Legal merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests2023-09-21T20:50:29Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/449azure: fix legal tests2023-09-21T20:50:29ZNathan Strelserazure: fix legal tests## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->Nathan StrelserNathan Strelserhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/448[GONRG-7715] Added legal status update cronjob2023-09-26T10:33:44ZDanylo Vanin (EPAM)[GONRG-7715] Added legal status update cronjobM21 - Release 0.24Danylo Vanin (EPAM)Danylo Vanin (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/447Introduce variable for java 17 version2023-09-15T13:59:40Zsaketh somarajuIntroduce variable for java 17 version* This MR introduces a variable to manage java version in azure ci-cd pipeline
* This change would help in configuring azure integration test seamlessly* This MR introduces a variable to manage java version in azure ci-cd pipeline
* This change would help in configuring azure integration test seamlesslyM21 - Release 0.24saketh somarajusaketh somarajuhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/446Fixing vulnerabilities in Legal Service2023-09-12T18:00:55ZDaniel SchollFixing vulnerabilities in Legal ServiceThis change cleans up the POM file and fixes vulnerabilities in the service.This change cleans up the POM file and fixes vulnerabilities in the service.https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/445Updated bucket naming (GONRG-7732)2023-09-11T08:22:22ZRiabokon Stanislav(EPAM)[GCP]Updated bucket naming (GONRG-7732)GC module uses a bucket name from Partition Service.GC module uses a bucket name from Partition Service.M21 - Release 0.24Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/444Cherry-pick 'Upgrade First Party Library Dependencies for Release 0.23' into ...2023-09-04T18:16:22ZChad LeongCherry-pick 'Upgrade First Party Library Dependencies for Release 0.23' into release/0.23**Original MR**: !443
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !443
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/pipelines/new?ref=cherry-pick-for-443)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/443Upgrade First Party Library Dependencies for Release 0.232023-09-04T17:41:47ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.23This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 777dedbdc32de53eee77d9b9cec87db830fcd0e8
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.24.0-rc2 | 0.16.0 |
| core-lib-gc | 0.22.1 | |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| obm | 0.22.0 | |
| oqm | 0.22.0 | |
| os-core-common | 0.22.0 | 0.22.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.22.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 108175679e8a454c6cc7b7e453e78ec9f1ecc4f4
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.24.0-rc2 | 0.16.0 |
| core-lib-gc | 0.23.0 | |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| obm | 0.23.0 | |
| oqm | 0.23.0 | |
| os-core-common | 0.23.1 | 0.23.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.23.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |M20 - Release 0.23https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/442Cherry-pick 'Update OS Core Lib Azure version for guava dependency upgrade' i...2023-08-31T05:53:04ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Update OS Core Lib Azure version for guava dependency upgrade' into release/0.23**Original MR**: !441
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !441
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/pipelines/new?ref=cherry-pick-for-441)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/441Update OS Core Lib Azure version for guava dependency upgrade2023-08-30T16:03:04ZThulasi Dass SubramanianUpdate OS Core Lib Azure version for guava dependency upgrade# Change details
* update `OS Core Lib Azure` `v0.24.0-rc2` version for `guava` dependency upgrade
# Changes in:
* [ ] GCP
* [x] Azure
* [ ] AWS
* [ ] IBM# Change details
* update `OS Core Lib Azure` `v0.24.0-rc2` version for `guava` dependency upgrade
# Changes in:
* [ ] GCP
* [x] Azure
* [ ] AWS
* [ ] IBMM20 - Release 0.23Thulasi Dass SubramanianThulasi Dass Subramanianhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/440Revert "Merge branch 'az/td-fix-guava-vulnerability' into 'master'"2023-08-30T15:48:11ZThulasi Dass SubramanianRevert "Merge branch 'az/td-fix-guava-vulnerability' into 'master'"## Details
- Reverting to `0.20.0-rc5` for OS Core Lib Azure version.
- Separate MR will be created to upgrade to `v0.24.0-rc2` which is most recent release candidate for `OS Core Lib Azure version.`## Details
- Reverting to `0.20.0-rc5` for OS Core Lib Azure version.
- Separate MR will be created to upgrade to `v0.24.0-rc2` which is most recent release candidate for `OS Core Lib Azure version.`M21 - Release 0.24Thulasi Dass SubramanianThulasi Dass Subramanianhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/439Update OS Core Lib Azure version for guava dependency upgrade2023-08-30T15:47:17ZThulasi Dass SubramanianUpdate OS Core Lib Azure version for guava dependency upgrade# Change details
* update `OS Core Lib Azure` version for `guava` dependency upgrade
* depends on [OS Core Lib Azure MR 303](https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/303) to...# Change details
* update `OS Core Lib Azure` version for `guava` dependency upgrade
* depends on [OS Core Lib Azure MR 303](https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/303) to be merged first
# Changes in:
* [ ] GCP
* [x] Azure
* [ ] AWS
* [ ] IBMM21 - Release 0.24Thulasi Dass SubramanianThulasi Dass Subramanianhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/437AWS sync dev to master2023-08-19T02:36:06ZLong ChengAWS sync dev to masterM20 - Release 0.23Long ChengLong Chenghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/435Update readme2023-08-18T10:22:07ZDmitrii Novikov (EPAM)Update readmeAdded pubsub/rabbit queue descriptionAdded pubsub/rabbit queue descriptionM20 - Release 0.23Dmitrii Novikov (EPAM)Dmitrii Novikov (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/433added changes form M162023-08-21T21:04:21ZMahsa Hanifiadded changes form M16## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->Mahsa HanifiMahsa Hanifihttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/431Spring security dependency vulnerability fix2023-08-16T10:37:19ZVivek OjhaSpring security dependency vulnerability fix## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [NA] I have updated the documentation accordingly.
* [NA] I have added tests t...## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [NA] I have updated the documentation accordingly.
* [NA] I have added tests to cover my changes.
* [YES] All new and existing tests passed.
* [YES] My code follows the code style of this project.
* [NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
Component governance in Legal service build is failing in ADO because of a security vulnerability described in detail here - https://spring.io/security/cve-2023-34034.
This change, updates relevant dependency version to the ones which do not have this vulnerability as per the doc link shared above.
We've run clean install to verify this change. Screenshot below
![image](/uploads/0f517dc2554996541762a11ec65e5fa3/image.png)
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
Updated spring security version to 5.7.10.
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO] No
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->Vivek OjhaVivek Ojhahttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/429Upgraded guava and netty-hander to fix vulnerable versions..2023-08-26T15:01:55ZBhawan PanesarUpgraded guava and netty-hander to fix vulnerable versions..## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES] I have updated the documentation accordingly.
* [NA] I have added tests ...## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES] I have updated the documentation accordingly.
* [NA] I have added tests to cover my changes.
* [NA] All new and existing tests passed.
* [NA] My code follows the code style of this project.
* [NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
Work item 28489
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
- Upgraded netty-hander and guava to mitigate vulnerabilities
- Guava: https://github.com/advisories/GHSA-7g45-4rm6-3mm3
- Netty-handler: https://github.com/advisories/GHSA-6mjq-h674-j845
## Does this introduce a breaking change?
-------------------------------------
- [NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->Bhawan PanesarBhawan Panesarhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/428Cherry-pick 'Upgrade First Party Library Dependencies for Release 0.22' into ...2023-07-17T07:38:33ZChad LeongCherry-pick 'Upgrade First Party Library Dependencies for Release 0.22' into release/0.22**Original MR**: !427
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !427
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/pipelines/new?ref=cherry-pick-for-427)M19 - Release 0.22David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/427Upgrade First Party Library Dependencies for Release 0.222023-07-17T07:33:23ZChad LeongUpgrade First Party Library Dependencies for Release 0.22This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 9a01dfec9a59eadf6efe24737cff5c94f0b48419
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.16.0 |
| core-lib-gc | 0.21.0 | |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| obm | 0.21.0 | |
| oqm | 0.21.0 | |
| os-core-common | 0.22.0-rc4 | 0.21.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.21.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-3
SHA: 314f5b0f021f2f6851685170d5c583703a2248a1
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.16.0 |
| core-lib-gc | 0.22.1 | |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| obm | 0.22.0 | |
| oqm | 0.22.0 | |
| os-core-common | 0.22.0 | 0.22.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.22.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |M19 - Release 0.22https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/426Cherry-pick 'Refactor API Controller - 'Code First Approach'' into release/0.222023-07-13T14:07:34ZChad LeongCherry-pick 'Refactor API Controller - 'Code First Approach'' into release/0.22**Original MR**: !424
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !424
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/pipelines/new?ref=cherry-pick-for-424)M19 - Release 0.22David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/425Update core-lib-azure version2023-07-11T11:10:59Zsaketh somarajuUpdate core-lib-azure version## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES] I have updated the documentation accordingly.
* [NA] I have added tests ...## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES] I have updated the documentation accordingly.
* [NA] I have added tests to cover my changes.
* [YES] All new and existing tests passed.
* [YES] My code follows the code style of this project.
* [NA] I ran lint checks locally prior to submission.
Update core-lib-azure to 0.20.0-rc5
## Does this introduce a breaking change?
-------------------------------------
- [YES]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->M20 - Release 0.23saketh somarajusaketh somaraju