Notification merge requestshttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests2024-03-27T15:47:26Zhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/496Draft: Solxget/test2024-03-27T15:47:26ZSolomon AyalewDraft: Solxget/test## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/490Solxget spring6 22024-03-27T15:48:03ZSolomon AyalewSolxget spring6 2M23 - Release 0.26https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/489Draft: Solxget spring6 12024-03-27T15:48:59ZSolomon AyalewDraft: Solxget spring6 1Upgrade to SpringUpgrade to SpringM23 - Release 0.26https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/474Notification updated ibm lib version2023-12-28T10:13:08ZIsha KumariNotification updated ibm lib versionNotification updated ibm lib versionNotification updated ibm lib versionM22 - Release 0.25Isha KumariIsha Kumarihttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/468Full Upgrade of First Party Library Dependencies for Release 0.252023-12-17T13:44:22ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.25This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Branch: master
SHA: cdb1a03cde94db5e3d5ea40b5261765e8b466732
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ | testing/notification-test-aws/build-aws/push-endpoint/ |
| --------------------------------------------------- | --------------- | ------------------ | ------------------------------------------------------ |
| core-lib-azure | 0.25.0-rc2 | 0.25.0-rc1 | |
| core-lib-gc | 0.24.0 | | |
| core-test-lib-gcp | | 0.0.2 | |
| os-core-lib-aws | 0.25.0-rc3 | 0.25.0-rc3 | |
| oqm | 0.24.0 | | |
| os-core-common | 0.25.0-rc2 | 0.25.0-rc2, 0.24.0 | 0.25.0-rc2 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.30, 5.3.13 | 5.3.30, 5.3.22 | 6.0.12 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0, 1.33 | 1.30, 1.27, 2.0 | 1.33 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.26
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-gc == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.notification-core == 0.26.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.26.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.26.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
├─ testing/
│ ├─ org.opengroup.osdu.notification.notification-test-core == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-azure == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.25.0-rc1
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.27
│ ├─ org.opengroup.osdu.notification-test-gc == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-aws == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.25.0-rc3
│ │ └─ org.opengroup.osdu.os-core-common == 0.24.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.notification-test-baremetal == 0.26.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/notification-test-aws/build-aws/push-endpoint/
└─ org.example.notification-push-endpoint == 0.26.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-security == 3.1.4
└─ org.springframework.boot.spring-boot-starter == 3.1.4
└─ org.yaml.snakeyaml == 1.33
```
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.notification-aws == 0.26.0-SNAPSHOT
└─ org.springframework.spring-webmvc == 5.3.13
```
### Dependency Information After the Upgrade
```
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Branch: dependency-upgrade
SHA: c35d68461de58181bdbee35ca444ca33cd5faac7
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ | testing/notification-test-aws/build-aws/push-endpoint/ |
| --------------------------------------------------- | --------------- | --------------- | ------------------------------------------------------ |
| core-lib-azure | 0.25.0 | 0.25.0 | |
| core-lib-gc | 0.25.0 | | |
| core-test-lib-gcp | | 0.0.2 | |
| os-core-lib-aws | 0.25.0 | 0.25.0 | |
| oqm | 0.25.0 | | |
| os-core-common | 0.25.0 | 0.25.0 | 0.25.0 |
| os-core-lib-ibm | 0.25.0 | 0.25.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.30, 5.3.13 | 5.3.30, 6.0.14 | 6.0.12 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0, 1.33 | 1.30, 1.27, 2.0 | 1.33 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.26
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-gc == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.notification-core == 0.26.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.26.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.26.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
├─ testing/
│ ├─ org.opengroup.osdu.notification.notification-test-core == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-azure == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.25.0
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.27
│ ├─ org.opengroup.osdu.notification-test-gc == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-aws == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.25.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.notification-test-baremetal == 0.26.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.25.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/notification-test-aws/build-aws/push-endpoint/
└─ org.example.notification-push-endpoint == 0.26.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-security == 3.1.4
└─ org.springframework.boot.spring-boot-starter == 3.1.4
└─ org.yaml.snakeyaml == 1.33
```
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.notification-aws == 0.26.0-SNAPSHOT
└─ org.springframework.spring-webmvc == 5.3.13
```M23 - Release 0.26https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/456Fix some recurring Trivy vulnerabilities.2023-12-06T16:38:25ZDerek HudsonFix some recurring Trivy vulnerabilities.## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES]
## Does this introduce a change in the cloud prov...## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
Increased version number, expecting lower vulnerabilities.
## What is the new/expected behavior?
Same behavior, fewer vulnerabilities.
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationM22 - Release 0.25Yong ZengDerek HudsonYong Zenghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/453adding logs in master2023-11-20T06:07:09ZHarshika Dhootadding logs in master## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationHarshika DhootHarshika Dhoothttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/450Cherry-pick 'Solxget/java 17 test' into release/0.242023-10-23T07:54:58ZChad LeongCherry-pick 'Solxget/java 17 test' into release/0.24**Original MR**: !438
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !438
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/notification/-/pipelines/new?ref=cherry-pick-for-438)M21 - Release 0.24David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/449Cherry-pick 'Solxget/java 17 test' into release/0.242023-10-20T08:27:04ZChad LeongCherry-pick 'Solxget/java 17 test' into release/0.24**Original MR**: !438
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !438
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/notification/-/pipelines/new?ref=cherry-pick-for-438)M21 - Release 0.24David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/446Cherry-pick 'Solxget/java 17 test' into release/0.242023-10-19T10:14:48ZChad LeongCherry-pick 'Solxget/java 17 test' into release/0.24**Original MR**: !438
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !438
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/notification/-/pipelines/new?ref=cherry-pick-for-438)M21 - Release 0.24David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/431Upgrade First Party Library Dependencies for Release 0.232023-09-29T06:45:30ZChad LeongUpgrade First Party Library Dependencies for Release 0.23This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: ad71d5f646ff0ef41b0c8d34622fa08523a42efd
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ------------------ | ------------------------ |
| core-lib-azure | 0.21.0 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| oqm | 0.21.0 | |
| os-core-common | 0.19.0-rc6, 0.21.0 | 0.3.4, 0.3.6, 0.22.0-rc4 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.17.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.1.9.RELEASE, 5.3.24 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 2.0 | 1.23, 1.27, 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-core == 0.24.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-gc == 0.24.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.21.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.4
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│ └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-ibm == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│ └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-baremetal == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: ad71d5f646ff0ef41b0c8d34622fa08523a42efd
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ------------------ | ------------------------ |
| core-lib-azure | 0.21.0 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| oqm | 0.21.0 | |
| os-core-common | 0.19.0-rc6, 0.21.0 | 0.3.4, 0.3.6, 0.22.0-rc4 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.17.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.1.9.RELEASE, 5.3.24 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 2.0 | 1.23, 1.27, 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-core == 0.24.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-gc == 0.24.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.21.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.4
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│ └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-ibm == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│ └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-baremetal == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23
```M20 - Release 0.23https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/414Upgrade First Party Library Dependencies for Release 0.222023-07-18T07:07:00ZChad LeongUpgrade First Party Library Dependencies for Release 0.22This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 79d13ec110de7fe77f1891b227a856824956aa95
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ------------------ | ---------------------- |
| core-lib-azure | 0.21.0 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| oqm | 0.21.0 | |
| os-core-common | 0.19.0-rc6, 0.21.0 | 0.3.4, 0.3.6, 0.21.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.17.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.1.9.RELEASE, 5.3.24 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 2.0 | 1.23, 1.27, 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-core == 0.23.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-gc == 0.23.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.21.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.23.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.23.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.4
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│ └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-ibm == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│ └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-baremetal == 0.23.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 6cf744dd61ee9bc229d8ed169dcc4c441a627dd8
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ------------------ | ---------------------- |
| core-lib-azure | 0.22.0 | 0.12.0-rc10 |
| core-lib-gc | 0.22.1 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| oqm | 0.22.0 | |
| os-core-common | 0.19.0-rc6, 0.22.0 | 0.3.4, 0.3.6, 0.22.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1, 2.17.2 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.17.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.1.9.RELEASE, 5.3.24 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 2.0 | 1.23, 1.27, 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-core == 0.23.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-gc == 0.23.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.22.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.23.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.23.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.4
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│ └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.22.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-ibm == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│ └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-baremetal == 0.23.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23
```M19 - Release 0.22Jayesh BagulJayesh Bagulhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/409Draft: CG Vulnerability Fix2023-07-04T17:58:17ZKamalika SahaDraft: CG Vulnerability Fix## Type of change
- [ ] Bug Fix
- [ ] Feature
- [x] Vulnerability Fix
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce...## Type of change
- [ ] Bug Fix
- [ ] Feature
- [x] Vulnerability Fix
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [x] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationKamalika SahaKamalika Sahahttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/406Draft: Cg fix undertow2023-12-08T15:20:48ZNaga Aneesh MylavarapuDraft: Cg fix undertow## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/405Added logs2023-08-09T08:34:49ZRiabokon Stanislav(EPAM)[GCP]Added logs## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationRiabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/392Draft: Test/pipeline2023-12-08T15:20:49ZMahsa HanifiDraft: Test/pipeline## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationMahsa HanifiMahsa Hanifihttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/377Modify the version for spingdoc and name2023-04-25T23:42:19ZVaibhavi KamaniModify the version for spingdoc and nameModify the version for spingdoc and name.Modify the version for spingdoc and name.Vaibhavi KamaniVaibhavi Kamanihttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/376Added exchange existence validation on service start (GONRG-6705)2023-04-21T11:18:15ZRiabokon Stanislav(EPAM)[GCP]Added exchange existence validation on service start (GONRG-6705)## Type of change
- [X] Bug Fix
- [ ] Feature
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [X] Google Cloud...## Type of change
- [X] Bug Fix
- [ ] Feature
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [X] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the new/expected behavior?
Added exchange existence validation on service startM18 - Release 0.21Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/369Full Upgrade of First Party Library Dependencies for Release 0.202023-05-22T15:50:25ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.20This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: c90ffd91938b16d47f7037f8c3afb15c396aab99
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ---------- | -------------- |
| core-lib-azure | 0.19.0-rc8 | 0.12.0-rc10 |
| core-lib-gcp | 0.20.0-rc1 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.21.0-rc1 | 0.14.0-rc2 |
| obm | 0.19.0 | |
| oqm | 0.19.0 | |
| os-core-common | 0.19.0-rc6 | 0.3.4, 0.3.6 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| osm | 0.20.0-rc2 | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.1.9.RELEASE |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33 | 1.23, 1.27 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.9
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.9
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.9
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.0
│ │ └─ com.fasterxml.jackson.dataformat.jackson-dataformat-yaml == 2.13.4
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-core == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-gc == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.19.0-rc6
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-azure == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.19.0-rc8
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-ibm == 0.21.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.21.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.4
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│ └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│ └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 9c87f102a8a3475be8b04e54ad05f69b23a05fc3
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | --------------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.20.0 | |
| core-test-lib-gcp | | 0.20.0 |
| os-core-lib-aws | 0.21.0-rc2 | 0.21.0-rc2 |
| obm | 0.20.0 | |
| oqm | 0.20.0 | |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| osm | 0.20.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0, 1.33 | 1.30, 1.27, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.9
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.9
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.9
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.0
│ │ └─ com.fasterxml.jackson.dataformat.jackson-dataformat-yaml == 2.13.4
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-gc == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.notification-ibm == 0.21.0-SNAPSHOT
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-azure == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.20.0
│ └─ org.redisson.redisson == 3.15.3
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-aws == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0-rc2
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.notification-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.20.1
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```M18 - Release 0.21Srinivasan NarayananSrinivasan Narayananhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/367ReadOnlyRootFileSystem changes for AWS2023-04-06T23:08:47ZAbhay JoshiReadOnlyRootFileSystem changes for AWS## Type of change
- [ ] Bug Fix
- [ X] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
NO
## Does this introduce a change in the clou...## Type of change
- [ ] Bug Fix
- [ X] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
NO
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ X] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
No
## What is the current behavior?
System can write to AWS service pod
## What is the new/expected behavior?
System cannot write to AWS service pod
## Have you added/updated Unit Tests and Integration Tests?
No
## Any other useful informationM18 - Release 0.21Okoun-Ola Fabien HouetoAbhay JoshiOkoun-Ola Fabien Houeto