Partition merge requestshttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests2023-10-17T16:17:52Zhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/465GONRG-7472 - test oidc token2023-10-17T16:17:52ZAliaksandr Ramanovich (EPAM)GONRG-7472 - test oidc tokenGC migrate to OIDC tokens in pipelinesGC migrate to OIDC tokens in pipelinesM22 - Release 0.25Aliaksandr Ramanovich (EPAM)Aliaksandr Ramanovich (EPAM)https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/464Upgrade First Party Library Dependencies for Release 0.242023-10-19T05:59:51ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.24This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 673927187d8265c475aa1d02970c417ed8dcf69f
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.23.2 | |
| core-lib-gc | 0.23.1 | 0.23.1 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.3 | 0.23.0, 0.23.3 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| core | 0.24.0-rc7 | |
| postgres | 0.24.0-rc7 | |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.partition-core-plus == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-osm.postgres == 0.24.0-rc7
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.1
└─ org.opengroup.osdu.os-core-common == 0.23.3
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: e581f161ee987adc0c1e91e8c9dcc50c45ae185a
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.24.0 | |
| core-lib-gc | 0.24.0 | 0.24.0 |
| os-core-lib-aws | 0.24.0 | 0.24.0 |
| os-core-common | 0.24.0 | 0.24.0 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 |
| postgres | 0.24.0 | |
| osm | 0.24.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ │ └─ org.yaml.snakeyaml == 1.30
│ └─ org.opengroup.osdu.partition-core-plus == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.partition-core == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.24.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.24.0
└─ org.opengroup.osdu.os-core-common == 0.24.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```M21 - Release 0.24https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/462[GONRG-7917] added replicas variable in helm2023-10-12T13:24:12ZAleksandr Primachenko [EPAM / GCP][GONRG-7917] added replicas variable in helmM21 - Release 0.24Aleksandr Primachenko [EPAM / GCP]Aleksandr Primachenko [EPAM / GCP]https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/461fix plexus version2023-10-12T18:46:55ZNathan Strelserfix plexus versionNathan StrelserNathan Strelserhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/460add unit tests2023-10-12T10:21:06ZYunhua Koglinadd unit testsadd unit tests for aws implementationadd unit tests for aws implementationM21 - Release 0.24Yunhua KoglinDerek HudsonYunhua Koglinhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/459Optional resources for the tenant. Limited list partitions response from Part...2024-02-29T09:21:13ZRiabokon Stanislav(EPAM)[GCP]Optional resources for the tenant. Limited list partitions response from Partition (GONRG-7732)Added a property 'systemPartitionId' and a filter for it.Added a property 'systemPartitionId' and a filter for it.M21 - Release 0.24Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/458GONRG-7892: added minio ui property2023-10-09T07:40:38ZMikhail Piatliou (EPAM)GONRG-7892: added minio ui propertyM21 - Release 0.24Mikhail Piatliou (EPAM)Mikhail Piatliou (EPAM)https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/457[GONRG-7885] Fixed partition bootstrap2023-10-12T10:21:07ZDanylo Vanin (EPAM)[GONRG-7885] Fixed partition bootstrapM21 - Release 0.24Danylo Vanin (EPAM)Danylo Vanin (EPAM)https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/456Remediate guava dependency vulnerability and cleanup 'documentdb-bulkexecutor'2023-10-05T07:33:05ZThulasi Dass SubramanianRemediate guava dependency vulnerability and cleanup 'documentdb-bulkexecutor'# Change details
* excluded unused dependency `documentdb-bulkexecutor` to remove `guava:24.1.1-jre` version with vulnerabilities
# Changes in:
* [ ] GCP
* [x] Azure
* [ ] AWS
* [ ] IBM# Change details
* excluded unused dependency `documentdb-bulkexecutor` to remove `guava:24.1.1-jre` version with vulnerabilities
# Changes in:
* [ ] GCP
* [x] Azure
* [ ] AWS
* [ ] IBMM21 - Release 0.24Thulasi Dass SubramanianThulasi Dass Subramanianhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/455Adding core-plus implementation for partition service2023-10-04T11:06:06ZDeepa KumariAdding core-plus implementation for partition serviceAs part of Community Implementation, it was decided to add another module Partition core plus that should be cloud agnostic. It will use the postgres implementation of os-osm library created for the community.
More details could be foun...As part of Community Implementation, it was decided to add another module Partition core plus that should be cloud agnostic. It will use the postgres implementation of os-osm library created for the community.
More details could be found here: https://gitlab.opengroup.org/osdu/pmc/community-implementation/-/issues/6M21 - Release 0.24Deepa KumariDeepa Kumarihttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/454Full Upgrade of First Party Library Dependencies2023-10-04T07:00:57ZChad LeongFull Upgrade of First Party Library DependenciesThis generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the C...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the CI pipeline reports success.
If this MR has failed, we need to work with the maintainers and affected provider teams to find a solution.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: fe143b842ef9e50f87ec412648c1b1a2137a7960
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.23.1 | |
| core-lib-gc | 0.23.0 | 0.23.0 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.1 | 0.23.0 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.0
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 2d2e0b0c835e15490be9d39a4df715a814cc1f90
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.23.2 | |
| core-lib-gc | 0.23.1 | 0.23.1 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.3 | 0.23.0, 0.23.3 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.1
└─ org.opengroup.osdu.os-core-common == 0.23.3
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```M21 - Release 0.24https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/453Change response code for RequestRejectedException2023-10-16T10:51:42ZNeha KhandelwalChange response code for RequestRejectedExceptionAdd RequestRejectedHandler to change the response code to 400 when there is a RequestRejectedException.
Related issue #34.Add RequestRejectedHandler to change the response code to 400 when there is a RequestRejectedException.
Related issue #34.M21 - Release 0.24Chad LeongChad Leonghttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/452Introduce Partition-Core-Plus2023-10-04T11:05:36ZDeepa KumariIntroduce Partition-Core-PlusAs part of Community Implementation, it was decided to add another module Partition core plus that should be cloud agnostic. It will use the postgres implementation of os-osm library created for the community.
More details could be fou...As part of Community Implementation, it was decided to add another module Partition core plus that should be cloud agnostic. It will use the postgres implementation of os-osm library created for the community.
More details could be found here: https://gitlab.opengroup.org/osdu/pmc/community-implementation/-/issues/6M21 - Release 0.24Deepa KumariDeepa Kumarihttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/451fix verified deploy for community2023-09-28T08:10:41ZAliaksandr Ramanovich (EPAM)fix verified deploy for communityfix master deployment for GC jobsfix master deployment for GC jobsM21 - Release 0.24Aliaksandr Ramanovich (EPAM)Aliaksandr Ramanovich (EPAM)https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/450Refactored POM for fixing vulnerabilities.2023-09-27T20:23:53ZDaniel SchollRefactored POM for fixing vulnerabilities.This change will bring in the vulnerability fixes to bring M18 into compliance.This change will bring in the vulnerability fixes to bring M18 into compliance.Daniel SchollDaniel Schollhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/448Introduce variable for java 17 version2023-09-15T14:00:11Zsaketh somarajuIntroduce variable for java 17 version- This MR introduces a variable to manage java version in azure ci-cd job
- This change would help in configuring azure integration test seamlessly- This MR introduces a variable to manage java version in azure ci-cd job
- This change would help in configuring azure integration test seamlesslyM21 - Release 0.24saketh somarajusaketh somarajuhttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/447Fixing vulnerabilities in Partition Service2023-09-14T20:48:08ZDaniel SchollFixing vulnerabilities in Partition ServiceThis change cleans up the POM file and fixes vulnerabilities in the service.This change cleans up the POM file and fixes vulnerabilities in the service.https://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/446Cherry-pick 'Upgrade Core Azure Library Dependency for Release 0.23' into rel...2023-09-05T21:07:14ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Upgrade Core Azure Library Dependency for Release 0.23' into release/0.23**Original MR**: !444
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !444
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/partition/-/pipelines/new?ref=cherry-pick-for-444)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/445Fix s360 vulnerabilities2023-09-05T23:03:14ZChristophe MonginFix s360 vulnerabilitieshttps://community.opengroup.org/osdu/platform/system/partition/-/merge_requests/444Upgrade Core Azure Library Dependency for Release 0.232023-09-05T21:06:50ZDavid Diederichd.diederich@opengroup.orgUpgrade Core Azure Library Dependency for Release 0.23This generated MR upgrades only the Azure Core Library to utilize the latest release.
To reduce potential for pipeline errors, the Core Common changes were omitted.
The intent is to keep the OSDU projects utilizing the latest available ...This generated MR upgrades only the Azure Core Library to utilize the latest release.
To reduce potential for pipeline errors, the Core Common changes were omitted.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: ad89dc0b0319810b4a00ff18781aabac452f3142
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.22.0 | |
| core-lib-gc | 0.23.0 | 0.23.0 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.1 | 0.23.0 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.0
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 9d74acc3bcc17ad2fbca68fe4f0c5c35864ef612
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| --------------------------------------------------- | --------------- | -------------- |
| core-lib-azure | 0.23.1 | |
| core-lib-gc | 0.23.0 | 0.23.0 |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.1 | 0.23.0 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| osm | 0.23.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.17.2, 2.13.3 |
| (3rd Party) org.yaml.snakeyaml | 2.0, 1.33, 1.30 | 1.30, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.opengroup.osdu.partition-ibm == 0.24.0-SNAPSHOT
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.partition-gc == 0.24.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-security == 2.7.10
│ └─ org.springframework.boot.spring-boot-starter == 2.7.10
│ └─ org.yaml.snakeyaml == 1.30
└─ testing/
├─ org.opengroup.osdu.partition.partition-test-aws == 0.24.0-SNAPSHOT
│ └─ org.opengroup.osdu.core.aws.os-core-lib-aws == 0.23.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ └─ org.yaml.snakeyaml == 1.30
└─ org.opengroup.osdu.partition.partition-test-gc == 0.24.0-SNAPSHOT
└─ org.opengroup.osdu.core-lib-gc == 0.23.0
└─ org.opengroup.osdu.os-core-common == 0.23.0
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```M20 - Release 0.23