Skip to content

Remove SNAPSHOT dependencies

David Diederich requested to merge snapshot-removal into main

This automated MR removes usage of SNAPSHOT versions in the first party library dependencies. Since SNAPSHOT dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.

Dependency Information Before the Upgrade

Branch: main
SHA:    3b1e6bb3e28c60f8e830fe7e5a1915879c7875b6
Maven:  0.26.0-SNAPSHOT
Maven Dependencies Root testing/
os-core-common 0.23.0 0.23.0
os-osm-core 0.25.0-rc3 0.25.0-SNAPSHOT
os-osm-test-core 0.25.0-SNAPSHOT
(3rd Party) org.yaml.snakeyaml 1.30 2.0
Critical: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
└─ org.opengroup.osdu.gc-osm-datastore == 0.26.0-SNAPSHOT
└─ org.opengroup.osdu.os-osm-core == 0.25.0-rc3
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30

Dependency Information After the Upgrade

Branch: snapshot-removal
SHA:    d77e93baad4a03767e30a9db1847b11c9921b0fd
Maven:  0.26.0-SNAPSHOT
Maven Dependencies Root testing/
os-core-common 0.23.0 0.23.0
os-osm-core 0.25.0-rc5 0.25.0-SNAPSHOT
os-osm-test-core 0.25.0-rc5
(3rd Party) org.yaml.snakeyaml 1.30 2.0
Critical: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
   └─ org.opengroup.osdu.gc-osm-datastore == 0.26.0-SNAPSHOT
      └─ org.opengroup.osdu.os-osm-core == 0.25.0-rc5
         └─ org.opengroup.osdu.os-core-common == 0.23.0
            └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
               └─ org.springframework.boot.spring-boot-starter == 2.7.7
                  └─ org.yaml.snakeyaml == 1.30
Edited by David Diederich

Merge request reports

Loading