Skip to content

Remove SNAPSHOT dependencies

David Diederich requested to merge dependency-upgrade into main

This automated MR removes usage of SNAPSHOT versions in the first party library dependencies. Since SNAPSHOT dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.

Dependency Information Before the Upgrade

Branch: main
SHA:    44d5710aa1c9c0ccea74f707dad9f75c5170186d
Maven:  0.27.0-SNAPSHOT
Maven Dependencies Root
os-core-common 0.23.0
os-oqm-core 0.25.0-SNAPSHOT
(3rd Party) org.yaml.snakeyaml 1.30 
Warning: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
   └─ org.opengroup.osdu.gc-oqm-pubsub == 0.27.0-SNAPSHOT
      └─ org.opengroup.osdu.os-oqm-core == 0.25.0-SNAPSHOT
         └─ org.opengroup.osdu.os-core-common == 0.23.0
            └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
               └─ org.springframework.boot.spring-boot-starter == 2.7.7
                  └─ org.yaml.snakeyaml == 1.30

Dependency Information After the Upgrade

Branch: dependency-upgrade
SHA:    8bc7729e5bb34847f5e9a614eef5cc6972b5b00d
Maven:  0.27.0-SNAPSHOT
Maven Dependencies Root
os-core-common 0.23.0
os-oqm-core 0.26.0
(3rd Party) org.yaml.snakeyaml 1.30 
Warning: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
   └─ org.opengroup.osdu.gc-oqm-pubsub == 0.27.0-SNAPSHOT
      └─ org.opengroup.osdu.os-oqm-core == 0.26.0
         └─ org.opengroup.osdu.os-core-common == 0.23.0
            └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
               └─ org.springframework.boot.spring-boot-starter == 2.7.7
                  └─ org.yaml.snakeyaml == 1.30

Merge request reports