Partition merge requests
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests
2022-08-23T21:25:43Z
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/141
Upgrade Log4J to 2.17.1
2022-08-23T21:25:43Z
David Diederich
d.diederich@opengroup.org
Upgrade Log4J to 2.17.1
Closes #26
Closes #26
M10 - Release 0.13
David Diederich
d.diederich@opengroup.org
David Diederich
d.diederich@opengroup.org
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/205
Upgrade Jackson Databind Version
2022-06-09T20:58:32Z
David Diederich
d.diederich@opengroup.org
Upgrade Jackson Databind Version
This MR upgrades the Jackson Databind version to address [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518).
### Dependency Information After the Upgrade
```
Branch: upgrade-jackson-databind
SHA: 47b891d4ae80b7abe03c1...
This MR upgrades the Jackson Databind version to address [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518).
### Dependency Information After the Upgrade
```
Branch: upgrade-jackson-databind
SHA: 47b891d4ae80b7abe03c191a9410c83ac9f0412a
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------- | ----------------- |
| core-lib-azure | 0.15.2 | |
| core-lib-gcp | 0.15.0, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.15.0, 0.3.18 |
| os-core-lib-ibm | 0.15.1 | 0.15.1 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
M12 - Release 0.15
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/274
Upgrade Gson
2022-10-04T22:06:58Z
Xiangliang Meng
Upgrade Gson
commit 2257adeb
Author: David Meng <xlmeng@amazon.com>
Date: Tue Sep 27 2022 11:04:44 GMT-0400 (Eastern Daylight Time)
Upgrade Gson
commit 2257adeb
Author: David Meng <xlmeng@amazon.com>
Date: Tue Sep 27 2022 11:04:44 GMT-0400 (Eastern Daylight Time)
Upgrade Gson
M14 - Release 0.17
Okoun-Ola Fabien Houeto
Xiangliang Meng
Okoun-Ola Fabien Houeto
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/464
Upgrade First Party Library Dependencies for Release 0.24
2023-10-19T05:59:51Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.24
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 673927187d8265c475aa1d02970c417ed8dcf69f
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.23.2 | |
| core-lib-gc | 0.23.1 | 0.23.1 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.3 | 0.23.0, 0.23.3 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| core | 0.24.0-rc7 | |
| postgres | 0.24.0-rc7 | |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.partition-core-plus == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-osm.postgres == 0.24.0-rc7
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.1
└─ org.opengroup.osdu.os-core-common == 0.23.3
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: e581f161ee987adc0c1e91e8c9dcc50c45ae185a
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.24.0 | |
| core-lib-gc | 0.24.0 | 0.24.0 |
| os-core-lib-aws | 0.24.0 | 0.24.0 |
| os-core-common | 0.24.0 | 0.24.0 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 |
| postgres | 0.24.0 | |
| osm | 0.24.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.partition-core-plus == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.partition-core == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.24.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.24.0
└─ org.opengroup.osdu.os-core-common == 0.24.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
M21 - Release 0.24
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/429
Upgrade First Party Library Dependencies for Release 0.23
2023-09-04T17:48:46Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.23
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: f5cfb6cc39b8a365517506b59be889f32fe5ca05
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.22.0 | |
| core-lib-gc | 0.22.1 | 0.22.1 |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| os-core-common | 0.22.0 | 0.22.0 |
| os-core-lib-ibm | 0.22.0 | 0.22.0 |
| osm | 0.22.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.22.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.22.1
└─ org.opengroup.osdu.os-core-common == 0.22.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 6e6957a14f2815257e05753769715ee0f00762af
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.22.0 | |
| core-lib-gc | 0.23.0 | 0.23.0 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.1 | 0.23.0 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.0
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
M20 - Release 0.23
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/413
Upgrade First Party Library Dependencies for Release 0.22
2023-07-13T18:52:10Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.22
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 47296e45c240e9574458530d89e1bb06e08b10a6
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.21.0 | |
| core-lib-gc | 0.21.0 | 0.21.0 |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| os-core-common | 0.21.0 | 0.21.0 |
| os-core-lib-ibm | 0.21.0 | 0.21.0 |
| osm | 0.21.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.23.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.23.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.23.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.21.0
└─ org.opengroup.osdu.os-core-common == 0.21.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 17b356624dc3b79394d079576a843b1f77fb3841
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.22.0 | |
| core-lib-gc | 0.22.1 | 0.22.1 |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| os-core-common | 0.22.0 | 0.22.0 |
| os-core-lib-ibm | 0.22.0 | 0.22.0 |
| osm | 0.22.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.23.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.23.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.23.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.22.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.23.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.22.1
└─ org.opengroup.osdu.os-core-common == 0.22.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
M19 - Release 0.22
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/397
Upgrade First Party Library Dependencies for Release 0.21
2023-05-31T19:35:14Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.21
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 787d85537fb61f0d80ab36a49a24aa92783f5301
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.20.0 | |
| core-lib-gc | 0.21.0-rc3 | 0.20.0 |
| os-core-lib-aws | 0.21.0-rc5 | 0.21.0-rc5 |
| obm | 0.20.0 | 0.20.0 |
| oqm | 0.20.0 | 0.20.0 |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| osm | 0.21.0-rc2 | 0.20.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.22.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.22.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0-rc5
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.20.0
└─ org.opengroup.osdu.oqm == 0.20.0
└─ org.springframework.boot.spring-boot-starter == 2.7.10
└─ org.yaml.snakeyaml == 1.30
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: a6d69a7c5f356e0dc290833497804844d8008cd3
Maven: 0.22.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.21.0 | |
| core-lib-gc | 0.21.0 | 0.21.0 |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| os-core-common | 0.21.0 | 0.21.0 |
| os-core-lib-ibm | 0.21.0 | 0.21.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.22.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.22.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.22.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.21.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.22.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.21.0
└─ org.opengroup.osdu.os-core-common == 0.21.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
M18 - Release 0.21
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/320
Upgrade First Party Library Dependencies for Release 0.18
2022-12-09T15:10:48Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.18
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: b94cd2bdb09f70e574759bfe594da400766c200e
Maven: 0.19.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.18.0-rc4 | |
| core-lib-gcp | 0.16.0 | 0.3.25 |
| os-core-lib-aws | 0.16.1 | 0.16.1 |
| obm | 0.16.0 | |
| oqm | 0.16.0 | |
| os-core-common | 0.18.0-rc3 | 0.16.0, 0.3.18 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.16.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.4, 2.13.2.2 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.22, 5.1.17.RELEASE |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: d38e5e018715e5fff98ae9cd6fb5cf0a24c44c42
Maven: 0.19.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------- | ---------------------- |
| core-lib-azure | 0.18.0 | |
| core-lib-gcp | 0.16.0 | 0.3.25 |
| os-core-lib-aws | 0.16.1 | 0.16.1 |
| obm | 0.16.0 | |
| oqm | 0.16.0 | |
| os-core-common | 0.18.0 | 0.16.0, 0.3.18 |
| os-core-lib-ibm | 0.17.0-rc4 | 0.16.0 |
| osm | 0.16.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.4, 2.13.2.2 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 | 5.3.22, 5.1.17.RELEASE |
M15 - Release 0.18
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/245
Upgrade First Party Library Dependencies for Release 0.16
2022-08-10T17:18:42Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.16
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: fc6d4d95ee15d241ed431deae4c1b383746b4a27
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------- | ---------------------- |
| core-lib-azure | 0.15.2 | |
| core-lib-gcp | 0.15.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.15.0, 0.3.18 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.12 | 5.3.12, 5.1.17.RELEASE |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 59a9793c6c341a947df4189502ce48557ccf5cb6
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------- | ---------------------- |
| core-lib-azure | 0.16.0 | |
| core-lib-gcp | 0.16.0 | 0.3.25 |
| os-core-lib-aws | 0.16.1 | 0.16.1 |
| obm | 0.16.0 | |
| oqm | 0.16.0 | |
| os-core-common | 0.16.0 | 0.16.0, 0.3.18 |
| os-core-lib-ibm | 0.16.0 | 0.16.0 |
| osm | 0.16.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.17.2, 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.17.2, 2.13.3, 2.11.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.12 | 5.3.22, 5.1.17.RELEASE |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
```
M13 - Release 0.16
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/210
Upgrade First Party Library Dependencies for Release 0.15
2022-07-07T10:40:45Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.15
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 7461b2366172abfad62d57a9e138fa8bf9194f81
Maven: 0.16.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------- | ----------------- |
| core-lib-azure | 0.15.2 | |
| core-lib-gcp | 0.15.0, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.15.0, 0.3.18 |
| os-core-lib-ibm | 0.15.1 | 0.15.1 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 398f9ad0966ccce4d384b2c2ba1b7b84edd5ff5e
Maven: 0.16.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------- | ----------------- |
| core-lib-azure | 0.15.2 | |
| core-lib-gcp | 0.15.0, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.15.0, 0.3.18 |
| os-core-lib-ibm | 0.15.2 | 0.15.2 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
M12 - Release 0.15
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/204
Upgrade First Party Library Dependencies for Release 0.15
2022-06-09T19:01:41Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.15
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Preparing packages...
Preparing packages...
Branch: master
SHA: 0c44eb2c25c91dfd84ff8568a284ec80feb0b827
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------- | ----------------- |
| core-lib-azure | 0.15.0 | |
| core-lib-gcp | 0.15.0, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.15.0, 0.3.18 |
| os-core-lib-ibm | 0.15.0 | 0.15.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2, 2.11.4, 2.12.0 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
### Dependency Information After the Upgrade
```
Preparing packages...
Preparing packages...
Branch: dependency-upgrade
SHA: 156d09b0edc17c2bf51b23ce94d9ad0f50c47827
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | -------------- | ----------------- |
| core-lib-azure | 0.15.1 | |
| core-lib-gcp | 0.15.0, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.15.0, 0.3.18 |
| os-core-lib-ibm | 0.15.0 | 0.15.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2, 2.12.0 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
M12 - Release 0.15
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/202
Upgrade First Party Library Dependencies for Release 0.15
2022-06-06T20:51:32Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.15
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Preparing packages...
Preparing packages...
Branch: master
SHA: 88854b20f1b04c5a53bd4293bd946e9ad6ecc330
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ------------------ | --------------- |
| core-lib-azure | 0.15.0-rc6 | |
| core-lib-gcp | 0.15.0-rc3, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0-SNAPSHOT | 0.14.0 |
| obm | 0.15.0-rc5 | |
| oqm | 0.15.0-rc2 | |
| os-core-common | 0.14.0 | 0.14.0, 0.3.18 |
| os-core-lib-ibm | 0.15.0-rc2 | 0.14.0 |
| osm | 0.15.0-rc5 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.11.4, 2.12.0 | 2.11.4, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
### Dependency Information After the Upgrade
```
Preparing packages...
Preparing packages...
Branch: dependency-upgrade
SHA: b77ecc44669b32f6a958c8c8060cff69aea348f4
Maven: 0.15.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------- | ----------------- |
| core-lib-azure | 0.15.0 | |
| core-lib-gcp | 0.15.0, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.15.0, 0.3.18 |
| os-core-lib-ibm | 0.15.0 | 0.15.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2, 2.11.4, 2.12.0 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
M12 - Release 0.15
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/159
Upgrade First Party Library Dependencies for Release 0.14
2022-03-29T16:36:13Z
David Diederich
d.diederich@opengroup.org
Upgrade First Party Library Dependencies for Release 0.14
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...
This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 0bfacd70af04eafad63846ec27a441d4ce02ae98
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | ------------------ | -------------- |
| core-lib-azure | 0.14.0-rc2 | |
| core-lib-gcp | 0.14.0-rc2, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.14.0-SNAPSHOT | 0.13.0 |
| obm | 0.13.1-SNAPSHOT | |
| oqm | 0.13.0-SNAPSHOT | |
| os-core-common | 0.13.0 | 0.13.0, 0.3.18 |
| os-core-lib-ibm | 0.13.0 | 0.13.0 |
| osm | 0.13.0-SNAPSHOT | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 7da4f51f513d0b290b9cf342315d8ed05d61f306
Maven: 0.14.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | -------------- | -------------- |
| core-lib-azure | 0.14.0 | |
| core-lib-gcp | 0.14.0, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.14.0 | 0.14.0 |
| obm | 0.14.0 | |
| oqm | 0.14.0 | |
| os-core-common | 0.14.0 | 0.14.0, 0.3.18 |
| os-core-lib-ibm | 0.14.0 | 0.14.0 |
| osm | 0.14.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
M11 - Release 0.14
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/403
Upgraded mappers (GONRG-7015)
2023-06-05T13:14:48Z
Riabokon Stanislav(EPAM)[GCP]
Upgraded mappers (GONRG-7015)
Upgraded mappers
Upgraded mappers
M19 - Release 0.22
Riabokon Stanislav(EPAM)[GCP]
Riabokon Stanislav(EPAM)[GCP]
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/51
Upgrade dependencies
2023-08-18T15:33:21Z
Rostislav Vatolin
vatolinrp@gmail.com
Upgrade dependencies
More details: https://community.opengroup.org/osdu/platform/system/partition/-/issues/11
More details: https://community.opengroup.org/osdu/platform/system/partition/-/issues/11
M6 - Release 0.9
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/148
Upgrade core-lib-azure version
2022-02-22T12:04:39Z
harshit aggarwal
Upgrade core-lib-azure version
harshit aggarwal
harshit aggarwal
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/149
upgrade core lib azure version
2023-08-18T15:31:41Z
harshit aggarwal
upgrade core lib azure version
M11 - Release 0.14
harshit aggarwal
harshit aggarwal
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/444
Upgrade Core Azure Library Dependency for Release 0.23
2023-09-05T21:06:50Z
David Diederich
d.diederich@opengroup.org
Upgrade Core Azure Library Dependency for Release 0.23
This generated MR upgrades only the Azure Core Library to utilize the latest release.
To reduce potential for pipeline errors, the Core Common changes were omitted.
The intent is to keep the OSDU projects utilizing the latest available ...
This generated MR upgrades only the Azure Core Library to utilize the latest release.
To reduce potential for pipeline errors, the Core Common changes were omitted.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: ad89dc0b0319810b4a00ff18781aabac452f3142
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.22.0 | |
| core-lib-gc | 0.23.0 | 0.23.0 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.1 | 0.23.0 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.0
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 9d74acc3bcc17ad2fbca68fe4f0c5c35864ef612
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.23.1 | |
| core-lib-gc | 0.23.0 | 0.23.0 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.1 | 0.23.0 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.0
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
M20 - Release 0.23
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/308
Upgrade Azure SDK from 8.6.5 to 8.6.6.
2022-12-07T05:46:54Z
Deepa Kumari
Upgrade Azure SDK from 8.6.5 to 8.6.6.
Upgrade Azure SDK from 8.6.5 to 8.6.6 in provider/partition-azure/pom.xml.
Issue: https://community.opengroup.org/osdu/platform/system/partition/-/issues/31
Upgrade Azure SDK from 8.6.5 to 8.6.6 in provider/partition-azure/pom.xml.
Issue: https://community.opengroup.org/osdu/platform/system/partition/-/issues/31
M15 - Release 0.18
Deepa Kumari
Deepa Kumari
https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/227
Upgrade Azure Core Lib Library Version to 0.16.0-rc2
2022-07-07T10:12:03Z
Anubhav Aron
Upgrade Azure Core Lib Library Version to 0.16.0-rc2
Feature::
Deciding destination for logs [Geneva or ApplicationInsights] using feature flag -DApplicationInsightEnabled
Feature::
Deciding destination for logs [Geneva or ApplicationInsights] using feature flag -DApplicationInsightEnabled
Anubhav Aron
Anubhav Aron