OS Core Lib Azure merge requestshttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests2020-11-10T20:03:34Zhttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/38WIP: Initial CoreLogger implementation2020-11-10T20:03:34ZKelly DomicoWIP: Initial CoreLogger implementation_Created MR from forked repo until I get access._
Initial CoreLogger implementation for review. Only the `info` methods are added for an example.
Example usage would be something like:
```
CoreLogger logger = CoreLoggerFactory.getLogg..._Created MR from forked repo until I get access._
Initial CoreLogger implementation for review. Only the `info` methods are added for an example.
Example usage would be something like:
```
CoreLogger logger = CoreLoggerFactory.getLogger(SomeClass.class);
logger.info("Log this message");
```
**ICoreLogger.** An interface that supports collecting information about services and dependencies to meet observability/monitoring requirements.
Generally, this interface should support logging traces, events, dependencies, and exceptions so that a dashboard can show: 1) availability, 2) exception rate and failures, 3) performance counters, 4) dependency among services.https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/120[WIP] Added support for File Share in core lib azure2021-06-24T06:17:49ZAalekh Jain[WIP] Added support for File Share in core lib azureThis MR targets to add the implementation for File Share in core lib azure.
cc: @vineethguna , @kibattulThis MR targets to add the implementation for File Share in core lib azure.
cc: @vineethguna , @kibattulhttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/102WIP: Added retry config to blobstorage2021-05-25T16:35:51ZRonak SakhujaWIP: Added retry config to blobstoragehttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/287Validate data-partition-id in PartitionServiceClient2023-08-18T12:42:27ZAbhishek PatilValidate data-partition-id in PartitionServiceClient## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the issue or story related to the change?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, 'or' link to a relevant issue.
Feel free to add references to any design documents you might have shared with the team or any
related MR that you are building on top of. -->
Today we do not validate the data-partition-id because of which inbuilt URI class throws Illegal Argument Exception if an invalid data-partition-id is passed in headers.
For example, if a char `{` is passed into data-partition-id then Illegal Argument Exception is thrown which is ultimately converted into 500 error response by service. Ideally a 4XX response should have been returned.
This PR introduces a validation on data-partition-id which will help in responding back with 4XX response instead of 500.
High level design:
Issue: <!-- Link any __GitLab__ workitem(s) to this pull request. -->
<!-- Please add implementation details of current set of changes and how the code changes are
doing what they are expected to do. Are there any complex loops or designated code blocks that
should be elaborated? Is there some contextual knowledge that the reviewer should be aware of? -->
Change details:
## Test coverage:
------------------
<!-- Mention unit test coverage of changes. -->
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Pending items
----------------
<!-- Are there changes that you'll introduce in upcoming MRs and hence did not add in this one? Next steps of your
feature can also be mentioned here. -->
## Reviewer request
-------------------
- Please provide an ETA when you plan to review this MR. Write a comment to decline or provide an ETA.
- Block the MR if you feel there is less testing or no details in the MR
- Please cover the following aspects in the MR
-- Coding design: _\<Reviewer1>_
-- Backward Compatibility: _\<Reviewer2>_
-- Feature Logic: _\<Logic design\>_
-- _\<Any other context mention here>_
OR
-- _\<Component 1>_: _\<Reviewer1>_
-- _\<CosmosDB>_: _\<Reviewer2>_
-- _\<ServiceBus>_ _\<Reviewer3>_
-- _\<Mention any other component and owner>_
## Other information
-------------------------------------
<!-- Any other information that is important to this MR such as screenshots of how the component looks before and after the change. -->M17 - Release 0.20Abhishek PatilAbhishek Patilhttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/27Using SLF4JLogger for CosmosStore2023-08-18T12:46:30Zharshit aggarwalUsing SLF4JLogger for CosmosStoreUsing SLF4JLogger for CosmosStore, current logger is from java.util which is not integrated with
azure app insights
Verified that any logs in CosmosStore are getting populated in Azure app insightsUsing SLF4JLogger for CosmosStore, current logger is from java.util which is not integrated with
azure app insights
Verified that any logs in CosmosStore are getting populated in Azure app insightsM1 - Release 0.1harshit aggarwalharshit aggarwalhttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/87Using Expire After Write Strategy for caching2023-08-18T12:45:06ZKrishna Nikhil VedurumudiUsing Expire After Write Strategy for caching## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it?
* [YES/NO] I have updated the documentation accordingly.
* [YES/NO/NA] I have added tests to cover my changes.
* [YES/NO/NA] All new and existing tests passed.
* [YES/NO/NA] My code follows the code style of this project.
* [YES/NO/NA] I ran lint checks locally prior to submission.
## What is the issue or story related to the change?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, 'or' link to a relevant issue.
Feel free to add references to any design documents you might have shared with the team or any
related MR that you are building on top of. -->
The client connections that we manage for Cosmos and Blob Store should be refreshed periodically. Using After Access expiry strategy will not let the stale connections to expire.
High level design:
Issue: <!-- Link any __GitLab__ workitem(s) to this pull request. -->
<!-- Please add implementation details of current set of changes and how the code changes are
doing what they are expected to do. Are there any complex loops or designated code blocks that
should be elaborated? Is there some contextual knowledge that the reviewer should be aware of? -->
Change details:
## Test coverage:
------------------
<!-- Mention unit test coverage of changes. -->
## Does this introduce a breaking change?
-------------------------------------
- [NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Pending items
----------------
<!-- Are there changes that you'll introduce in upcoming MRs and hence did not add in this one? Next steps of your
feature can also be mentioned here. -->
## Reviewer request
-------------------
- Please provide an ETA when you plan to review this MR. Write a comment to decline or provide an ETA.
- Block the MR if you feel there is less testing or no details in the MR
- Please cover the following aspects in the MR
-- Coding design: _\<Reviewer1>_
-- Backward Compatibility: _\<Reviewer2>_
-- Feature Logic: _\<Logic design\>_
-- _\<Any other context mention here>_
OR
-- _\<Component 1>_: _\<Reviewer1>_
-- _\<CosmosDB>_: _\<Reviewer2>_
-- _\<ServiceBus>_ _\<Reviewer3>_
-- _\<Mention any other component and owner>_
## Other information
-------------------------------------
<!-- Any other information that is important to this MR such as screenshots of how the component looks before and after the change. -->M6 - Release 0.9https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/22using BlobServiceCientFactory instead of BlobContainerClientFactory2023-08-18T12:46:39ZAman Vermausing BlobServiceCientFactory instead of BlobContainerClientFactory## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it? YES
* [YES/NO] I have updated the documentation accordingly. YES
* [YES/NO/NA...## All Submissions:
-------------------------------------
* [YES/NO] I have added an explanation of what changes in this merge do and why we should include it? YES
* [YES/NO] I have updated the documentation accordingly. YES
* [YES/NO/NA] I have added tests to cover my changes. YES
* [YES/NO/NA] All new and existing tests passed. YES
* [YES/NO/NA] My code follows the code style of this project. YES
* [YES/NO/NA] I ran lint checks locally prior to submission. YES
## What is the issue or story related to the change?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, 'or' link to a relevant issue. -->
Description:
Consuming the `BlobServiceClientFactory`, as introduced in this MR: https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/20
The previous implementation uses `BlobContainerClientFactory` which returns an instance of `BlobContainerClient`. Having BlobContainerClient takes away the flexibility to choose the storage container name on demand, as the container client is tied to a <storage account, container name> combo. Using the service client removes this dependency. Now the container name can be parameterized.
Issue: <!-- Link any __GitLab__ workitem(s) to this pull request. -->
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
NO
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Other information
-------------------------------------
<!-- Any other information that is important to this PR such as screenshots of how the component looks before and after the change. -->
Next set of changes would be to update Schema service and any other service using BlobStore class, to pass the container name in parameters.
FYI @harshit283 , @kibattul , @polavishnuM1 - Release 0.1Aman VermaAman Vermahttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/48Use TelemetryClient to log dependencies to App Insights dependencies table2023-08-18T12:45:59ZKelly DomicoUse TelemetryClient to log dependencies to App Insights dependencies tableUpdated the "logDependency" method in CoreLogger to use TelemetryClient to log to Application Insights "dependencies" table. This will allow tracking of dependencies separate from traces. The old version use SLF4J to log to the "traces" ...Updated the "logDependency" method in CoreLogger to use TelemetryClient to log to Application Insights "dependencies" table. This will allow tracking of dependencies separate from traces. The old version use SLF4J to log to the "traces" table with INFO level.
Additionally added target and type to DependencyPayload so those values can also be tracked in Application Insights. The MDC context values are also included in "customDimensions" so the correlation ID and data partition ID can be tracked.M1 - Release 0.1https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/40uses defaultAzureCredential instead of key for cosmosClient2020-11-05T15:09:48ZAliaksei Darafeyeuuses defaultAzureCredential instead of key for cosmosClientNitin-slbNeelesh ThakurSherman YangAlok JoshiDuvelis CaraoNitin-slbhttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/2User Story 2460: Enhance existing functionalities for pagination in CosmosFaƧ...2020-05-28T02:06:07ZDanielle JacksonUser Story 2460: Enhance existing functionalities for pagination in CosmosFaƧade.javaImplemented pagination for the methods `findAllItems()` and `queryItems()`, and updated unit tests for the two new methodsImplemented pagination for the methods `findAllItems()` and `queryItems()`, and updated unit tests for the two new methodsDanielle JacksonDanielle Jacksonhttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/4User story 2460: Enhance existing functionalities for pagination for cosmosfa...2023-08-18T12:47:08ZNandu MuralidharanUser story 2460: Enhance existing functionalities for pagination for cosmosfacade.javaM1 - Release 0.1Nandu MuralidharanNandu Muralidharanhttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/51Use CoreLogger in Slf4JLogger implementation2023-08-18T12:45:54ZKelly DomicoUse CoreLogger in Slf4JLogger implementation## What is the issue or story related to the change?
-------------------------------------
Use CoreLogger in Slf4JLogger implementation so services that uses the JaxRsDpsLog will automatically log using the new mechanism.
## Test cover...## What is the issue or story related to the change?
-------------------------------------
Use CoreLogger in Slf4JLogger implementation so services that uses the JaxRsDpsLog will automatically log using the new mechanism.
## Test coverage:
------------------
Unit tests are updated and coverage remains the same at 100% class coverage.
## Does this introduce a breaking change?
-------------------------------------
No
## Pending items
----------------
NoneM1 - Release 0.1https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/202Use blob endpoint instead of storage account name2023-08-18T12:43:10ZKrishna Nikhil VedurumudiUse blob endpoint instead of storage account name## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES] I have updated the documentation accordingly.
* [TBD] I have added tests...## All Submissions:
-------------------------------------
* [YES] I have added an explanation of what changes in this merge do and why we should include it?
* [YES] I have updated the documentation accordingly.
* [TBD] I have added tests to cover my changes.
* [YES] All new and existing tests passed.
* [YES] My code follows the code style of this project.
* [YES] I ran lint checks locally prior to submission.
## What is the issue or story related to the change?
-------------------------------------
<!-- Please describe the current behavior that you are modifying, 'or' link to a relevant issue.
Feel free to add references to any design documents you might have shared with the team or any
related MR that you are building on top of. -->
Added ability to Support Partition DNS Storage accounts for Blob Operations.
High level design:
Issue: <!-- Link any __GitLab__ workitem(s) to this pull request. -->
<!-- Please add implementation details of current set of changes and how the code changes are
doing what they are expected to do. Are there any complex loops or designated code blocks that
should be elaborated? Is there some contextual knowledge that the reviewer should be aware of? -->
Change details:
## Test coverage:
------------------
<!-- Mention unit test coverage of changes. -->
## Does this introduce a breaking change?
-------------------------------------
- [YES/NO]
<!-- If this introduces a breaking change, please describe the impact and migration path for existing applications below. -->
## Pending items
----------------
<!-- Are there changes that you'll introduce in upcoming MRs and hence did not add in this one? Next steps of your
feature can also be mentioned here. -->
Unit tests pending. Will update in the Same MR
## Reviewer request
-------------------
- Please provide an ETA when you plan to review this MR. Write a comment to decline or provide an ETA.
- Block the MR if you feel there is less testing or no details in the MR
- Please cover the following aspects in the MR
-- Coding design: _\<Reviewer1>_
-- Backward Compatibility: _\<Reviewer2>_
-- Feature Logic: _\<Logic design\>_
-- _\<Any other context mention here>_
OR
-- _\<Component 1>_: _\<Reviewer1>_
-- _\<CosmosDB>_: _\<Reviewer2>_
-- _\<ServiceBus>_ _\<Reviewer3>_
-- _\<Mention any other component and owner>_
## Other information
-------------------------------------
<!-- Any other information that is important to this MR such as screenshots of how the component looks before and after the change. -->M12 - Release 0.15Krishna Nikhil VedurumudiKrishna Nikhil Vedurumudihttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/182Upgrading core library dependencies2022-01-25T01:08:43ZDavid Diederichd.diederich@opengroup.orgUpgrading core library dependenciesM10 - Release 0.13David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/310Upgrading core common version to utilize the latest redis fix2023-09-19T19:10:40ZDavid Diederichd.diederich@opengroup.orgUpgrading core common version to utilize the latest redis fixThis ~"Direct patch" updates the core common version for the %"M20 - Release 0.23" release. It was not brought in as a ~"Cherry-pick" because the default branch is already at `0.24.0-rc3`, and I didn't want to downgrade it.This ~"Direct patch" updates the core common version for the %"M20 - Release 0.23" release. It was not brought in as a ~"Cherry-pick" because the default branch is already at `0.24.0-rc3`, and I didn't want to downgrade it.M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/165Upgrade vulnerable dependencies according to WhiteSource alerts2023-08-18T12:43:41ZDmitrii GerashchenkoUpgrade vulnerable dependencies according to WhiteSource alertshttps://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/52
---
os-core-common version upgrade after MR: https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/126
---
*...https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/52
---
os-core-common version upgrade after MR: https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/merge_requests/126
---
**os-core-common** was updated according to WhiteSource alerts:
- spring-boot.version: 2.4.[-5-] -> 2.4.[+12+]
- netty-bom.version: 4.1.[-63-].Final -> 4.1.[+70+].Final
- json-smart.version: 2.4.[+7+]
- gson.version: 2.8.[-5-] -> 2.8.[+9+]
---
json-smart was removed from **os-core-lib-azure** pom because the correct version of this dependency is provided by **os-core-common** after the upgrade.
---
**The list of successfully tested related services which will use the upgraded version (there are no significant issues after the upgrade):**
- **os-core-lib-azure:** https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/165
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/pipelines/78303
- <details><summary>screenshot</summary>![image](https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/uploads/82880ba928b00ea4c818be51f85b98c3/image.png)</details>
- **entitlements:** https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/merge_requests/149
- Successful pipeline: https://community.opengroup.org/osdu/platform/security-and-compliance/entitlements/-/pipelines/78617
- <details><summary>screenshot</summary>![image](https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/uploads/dbc61f0c520940573216fadc95e8139b/image.png)</details>
- **partition:** https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/117
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/partition/-/pipelines/78619
- <details><summary>screenshot</summary>![image](https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/uploads/d91211a3c37afc4c67ccae470f2d25f0/image.png)</details>
- **unit-service:** https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/merge_requests/115
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/reference/unit-service/-/pipelines/78626
- <details><summary>screenshot</summary>![image](https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/uploads/7926b86b814facd4c73e4ea8193d9dab/image.png)</details>
- **crs-conversion-service:** https://community.opengroup.org/osdu/platform/system/reference/crs-conversion-service/-/merge_requests/90
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/reference/crs-conversion-service/-/pipelines/78526
- <details><summary>screenshot</summary>![image](https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/uploads/61042606d00ce9a25ae9031e6c7b9807/image.png)</details>
- **crs-catalog-service:** https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/78
- Successful pipeline: https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/pipelines/78351
- <details><summary>screenshot</summary>![image](https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/uploads/163f01078184ea08263abbcb4cd4da50/image.png)</details>
Part of the #14 seriesM10 - Release 0.13Dmitrii GerashchenkoDmitrii Gerashchenkohttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/314Upgrade sb library to latest version2023-11-29T16:03:36ZAlok JoshiUpgrade sb library to latest versionUse latest version of [azure-servicebus](https://mvnrepository.com/artifact/com.microsoft.azure/azure-servicebus). We are seeing an **intermittent** issue with delete subscription workflow where the client connection for the deleted subs...Use latest version of [azure-servicebus](https://mvnrepository.com/artifact/com.microsoft.azure/azure-servicebus). We are seeing an **intermittent** issue with delete subscription workflow where the client connection for the deleted subscription is not being properly closed. The connection close action happens [here ](https://community.opengroup.org/osdu/platform/system/notification/-/blob/master/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/messageBus/SubscriptionManagerImpl.java?ref_type=heads#L129) for Notification service. The issue we see that the client connection is still open (thus, message pump still being attempted; a lot of exception entries from [this](https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/blob/master/src/main/java/org/opengroup/osdu/azure/servicebus/AbstractMessageHandler.java?ref_type=heads#L83)) even after close is "successful" ([logger info](https://community.opengroup.org/osdu/platform/system/notification/-/blob/master/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/messageBus/SubscriptionManagerImpl.java?ref_type=heads#L130) can be seen in Appinsights logs). This is causing an explosion in exception logs, making it expensive. This upgrade hopefully fixes the issue with client connection closing.
We are also working on creating a support ticket with MSFT about the issue and another Gitlab issue to [migrate](https://aka.ms/azsdk/java/migrate/sb) to the suggested SB library.M22 - Release 0.25Alok JoshiAlok Joshihttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/101Upgrade os-core-common library2023-08-18T12:44:45ZRostislav Vatolinvatolinrp@gmail.comUpgrade os-core-common libraryUpgraded library os-core-common to 0.9.0-rc13 so latest changes related to elasticsearch libraries are applied.
The latest version of os-core-common has ILogger interface updated: included debug methods. Having that, the new methods were...Upgraded library os-core-common to 0.9.0-rc13 so latest changes related to elasticsearch libraries are applied.
The latest version of os-core-common has ILogger interface updated: included debug methods. Having that, the new methods were implemented in Slf4JLogger class.
The new library was tested with the following service: crs-catalog-service: https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/47M6 - Release 0.9https://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/214Upgrade Jackson Databind Version2022-06-08T20:32:23ZDavid Diederichd.diederich@opengroup.orgUpgrade Jackson Databind VersionThis MR upgrades the Jackson Databind version to address [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518).
In this case, version 2.13.2 was being selected automatically. That version was still vulnerable, though the Tag...This MR upgrades the Jackson Databind version to address [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518).
In this case, version 2.13.2 was being selected automatically. That version was still vulnerable, though the Tagging Notes didn't catch it (because it coerces versions into a triplet).
### Dependency Information After the Upgrade
```
Branch: upgrade-jackson-databind
SHA: 7cde780c48d07eec1131a99fa4859c4af3df6b58
Maven: 0.16.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| os-core-common | 0.15.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |M12 - Release 0.15David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/azure/os-core-lib-azure/-/merge_requests/313Upgrade First Party Library Dependencies for Release 0.242023-10-13T17:57:09ZChad LeongUpgrade First Party Library Dependencies for Release 0.24This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 22b373a3bec786c96cedfa9a39bae0de487c289b
Maven: 0.24.0-SNAPSHOT
```
```
No Maven dependencies to show. (No first-party dependencies, and all third-party dependencies are hidden)
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 506d58b8d9f7283b02fbf8e2d38bbbca2fa869f2
Maven: 0.24.0-SNAPSHOT
```
```
No Maven dependencies to show. (No first-party dependencies, and all third-party dependencies are hidden)
```M21 - Release 0.24