Legal merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests2023-03-06T18:33:35Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/371Aadded helm oci package2023-03-06T18:33:35ZSiarhei Symanovich (EPAM)Aadded helm oci packageAdded helm oci publishing for Google Cloud.Added helm oci publishing for Google Cloud.Siarhei Symanovich (EPAM)Siarhei Symanovich (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/368Draft: Gonrg 6532 test2023-02-22T17:45:52ZOleh Miniailov [EPAM / GCP]Draft: Gonrg 6532 test## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/360Spring Vulnerabilities2023-02-17T21:17:57ZMarc Burnie [AWS]Spring VulnerabilitiesIncludes: AWS Adding support for EKS 1.23Includes: AWS Adding support for EKS 1.23M17 - Release 0.20Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/358Upgrade First Party Library Dependencies for Release 0.192023-02-18T07:31:16ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.19This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 94bc5d864eb15e0cfff6b86c661995f4f45ff2a7
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.18.1 | 0.16.0 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.18.0 | 0.18.0 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.18.0 | 0.18.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.18.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.22 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 19b08edb2f667e14cd51e322f333821eb065e20c
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.19.0 | 0.16.0 |
| core-lib-gcp | 0.19.0 | |
| os-core-lib-aws | 0.19.0 | 0.19.0 |
| obm | 0.19.0 | |
| oqm | 0.19.0 | |
| os-core-common | 0.19.0 | 0.19.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.19.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webflux | 5.3.24 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.24, 5.3.22 |M16 - Release 0.19https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/357Aws integration merge2023-03-17T18:33:09ZAbhishek PatilAws integration merge## All Submissions:
-------------------------------------
* YES I have added an explanation of what changes in this merge do and why we should include it?
* YES I have updated the documentation accordingly.
* NA I have added tests to cov...## All Submissions:
-------------------------------------
* YES I have added an explanation of what changes in this merge do and why we should include it?
* YES I have updated the documentation accordingly.
* NA I have added tests to cover my changes.
* YES All new and existing tests passed.
* YES My code follows the code style of this project.
* YES I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
- Spring Security core version lower than 5.7.5
## What is the new behavior?
-------------------------------------
- Spring Security core version higher than 5.7.5 and other vulnerable package upgrades
## Does this introduce a breaking change?
-------------------------------------
- NO
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->Okoun-Ola Fabien HouetoYash DholakiaOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/353Update dependecies version with security fix2023-08-07T09:34:38ZYifan YeUpdate dependecies version with security fixUpgrade dependent libraries to resolve High and Critical security vulnerabilities #34Upgrade dependent libraries to resolve High and Critical security vulnerabilities #34Yifan YeYifan Yehttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/346Draft: GONRG-5894 - GC renaming2022-12-27T03:57:11ZAliaksandr Ramanovich (EPAM)Draft: GONRG-5894 - GC renamingAliaksandr Ramanovich (EPAM)Aliaksandr Ramanovich (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/334GONRG-6045: Remove NEG annotation in service2022-12-06T11:31:29ZVolodymyr Pienskoi [EPAM / GCP]GONRG-6045: Remove NEG annotation in serviceServices created in GKE clusters 1.17.6-gke.7 and up with VPC-native traffic routing enabled are annotated automatically with `cloud.google.com/neg: '{"ingress": true}'`. This means that this annotation is not required explicitly and can...Services created in GKE clusters 1.17.6-gke.7 and up with VPC-native traffic routing enabled are annotated automatically with `cloud.google.com/neg: '{"ingress": true}'`. This means that this annotation is not required explicitly and can be removed.
More details in [GKE Load Balancing documentation](https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#container-native_load_balancing).Volodymyr Pienskoi [EPAM / GCP]Volodymyr Pienskoi [EPAM / GCP]https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/331upgrade master with corelib azure for legal service2023-08-25T22:26:56ZNishant Vidyasagarupgrade master with corelib azure for legal serviceNishant VidyasagarNishant Vidyasagarhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/328Upgrade legal service for the corelib azure changes2023-05-13T05:03:07ZNishant VidyasagarUpgrade legal service for the corelib azure changesNishant VidyasagarNishant Vidyasagarhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/327upgrading legal service for corelib changes2022-12-29T10:34:39ZNishant Vidyasagarupgrading legal service for corelib changesNishant VidyasagarNishant Vidyasagarhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/326upgrading legal service for corelib azure changes2023-02-17T17:51:38ZNishant Vidyasagarupgrading legal service for corelib azure changesNishant VidyasagarNishant Vidyasagarhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/325Upgrading legal service for the corelib service upgrade2023-01-24T04:01:59ZNishant VidyasagarUpgrading legal service for the corelib service upgradeNishant VidyasagarNishant Vidyasagarhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/323added spring-boot-maven plugin version2022-11-25T11:15:45ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comadded spring-boot-maven plugin version## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provi...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [x] AWS
- [x] Azure
- [x] Google Cloud
- [x] IBM
- [x] Common code
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
Projects that do not specify the spring-boot-maven plugin version will not compile, since the latest version of the spring-boot-maven plugin suppose to build spring-boot V3 projects with Java 17M15 - Release 0.18Chad LeongChad Leonghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/321M14 Upgrade2022-11-25T05:58:16ZAnkur RawatM14 UpgradeM12 changes into M14M12 changes into M14Ankur RawatAnkur Rawathttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/320m14 Upgrade2022-11-16T13:05:14ZAnkur Rawatm14 UpgradeM12 changes into M14M12 changes into M14Ankur RawatAnkur Rawathttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/308Upgrade First Party Library Dependencies for Release 0.172022-10-05T04:16:50ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.17This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 53b51055ae5ba7111c748fcb72e584ff8a61e37d
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | --------------- | ---------------------- |
| core-lib-azure | 0.16.0 | 0.16.0 |
| core-lib-gcp | 0.17.0-rc5 | |
| os-core-lib-aws | 0.17.0-SNAPSHOT | 0.16.1 |
| obm | 0.17.0-rc2 | |
| oqm | 0.17.0-rc1 | |
| os-core-common | 0.17.0-rc4 | 0.16.0 |
| os-core-lib-ibm | 0.16.0 | 0.16.0 |
| osm | 0.17.0-rc1 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22, 5.3.12 | 5.3.22 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.legal.legal-byoc == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.17.0-rc4
└─ org.springframework.spring-webmvc == 5.3.12
```
```
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.legal.legal-azure == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 6db4407ef65fd5271964a96fabe4751409973bee
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------- | ---------------------- |
| core-lib-azure | 0.17.0 | 0.17.0 |
| core-lib-gcp | 0.17.0 | |
| os-core-lib-aws | 0.17.0 | 0.17.0 |
| obm | 0.17.0 | |
| oqm | 0.17.0 | |
| os-core-common | 0.17.0 | 0.17.0 |
| os-core-lib-ibm | 0.17.0 | 0.17.0 |
| osm | 0.17.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22, 5.3.12 | 5.3.22 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.legal.legal-byoc == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.17.0
└─ org.springframework.spring-webmvc == 5.3.12
```M14 - Release 0.17https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/300Draft: Dz test pipeline- to be closed2022-09-20T19:47:55ZDadong ZhouDraft: Dz test pipeline- to be closed## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/286Draft: mpetrenko-alpine-fix2023-02-04T05:29:22ZMaksym Petrenko [EPAM / GCP]Draft: mpetrenko-alpine-fix## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/283Draft: Gonrg 5457 update pipeline for using gcloud alpine image2023-01-23T21:17:44ZMaksym Petrenko [EPAM / GCP]Draft: Gonrg 5457 update pipeline for using gcloud alpine image## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->