OS Core Lib IBM merge requestshttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests2021-07-20T08:37:47Zhttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/19Resolve "Add Release Pipeline Logic" [no rc]2021-07-20T08:37:47ZDavid Diederichd.diederich@opengroup.orgResolve "Add Release Pipeline Logic" [no rc]Closes #1
See osdu/platform&9 for more details.
## MR's Raison d'être
This MR adds in the automated release candidate logic. Whenever a change is made on the default branch (almost always due to merging an MR), the resulting pipeline...Closes #1
See osdu/platform&9 for more details.
## MR's Raison d'être
This MR adds in the automated release candidate logic. Whenever a change is made on the default branch (almost always due to merging an MR), the resulting pipeline will create a new detached commit, set the pom version to `0.10.0-rcN` (where N is a simple counter), and apply a tag. This allows services that need this change to depend on the RC version, which will not change as additional features are developed and merged into the default branch (unlike the SNAPSHOT dependency, which does change frequently).
Note that if the commit message contains `[no rc]`, then this process is skipped for that commit. Adding `[no rc]` to the MR title is one way to inject it into the merge commit message. This is useful for changes / improvements that aren't immediately demanded by another service; such as refactors, bug-fixes, build system updates, etc.
While release candidate branches allow services to upgrade through the core libraries at their own pace *during development*, all services will need to upgrade to the latest released library during the release process.
## Housekeeping Updates
### FOSSA Update
This MR also updates the FOSSA attributions, since these need to be kept up to date on every MR.
### Update Deprecated Pipeline Includes
This MR also updates the `.gitlab-ci.yml` file to use the newer pipeline includes, rather than relying on deprecated includes that mimic old behavior. These housekeeping updates should be done regularly on MRs when they are discovered so the old CI include files can be deleted and no longer supported.M7 - Release 0.10David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/27Updating OSDU dependencies to latest release2021-08-28T08:51:33ZDavid Diederichd.diederich@opengroup.orgUpdating OSDU dependencies to latest releaseM8 - Release 0.11David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/31delted Proxyutil class2021-09-17T12:05:41ZShrikant Gargdelted Proxyutil classdeleting proxyutil class for test folderdeleting proxyutil class for test folderM9 - Release 0.12Shrikant GargShrikant Garghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/34Upgrade OSDU dependencies2021-10-22T02:10:40ZDavid Diederichd.diederich@opengroup.orgUpgrade OSDU dependenciesM9 - Release 0.12David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/42Cherry-pick log4j updates to release branch2021-12-20T20:18:09ZDavid Diederichd.diederich@opengroup.orgCherry-pick log4j updates to release branchOriginal MR: !41
Part of the #3 seriesOriginal MR: !41
Part of the #3 seriesDavid Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/45Resolve "Upgrade to Log4J 2.17.1 to address CVE-2021-44832"2022-01-18T19:13:02ZDavid Diederichd.diederich@opengroup.orgResolve "Upgrade to Log4J 2.17.1 to address CVE-2021-44832"Closes #4Closes #4M10 - Release 0.13David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/46Upgrading core library dependencies2022-01-25T14:42:30ZDavid Diederichd.diederich@opengroup.orgUpgrading core library dependenciesM10 - Release 0.13David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/47Upgrade First Party Library Dependencies for Release 0.142022-03-28T23:34:54ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.14This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 73c1f37e0dfe9b1ad89ad9502a849b3e1c063938
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------ | ------ |
| os-core-common | 0.13.0 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 070b7e5969e9713575da7310f34e2a9a5c143965
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------ | ------ |
| os-core-common | 0.14.0 |M11 - Release 0.14https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/51databind fix2022-05-31T05:23:28ZShrikant Gargdatabind fixupdating core-common so that if picks latest jackson databind versionupdating core-common so that if picks latest jackson databind versionM12 - Release 0.15Shrikant GargShrikant Garghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/52Upgrade First Party Library Dependencies for Release 0.152022-06-01T04:45:34ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.15This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 9a113c2d5fb4a37e2f91ce0f1552bf112870b835
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------ | ---------- |
| os-core-common | 0.15.0-rc6 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 828b9f9c387f7bff31b6772369aded97f014b84a
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------ | ------ |
| os-core-common | 0.15.0 |M12 - Release 0.15https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/53Upgrade Jackson Databind Version2022-06-08T20:33:45ZDavid Diederichd.diederich@opengroup.orgUpgrade Jackson Databind VersionThis MR upgrades the Jackson Databind version to address [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518).
In this case, version 2.13.2 was being selected automatically. That version was still vulnerable, though the Tag...This MR upgrades the Jackson Databind version to address [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518).
In this case, version 2.13.2 was being selected automatically. That version was still vulnerable, though the Tagging Notes didn't catch it (because it coerces versions into a triplet).
### Dependency Information After the Upgrade
```
Branch: upgrade-jackson-databind
SHA: d2923b9f8aff20fcbed4af1652074ff529c50ec3
Maven: 0.16.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| os-core-common | 0.15.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |M12 - Release 0.15David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/60Upgrade First Part Library Dependencies for Release 0.162022-08-05T07:44:45ZDavid Diederichd.diederich@opengroup.orgUpgrade First Part Library Dependencies for Release 0.16This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 201af92a1d8f3a9ba39b5841bf8001915caf3973
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| os-core-common | 0.15.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: ec49a22c2e20bc98e8b455c24b5c5d15508e9e80
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| os-core-common | 0.16.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |M13 - Release 0.16https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/64revert back to previous mvc version2022-08-11T20:03:46ZAshwani Pandeyrevert back to previous mvc versionrevert back to previous mvc versionrevert back to previous mvc versionM14 - Release 0.17Ashwani PandeyAshwani Pandeyhttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/57Update NOTICE2022-09-15T23:36:51ZAnuj GuptaUpdate NOTICEM12 - Release 0.15Anuj GuptaAnuj Guptahttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/55added configurable non breaking fix for http endpoint for keycloak2022-09-15T23:37:05ZAnuj Guptaadded configurable non breaking fix for http endpoint for keycloakadded configurable non breaking fix for http endpoint for keycloak @bhushanradeadded configurable non breaking fix for http endpoint for keycloak @bhushanradeM12 - Release 0.15Anuj GuptaAnuj Guptahttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/65Upgrade First Party Library Dependencies for Release 0.172022-10-01T04:49:19ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.17This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 0fadbd81c88e0df485bd2271fd08341afb8d8285
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| os-core-common | 0.16.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.12 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.os-core-lib-ibm == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.16.0
└─ org.springframework.spring-webmvc == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 34f00148c2a3099ddffb7705def190efc1e250cd
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| os-core-common | 0.17.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 |M14 - Release 0.17https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/66Upgrading core common and snakeyaml version2022-11-15T19:50:39ZAshwani PandeyUpgrading core common and snakeyaml versionupgrading snakeyaml version for below issue:
https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/issues/5upgrading snakeyaml version for below issue:
https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/issues/5M15 - Release 0.18Ashwani PandeyAshwani Pandeyhttps://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/67Update FOSSA NOTICE2022-12-04T08:35:52ZDavid Diederichd.diederich@opengroup.orgUpdate FOSSA NOTICEThis MR updates the attribution file for the project (also known as the `NOTICE` file).
It is important to keep this up to date to satisfy legal requirements of dependency licenses.
We use FOSSA as the tool to scan for and detect these ...This MR updates the attribution file for the project (also known as the `NOTICE` file).
It is important to keep this up to date to satisfy legal requirements of dependency licenses.
We use FOSSA as the tool to scan for and detect these changes.M15 - Release 0.18https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/68Upgrade First Party Library Dependencies for Release 0.182022-12-08T06:55:54ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.18This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: e12b3a2007759542d4c7ea0289a231bcde1225ad
Maven: 0.19.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | ---------- |
| os-core-common | 0.18.0-rc3 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 2123d545eb1a65320de57ce76916b010ed7c104f
Maven: 0.19.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| os-core-common | 0.18.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 |M15 - Release 0.18https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/merge_requests/69Cherry-pick 'Upgrade First Party Library Dependencies for Release 0.18' into ...2022-12-08T17:30:03ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Upgrade First Party Library Dependencies for Release 0.18' into release/0.18**Original MR**: !68
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporatin...**Original MR**: !68
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/lib/cloud/ibm/os-core-lib-ibm/-/pipelines/new?ref=cherry-pick-for-68)M15 - Release 0.18David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.org