From dc811beaa1b40e19288a38e88e3beb128960d1a1 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 10:04:01 -0600
Subject: [PATCH 01/14] Dependencies Version Bumps
---
partition-core/pom.xml | 2 +-
pom.xml | 12 +++++++-----
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/partition-core/pom.xml b/partition-core/pom.xml
index efcbe7999..e38b59781 100644
--- a/partition-core/pom.xml
+++ b/partition-core/pom.xml
@@ -28,7 +28,7 @@
</parent>
<properties>
- <openapi.version>2.3.0</openapi.version>
+ <openapi.version>2.8.1</openapi.version>
<mockito.core.version>3.4.0</mockito.core.version>
<assertj_core_version>3.16.1</assertj_core_version>
<kotlin_stdlib_version>1.3.60</kotlin_stdlib_version>
diff --git a/pom.xml b/pom.xml
index 2a5d0c4bc..1c15d9343 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,11 +29,13 @@
<os-core-common.version>3.3.0</os-core-common.version>
<spring-framework.version>6.1.16</spring-framework.version>
<spring-boot.version>3.3.7</spring-boot.version>
- <spring-security.version>6.3.4</spring-security.version>
+ <spring-security.version>6.3.6</spring-security.version>
<log4j.version>2.21.1</log4j.version>
<guava.version>32.1.2-jre</guava.version>
<netty-version>4.1.115.Final</netty-version>
- <snakeyaml.version>2.0</snakeyaml.version>
+ <snakeyaml.version>2.3</snakeyaml.version>
+ <httpclient.version>4.5.14</httpclient.version>
+ <lombok.version>1.18.36</lombok.version>
</properties>
<packaging>pom</packaging>
@@ -83,7 +85,7 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>4.5.13</version>
+ <version>${httpclient.version}</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
@@ -116,7 +118,7 @@
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
- <version>1.18.34</version>
+ <version>${lombok.version}</version>
<scope>provided</scope>
</dependency>
</dependencies>
@@ -170,7 +172,7 @@
<module>provider/partition-aws</module>
<module>provider/partition-ibm</module>
<module>provider/partition-gc</module>
- <module>partition-core-plus</module>
+ <module>partition-core-plus</module>
</modules>
<profiles>
--
GitLab
From 8819d7ba64fea2db5f6b8313bf57ecaf184ec954 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 11:32:50 -0600
Subject: [PATCH 02/14] Bump down spring security
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 1c15d9343..0fa73fb83 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
<os-core-common.version>3.3.0</os-core-common.version>
<spring-framework.version>6.1.16</spring-framework.version>
<spring-boot.version>3.3.7</spring-boot.version>
- <spring-security.version>6.3.6</spring-security.version>
+ <spring-security.version>6.3.4</spring-security.version>
<log4j.version>2.21.1</log4j.version>
<guava.version>32.1.2-jre</guava.version>
<netty-version>4.1.115.Final</netty-version>
--
GitLab
From cf5597a0f684f1d1660882f34bccac6507592a27 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 13:19:49 -0600
Subject: [PATCH 03/14] Revert snake
---
partition-core/pom.xml | 41 ++++++++++++++++++++---------------------
pom.xml | 2 +-
2 files changed, 21 insertions(+), 22 deletions(-)
diff --git a/partition-core/pom.xml b/partition-core/pom.xml
index e38b59781..e4e07a5a1 100644
--- a/partition-core/pom.xml
+++ b/partition-core/pom.xml
@@ -36,6 +36,7 @@
<maven_surefire_plugin_version>3.0.0-M4</maven_surefire_plugin_version>
<maven_failsafe_plugin_version>3.0.0-M4</maven_failsafe_plugin_version>
<commons-beanutils.version>1.9.4</commons-beanutils.version>
+ <json-smart.version>2.5.1</json-smart.version>
</properties>
<dependencyManagement>
@@ -54,15 +55,13 @@
</dependencyManagement>
<dependencies>
- <dependency>
- <groupId>org.projectlombok</groupId>
- <artifactId>lombok</artifactId>
- </dependency>
-
+ <!-- OSDU Dependencies -->
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
</dependency>
+ <!-- Spring Dependencies -->
+ <!-- Versions managed by parent pom -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
@@ -89,12 +88,26 @@
</exclusion>
</exclusions>
</dependency>
-
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
- <!-- test dependencies -->
+ <!-- Project Dependencies -->
+ <dependency>
+ <groupId>org.projectlombok</groupId>
+ <artifactId>lombok</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>net.minidev</groupId>
+ <artifactId>json-smart</artifactId>
+ <version>${json-smart.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springdoc</groupId>
+ <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+ <version>${openapi.version}</version>
+ </dependency>
+ <!-- Test Scoped Dependencies -->
<dependency>
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib</artifactId>
@@ -112,12 +125,6 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>net.minidev</groupId>
- <artifactId>json-smart</artifactId>
- <version>2.5.1</version>
- </dependency>
-
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-inline</artifactId>
@@ -141,14 +148,6 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
-
- <!-- swagger dependencies -->
- <dependency>
- <groupId>org.springdoc</groupId>
- <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
- <version>${openapi.version}</version>
- </dependency>
-
</dependencies>
<build>
diff --git a/pom.xml b/pom.xml
index 0fa73fb83..95303b7eb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,7 +33,7 @@
<log4j.version>2.21.1</log4j.version>
<guava.version>32.1.2-jre</guava.version>
<netty-version>4.1.115.Final</netty-version>
- <snakeyaml.version>2.3</snakeyaml.version>
+ <snakeyaml.version>2.0</snakeyaml.version>
<httpclient.version>4.5.14</httpclient.version>
<lombok.version>1.18.36</lombok.version>
</properties>
--
GitLab
From d1578a9d8834bf83635f31695dfc6e6b8856097e Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 13:52:55 -0600
Subject: [PATCH 04/14] Revert lombok and http
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 95303b7eb..9d2c0877e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,8 +34,8 @@
<guava.version>32.1.2-jre</guava.version>
<netty-version>4.1.115.Final</netty-version>
<snakeyaml.version>2.0</snakeyaml.version>
- <httpclient.version>4.5.14</httpclient.version>
- <lombok.version>1.18.36</lombok.version>
+ <httpclient.version>4.5.13</httpclient.version>
+ <lombok.version>1.18.34</lombok.version>
</properties>
<packaging>pom</packaging>
--
GitLab
From 64f24e3527e0c28fef8edd29edc70de1541569ca Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 14:19:37 -0600
Subject: [PATCH 05/14] Rever openapi
---
partition-core/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/partition-core/pom.xml b/partition-core/pom.xml
index e4e07a5a1..5655eb153 100644
--- a/partition-core/pom.xml
+++ b/partition-core/pom.xml
@@ -28,7 +28,7 @@
</parent>
<properties>
- <openapi.version>2.8.1</openapi.version>
+ <openapi.version>2.3.0</openapi.version>
<mockito.core.version>3.4.0</mockito.core.version>
<assertj_core_version>3.16.1</assertj_core_version>
<kotlin_stdlib_version>1.3.60</kotlin_stdlib_version>
--
GitLab
From 677087d0e060ce6c50e215bb7a797af65c9db7b7 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 14:37:47 -0600
Subject: [PATCH 06/14] Version bumps
---
pom.xml | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/pom.xml b/pom.xml
index 9d2c0877e..3e6147687 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,19 +29,24 @@
<os-core-common.version>3.3.0</os-core-common.version>
<spring-framework.version>6.1.16</spring-framework.version>
<spring-boot.version>3.3.7</spring-boot.version>
- <spring-security.version>6.3.4</spring-security.version>
+ <spring-security.version>6.3.6</spring-security.version>
<log4j.version>2.21.1</log4j.version>
<guava.version>32.1.2-jre</guava.version>
<netty-version>4.1.115.Final</netty-version>
- <snakeyaml.version>2.0</snakeyaml.version>
- <httpclient.version>4.5.13</httpclient.version>
- <lombok.version>1.18.34</lombok.version>
+ <snakeyaml.version>2.3</snakeyaml.version>
+ <httpclient.version>4.5.14</httpclient.version>
+ <lombok.version>1.18.36</lombok.version>
</properties>
<packaging>pom</packaging>
<dependencyManagement>
<dependencies>
+ <!-- BOMs listed in order of dependency hierarchy:
+ spring-boot-dependencies first as it's the parent BOM providing default dependency management,
+ spring-security-bom second as it may need to override Spring Framework versions for security purposes,
+ spring-framework-bom last as it provides core dependencies that can be safely
+ overridden by the security BOM -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
@@ -50,16 +55,16 @@
<scope>import</scope>
</dependency>
<dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-framework-bom</artifactId>
- <version>${spring-framework.version}</version>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-bom</artifactId>
+ <version>${spring-security.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
<dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-bom</artifactId>
- <version>${spring-security.version}</version>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-framework-bom</artifactId>
+ <version>${spring-framework.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
--
GitLab
From 0ac4c4d5eabf4bb570a28db60c42bce964cdb21a Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 15:10:09 -0600
Subject: [PATCH 07/14] POM organization
---
pom.xml | 64 ++++++++++++++++++++++++++++++++++-----------------------
1 file changed, 38 insertions(+), 26 deletions(-)
diff --git a/pom.xml b/pom.xml
index 3e6147687..2c94ec207 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,16 +26,23 @@
<maven.compiler.target>17</maven.compiler.target>
<maven.compiler.source>17</maven.compiler.source>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+
+ <!-- OSDU Versions-->
<os-core-common.version>3.3.0</os-core-common.version>
+
+ <!-- Spring Versions-->
<spring-framework.version>6.1.16</spring-framework.version>
<spring-boot.version>3.3.7</spring-boot.version>
<spring-security.version>6.3.6</spring-security.version>
- <log4j.version>2.21.1</log4j.version>
- <guava.version>32.1.2-jre</guava.version>
- <netty-version>4.1.115.Final</netty-version>
- <snakeyaml.version>2.3</snakeyaml.version>
- <httpclient.version>4.5.14</httpclient.version>
+
+ <!-- Project Versions-->
<lombok.version>1.18.36</lombok.version>
+
+ <!-- Plugin Versions -->
+ <git-commit-id-plugin.version>8.0.2</git-commit-id-plugin.version>
+
+ <!-- Security fixes -->
+ <guava.version>32.1.2-jre</guava.version>
</properties>
<packaging>pom</packaging>
@@ -45,8 +52,11 @@
<!-- BOMs listed in order of dependency hierarchy:
spring-boot-dependencies first as it's the parent BOM providing default dependency management,
spring-security-bom second as it may need to override Spring Framework versions for security purposes,
- spring-framework-bom last as it provides core dependencies that can be safely
- overridden by the security BOM -->
+ spring-framework-bom third as it provides core dependencies that can be safely overridden by the security BOM
+ os-core-common last as it provides the default dependencies for the project.dependency>
+ -->
+
+ <!-- BOM Section Start-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
@@ -68,18 +78,9 @@
<type>pom</type>
<scope>import</scope>
</dependency>
- <dependency>
- <groupId>io.netty</groupId>
- <artifactId>netty-bom</artifactId>
- <version>${netty-version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>${guava.version}</version>
- </dependency>
+ <!-- Core CommonBOM Override Section Start -->
+
+ <!-- Core CommonBOM Override Section End -->
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
@@ -87,11 +88,9 @@
<type>pom</type>
<scope>import</scope>
</dependency>
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- <version>${httpclient.version}</version>
- </dependency>
+ <!-- BOM Section End-->
+
+ <!-- Any dependencies here will be used by all projects. -->
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
@@ -114,12 +113,25 @@
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
- <version>${snakeyaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ </dependency>
+
+ <!-- Security fixes -->
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <!-- Override the version from spring-boot-dependencies BOM to address security vulnerabilities -->
+ <version>${guava.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
+ <!-- Lombok is compile-time only due to 'provided' scope - it generates code during compilation
+ but is not included in the final artifact -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
@@ -151,7 +163,7 @@
<plugin>
<groupId>io.github.git-commit-id</groupId>
<artifactId>git-commit-id-maven-plugin</artifactId>
- <version>8.0.2</version>
+ <version>${git-commit-id-plugin.version}</version>
<executions>
<execution>
<goals>
--
GitLab
From 34bd49c093205ad534480a51af182a844ee79767 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 15:21:32 -0600
Subject: [PATCH 08/14] Removed Netty BOM from gcp project as not necessary.
---
provider/partition-gc/pom.xml | 7 -------
1 file changed, 7 deletions(-)
diff --git a/provider/partition-gc/pom.xml b/provider/partition-gc/pom.xml
index 12b6a9c4a..6cbed9611 100644
--- a/provider/partition-gc/pom.xml
+++ b/provider/partition-gc/pom.xml
@@ -17,13 +17,6 @@
<dependencyManagement>
<dependencies>
- <dependency>
- <groupId>io.netty</groupId>
- <artifactId>netty-bom</artifactId>
- <version>${netty-version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
--
GitLab
From 589b1672c91004b75441cb3362e1966e4776e162 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 15:57:06 -0600
Subject: [PATCH 09/14] Fixed the conflict of versions between partition-core
and partition-azure.
---
partition-core/pom.xml | 15 +++++++++++++++
provider/partition-azure/pom.xml | 11 ++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/partition-core/pom.xml b/partition-core/pom.xml
index 5655eb153..1064cdbf5 100644
--- a/partition-core/pom.xml
+++ b/partition-core/pom.xml
@@ -37,6 +37,9 @@
<maven_failsafe_plugin_version>3.0.0-M4</maven_failsafe_plugin_version>
<commons-beanutils.version>1.9.4</commons-beanutils.version>
<json-smart.version>2.5.1</json-smart.version>
+
+ <!-- Security fixes -->
+ <logback.version>1.5.13</logback.version>
</properties>
<dependencyManagement>
@@ -51,6 +54,18 @@
<artifactId>maven-reporting-impl</artifactId>
<version>3.2.0</version>
</dependency>
+
+ <!-- Security fixes -->
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>${logback.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/provider/partition-azure/pom.xml b/provider/partition-azure/pom.xml
index dbdcad1ed..12f6eed4d 100644
--- a/provider/partition-azure/pom.xml
+++ b/provider/partition-azure/pom.xml
@@ -38,7 +38,7 @@
<dependencyManagement>
<dependencies>
- <!-- Core Azure Library -->
+ <!-- Core Azure Library first -->
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-azure</artifactId>
@@ -46,6 +46,15 @@
<type>pom</type>
<scope>import</scope>
</dependency>
+
+ <!-- Spring Boot BOM last to ensure it overrides all previous versions -->
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-dependencies</artifactId>
+ <version>${spring-boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
</dependencies>
</dependencyManagement>
--
GitLab
From b16cf21b0fe6d9975bfbf95e9cc85fc39f92a64c Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 16:53:07 -0600
Subject: [PATCH 10/14] Moved to latest versions of Spring Boot.
---
partition-core/pom.xml | 29 +++++++++--------------------
pom.xml | 13 ++++---------
provider/partition-azure/pom.xml | 11 +----------
3 files changed, 14 insertions(+), 39 deletions(-)
diff --git a/partition-core/pom.xml b/partition-core/pom.xml
index 1064cdbf5..e9899864b 100644
--- a/partition-core/pom.xml
+++ b/partition-core/pom.xml
@@ -28,18 +28,19 @@
</parent>
<properties>
- <openapi.version>2.3.0</openapi.version>
- <mockito.core.version>3.4.0</mockito.core.version>
- <assertj_core_version>3.16.1</assertj_core_version>
<kotlin_stdlib_version>1.3.60</kotlin_stdlib_version>
<cobertura_maven_plugin_version>2.7</cobertura_maven_plugin_version>
- <maven_surefire_plugin_version>3.0.0-M4</maven_surefire_plugin_version>
- <maven_failsafe_plugin_version>3.0.0-M4</maven_failsafe_plugin_version>
+ <openapi.version>2.3.0</openapi.version>
<commons-beanutils.version>1.9.4</commons-beanutils.version>
<json-smart.version>2.5.1</json-smart.version>
- <!-- Security fixes -->
- <logback.version>1.5.13</logback.version>
+ <!-- Test Scoped Versions -->
+ <mockito.core.version>3.4.0</mockito.core.version>
+ <mockito.inline.version>3.6.28</mockito.inline.version>
+ <assertj_core_version>3.16.1</assertj_core_version>
+ <!-- Plugin Versions -->
+ <maven_surefire_plugin_version>3.0.0-M4</maven_surefire_plugin_version>
+ <maven_failsafe_plugin_version>3.0.0-M4</maven_failsafe_plugin_version>
</properties>
<dependencyManagement>
@@ -54,18 +55,6 @@
<artifactId>maven-reporting-impl</artifactId>
<version>3.2.0</version>
</dependency>
-
- <!-- Security fixes -->
- <dependency>
- <groupId>ch.qos.logback</groupId>
- <artifactId>logback-core</artifactId>
- <version>${logback.version}</version>
- </dependency>
- <dependency>
- <groupId>ch.qos.logback</groupId>
- <artifactId>logback-classic</artifactId>
- <version>${logback.version}</version>
- </dependency>
</dependencies>
</dependencyManagement>
@@ -143,7 +132,7 @@
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-inline</artifactId>
- <version>3.6.28</version>
+ <version>${mockito.inline.version}</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/pom.xml b/pom.xml
index 2c94ec207..718cd3675 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,18 +31,16 @@
<os-core-common.version>3.3.0</os-core-common.version>
<!-- Spring Versions-->
- <spring-framework.version>6.1.16</spring-framework.version>
- <spring-boot.version>3.3.7</spring-boot.version>
- <spring-security.version>6.3.6</spring-security.version>
+ <spring-boot.version>3.4.1</spring-boot.version>
+ <spring-security.version>6.4.2</spring-security.version>
+ <spring-framework.version>6.2.1</spring-framework.version>
<!-- Project Versions-->
<lombok.version>1.18.36</lombok.version>
+ <guava.version>32.1.2-jre</guava.version>
<!-- Plugin Versions -->
<git-commit-id-plugin.version>8.0.2</git-commit-id-plugin.version>
-
- <!-- Security fixes -->
- <guava.version>32.1.2-jre</guava.version>
</properties>
<packaging>pom</packaging>
@@ -118,12 +116,9 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
-
- <!-- Security fixes -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <!-- Override the version from spring-boot-dependencies BOM to address security vulnerabilities -->
<version>${guava.version}</version>
</dependency>
</dependencies>
diff --git a/provider/partition-azure/pom.xml b/provider/partition-azure/pom.xml
index 12f6eed4d..dbdcad1ed 100644
--- a/provider/partition-azure/pom.xml
+++ b/provider/partition-azure/pom.xml
@@ -38,7 +38,7 @@
<dependencyManagement>
<dependencies>
- <!-- Core Azure Library first -->
+ <!-- Core Azure Library -->
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>core-lib-azure</artifactId>
@@ -46,15 +46,6 @@
<type>pom</type>
<scope>import</scope>
</dependency>
-
- <!-- Spring Boot BOM last to ensure it overrides all previous versions -->
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-dependencies</artifactId>
- <version>${spring-boot.version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
</dependencies>
</dependencyManagement>
--
GitLab
From 62f31e090de5804d60d0b70a134f4396e66461e1 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 17:22:15 -0600
Subject: [PATCH 11/14] Regressed Spring Boot Versions.
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 718cd3675..bb23cfa81 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,9 +31,9 @@
<os-core-common.version>3.3.0</os-core-common.version>
<!-- Spring Versions-->
- <spring-boot.version>3.4.1</spring-boot.version>
- <spring-security.version>6.4.2</spring-security.version>
- <spring-framework.version>6.2.1</spring-framework.version>
+ <spring-boot.version>3.3.7</spring-boot.version>
+ <spring-security.version>6.3.6</spring-security.version>
+ <spring-framework.version>6.1.16</spring-framework.version>
<!-- Project Versions-->
<lombok.version>1.18.36</lombok.version>
--
GitLab
From 1e16c53798ea8c92609a6674114d2c3cdede2037 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Fri, 10 Jan 2025 18:53:43 -0600
Subject: [PATCH 12/14] Updated Azure Core Lib for vuln fixes.
---
provider/partition-azure/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/provider/partition-azure/pom.xml b/provider/partition-azure/pom.xml
index dbdcad1ed..a3fe5ce66 100644
--- a/provider/partition-azure/pom.xml
+++ b/provider/partition-azure/pom.xml
@@ -30,7 +30,7 @@
</parent>
<properties>
- <core-lib-azure.version>2.0.2</core-lib-azure.version>
+ <core-lib-azure.version>2.0.3</core-lib-azure.version>
<!-- Plugin Versions -->
<surefire-plugin.version>2.22.2</surefire-plugin.version>
<jacoco-plugin.version>0.8.12</jacoco-plugin.version>
--
GitLab
From f19ed343ec3164069d1950e40c47ddb376a74296 Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Sun, 12 Jan 2025 10:49:30 -0600
Subject: [PATCH 13/14] Organize to common pattern.
---
pom.xml | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/pom.xml b/pom.xml
index bb23cfa81..abbf5a52e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Copyright 2017-2020, Schlumberger
+ Copyright
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
<artifactId>partition</artifactId>
<version>0.28.0-SNAPSHOT</version>
<description>Partition Service</description>
+ <packaging>pom</packaging>
<properties>
<java.version>17</java.version>
@@ -43,7 +44,14 @@
<git-commit-id-plugin.version>8.0.2</git-commit-id-plugin.version>
</properties>
- <packaging>pom</packaging>
+ <modules>
+ <module>partition-core</module>
+ <module>provider/partition-azure</module>
+ <module>provider/partition-aws</module>
+ <module>provider/partition-ibm</module>
+ <module>provider/partition-gc</module>
+ <module>partition-core-plus</module>
+ </modules>
<dependencyManagement>
<dependencies>
@@ -54,7 +62,7 @@
os-core-common last as it provides the default dependencies for the project.dependency>
-->
- <!-- BOM Section Start-->
+ <!-- BOM Section Start-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
@@ -178,15 +186,6 @@
</plugins>
</build>
- <modules>
- <module>partition-core</module>
- <module>provider/partition-azure</module>
- <module>provider/partition-aws</module>
- <module>provider/partition-ibm</module>
- <module>provider/partition-gc</module>
- <module>partition-core-plus</module>
- </modules>
-
<profiles>
<profile>
<id>Default</id>
--
GitLab
From 861c32beed679c0601c357ea5e493128ba5ea66b Mon Sep 17 00:00:00 2001
From: danielscholl <dascholl@microsoft.com>
Date: Sun, 12 Jan 2025 13:12:30 -0600
Subject: [PATCH 14/14] Organize to common pattern.
---
pom.xml | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/pom.xml b/pom.xml
index abbf5a52e..e8c9ef3f5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,6 +22,15 @@
<description>Partition Service</description>
<packaging>pom</packaging>
+ <modules>
+ <module>partition-core</module>
+ <module>provider/partition-azure</module>
+ <module>provider/partition-aws</module>
+ <module>provider/partition-ibm</module>
+ <module>provider/partition-gc</module>
+ <module>partition-core-plus</module>
+ </modules>
+
<properties>
<java.version>17</java.version>
<maven.compiler.target>17</maven.compiler.target>
@@ -44,15 +53,6 @@
<git-commit-id-plugin.version>8.0.2</git-commit-id-plugin.version>
</properties>
- <modules>
- <module>partition-core</module>
- <module>provider/partition-azure</module>
- <module>provider/partition-aws</module>
- <module>provider/partition-ibm</module>
- <module>provider/partition-gc</module>
- <module>partition-core-plus</module>
- </modules>
-
<dependencyManagement>
<dependencies>
<!-- BOMs listed in order of dependency hierarchy:
--
GitLab