Indexer merge requests
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests
2023-06-15T10:17:42Z
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/562
Upgrade Maven dependency version
2023-06-15T10:17:42Z
Shreya Shah
Upgrade Maven dependency version
# Fixes :
https://community.opengroup.org/osdu/platform/system/indexer-service/-/security/vulnerabilities/582
https://community.opengroup.org/osdu/platform/system/indexer-service/-/security/vulnerabilities/635
# Issue
https://community....
# Fixes :
https://community.opengroup.org/osdu/platform/system/indexer-service/-/security/vulnerabilities/582
https://community.opengroup.org/osdu/platform/system/indexer-service/-/security/vulnerabilities/635
# Issue
https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/169
M19 - Release 0.22
Shreya Shah
Shreya Shah
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/532
Upgrade maven dependencies
2023-05-09T06:17:40Z
saketh somaraju
Upgrade maven dependencies
Upgrade maven dependency versions
[security-and-compliance issue 133](https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/133)
- [indexer-service vulnerability 22053](https://community.opengroup.org/osdu...
Upgrade maven dependency versions
[security-and-compliance issue 133](https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/133)
- [indexer-service vulnerability 22053](https://community.opengroup.org/osdu/platform/system/indexer-service/-/security/vulnerabilities/22053)
- [indexer-service vulnerability 26379](https://community.opengroup.org/osdu/platform/system/indexer-service/-/security/vulnerabilities/26379)
M18 - Release 0.21
saketh somaraju
saketh somaraju
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/270
Upgrade Log4J version
2022-08-23T21:25:28Z
David Diederich
d.diederich@opengroup.org
Upgrade Log4J version
Closes #51
Closes #51
M10 - Release 0.13
David Diederich
d.diederich@opengroup.org
David Diederich
d.diederich@opengroup.org
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/363
upgrade jackson-databind version
2022-09-10T10:48:31Z
Ashwani Pandey
upgrade jackson-databind version
upgrade IBM jackson-databind version
upgrade IBM jackson-databind version
M13 - Release 0.16
Ashwani Pandey
Ashwani Pandey
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/370
upgrade jackson-databind, core-common, spring. migrate from springfox to spri...
2022-11-24T15:51:57Z
Rustam Lotsmanenko (EPAM)
rustam_lotsmanenko@epam.com
upgrade jackson-databind, core-common, spring. migrate from springfox to springdoc-openapi
https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/74
https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/74
M14 - Release 0.17
Rustam Lotsmanenko (EPAM)
rustam_lotsmanenko@epam.com
Rustam Lotsmanenko (EPAM)
rustam_lotsmanenko@epam.com
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/223
upgrade IBM test core lib version to 0.12.0-SNAPSHOT
2023-08-18T15:06:51Z
Ashwani Pandey
upgrade IBM test core lib version to 0.12.0-SNAPSHOT
upgrade IBM test core lib version to 0.12.0-SNAPSHOT
upgrade IBM test core lib version to 0.12.0-SNAPSHOT
M9 - Release 0.12
Ashwani Pandey
Ashwani Pandey
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/393
Upgrade Gson
2022-10-06T01:32:19Z
Xiangliang Meng
Upgrade Gson
commit e5cb47b2
Author: David Meng <xlmeng@amazon.com>
Date: Mon Sep 26 2022 17:02:59 GMT-0400 (Eastern Daylight Time)
Upgrade Gson
commit e5cb47b2
Author: David Meng <xlmeng@amazon.com>
Date: Mon Sep 26 2022 17:02:59 GMT-0400 (Eastern Daylight Time)
Upgrade Gson
M14 - Release 0.17
Okoun-Ola Fabien Houeto
Xiangliang Meng
Okoun-Ola Fabien Houeto
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/280
Upgrade GCP Dependency to the Latest Release
2022-02-07T12:00:26Z
David Diederich
d.diederich@opengroup.org
Upgrade GCP Dependency to the Latest Release
This dependency was missed by !279 because the version in `master` has already advance to `0.14.0-rc1`.
This dependency was missed by !279 because the version in `master` has already advance to `0.14.0-rc1`.
M10 - Release 0.13
David Diederich
d.diederich@opengroup.org
David Diederich
d.diederich@opengroup.org
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/586
Upgrade First Party Library Dependencies for Release 0.22
2023-07-18T07:06:57Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.22
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: a2b71603f34b4c4f5b319837537abffcd83dda83
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0 | |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| oqm | 0.21.0 | |
| os-core-common | 0.21.0 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 535e9f9b3cd9d2a672d8d681de0d299363d5169d
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.12.0-rc10 |
| core-lib-gc | 0.22.1 | |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| oqm | 0.22.0 | |
| os-core-common | 0.22.0 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26 |
M19 - Release 0.22
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/553
Upgrade First Party Library Dependencies for Release 0.21
2023-05-31T20:12:40Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.21
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: dca02fff5f753c6bea49b46230d0b0a8b16c1478
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0-rc4 | |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| oqm | 0.21.0-rc5 | |
| os-core-common | 0.21.0-rc4 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 1d33acd0421eaeee941e7c37adaa8c9c2866781e
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0 | |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| oqm | 0.21.0 | |
| os-core-common | 0.21.0 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1, 2.13.2.2, 2.13.4.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26 |
M18 - Release 0.21
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/475
Upgrade First Party Library Dependencies for Release 0.19
2023-02-18T07:29:31Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.19
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 7e05ff57468b77ec2a561c367bb803b7e30c7dcd
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.18.0-rc3 | 0.12.0-rc10 |
| core-lib-gcp | 0.19.0-rc7 | |
| os-core-lib-aws | 0.18.0 | 0.14.0-rc2 |
| obm | 0.19.0-rc4 | |
| oqm | 0.19.0-rc4 | |
| os-core-common | 0.16.1, 0.19.0-rc3 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.18.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.4.2, 2.13.2.2, 2.13.4 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.23 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-3
SHA: dd77a963605e78cd0f8d2dcbda5f6ab0b79d4b6e
Maven: 0.20.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------------------- | ---------------------- |
| core-lib-azure | 0.18.0-rc3 | 0.12.0-rc10 |
| core-lib-gcp | 0.19.0 | |
| os-core-lib-aws | 0.19.0 | 0.14.0-rc2 |
| obm | 0.19.0 | |
| oqm | 0.19.0 | |
| os-core-common | 0.16.1, 0.19.0 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.19.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.4.2, 2.13.2.2, 2.13.4 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.23 |
M16 - Release 0.19
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/433
Upgrade First Party Library Dependencies for Release 0.18
2022-12-13T12:25:35Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.18
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 2a35584383391965ee1e2761c441313e45526c6e
Maven: 0.19.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.18.0-rc3 | 0.12.0-rc10 |
| core-lib-gcp | 0.15.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.16.1 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.4, 2.13.2.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.23 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: c9d636dbdeef822cab44c8984885825e6cd83161
Maven: 0.19.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.18.0 | 0.12.0-rc10 |
| core-lib-gcp | 0.15.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.16.1 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.4, 2.13.2.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.23 |
M15 - Release 0.18
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/395
Upgrade First Party Library Dependencies for Release 0.17
2022-10-12T03:58:01Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.17
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: f2f69c95284967bdac75d65c0ded9e8d284ee42c
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------- | ---------------------- |
| core-lib-azure | 0.15.2 | 0.12.0-rc10 |
| core-lib-gcp | 0.15.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.16.1 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.1.19.RELEASE |
```
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.indexer.indexer-azure == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 1fa002811b2e660cbbc495be1e2eb7a5abf9095b
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------- | ---------------------- |
| core-lib-azure | 0.15.2 | 0.12.0-rc10 |
| core-lib-gcp | 0.15.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.17.0 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.1.19.RELEASE |
```
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.indexer.indexer-azure == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
```
M14 - Release 0.17
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/359
Upgrade First Party Library Dependencies for Release 0.16
2022-08-16T17:37:44Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.16
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: f477639c4fb3e5a8175f9d938b6e1fab1772f649
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.15.2 | 0.12.0-rc10 |
| core-lib-gcp | 0.15.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.14.0-rc8 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.11.4, 2.13.2.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.12 | 5.1.19.RELEASE |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 99f0806bba130c7b32c8f2ba2b980d9dc6c833a0
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.16.0 | 0.12.0-rc10 |
| core-lib-gcp | 0.16.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.16.0 | |
| oqm | 0.16.0 | |
| os-core-common | 0.14.0-rc8 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.16.0 | 0.13.0 |
| osm | 0.16.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.11.4, 2.13.2.2 | 2.13.2.2, 2.13.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.12 | 5.1.19.RELEASE |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
```
M13 - Release 0.16
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/325
Upgrade First Party Library Dependencies for Release 0.15
2022-06-16T00:53:15Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.15
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 9d416e0674217874cd8a05a596af86e0ad782c73
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ------------------ | ---------------------- |
| core-lib-azure | 0.15.0-rc6 | 0.12.0-rc10 |
| core-lib-gcp | 0.15.0-rc3, 0.10.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.15.0-rc5 | |
| oqm | 0.15.0-rc2 | |
| os-core-common | 0.14.0-rc8 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.15.0-rc2 | 0.13.0 |
| osm | 0.15.0-rc5 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.11.4, 2.13.2 | 2.11.3, 2.12.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 058c12fbb26aca9df1a43e16d5e7dead966177a2
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------- | ---------------------- |
| core-lib-azure | 0.15.2 | 0.12.0-rc10 |
| core-lib-gcp | 0.15.0, 0.10.0 | |
| os-core-lib-aws | 0.14.0-rc2 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.14.0-rc8 | 0.14.0-rc8 |
| os-core-lib-ibm | 0.15.1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.11.4, 2.13.2 | 2.11.3, 2.12.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6, 2.4.7 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
```
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
```
M12 - Release 0.15
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/302
Upgrade First Party Library Dependencies for Release 0.14 (Except Azure)
2022-04-05T10:39:33Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.14 (Except Azure)
This is related to !301, except it holds back the Azure dependency -- based on the result that the Azure tests failed in !201.
### Dependency Information After the Upgrade
This is related to !301, except it holds back the Azure dependency -- based on the result that the Azure tests failed in !201.
### Dependency Information After the Upgrade
M11 - Release 0.14
David Diederich
d.diederich@opengroup.org
David Diederich
d.diederich@opengroup.org
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/301
Upgrade First Party Library Dependencies for Release 0.14
2022-04-05T10:39:28Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.14
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Preparing packages...
Branch: master
SHA: cfdbcd6a9f0d1a7df0604d1d838cdbd88163c4fb
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | ------------------ | ---------------------- |
| core-lib-azure | 0.14.0-rc2 | 0.12.0-rc10 |
| core-lib-gcp | 0.14.0-rc2, 0.10.0 | |
| os-core-lib-aws | 0.13.0 | 0.3.16 |
| obm | 0.13.1-SNAPSHOT | |
| oqm | 0.13.0-SNAPSHOT | |
| os-core-common | 0.14.0-rc4 | 0.14.0-rc4 |
| os-core-lib-ibm | 0.13.0 | 0.13.0 |
| osm | 0.13.0-SNAPSHOT | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
### Dependency Information After the Upgrade
```
Preparing packages...
Branch: dependency-upgrade
SHA: f812a5cadee154e2e4b7e1d2bb4b4370bc441d14
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | -------------- | ---------------------- |
| core-lib-azure | 0.14.0 | 0.12.0-rc10 |
| core-lib-gcp | 0.14.0, 0.10.0 | |
| os-core-lib-aws | 0.14.0 | 0.3.16 |
| obm | 0.14.0 | |
| oqm | 0.14.0 | |
| os-core-common | 0.14.0 | 0.14.0 |
| os-core-lib-ibm | 0.14.0 | 0.14.0 |
| osm | 0.14.0 | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.11.2, 2.13.0 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.0 |
M11 - Release 0.14
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/437
upgrade dependency
2022-12-16T18:55:19Z
Abhay Joshi
upgrade dependency
commit bbcc6995
Author: Abhay <bios@amazon.com>
Date: Fri Dec 02 2022 10:44:20 GMT-0800 (Pacific Standard Time)
upgrade dependencies
commit bbcc6995
Author: Abhay <bios@amazon.com>
Date: Fri Dec 02 2022 10:44:20 GMT-0800 (Pacific Standard Time)
upgrade dependencies
M16 - Release 0.19
Okoun-Ola Fabien Houeto
Abhay Joshi
Okoun-Ola Fabien Houeto
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/515
Upgrade Dependencies
2023-04-11T09:42:17Z
Abhay Joshi
Upgrade Dependencies
commit 83ba5afa
Author: Abhay <bios@amazon.com>
Date: Mon Mar 27 2023 10:58:20 GMT-0700 (Pacific Daylight Time)
upgrading dependencies
(cherry picked from commit a2c87e54974a60c90af3bc11ce9da46dc23b905f)
commit 83ba5afa
Author: Abhay <bios@amazon.com>
Date: Mon Mar 27 2023 10:58:20 GMT-0700 (Pacific Daylight Time)
upgrading dependencies
(cherry picked from commit a2c87e54974a60c90af3bc11ce9da46dc23b905f)
M17 - Release 0.20
Okoun-Ola Fabien Houeto
Abhay Joshi
Okoun-Ola Fabien Houeto
https://community.opengroup.org/osdu/platform/system/indexer-service/-/merge_requests/435
upgrade dependencies
2022-12-14T15:57:43Z
Abhay Joshi
upgrade dependencies
commit bbcc6995
Author: Abhay <bios@amazon.com>
Date: Fri Dec 02 2022 10:44:20 GMT-0800 (Pacific Standard Time)
upgrade dependencies
commit bbcc6995
Author: Abhay <bios@amazon.com>
Date: Fri Dec 02 2022 10:44:20 GMT-0800 (Pacific Standard Time)
upgrade dependencies
M16 - Release 0.19
Okoun-Ola Fabien Houeto
Abhay Joshi
Okoun-Ola Fabien Houeto