Legal merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests2023-09-04T17:41:47Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/443Upgrade First Party Library Dependencies for Release 0.232023-09-04T17:41:47ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.23This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 777dedbdc32de53eee77d9b9cec87db830fcd0e8
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.24.0-rc2 | 0.16.0 |
| core-lib-gc | 0.22.1 | |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| obm | 0.22.0 | |
| oqm | 0.22.0 | |
| os-core-common | 0.22.0 | 0.22.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.22.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 108175679e8a454c6cc7b7e453e78ec9f1ecc4f4
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.24.0-rc2 | 0.16.0 |
| core-lib-gc | 0.23.0 | |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| obm | 0.23.0 | |
| oqm | 0.23.0 | |
| os-core-common | 0.23.1 | 0.23.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.23.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |M20 - Release 0.23https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/442Cherry-pick 'Update OS Core Lib Azure version for guava dependency upgrade' i...2023-08-31T05:53:04ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Update OS Core Lib Azure version for guava dependency upgrade' into release/0.23**Original MR**: !441
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !441
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/pipelines/new?ref=cherry-pick-for-441)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/437AWS sync dev to master2023-08-19T02:36:06ZLong ChengAWS sync dev to masterM20 - Release 0.23Long ChengLong Chenghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/43AWS Entitlements on ECS2023-08-18T11:47:11ZMatt WiseAWS Entitlements on ECSM1 - Release 0.1https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/48use env var for code artifact domain. dynamically use current account as repo...2023-08-18T11:47:03ZMatt Wiseuse env var for code artifact domain. dynamically use current account as repo ownerM1 - Release 0.1https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/81allow usage of os-core-lib-aws from GL2023-08-18T11:45:00ZRucha Deshpandeallow usage of os-core-lib-aws from GLM1 - Release 0.1Rucha DeshpandeRucha Deshpandehttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/99CORS Fix, AWS Updates2023-08-18T11:41:50ZSpencer Suttonsuttonsp@amazon.comCORS Fix, AWS UpdatesM4 - Release 0.7ethiraj krishnamanaiduDania Kodeih (Microsoft)Wladmir FrazaoJoeDmitriy Rudkoethiraj krishnamanaiduhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/100Update NOTICE2023-08-18T11:41:49ZMatt WiseUpdate NOTICEM4 - Release 0.7https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/113Multi-tenancy2023-08-18T11:41:30ZMatt WiseMulti-tenancycommit 57a24b40
Author: Spencer Sutton <spencerpsutton@yahoo.com>
Date: Wed May 05 2021 13:01:23 GMT-0500 (Central Daylight Time)
Consolidating s3 client classes
commit c6f635ba
Author: Spencer Sutton <spencerpsutton@yahoo.com...commit 57a24b40
Author: Spencer Sutton <spencerpsutton@yahoo.com>
Date: Wed May 05 2021 13:01:23 GMT-0500 (Central Daylight Time)
Consolidating s3 client classes
commit c6f635ba
Author: Spencer Sutton <spencerpsutton@yahoo.com>
Date: Wed May 05 2021 12:40:15 GMT-0500 (Central Daylight Time)
Cleaning up
commit 5c9e8475
Author: Spencer Sutton <spencerpsutton@yahoo.com>
Date: Wed May 05 2021 11:59:24 GMT-0500 (Central Daylight Time)
Updating core lib aws version
commit e3e0f9c4
Author: Spencer Sutton <spencerpsutton@yahoo.com>
Date: Wed May 05 2021 11:45:09 GMT-0500 (Central Daylight Time)
Adjusting tests for mult-tenancy
commit 7064328e
Author: Spencer Sutton <spencerpsutton@yahoo.com>
Date: Wed May 05 2021 10:57:11 GMT-0500 (Central Daylight Time)
Deleted accidental key
commit a65471ea
Author: Spencer Sutton <spencerpsutton@yahoo.com>
Date: Wed May 05 2021 10:56:30 GMT-0500 (Central Daylight Time)
Updating to be multi-tenantM6 - Release 0.9Matt WiseMatt Wisehttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/114Update NOTICE2023-08-18T11:41:29ZMatt WiseUpdate NOTICEM6 - Release 0.9https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/132AWS Updates2023-08-18T11:41:12ZSpencer Suttonsuttonsp@amazon.comAWS Updatescommit 2e99fe61
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed May 26 2021 17:17:03 GMT-0500 (Central Daylight Time)
Dynamic account id in mirror
commit 6284c2cc
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed ...commit 2e99fe61
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed May 26 2021 17:17:03 GMT-0500 (Central Daylight Time)
Dynamic account id in mirror
commit 6284c2cc
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed May 26 2021 17:13:00 GMT-0500 (Central Daylight Time)
Excluding security auto config, restricting central mavenM7 - Release 0.10Spencer Suttonsuttonsp@amazon.comSpencer Suttonsuttonsp@amazon.comhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/147Deploy to EKS2023-08-18T11:40:56ZMatt WiseDeploy to EKScommit a45fa279
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Mon Jul 19 2021 11:48:25 GMT-0500 (Central Daylight Time)
Fixing build
commit c5ae108a
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Mon Jul 19 2021 10:3...commit a45fa279
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Mon Jul 19 2021 11:48:25 GMT-0500 (Central Daylight Time)
Fixing build
commit c5ae108a
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Mon Jul 19 2021 10:37:53 GMT-0500 (Central Daylight Time)
Adding sonar,dependency-check to awsM8 - Release 0.11Matt WiseMatt Wisehttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/189Upgrading library versions to incorporate the latest Log4j fix2023-08-18T11:40:20ZDavid Diederichd.diederich@opengroup.orgUpgrading library versions to incorporate the latest Log4j fixThese updates apply version 2.17, addressing CVE-2021-45105
Part of the #20 seriesThese updates apply version 2.17, addressing CVE-2021-45105
Part of the #20 seriesM10 - Release 0.13David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/229Update jackson-databind version for all CSPs2023-08-18T11:40:00ZMorris EstepaUpdate jackson-databind version for all CSPscommit ee23f98e
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed Jan 26 2022 15:32:05 GMT-0600 (Central Standard Time)
Changing copyrights
commit 2d761a87
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed Jan 26 20...commit ee23f98e
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed Jan 26 2022 15:32:05 GMT-0600 (Central Standard Time)
Changing copyrights
commit 2d761a87
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed Jan 26 2022 15:31:28 GMT-0600 (Central Standard Time)
Fixing build
commit 9d3eb1c2
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed Jan 26 2022 15:15:33 GMT-0600 (Central Standard Time)
Adding unit test for group cache
commit 8e3d192a
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Wed Jan 26 2022 14:24:39 GMT-0600 (Central Standard Time)
Moving off of alpine because need curl for health checks
commit 3b419542
Author: Spencer Sutton <suttonsp@amazon.com>
Date: Tue Jan 25 2022 13:44:52 GMT-0600 (Central Standard Time)
Adding group cache for awsM12 - Release 0.15Morris EstepaMorris Estepahttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/259release mongodb pipeline2023-08-18T11:39:41ZAleh Shubko [EPAM]release mongodb pipeline## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [NA] I have updated the documentation accordingly.
* [YES] I have added tests ...## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [NA] I have updated the documentation accordingly.
* [YES] I have added tests to cover my changes.
* [YES] All new and existing tests passed.
* [YES] My code follows the code style of this project.
* [YES] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Adding one more pipeline to test MongoDB/AWS deploy
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
New pipeline is exists and working
## Does this introduce a breaking change?
-------------------------------------
- [NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
NA
## Other information
-------------------------------------
NAM13 - Release 0.16Aleh Shubko [EPAM]Aleh Shubko [EPAM]https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/267Fix latest core tests2023-08-18T11:39:38ZAleh Shubko [EPAM]Fix latest core testsFix core testingFix core testingM13 - Release 0.16Aleh Shubko [EPAM]Aleh Shubko [EPAM]https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/268Update plexus-utils version2023-08-18T11:39:36ZMorris EstepaUpdate plexus-utils versionUpdate plexus-utils versionUpdate plexus-utils versionM13 - Release 0.16Morris EstepaMorris Estepahttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/302Move database settings in common lib2023-08-18T11:39:19ZAleh Shubko [EPAM]Move database settings in common libM14 - Release 0.17Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/428Cherry-pick 'Upgrade First Party Library Dependencies for Release 0.22' into ...2023-07-17T07:38:33ZChad LeongCherry-pick 'Upgrade First Party Library Dependencies for Release 0.22' into release/0.22**Original MR**: !427
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !427
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/pipelines/new?ref=cherry-pick-for-427)M19 - Release 0.22David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/427Upgrade First Party Library Dependencies for Release 0.222023-07-17T07:33:23ZChad LeongUpgrade First Party Library Dependencies for Release 0.22This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 9a01dfec9a59eadf6efe24737cff5c94f0b48419
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.16.0 |
| core-lib-gc | 0.21.0 | |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| obm | 0.21.0 | |
| oqm | 0.21.0 | |
| os-core-common | 0.22.0-rc4 | 0.21.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.21.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-3
SHA: 314f5b0f021f2f6851685170d5c583703a2248a1
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.16.0 |
| core-lib-gc | 0.22.1 | |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| obm | 0.22.0 | |
| oqm | 0.22.0 | |
| os-core-common | 0.22.0 | 0.22.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.22.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |M19 - Release 0.22