Full Upgrade of First Party Library Dependencies
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release. The intent is to keep all dependent libraries up to date. This upgrade can be merged immediately without further approval if the CI pipeline reports success.
If this MR has failed, we need to work with the maintainers and affected provider teams to find a solution.
Dependency Information Before the Upgrade
Branch: master
SHA: 38c437e950fcfa9369a1daa7828cd2276f553b88
Maven: 0.24.0-SNAPSHOT| Maven Dependencies | Root | testing/ | testing/file-test-core-bdd/ |
|---|---|---|---|
| core-lib-azure | 0.17.0-rc14 | 0.16.0 | 0.16.0 |
| core-lib-gc | 0.23.0 | ||
| os-core-lib-aws | 0.23.0 | 0.23.0 | |
| obm | 0.23.0 | ||
| oqm | 0.23.0 | ||
| os-core-common | 0.23.1 | 0.23.1 | 0.23.1 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 | |
| osm | 0.23.0 | ||
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.15.0-rc1, 2.13.4.2, 2.14.2 | 2.10.1, 2.15.0-rc1, 2.13.2.2 | 2.13.2 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.12.1, 2.13.3, 2.17.1, 2.17.2 | 2.17.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.12.1, 2.13.3, 2.17.2 | 2.17.1 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | ||
| (3rd Party) org.springframework.spring-webmvc | 5.3.26, 5.3.22 | 5.2.2.RELEASE, 5.3.26, 5.3.12, 5.3.24 | 5.3.12 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.25, 2.0, 1.26, 1.30 | 1.26 |
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.file-azure == 0.24.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.5
└─ org.springframework.spring-webflux == 5.3.12Dependency Information After the Upgrade
Branch: dependency-upgrade-2
SHA: d48f615de8b809d296726240da68797a8d652568
Maven: 0.24.0-SNAPSHOT| Maven Dependencies | Root | testing/ | testing/file-test-core-bdd/ |
|---|---|---|---|
| core-lib-azure | 0.23.2 | 0.23.2 | 0.23.2 |
| core-lib-gc | 0.23.1 | ||
| os-core-lib-aws | 0.23.0 | 0.23.0 | |
| obm | 0.23.0 | ||
| oqm | 0.23.0 | ||
| os-core-common | 0.23.3 | 0.23.3 | 0.23.3 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 | |
| osm | 0.23.0 | ||
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.15.0-rc1, 2.13.4.2, 2.14.2 | 2.10.1, 2.15.0-rc1, 2.13.2.2 | 2.14.1 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.12.1, 2.13.3, 2.17.1, 2.17.2 | 2.17.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.12.1, 2.13.3, 2.17.2 | 2.17.1 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.26, 5.3.22 | 5.2.2.RELEASE, 5.3.26, 5.3.24 | 5.3.24 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.25, 2.0, 1.30 | 2.0 |