Notification merge requestshttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests2022-01-11T13:22:18Zhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/91Draft: Resolve "Upgrade Core Common Dependency"2022-01-11T13:22:18ZDavid Diederichd.diederich@opengroup.orgDraft: Resolve "Upgrade Core Common Dependency"Closes #26
See osdu/platform&9 for more details.
## MR's Raison d'être
This MR updates the core common dependency to use the latest released version of the library. Keeping our library usage at the latest helps avoid subtle incompati...Closes #26
See osdu/platform&9 for more details.
## MR's Raison d'être
This MR updates the core common dependency to use the latest released version of the library. Keeping our library usage at the latest helps avoid subtle incompatibility bugs from creeping in, and ensures that all Data Platform code is staying current with bug fixes and performance improvements in the core libraries.
*Dependency Table, after the application of this MR's changes*
| Maven Dependencies | _Root POM_ | testing/ |
| ------------------------ | -------------- | -------- |
| os-core-common | 0.9.0 | 0.9.0 |
| core-lib-gcp | 0.9.0-SNAPSHOT | |
| core-lib-azure | 0.9.0 | 0.0.22 |
| os-core-lib-ibm | 0.7.0 | 0.7.0 |
| core.aws.os-core-lib-aws | 0.9.0 | 0.3.16 |
| core-test-lib-gcp | | 0.0.2 |
## Housekeeping Updates
### FOSSA Update
This MR also updates the FOSSA attributions, since these need to be kept up to date on every MR. Changes are expected whenever the library dependencies are updated.
### Update Deprecated Pipeline Includes
This MR also updates the `.gitlab-ci.yml` file to use the newer pipeline includes, rather than relying on deprecated includes that mimic old behavior. These housekeeping updates should be done regularly on MRs when they are discovered so the old CI include files can be deleted and no longer supported.
### Remove Direct References to 'master'
This MR removes hard-coded references to `master`. Instead, the default branch is used by not specifying a branch in the CI includes. This will easy future transition to different branch names.M7 - Release 0.10David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/48Draft: skipping authZ for Handshake request2021-01-15T08:14:50ZKomal MakkarDraft: skipping authZ for Handshake requestskipping authz as it is deeply coupled with partition information and pubsub handshake request doesn't carry that.skipping authz as it is deeply coupled with partition information and pubsub handshake request doesn't carry that.https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/489Draft: Solxget spring6 12024-03-27T15:48:59ZSolomon AyalewDraft: Solxget spring6 1Upgrade to SpringUpgrade to SpringM23 - Release 0.26https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/496Draft: Solxget/test2024-03-27T15:47:26ZSolomon AyalewDraft: Solxget/test## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/74Draft: temp2021-04-30T14:45:04ZMANISH KUMARDraft: temphttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/392Draft: Test/pipeline2023-12-08T15:20:49ZMahsa HanifiDraft: Test/pipeline## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationMahsa HanifiMahsa Hanifihttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/82Draft: Trusted optimize logging2021-05-24T10:04:10ZYauheni LesnikauDraft: Trusted optimize loggingYauheni LesnikauYauheni Lesnikauhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/302Draft : Update DataNotification.md2022-12-22T18:01:40Zpreeti singh[Microsoft]Draft : Update DataNotification.md## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/357Draft: Vulnerability Fixes For Notification Service2023-04-04T09:43:31ZKamalika SahaDraft: Vulnerability Fixes For Notification Service## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [x] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationKamalika SahaKamalika Sahahttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/362Dummy to check Azure Code coverage dependency2023-10-11T16:19:58ZShreya ShahDummy to check Azure Code coverage dependency## Overview
To check azure code coverage dependency changes were successful or not
## References
https://community.opengroup.org/osdu/platform/ci-cd-pipelines/-/merge_requests/884## Overview
To check azure code coverage dependency changes were successful or not
## References
https://community.opengroup.org/osdu/platform/ci-cd-pipelines/-/merge_requests/884Shreya ShahShreya Shahhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/360Dummy to check Azure Code coverage dependency2023-04-11T10:17:05ZShreya ShahDummy to check Azure Code coverage dependency##Overview
To check azure code coverage dependency changes were successful or not
##References
https://community.opengroup.org/osdu/platform/ci-cd-pipelines/-/merge_requests/882##Overview
To check azure code coverage dependency changes were successful or not
##References
https://community.opengroup.org/osdu/platform/ci-cd-pipelines/-/merge_requests/882Shreya ShahShreya Shahhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/456Fix some recurring Trivy vulnerabilities.2023-12-06T16:38:25ZDerek HudsonFix some recurring Trivy vulnerabilities.## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES]
## Does this introduce a change in the cloud prov...## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
Increased version number, expecting lower vulnerabilities.
## What is the new/expected behavior?
Same behavior, fewer vulnerabilities.
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationM22 - Release 0.25Yong ZengDerek HudsonYong Zenghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/328Fix spring vulnerabilities2023-01-18T19:56:30ZManish JangidFix spring vulnerabilities## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]Yes
## Does this introduce a change in the clou...## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]Yes
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [X] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO] No
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/143fix whitesource vulnerabilities2021-12-15T16:39:30ZYauheni Lesnikaufix whitesource vulnerabilitiesYauheni LesnikauYauheni Lesnikauhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/369Full Upgrade of First Party Library Dependencies for Release 0.202023-05-22T15:50:25ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.20This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: c90ffd91938b16d47f7037f8c3afb15c396aab99
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ---------- | -------------- |
| core-lib-azure | 0.19.0-rc8 | 0.12.0-rc10 |
| core-lib-gcp | 0.20.0-rc1 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.21.0-rc1 | 0.14.0-rc2 |
| obm | 0.19.0 | |
| oqm | 0.19.0 | |
| os-core-common | 0.19.0-rc6 | 0.3.4, 0.3.6 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| osm | 0.20.0-rc2 | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.1.9.RELEASE |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33 | 1.23, 1.27 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.9
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.9
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.9
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.0
│ │ └─ com.fasterxml.jackson.dataformat.jackson-dataformat-yaml == 2.13.4
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-core == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-gc == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.19.0-rc6
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-azure == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.19.0-rc8
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-ibm == 0.21.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.21.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.4
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│ └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│ └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 9c87f102a8a3475be8b04e54ad05f69b23a05fc3
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | --------------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.20.0 | |
| core-test-lib-gcp | | 0.20.0 |
| os-core-lib-aws | 0.21.0-rc2 | 0.21.0-rc2 |
| obm | 0.20.0 | |
| oqm | 0.20.0 | |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| osm | 0.20.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0, 1.33 | 1.30, 1.27, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.9
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.9
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.9
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.0
│ │ └─ com.fasterxml.jackson.dataformat.jackson-dataformat-yaml == 2.13.4
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-gc == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.notification-ibm == 0.21.0-SNAPSHOT
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-azure == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.20.0
│ └─ org.redisson.redisson == 3.15.3
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-aws == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0-rc2
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.notification-test-anthos == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.20.1
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```M18 - Release 0.21Srinivasan NarayananSrinivasan Narayananhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/468Full Upgrade of First Party Library Dependencies for Release 0.252023-12-17T13:44:22ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.25This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Branch: master
SHA: cdb1a03cde94db5e3d5ea40b5261765e8b466732
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ | testing/notification-test-aws/build-aws/push-endpoint/ |
| --------------------------------------------------- | --------------- | ------------------ | ------------------------------------------------------ |
| core-lib-azure | 0.25.0-rc2 | 0.25.0-rc1 | |
| core-lib-gc | 0.24.0 | | |
| core-test-lib-gcp | | 0.0.2 | |
| os-core-lib-aws | 0.25.0-rc3 | 0.25.0-rc3 | |
| oqm | 0.24.0 | | |
| os-core-common | 0.25.0-rc2 | 0.25.0-rc2, 0.24.0 | 0.25.0-rc2 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.30, 5.3.13 | 5.3.30, 5.3.22 | 6.0.12 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0, 1.33 | 1.30, 1.27, 2.0 | 1.33 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.26
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-gc == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.notification-core == 0.26.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.26.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.26.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
├─ testing/
│ ├─ org.opengroup.osdu.notification.notification-test-core == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-azure == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.25.0-rc1
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.27
│ ├─ org.opengroup.osdu.notification-test-gc == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-aws == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.25.0-rc3
│ │ └─ org.opengroup.osdu.os-core-common == 0.24.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.notification-test-baremetal == 0.26.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/notification-test-aws/build-aws/push-endpoint/
└─ org.example.notification-push-endpoint == 0.26.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-security == 3.1.4
└─ org.springframework.boot.spring-boot-starter == 3.1.4
└─ org.yaml.snakeyaml == 1.33
```
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.notification-aws == 0.26.0-SNAPSHOT
└─ org.springframework.spring-webmvc == 5.3.13
```
### Dependency Information After the Upgrade
```
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Branch: dependency-upgrade
SHA: c35d68461de58181bdbee35ca444ca33cd5faac7
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ | testing/notification-test-aws/build-aws/push-endpoint/ |
| --------------------------------------------------- | --------------- | --------------- | ------------------------------------------------------ |
| core-lib-azure | 0.25.0 | 0.25.0 | |
| core-lib-gc | 0.25.0 | | |
| core-test-lib-gcp | | 0.0.2 | |
| os-core-lib-aws | 0.25.0 | 0.25.0 | |
| oqm | 0.25.0 | | |
| os-core-common | 0.25.0 | 0.25.0 | 0.25.0 |
| os-core-lib-ibm | 0.25.0 | 0.25.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.30, 5.3.13 | 5.3.30, 6.0.14 | 6.0.12 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0, 1.33 | 1.30, 1.27, 2.0 | 1.33 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.26
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-gc == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.notification-core == 0.26.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.26.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.26.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
├─ testing/
│ ├─ org.opengroup.osdu.notification.notification-test-core == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-azure == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.25.0
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.27
│ ├─ org.opengroup.osdu.notification-test-gc == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-aws == 0.26.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.25.0
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.notification-test-baremetal == 0.26.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.25.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/notification-test-aws/build-aws/push-endpoint/
└─ org.example.notification-push-endpoint == 0.26.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-security == 3.1.4
└─ org.springframework.boot.spring-boot-starter == 3.1.4
└─ org.yaml.snakeyaml == 1.33
```
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.notification-aws == 0.26.0-SNAPSHOT
└─ org.springframework.spring-webmvc == 5.3.13
```M23 - Release 0.26https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/333GCP Reworked notification logic (GONRG-5700)2023-01-27T18:34:04ZDmitrii Novikov (EPAM)GCP Reworked notification logic (GONRG-5700)## Type of change
- [ ] Bug Fix
- [x] Feature
https://kb.epam.com/display/GONRG/OSDU+Notification+service+archtecture+proposal?moved=true
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in th...## Type of change
- [ ] Bug Fix
- [x] Feature
https://kb.epam.com/display/GONRG/OSDU+Notification+service+archtecture+proposal?moved=true
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [x] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES]
## What is the new/expected behavior?
1. Third-party subscriber subscribes/unsubscribes for specific OSDU events notifications via the Register service REST API
2. Register service publishes registration/unregistration info via the register-subscriber-control topic/exchange
3. Notification service instances process single (statically defined) subscription/queue to obtain registration info changes
4. Notification service instances persists/reads registration info in the shared database/cache.
5. OSDU services (Storage, Schema etc.) publish their events through corresponding topics/exchanges (records-changed, schema-changed etc.)
6. Notification service instances concurrently process single subscription/queue, statically defined per each original topic/exchange
7. Notification service publishes N (N is the number of third-party subscribtions) outgoing messages via the corresponding *-notification topic/exchange (example: records-changed-notification for records changed events). Each outgoing event is the original event enriched with the destination information (subscriber id). The original event is properly acknowledged upon end of processing.
7a. RabbitMQ: *-notification exchange should be a delayed exchange (type x-delayed-message), which requires special RabbitMQ rabbitmq_delayed_message_exchange plugin installed
7b. RabbitMQ: the outgoing event contains no x-delay header to be processed w/o time delay
8. Notification service instances concurrently process single subscription/queue, statically defined per each outgoing topic/exchange
9. Notification service collects corresponding subscription info from the DB (4) or distributed cache and sends notification (HTTP call to the endpoint) to the third-party subscriber. In case of successful call the outgoing message is properly acknowledged. In case of notification failure (third-party endpoint not available for instance) the following should be performed to provide notification delivery retry logic:
9a. GCP PubSub: the outgoing message is NACK-ed and then re-delivered after configured back-off time in accordance with Retry policy
9b. RabbitMQ: the outgoing message is ACK-ed and re-published (7) in the the corresponding *-notification exchange with x-delay and x-retries headers to be re-processed with time delay. If x-retries already present in the processed message header it's value should be incremented. If x-retries value equals to configured limit of retries, the message is not re-published. In further implementations it may be routed to dead letter queue (out of scope for now)M16 - Release 0.19Dmitrii Novikov (EPAM)Dmitrii Novikov (EPAM)https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/69(GONRG-2081) Update .gitlab-ci.yml2021-11-19T11:56:09ZVladislav Shishko (EPAM)(GONRG-2081) Update .gitlab-ci.ymlhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/293GONRG-6045: Remove NEG annotation in service2022-12-06T11:31:49ZVolodymyr Pienskoi [EPAM / GCP]GONRG-6045: Remove NEG annotation in serviceServices created in GKE clusters 1.17.6-gke.7 and up with VPC-native traffic routing enabled are annotated automatically with `cloud.google.com/neg: '{"ingress": true}'`. This means that this annotation is not required explicitly and can...Services created in GKE clusters 1.17.6-gke.7 and up with VPC-native traffic routing enabled are annotated automatically with `cloud.google.com/neg: '{"ingress": true}'`. This means that this annotation is not required explicitly and can be removed.
More details in [GKE Load Balancing documentation](https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#container-native_load_balancing).Volodymyr Pienskoi [EPAM / GCP]Volodymyr Pienskoi [EPAM / GCP]https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/111Ignore IT Conditionally2022-03-16T17:07:50ZNikhil Singh[MicroSoft]Ignore IT ConditionallyThis MR runs the integration test conditionally for event grid or service busThis MR runs the integration test conditionally for event grid or service busNikhil Singh[MicroSoft]Nikhil Singh[MicroSoft]