Remove SNAPSHOT dependencies
This automated MR removes usage of SNAPSHOT versions in the first party library dependencies.
Since SNAPSHOT dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
Dependency Information Before the Upgrade
Branch: main
SHA: 31c471ae1ae5b41102d6af1d9b9eee1858429716
Maven: 0.26.0-SNAPSHOT| Maven Dependencies | Root | testing/ |
|---|---|---|
| os-core-common | 0.23.0 | 0.23.0 |
| os-obm-core | 0.25.0-rc2 | 0.25.0-SNAPSHOT |
| os-obm-test-core | 0.25.0-SNAPSHOT | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.1 | 2.12.3 |
| (3rd Party) org.yaml.snakeyaml | 1.30 | 1.30 |
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ └─ org.opengroup.osdu.gc-obm-gs == 0.26.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-obm-core == 0.25.0-rc2
│ └─ org.opengroup.osdu.os-core-common == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
└─ org.opengroup.osdu.gc-obm-test-gs == 0.26.0-SNAPSHOT
└─ org.opengroup.osdu.os-obm-test-core == 0.25.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-test == 2.7.15
└─ org.springframework.boot.spring-boot-starter == 2.7.15
└─ org.yaml.snakeyaml == 1.30Dependency Information After the Upgrade
Branch: snapshot-removal
SHA: d2bc02089ef01fc39d12de7768dca0b520ba2e4a
Maven: 0.26.0-SNAPSHOT| Maven Dependencies | Root |
|---|---|
| os-core-common | 0.23.0 |
| os-obm-core | 0.25.0-rc2 |
| (3rd Party) org.yaml.snakeyaml | 1.30 |
Critical: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
└─ org.opengroup.osdu.gc-obm-gs == 0.26.0-SNAPSHOT
└─ org.opengroup.osdu.os-obm-core == 0.25.0-rc2
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30