Legal merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests2023-05-19T08:43:54Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/399GONRG-7029: update anthos to baremetal2023-05-19T08:43:54ZYauheni Rykhter (EPAM)GONRG-7029: update anthos to baremetalM18 - Release 0.21Yauheni Rykhter (EPAM)Yauheni Rykhter (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/398M18 service and CICD updates2023-05-09T18:27:47ZMadalyn MarabellaM18 service and CICD updatesAWS code changes only
## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingl...AWS code changes only
## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->M18 - Release 0.21Madalyn MarabellaMadalyn Marabellahttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/397Upgrade dependency version2023-05-04T07:41:58Zsaketh somarajuUpgrade dependency versionUpgrade org.mortbay.jetty/jetty maven package to non vulnerable version
[security-and-compliance legal vulnerability 26345](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/security/vulnerabilities/26345)
[...Upgrade org.mortbay.jetty/jetty maven package to non vulnerable version
[security-and-compliance legal vulnerability 26345](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/security/vulnerabilities/26345)
[security-and-compliance issue 133](https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/133)M18 - Release 0.21saketh somarajusaketh somarajuhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/396Set FailOnError to false2023-05-09T18:35:58ZYash DholakiaSet FailOnError to false## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [NA] I have added tes...## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [NA] I have added tests to cover my changes.
* [YES] All new and existing tests passed.
* [YES] My code follows the code style of this project.
* [NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
Dependency-check-maven fails when nvd.nist is down and eventually build fails.
## What is the new behavior?
-------------------------------------
Build will not fail when Dependency-check-maven fails
## Does this introduce a breaking change?
-------------------------------------
- [NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->M18 - Release 0.21Yash DholakiaYash Dholakiahttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/394Added a check for RabbitMQ Retry (GONRG-6705)2023-04-26T15:26:42ZRiabokon Stanislav(EPAM)[GCP]Added a check for RabbitMQ Retry (GONRG-6705)Updated mappers.Updated mappers.M18 - Release 0.21Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/393Comment out legal-gc module2023-04-25T22:34:52ZOsborn ChenComment out legal-gc module## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_workitems/edit/23713
## What is the new behavior?
-------------------------------------
Sync Code stage in ADO pipeline passed. https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_build/results?buildId=84770&view=results
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->Osborn ChenOsborn Chenhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/392GONGR-6885 Reduce requests according to VPA2023-08-18T11:38:49ZAndriy Halka [EPAM / GCP]GONGR-6885 Reduce requests according to VPAM18 - Release 0.21https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/391upgrade oauth2 client version2023-07-25T07:10:16Zsaketh somarajuupgrade oauth2 client versionUpgrade oauth2 client version [vulerability:legal/24974](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/security/vulnerabilities/24974)Upgrade oauth2 client version [vulerability:legal/24974](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/security/vulnerabilities/24974)M18 - Release 0.21saketh somarajusaketh somarajuhttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/390Merge azure/cherrypick-m14-m16 into azure/cherrypick-m14-m162023-04-19T16:59:30ZOsborn ChenMerge azure/cherrypick-m14-m16 into azure/cherrypick-m14-m16## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/389Updating NOTICE2023-04-13T14:17:02ZChad LeongUpdating NOTICEFix FOSSA noticeFix FOSSA noticeM17 - Release 0.20https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/387Remove SNAPSHOT dependencies2023-04-13T08:45:22ZDavid Diederichd.diederich@opengroup.orgRemove SNAPSHOT dependenciesThis automated MR removes usage of `SNAPSHOT` versions in the first party library dependencies.
Since `SNAPSHOT` dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
### ...This automated MR removes usage of `SNAPSHOT` versions in the first party library dependencies.
Since `SNAPSHOT` dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
### Dependency Information Before the Upgrade
```
Branch: release/0.20
SHA: 9baf1bd947132afae09b3d747572ef1032faa830
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.18.1 | 0.16.0 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.20.0-SNAPSHOT | 0.18.0 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.19.0 | 0.18.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.18.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: f426937c3c6a099a5a6506a5b97ada6e1c76094b
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.18.1 | 0.16.0 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.20.0 | 0.18.0 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.19.0 | 0.18.0, 0.16.0 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.18.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.0, 2.13.4.2 | 2.13.2.2, 2.10.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.11.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.27 |M17 - Release 0.20David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/385GONGR-6776 Remove no-istio modes2023-08-18T11:38:50ZAndriy Halka [EPAM / GCP]GONGR-6776 Remove no-istio modesM18 - Release 0.21https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/383AWS integration merge2023-04-06T19:23:11ZManish JangidAWS integration merge## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
- Merging AWS changes
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO] No
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->M18 - Release 0.21https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/382Cherry-pick 'Upgrade Dependencies' into release/0.202023-04-07T05:25:12ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Upgrade Dependencies' into release/0.20**Original MR**: !381
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !381
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/pipelines/new?ref=cherry-pick-for-381)M17 - Release 0.20David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/381Upgrade Dependencies2023-04-05T15:03:16ZAbhay JoshiUpgrade Dependencies## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
-
-
-
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->M17 - Release 0.20Okoun-Ola Fabien HouetoAbhay JoshiOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/380Vulnerability fix for IBM2023-03-31T07:40:57ZDevdatta SantraVulnerability fix for IBMVulnerability fix for IBM for netty, protobuf and tomcat libs
| CVE-2022-3509 | https://nvd.nist.gov/vuln/detail/CVE-2022-3509 |
|----------------|-------------------------------------------------|
| CVE-2022-3510 | https://nvd.nist....Vulnerability fix for IBM for netty, protobuf and tomcat libs
| CVE-2022-3509 | https://nvd.nist.gov/vuln/detail/CVE-2022-3509 |
|----------------|-------------------------------------------------|
| CVE-2022-3510 | https://nvd.nist.gov/vuln/detail/CVE-2022-3510 |
| CVE-2022-42252 | https://nvd.nist.gov/vuln/detail/CVE-2022-42252 |
| CVE-2022-45143 | https://nvd.nist.gov/vuln/detail/CVE-2022-45143 |
| CVE-2022-41881 | https://nvd.nist.gov/vuln/detail/CVE-2022-41881 |M17 - Release 0.20Devdatta SantraDevdatta Santrahttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/379Fixed vulnerabilities in legal service2023-03-23T13:01:14ZVineeth Guna [Microsoft]Fixed vulnerabilities in legal service## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [NA] I have updated the documentation accordingly.
* [NA] I have added tests t...## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [NA] I have updated the documentation accordingly.
* [NA] I have added tests to cover my changes.
* [YES] All new and existing tests passed.
* [YES] My code follows the code style of this project.
* [NA] I ran lint checks locally prior to submission.
## What is the current behavior?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
Issue: Remember to link the workitem to this pull request.
## What is the new behavior?
-------------------------------------
<!-- Please describe the behavior or changes that are being added by this PR. -->
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Any relevant logs, error output, etc?
-------------------------------------
(If it’s long, please paste to https://ghostbin.com/ and insert the link here.)
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->Rahul KhapreRahul Khaprehttps://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/378[GONRG-6649] Define global vars in legal2023-08-18T11:38:53ZOleksandr Kosse (EPAM)[GONRG-6649] Define global vars in legal## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES] I have updated the documentation accordingly.
* [NA] I have added tests ...## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES] I have updated the documentation accordingly.
* [NA] I have added tests to cover my changes.
* [NA] All new and existing tests passed.
* [YES] My code follows the code style of this project.
* [YES] I ran lint checks locally prior to submission.
## Does this introduce a breaking change?
-------------------------------------
- [NO]M17 - Release 0.20https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/377Renaming dependency helm chart repo to osdu-aws and removing versioning const...2023-03-17T19:46:06ZMarc Burnie [AWS]Renaming dependency helm chart repo to osdu-aws and removing versioning constraintsM17 - Release 0.20Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/merge_requests/376Update MongoDB settings2023-03-17T17:31:34ZAleh Shubko [EPAM]Update MongoDB settingsM17 - Release 0.20Marc Burnie [AWS]Marc Burnie [AWS]