Skip to content
Snippets Groups Projects

Upgrade Core IBM Library for Release 0.15

Merged Upgrade Core IBM Library for Release 0.15
core-ibm-upgrade into master
Merged David Diederich requested to merge core-ibm-upgrade into master

This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release. The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability. However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated. Furthermore, the upgrade should only be merged in the CI pipeline reports success.

If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library. But significant upgrade efforts should not occur on this MR, as part of the release tagging process. Instead, significant work should be scheduled for a subsequent milestone.

Dependency Information Before the Upgrade

Branch: master
SHA:    8094316db722301e1d43470d226e82d17fbabeba
Maven:  0.16.0-SNAPSHOT
Maven Dependencies Root testing/
core-lib-azure 0.15.0-rc6 0.0.22
core-lib-gcp 0.14.0, 0.11.0
core-test-lib-gcp 0.0.2
os-core-lib-aws 0.14.0 0.14.0-rc2
obm 0.14.0
oqm 0.14.0
os-core-common 0.14.0 0.3.4, 0.3.6
os-core-lib-ibm 0.15.0-rc2 0.14.0
osm 0.14.0
(3rd Party) com.fasterxml.jackson.core.jackson-databind 2.13.2.2, 2.12.3, 2.11.4 2.13.2.2
(3rd Party) net.minidev.json-smart 2.4.7 2.3
(3rd Party) org.apache.logging.log4j.log4j-api 2.17.1 2.12.1, 2.11.1
(3rd Party) org.apache.logging.log4j.log4j-core 2.17.1 2.12.1
(3rd Party) org.apache.logging.log4j.log4j-jul 2.17.1 2.12.1
(3rd Party) org.apache.logging.log4j.log4j-slf4j-impl 2.17.1 2.12.1
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j 2.17.1 2.11.2, 2.13.3 
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)

Dependency Information After the Upgrade

Branch: core-ibm-upgrade
SHA:    5f50eb9177a6d83c2f5fe1fa07cd9196562cdcb9
Maven:  0.16.0-SNAPSHOT
Maven Dependencies Root testing/
core-lib-azure 0.15.0-rc6 0.0.22
core-lib-gcp 0.14.0, 0.11.0
core-test-lib-gcp 0.0.2
os-core-lib-aws 0.14.0 0.14.0-rc2
obm 0.14.0
oqm 0.14.0
os-core-common 0.14.0 0.3.4, 0.3.6
os-core-lib-ibm 0.15.2 0.15.2
osm 0.14.0
(3rd Party) com.fasterxml.jackson.core.jackson-databind 2.13.2.2, 2.12.3, 2.11.4 2.13.2.2
(3rd Party) net.minidev.json-smart 2.4.7 2.3
(3rd Party) org.apache.logging.log4j.log4j-api 2.17.1 2.12.1, 2.11.1
(3rd Party) org.apache.logging.log4j.log4j-core 2.17.1 2.12.1
(3rd Party) org.apache.logging.log4j.log4j-jul 2.17.1 2.12.1
(3rd Party) org.apache.logging.log4j.log4j-slf4j-impl 2.17.1 2.12.1
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j 2.17.1 2.11.2, 2.13.3 
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)

Merge request reports

Pipeline #117261 failed

Stage: build
Stage: coverage
Stage: containerize
Stage: scan
Stage: deploy
Stage: integration

Pipeline failed for 29d41cce on core-ibm-upgrade

Failed to deploy to G‎CP‎
Deployed to A‎WS‎ 2 years ago
Deployed to I‎BM‎ 2 years ago
Approval is optional

Merged by David DiederichDavid Diederich 2 years ago (Jun 17, 2022 2:57pm UTC)

Merge details

  • Changes merged into master with ecbf1f7e.
  • Deleted the source branch.

Pipeline #118308 failed

Stage: build
Stage: coverage
Stage: containerize
Stage: scan
Stage: deploy
Stage: integration
Stage: publish

Pipeline failed for ecbf1f7e on master

Deployed to I‎BM‎ 2 years ago
Will deploy to G‎CP‎
Deployed to A‎WS‎ 2 years ago

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply