Notification merge requestshttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests2023-08-29T16:40:50Zhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/419Fixing Vulnerabilities.2023-08-29T16:40:50ZHarsheet ShahFixing Vulnerabilities.## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationHarsheet ShahHarsheet Shahhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/418Improving logs to deal with negative case scenarios2023-10-11T10:39:01ZHarshika DhootImproving logs to deal with negative case scenarios## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO] NO
## Does this introduce a change in the clou...## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO] NO
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [X] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO] NO
## What is the current behavior?
Logs including correlation id, http method, url, request and response body weren't present for debugging any issue that arises
## What is the new/expected behavior?
To receive information like correlation id, http method, url, request and response body for better debugging and getting ahold of any issue that arises and empowering us to reach to the root cause
## Have you added/updated Unit Tests and Integration Tests? Added logs in Integration tests
## Any other useful information
Compatibility with ADME INSTANCE: all test cases in notification ran:![notificationsdme](/uploads/5154c8ad3660c3b46d0b0ff9f36c4520/notificationsdme.png)
test case scenarios
1. Green test case: ![registergreen](/uploads/9aeed22a13beb7d4ad22971407f0b91f/registergreen.png)
2. unknown host exception:
here we are getting url, correlation id, data partition id and http method for this exception
![notif1](/uploads/161ecf6d41df0a94acbe91aa44ff04b3/notif1.png)
3. socket timeout exception:
here we are getting the request send information and stack trace for socket timeout the retry after the socket timeout,![registersocket](/uploads/f0340b6fde550c0890077f22db8e4eb8/registersocket.png)
4. subscription request: ![regissubs](/uploads/4e342c2f18c47890fad9f88a564dcab0/regissubs.png)
5. subscription response:![regissubsres](/uploads/3602ed68e85997f9fd89afa91800e536/regissubsres.png)Harshika DhootHarshika Dhoothttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/417AWS sync dev to master2023-08-23T20:12:23ZLong ChengAWS sync dev to masterM20 - Release 0.23Long ChengLong Chenghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/416M16 delta changes cherry-pick2023-08-23T15:48:11ZKiran VeerapaneniM16 delta changes cherry-pick## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationKiran VeerapaneniKiran Veerapanenihttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/415Fixing Vulnerabilities.2023-08-24T10:37:16ZHarsheet ShahFixing Vulnerabilities.## Type of change
- [ ] Bug Fix No
- [ ] Feature No
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO] No
## Does this introduce a change in the...## Type of change
- [ ] Bug Fix No
- [ ] Feature No
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO] No
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS No
- [ ] Azure Yes
- [ ] Google Cloud No
- [ ] IBM No
## Does this introduce a breaking change?
- [YES/NO] No
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful information
Fixing vulnerabilities by updating package.Harsheet ShahHarsheet Shahhttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/413Cherry-pick 'Updating NOTICE' into release/0.222023-07-14T14:22:40ZChad LeongCherry-pick 'Updating NOTICE' into release/0.22**Original MR**: !412
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !412
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/notification/-/pipelines/new?ref=cherry-pick-for-412)M19 - Release 0.22David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/412Updating NOTICE2023-07-14T14:22:31ZChad LeongUpdating NOTICEFix FOSSA noticeFix FOSSA noticeM19 - Release 0.22https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/411aws-sync-dev-to-master2023-07-05T21:03:23ZLong Chengaws-sync-dev-to-master## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationM19 - Release 0.22Long ChengLong Chenghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/410Revert "Merge branch 'users/preeti/vulnerabilityfix' into 'azure/m16-master'"2023-07-05T10:02:01Zpreeti singh[Microsoft]Revert "Merge branch 'users/preeti/vulnerabilityfix' into 'azure/m16-master'"## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [x] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationpreeti singh[Microsoft]preeti singh[Microsoft]https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/408Wrapped subscription info cache with singleton provider2023-08-07T10:14:52ZDmitrii Novikov (EPAM)Wrapped subscription info cache with singleton providerM20 - Release 0.23Dmitrii Novikov (EPAM)Dmitrii Novikov (EPAM)https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/407GONRG-7433: fix int tests for gc2023-07-03T09:42:49ZMikhail Piatliou (EPAM)GONRG-7433: fix int tests for gc## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provi...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [x] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]M19 - Release 0.22Mikhail Piatliou (EPAM)Mikhail Piatliou (EPAM)https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/404GONRG-7392: use non-root user for images2023-06-30T12:26:52ZYauheni Rykhter (EPAM)GONRG-7392: use non-root user for images## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [x] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationM19 - Release 0.22Yauheni Rykhter (EPAM)Yauheni Rykhter (EPAM)https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/403Add global variable limitsEnabled (GONRG-7266)2023-06-27T07:55:21ZAndrei Skorkin [EPAM / GCP]Add global variable limitsEnabled (GONRG-7266)## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provi...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [x] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationM19 - Release 0.22Andrei Skorkin [EPAM / GCP]Andrei Skorkin [EPAM / GCP]https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/402fixed CG in azure2023-07-05T06:46:20Zpreeti singh[Microsoft]fixed CG in azure## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [x] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationpreeti singh[Microsoft]preeti singh[Microsoft]https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/401vulnerability fix2023-06-19T09:00:45ZKamalika Sahavulnerability fix## Type of change
- [ ] Bug Fix
- [ ] Feature
- [x] Vulnerability Fix
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce...## Type of change
- [ ] Bug Fix
- [ ] Feature
- [x] Vulnerability Fix
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [x] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationKamalika SahaKamalika Sahahttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/400increase delay time to wait test subscription get retrieved by notification s...2023-06-07T10:55:54ZYifan Yeincrease delay time to wait test subscription get retrieved by notification service## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provi...## Type of change
- [X] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [X] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
Mentioned in Issue #53
## What is the new/expected behavior?
The integration test should pass in Azure
## Have you added/updated Unit Tests and Integration Tests?
This is the fix to the integration test
## Any other useful information
This change is only related to AzureM19 - Release 0.22Yifan YeYifan Yehttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/399Merge branch 'fix-redis-config' into 'master'2023-05-31T20:14:06ZRiabokon Stanislav(EPAM)[GCP]Merge branch 'fix-redis-config' into 'master'Original merge https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/397
## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Doe...Original merge https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/397
## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationM18 - Release 0.21https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/398Cherry-pick 'Upgrade First Party Library Dependencies for Release 0.21' into ...2023-05-31T07:55:05ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Upgrade First Party Library Dependencies for Release 0.21' into release/0.21**Original MR**: !396
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !396
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/notification/-/pipelines/new?ref=cherry-pick-for-396)M18 - Release 0.21David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/397Updated default redis expiration value2023-05-31T20:15:06ZDmitrii Novikov (EPAM)Updated default redis expiration value## Type of change
- [x] Bug Fix
- [ ] Feature
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [x] Google Cloud...## Type of change
- [x] Bug Fix
- [ ] Feature
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [x] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
`redisExpiration = Integer.MAX_VALUE;`
## What is the new/expected behavior?
`redisExpiration = 300;`M18 - Release 0.21Dmitrii Novikov (EPAM)Dmitrii Novikov (EPAM)https://community.opengroup.org/osdu/platform/system/notification/-/merge_requests/396Upgrade First Party Library Dependencies for Release 0.212023-05-30T23:42:24ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.21This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 71af7beaef34ba7fd1536033166cd2e4341fa45e
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ---------------------- | ---------------------- |
| core-lib-azure | 0.21.0-rc3 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0-rc4 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| oqm | 0.21.0-rc5 | |
| os-core-common | 0.19.0-rc6, 0.21.0-rc4 | 0.3.4, 0.3.6 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.17.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.1.9.RELEASE, 5.3.24 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 2.0 | 1.23, 1.27, 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-core == 0.22.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-gc == 0.22.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.21.0-rc4
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.22.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.22.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.4
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│ └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0-rc5
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-ibm == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│ └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-baremetal == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: f01b9e0ee49b119063bd26345188174f70706763
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ------------------ | ---------------------- |
| core-lib-azure | 0.21.0 | 0.12.0-rc10 |
| core-lib-gc | 0.21.0 | |
| core-test-lib-gcp | | 0.0.2 |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| oqm | 0.21.0 | |
| os-core-common | 0.19.0-rc6, 0.21.0 | 0.3.4, 0.3.6 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.4.6 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.17.2, 2.13.3 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.24 | 5.1.9.RELEASE, 5.3.24 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 2.0 | 1.23, 1.27, 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-core == 0.22.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.notification-gc == 0.22.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.21.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.22.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.22.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.4
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│ └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.3.6
│ └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│ └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│ └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-ibm == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│ └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│ └─ org.springframework.boot.spring-boot-starter == 2.4.5
│ └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-baremetal == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23
```M18 - Release 0.21