Skip to content

Full Upgrade of First Party Library Dependencies

Chad Leong requested to merge dependency-upgrade into master

This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release. The intent is to keep all dependent libraries up to date. This upgrade can be merged immediately without further approval if the CI pipeline reports success.

If this MR has failed, we need to work with the maintainers and affected provider teams to find a solution.

Dependency Information Before the Upgrade

Branch: master
SHA:    1f502839488bd0deac50b6981dbac98714dc82ba
Maven:  0.24.0-SNAPSHOT
Maven Dependencies Root testing/
core-lib-azure 0.21.0 0.12.0-rc10
core-lib-gc 0.21.0
core-test-lib-gcp 0.0.2
os-core-lib-aws 0.23.0 0.23.0
oqm 0.21.0
os-core-common 0.19.0-rc6, 0.21.0 0.3.4, 0.3.6, 0.22.0-rc4
os-core-lib-ibm 0.16.0-rc1 0.15.2
(3rd Party) net.minidev.json-smart 2.4.7 2.4.6
(3rd Party) org.apache.logging.log4j.log4j-api 2.17.1 2.13.3, 2.11.1, 2.17.2
(3rd Party) org.apache.logging.log4j.log4j-core 2.17.1 2.13.3
(3rd Party) org.apache.logging.log4j.log4j-jul 2.17.1 2.13.3
(3rd Party) org.apache.logging.log4j.log4j-slf4j-impl 2.17.1 2.13.3
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j 2.17.1 2.11.2, 2.17.2, 2.13.3
(3rd Party) org.springframework.spring-webmvc 5.3.24 5.1.9.RELEASE, 5.3.24
(3rd Party) org.yaml.snakeyaml 1.30, 1.33, 2.0 1.23, 1.27, 1.30
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│  ├─ org.projectlombok.lombok == 1.18.8
│  │  └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│  │     └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│  │        └─ org.springdoc.springdoc-openapi-common == 1.6.14
│  │           └─ io.swagger.core.v3.swagger-core == 2.2.7
│  │              └─ org.yaml.snakeyaml == 1.30
│  ├─ org.opengroup.osdu.notification-core == 0.24.0-SNAPSHOT
│  │  └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│  │     └─ org.springframework.boot.spring-boot-starter == 2.7.7
│  │        └─ org.yaml.snakeyaml == 1.33
│  ├─ org.opengroup.osdu.notification-gc == 0.24.0-SNAPSHOT
│  │  └─ org.opengroup.osdu.os-core-common == 0.21.0
│  │     └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│  │        └─ org.springframework.boot.spring-boot-starter == 2.7.7
│  │           └─ org.yaml.snakeyaml == 1.30
│  ├─ org.opengroup.osdu.notification-ibm == 0.24.0-SNAPSHOT
│  │  └─ org.yaml.snakeyaml == 1.33
│  └─ org.opengroup.osdu.notification-aws == 0.24.0-SNAPSHOT
│     └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.7
│        └─ org.springframework.boot.spring-boot-starter == 2.7.7
│           └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.3.4
│     └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│        └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│           └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-azure == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.core-lib-azure == 0.12.0-rc10
│     └─ org.springframework.boot.spring-boot-starter-aop == 2.4.5
│        └─ org.springframework.boot.spring-boot-starter == 2.4.5
│           └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.3.6
│     └─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
│        └─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
│           └─ org.yaml.snakeyaml == 1.23
├─ org.opengroup.osdu.notification-test-aws == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│     └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│        └─ org.springframework.boot.spring-boot-starter == 2.7.7
│           └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-ibm == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-lib-ibm == 0.15.2
│     └─ org.springframework.boot.spring-boot-starter-security == 2.4.5
│        └─ org.springframework.boot.spring-boot-starter == 2.4.5
│           └─ org.yaml.snakeyaml == 1.27
└─ org.opengroup.osdu.notification-test-baremetal == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.3.6
└─ org.springframework.boot.spring-boot-starter-web == 2.1.7.RELEASE
└─ org.springframework.boot.spring-boot-starter == 2.1.7.RELEASE
└─ org.yaml.snakeyaml == 1.23

Dependency Information After the Upgrade

Branch: dependency-upgrade
SHA:    984da13d420684c69caaeee23885cd22bd7861dd
Maven:  0.24.0-SNAPSHOT
Maven Dependencies Root testing/
core-lib-azure 0.23.2 0.23.2
core-lib-gc 0.23.1
core-test-lib-gcp 0.0.2
os-core-lib-aws 0.23.0 0.23.0
oqm 0.23.0
os-core-common 0.23.3 0.23.3
os-core-lib-ibm 0.23.0 0.23.0
(3rd Party) org.apache.logging.log4j.log4j-api 2.17.1 2.17.2, 2.13.3
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j 2.17.1 2.17.2, 2.13.3
(3rd Party) org.yaml.snakeyaml 1.30, 2.0, 1.33 1.30, 1.27, 2.0
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│  ├─ org.projectlombok.lombok == 1.18.8
│  │  └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│  │     └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│  │        └─ org.springdoc.springdoc-openapi-common == 1.6.14
│  │           └─ io.swagger.core.v3.swagger-core == 2.2.7
│  │              └─ org.yaml.snakeyaml == 1.30
│  ├─ org.opengroup.osdu.notification-gc == 0.24.0-SNAPSHOT
│  │  └─ org.opengroup.osdu.os-core-common == 0.23.3
│  │     └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│  │        └─ org.springframework.boot.spring-boot-starter == 2.7.7
│  │           └─ org.yaml.snakeyaml == 1.30
│  └─ org.opengroup.osdu.notification-ibm == 0.24.0-SNAPSHOT
│     └─ org.yaml.snakeyaml == 1.33
└─ testing/
├─ org.opengroup.osdu.notification.notification-test-core == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.23.3
│     └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│        └─ org.springframework.boot.spring-boot-starter == 2.7.7
│           └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-azure == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.core-lib-azure == 0.23.2
│     └─ org.redisson.redisson == 3.15.3
│        └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.notification-test-gc == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.os-core-common == 0.23.3
│     └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│        └─ org.springframework.boot.spring-boot-starter == 2.7.7
│           └─ org.yaml.snakeyaml == 1.30
├─ org.opengroup.osdu.notification-test-aws == 0.24.0-SNAPSHOT
│  └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│     └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│        └─ org.springframework.boot.spring-boot-starter == 2.7.7
│           └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.notification-test-baremetal == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.23.3
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30

Merge request reports