Remove SNAPSHOT dependencies
This automated MR removes usage of SNAPSHOT versions in the first party library dependencies.
Since SNAPSHOT dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
Dependency Information Before the Upgrade
Branch: main
SHA: 3b1e6bb3e28c60f8e830fe7e5a1915879c7875b6
Maven: 0.26.0-SNAPSHOT| Maven Dependencies | Root | testing/ |
|---|---|---|
| os-core-common | 0.23.0 | 0.23.0 |
| os-osm-core | 0.25.0-rc3 | 0.25.0-SNAPSHOT |
| os-osm-test-core | 0.25.0-SNAPSHOT | |
| (3rd Party) org.yaml.snakeyaml | 1.30 | 2.0 |
Critical: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
└─ org.opengroup.osdu.gc-osm-datastore == 0.26.0-SNAPSHOT
└─ org.opengroup.osdu.os-osm-core == 0.25.0-rc3
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30Dependency Information After the Upgrade
Branch: snapshot-removal
SHA: d77e93baad4a03767e30a9db1847b11c9921b0fd
Maven: 0.26.0-SNAPSHOT| Maven Dependencies | Root | testing/ |
|---|---|---|
| os-core-common | 0.23.0 | 0.23.0 |
| os-osm-core | 0.25.0-rc5 | 0.25.0-SNAPSHOT |
| os-osm-test-core | 0.25.0-rc5 | |
| (3rd Party) org.yaml.snakeyaml | 1.30 | 2.0 |
Critical: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
└─ org.opengroup.osdu.gc-osm-datastore == 0.26.0-SNAPSHOT
└─ org.opengroup.osdu.os-osm-core == 0.25.0-rc5
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30Edited by David Diederich