Entitlements merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests2022-09-06T22:12:15Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/333Versioning helm charts2022-09-06T22:12:15ZMarc Burnie [AWS]Versioning helm chartsM14 - Release 0.17Marc Burnie [AWS]Okoun-Ola Fabien HouetoGustavo UrdanetaMarc Burnie [AWS]https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/257Use MongoPropertiesReader from os-core-lib-aws and add maxIdelTimeMS setting2022-05-26T18:57:02ZYifei XuUse MongoPropertiesReader from os-core-lib-aws and add maxIdelTimeMS settingUse MongoPropertiesReader from os-core-lib-aws and add maxIdelTimeMS settingUse MongoPropertiesReader from os-core-lib-aws and add maxIdelTimeMS settingM12 - Release 0.15JoeYifei XuOkoun-Ola Fabien HouetoJoehttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/134Use MongoDB for AWS Entitlements Backend2021-10-21T22:28:23ZMatt WiseUse MongoDB for AWS Entitlements BackendM9 - Release 0.12Matt WiseAleh Shubko [EPAM]Matt Wisehttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/164Upgrading library versions to incorporate the latest Log4j fix2023-08-18T11:33:36ZDavid Diederichd.diederich@opengroup.orgUpgrading library versions to incorporate the latest Log4j fixThese updates apply version 2.17, addressing CVE-2021-45105
Part of the #92 seriesThese updates apply version 2.17, addressing CVE-2021-45105
Part of the #92 seriesM10 - Release 0.13David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/366Upgrade Tomcat2022-10-05T18:30:46ZXiangliang MengUpgrade TomcatM14 - Release 0.17Okoun-Ola Fabien HouetoXiangliang MengOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/135Upgrade OSDU dependencies2021-10-25T06:45:23ZDavid Diederichd.diederich@opengroup.orgUpgrade OSDU dependenciesM9 - Release 0.12David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/183Upgrade Log4J to 2.17.12022-08-23T21:25:44ZDavid Diederichd.diederich@opengroup.orgUpgrade Log4J to 2.17.1Closes #96Closes #96M10 - Release 0.13David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/568Upgrade First Party Library Dependencies for Release 0.242023-10-17T10:08:38ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.24This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 9c37d044c7fde1c540304395447ce4579a665617
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | ---------- | ------------------ |
| core-lib-azure | 0.24.0-rc4 | 0.24.0-rc3 |
| core-lib-gc | 0.24.0-rc3 | |
| core-test-lib-gcp | | 0.22.0 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| oqm | 0.23.0 | |
| os-core-common | 0.24.0-rc3 | 0.23.3, 0.24.0-rc3 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27, 2.0 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 341188f0b987b6fa2d335345096bae14e3336908
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | ------ | --------------- |
| core-lib-azure | 0.24.0 | 0.24.0 |
| core-lib-gc | 0.24.0 | |
| core-test-lib-gcp | | 0.22.0 |
| os-core-lib-aws | 0.24.0 | 0.24.0 |
| oqm | 0.24.0 | |
| os-core-common | 0.24.0 | 0.24.0 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27, 2.0 |M21 - Release 0.24https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/541Upgrade First Party Library Dependencies for Release 0.232023-09-04T17:47:59ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.23This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: fb39beb54330efd3d7fb0d307db845ef52bcee26
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | ------------------ | ------------------------------------------ |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.22.1 | |
| core-test-lib-gcp | | 0.20.0 |
| os-core-lib-aws | 0.23.0-rc2 | 0.23.0-rc2 |
| oqm | 0.22.0 | |
| os-core-common | 0.22.0-rc4, 0.22.0 | 0.23.0-rc2, 0.20.1, 0.22.0-rc4, 0.21.0-rc4 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27, 2.0 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: f2d8b1140d59d051be4809b67e0f4dec183b48f8
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | ------------------ | -------------------------------------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.23.0 | |
| core-test-lib-gcp | | 0.20.0 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| oqm | 0.23.0 | |
| os-core-common | 0.22.0-rc4, 0.23.1 | 0.23.1, 0.20.1, 0.22.0-rc4, 0.21.0-rc4 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27, 2.0 |M20 - Release 0.23https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/521Upgrade First Party Library Dependencies for Release 0.222023-07-18T04:11:06ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.22This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 9d348a1929bcd6865e4d160f7416e1a7bde6d622
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | -------------- | ------------------ |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.21.0 | |
| core-test-lib-gcp | | 0.20.0 |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| oqm | 0.22.0-rc1 | |
| os-core-common | 0.20.1, 0.21.0 | 0.20.1, 0.21.0-rc4 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.27, 1.30, 2.0 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: fa4d5bc18c3e4099596134f93cd09df29326627b
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | -------------- | ------------------ |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.22.1 | |
| core-test-lib-gcp | | 0.20.0 |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| oqm | 0.22.0 | |
| os-core-common | 0.20.1, 0.22.0 | 0.20.1, 0.21.0-rc4 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.27, 1.30, 2.0 |M19 - Release 0.22https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/433Upgrade First Party Library Dependencies for Release 0.192023-02-18T07:31:16ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.19This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: b3bd49407300ad188311b77d0a55f438423041d2
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | -------------- |
| core-lib-azure | 0.19.0-rc8 | 0.6.2 |
| core-lib-gcp | 0.19.0-rc3 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.19.0-rc3 | 0.16.1 |
| os-core-common | 0.19.0-rc6 | 0.16.0 |
| os-core-lib-ibm | 0.16.0 | 0.16.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.2.2 | 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.8 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.3.22 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: ab10cba23162c162de2cbd9a2a4bf46fd1b101c7
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | -------------- |
| core-lib-azure | 0.19.0 | 0.6.2 |
| core-lib-gcp | 0.19.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.19.0 | 0.16.1 |
| os-core-common | 0.19.0 | 0.16.0 |
| os-core-lib-ibm | 0.16.0 | 0.16.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.2.2 | 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.8 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.3.22 |M16 - Release 0.19https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/306Upgrade First Party Library Dependencies for Release 0.162022-08-10T17:19:40ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.16This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 0efcafc10286bbd32e188de1670f55e052242484
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------- |
| core-lib-azure | 0.15.2 | 0.6.2 |
| core-lib-gcp | 0.15.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| os-core-common | 0.15.0 | 0.15.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2, 2.13.2 | 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.12 | 5.3.12 |
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 58e64492b6129d39733d9dcaccc0dcd629abee5b
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | -------------- |
| core-lib-azure | 0.16.0 | 0.6.2 |
| core-lib-gcp | 0.16.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.16.1 | 0.16.1 |
| os-core-common | 0.16.0 | 0.16.0 |
| os-core-lib-ibm | 0.16.0 | 0.16.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2, 2.13.2 | 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.17.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.12 | 5.3.22 |
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
```M13 - Release 0.16https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/269Upgrade First Party Library Dependencies for Release 0.152022-06-17T06:08:28ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.15This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 58121405553a9285368e02d417d7d18adc884c50
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ------ | --------------- |
| core-lib-azure | 0.15.0 | 0.6.2 |
| core-lib-gcp | 0.15.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| os-core-common | 0.15.0 | 0.15.0 |
| os-core-lib-ibm | 0.15.0 | 0.15.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2 | 2.8.1, 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 7ae41939091dc6e038090db7c928f1fe19038936
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ------ | --------------- |
| core-lib-azure | 0.15.2 | 0.6.2 |
| core-lib-gcp | 0.15.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| os-core-common | 0.15.0 | 0.15.0 |
| os-core-lib-ibm | 0.15.1 | 0.15.1 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2 | 2.8.1, 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
```M12 - Release 0.15https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/264Upgrade First Party Library Dependencies for Release 0.152022-06-07T15:31:20ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.15This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Preparing packages...
Preparing packages...
Branch: master
SHA: 9a48376e4d33399db79cb29873065a4b33e1d71c
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | --------------- | --------------- |
| core-lib-azure | 0.15.0-rc6 | 0.6.2 |
| core-lib-gcp | 0.14.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.15.0-SNAPSHOT | 0.14.0 |
| os-core-common | 0.14.0 | 0.14.0 |
| os-core-lib-ibm | 0.15.0-rc2 | 0.14.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.11.4, 2.13.2 | 2.8.1, 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |
### Dependency Information After the Upgrade
```
Preparing packages...
Preparing packages...
Branch: dependency-upgrade
SHA: 2851489da5e99664b9f1a45194ed13295032866f
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ------ | --------------- |
| core-lib-azure | 0.15.0 | 0.6.2 |
| core-lib-gcp | 0.15.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| os-core-common | 0.15.0 | 0.15.0 |
| os-core-lib-ibm | 0.15.0 | 0.15.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2 | 2.8.1, 2.13.2.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |M12 - Release 0.15https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/210Upgrade First Party Library Dependencies for Release 0.142022-03-29T14:53:35ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.14This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 0dc993a045db6e6fa56f3e3dc83304a9bfa1bb93
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | --------------- | -------- |
| core-lib-azure | 0.14.0-rc2 | 0.6.2 |
| core-lib-gcp | 0.14.0-rc1 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.14.0-SNAPSHOT | 0.13.0 |
| os-core-common | 0.13.0 | 0.13.0 |
| os-core-lib-ibm | 0.13.0 | 0.13.0 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 5de75228c13b5ae4f6db19a3c73c293569c4cd4d
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ------ | -------- |
| core-lib-azure | 0.14.0 | 0.6.2 |
| core-lib-gcp | 0.14.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.14.0 | 0.14.0 |
| os-core-common | 0.14.0 | 0.14.0 |
| os-core-lib-ibm | 0.14.0 | 0.14.0 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3 |M11 - Release 0.14https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/109Updating OSDU dependencies2021-08-29T18:59:13ZDavid Diederichd.diederich@opengroup.orgUpdating OSDU dependenciesUpdating OSDU dependencies, to maintain use of the latest release among those that were previously doing soUpdating OSDU dependencies, to maintain use of the latest release among those that were previously doing soM8 - Release 0.11David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/186Updating NOTICE2023-08-18T11:33:25ZDavid Diederichd.diederich@opengroup.orgUpdating NOTICEM11 - Release 0.14David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/202Update test configuration2023-08-18T11:33:11ZAleh Shubko [EPAM]Update test configurationM12 - Release 0.15Matt WiseMatt Wisehttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/493update NOTICE file2023-05-19T23:29:36ZLong Chengupdate NOTICE fileM18 - Release 0.21Long ChengLong Chenghttps://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/150Update NOTICE2021-11-18T15:12:36ZMatt WiseUpdate NOTICE