Remove SNAPSHOT dependencies
This automated MR removes usage of SNAPSHOT versions in the first party library dependencies.
Since SNAPSHOT dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
Dependency Information Before the Upgrade
Branch: master
SHA: 904f9d8cf065ca811f85529034645a2037cf5e51
Maven: 0.25.0-SNAPSHOT, endpoint.1.0-SNAPSHOT| Maven Dependencies | Root | testing/ | testing/notification-test-aws/build-aws/push-endpoint/ |
|---|---|---|---|
| core-lib-azure | 0.25.0-rc1 | 0.25.0-rc1 | |
| core-lib-gc | 0.24.0 | ||
| core-test-lib-gcp | 0.0.2 | ||
| os-core-lib-aws | 0.25.0-SNAPSHOT | 0.25.0-SNAPSHOT | |
| oqm | 0.24.0 | ||
| os-core-common | 0.25.0-rc2 | 0.25.0-rc2, 0.24.0 | 0.25.0-rc2 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.30, 5.3.13 | 5.3.30, 5.3.22 | 6.0.12 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0, 1.33 | 1.30, 1.27, 2.0 | 1.33 |
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.26
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-gc == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.notification-core == 0.25.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-azure == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.25.0-rc1
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.25.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.25.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
├─ testing/
│ ├─ org.opengroup.osdu.notification.notification-test-core == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-azure == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.25.0-rc1
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.27
│ ├─ org.opengroup.osdu.notification-test-gc == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-aws == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.24.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.notification-test-baremetal == 0.25.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/notification-test-aws/build-aws/push-endpoint/
└─ org.example.notification-push-endpoint == 1.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-security == 3.1.4
└─ org.springframework.boot.spring-boot-starter == 3.1.4
└─ org.yaml.snakeyaml == 1.33Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.notification-aws == 0.25.0-SNAPSHOT
└─ org.springframework.spring-webmvc == 5.3.13Dependency Information After the Upgrade
Branch: snapshot-removal
SHA: d6224a235aeca13472a529ab8714683b27081d23
Maven: 0.25.0-SNAPSHOT, endpoint.1.0-SNAPSHOT| Maven Dependencies | Root | testing/ | testing/notification-test-aws/build-aws/push-endpoint/ |
|---|---|---|---|
| core-lib-azure | 0.25.0-rc1 | 0.25.0-rc1 | |
| core-lib-gc | 0.24.0 | ||
| core-test-lib-gcp | 0.0.2 | ||
| os-core-lib-aws | 0.25.0-rc3 | 0.25.0-rc3 | |
| oqm | 0.24.0 | ||
| os-core-common | 0.25.0-rc2 | 0.25.0-rc2, 0.24.0 | 0.25.0-rc2 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3 | 2.20.0 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.30, 5.3.13 | 5.3.30, 5.3.22 | 6.0.12 |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0, 1.33 | 1.30, 1.27, 2.0 | 1.33 |
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.26
│ │ └─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-gc == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.notification-core == 0.25.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-azure == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.25.0-rc1
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-ibm == 0.25.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.notification-aws == 0.25.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-actuator == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
├─ testing/
│ ├─ org.opengroup.osdu.notification.notification-test-core == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-azure == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.25.0-rc1
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.27
│ ├─ org.opengroup.osdu.notification-test-gc == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.notification-test-aws == 0.25.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.25.0-rc3
│ │ └─ org.opengroup.osdu.os-core-common == 0.24.0
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.notification-test-baremetal == 0.25.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.25.0-rc2
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.17
│ └─ org.springframework.boot.spring-boot-starter == 2.7.17
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/notification-test-aws/build-aws/push-endpoint/
└─ org.example.notification-push-endpoint == 1.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-security == 3.1.4
└─ org.springframework.boot.spring-boot-starter == 3.1.4
└─ org.yaml.snakeyaml == 1.33Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.notification-aws == 0.25.0-SNAPSHOT
└─ org.springframework.spring-webmvc == 5.3.13