-lib-ibm | 0.17.0 | 0.17.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.22 |M14 - Release 0.17https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/340Added input validation for description field to prevent scripting in response...2022-09-14T20:19:36ZMichael SaccoAdded input validation for description field to prevent scripting in response bodycommit 551e2d31
Author: Michael Sacco <saccomi@amazon.com>
Date: Tue Sep 06 2022 15:55:13 GMT-0400 (Eastern Daylight Time)
Cleaning up unused headers and annoations
commit 709fa932
Author: Michael Sacco <saccomi@amazon.com>
D...commit 551e2d31
Author: Michael Sacco <saccomi@amazon.com>
Date: Tue Sep 06 2022 15:55:13 GMT-0400 (Eastern Daylight Time)
Cleaning up unused headers and annoations
commit 709fa932
Author: Michael Sacco <saccomi@amazon.com>
Date: Tue Sep 06 2022 13:00:59 GMT-0400 (Eastern Daylight Time)
Added space as allowed description regex and added a new test to validate against bad inputs
commit 7d031bd0
Author: Michael Sacco <saccomi@amazon.com>
Date: Tue Sep 06 2022 12:12:43 GMT-0400 (Eastern Daylight Time)
Updating the validation for the description field when creating a new Entitlements group to limit the input characters in order to avoid improper input injectionM14 - Release 0.17Okoun-Ola Fabien HouetoMichael SaccoOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/273Upgrade Core IBM Library for Release 0.152022-06-17T04:56:48ZDavid Diederichd.diederich@opengroup.orgUpgrade Core IBM Library for Release 0.15This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: b5415bc5929401456ff12e7383438db21e4fba35
Maven: 0.16.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------- |
| core-lib-azure | 0.15.0 | 0.6.2 |
| core-lib-gcp | 0.15.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| os-core-common | 0.15.0 | 0.15.0 |
| os-core-lib-ibm | 0.15.0 | 0.15.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2, 2.13.2 | 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
```
### Dependency Information After the Upgrade
```
Branch: core-ibm-upgrade
SHA: 70c5924f18ec31b212d51d9a001a9c84041adf83
Maven: 0.16.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------- |
| core-lib-azure | 0.15.0 | 0.6.2 |
| core-lib-gcp | 0.15.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| os-core-common | 0.15.0 | 0.15.0 |
| os-core-lib-ibm | 0.15.2 | 0.15.2 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2, 2.13.2 | 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
```M12 - Release 0.15https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/268Cherry pick MR 2672022-06-09T15:11:54ZMorris EstepaCherry pick MR 267Add service groups for dataset service.
See merge request osdu/platform/security-and-compliance/entitlements!267Add service groups for dataset service.
See merge request osdu/platform/security-and-compliance/entitlements!267Morris EstepaMorris Estepahttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/169Enable entv2 service and int. tests to run locally2021-12-29T18:12:04ZRucha DeshpandeEnable entv2 service and int. tests to run locallycommit 0735d2df
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 16:27:49 GMT-0600 (Central Standard Time)
remove readme
commit cbee10b0
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 1...commit 0735d2df
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 16:27:49 GMT-0600 (Central Standard Time)
remove readme
commit cbee10b0
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 13:51:07 GMT-0600 (Central Standard Time)
update Readme
commit 865d7252
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 12:36:28 GMT-0600 (Central Standard Time)
update readme
commit c09b2129
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 11:51:24 GMT-0600 (Central Standard Time)
update README
commit 64e7769d
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 11:23:13 GMT-0600 (Central Standard Time)
update README
commit 56093a35
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 09:55:51 GMT-0600 (Central Standard Time)
update README.md
commit e7e59703
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Sun Dec 05 2021 17:53:58 GMT-0600 (Central Standard Time)
add README.md
commit cbfc387b
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Fri Dec 03 2021 17:03:54 GMT-0600 (Central Standard Time)
uncomment preauth filter
commit 2151dcf5
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Fri Dec 03 2021 16:51:28 GMT-0600 (Central Standard Time)
add LOCAL_MODE var for local testing
commit deaa0acd
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Fri Dec 03 2021 16:49:22 GMT-0600 (Central Standard Time)
fix int tests to be run locallyM10 - Release 0.13JoeRucha DeshpandeGregJoehttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/168Enable entv2 service and int. tests to run locally2021-12-29T18:09:00ZRucha DeshpandeEnable entv2 service and int. tests to run locallycommit 0735d2df
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 16:27:49 GMT-0600 (Central Standard Time)
remove readme
commit cbee10b0
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 1...commit 0735d2df
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 16:27:49 GMT-0600 (Central Standard Time)
remove readme
commit cbee10b0
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 13:51:07 GMT-0600 (Central Standard Time)
update Readme
commit 865d7252
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 12:36:28 GMT-0600 (Central Standard Time)
update readme
commit c09b2129
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 11:51:24 GMT-0600 (Central Standard Time)
update README
commit 64e7769d
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 11:23:13 GMT-0600 (Central Standard Time)
update README
commit 56093a35
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Mon Dec 06 2021 09:55:51 GMT-0600 (Central Standard Time)
update README.md
commit e7e59703
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Sun Dec 05 2021 17:53:58 GMT-0600 (Central Standard Time)
add README.md
commit cbfc387b
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Fri Dec 03 2021 17:03:54 GMT-0600 (Central Standard Time)
uncomment preauth filter
commit 2151dcf5
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Fri Dec 03 2021 16:51:28 GMT-0600 (Central Standard Time)
add LOCAL_MODE var for local testing
commit deaa0acd
Author: Rucha Deshpande <deshruch@amazon.com>
Date: Fri Dec 03 2021 16:49:22 GMT-0600 (Central Standard Time)
fix int tests to be run locallyM10 - Release 0.13JoeRucha DeshpandeGregJoehttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/140Add mongo embedded tests2021-11-08T16:50:41ZAleh Shubko [EPAM]Add mongo embedded testsAdd integration tests for MongoDBAdd integration tests for MongoDBMatt WiseAleh Shubko [EPAM]Matt Wise