CRS Catalog merge requestshttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests2022-10-05T18:34:06Zhttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/200Cherry-pick 'Upgrade First Party Library Dependencies for Release 0.17' into ...2022-10-05T18:34:06ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Upgrade First Party Library Dependencies for Release 0.17' into release/0.17**Original MR**: !197
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !197
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/pipelines/new?ref=cherry-pick-for-197)M14 - Release 0.17David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/197Upgrade First Party Library Dependencies for Release 0.172022-10-05T06:35:04ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.17This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 27a1edbcfd96fbdb0b9d9011d5e1199336f72252
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| core-lib-azure | 0.14.0 |
| os-core-common | 0.16.0 |
| os-core-lib-ibm | 0.16.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 |
```
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.crs-catalog-service.crs-catalog-aks == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 10e077e5480ac35e7649cba8e3077d88cc132d52
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ |
| ------------------------------------------------------- | -------- |
| core-lib-azure | 0.14.0 |
| os-core-common | 0.17.0 |
| os-core-lib-ibm | 0.17.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22 |
```
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.crs-catalog-service.crs-catalog-aks == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
```M14 - Release 0.17https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/199Cherry-pick 'Upgrade dependencies to fix vulnerability and migrating from spr...2022-10-05T03:46:45ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Upgrade dependencies to fix vulnerability and migrating from springfox to open-api' into release/0.17**Original MR**: !190
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !190
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/pipelines/new?ref=cherry-pick-for-190)M14 - Release 0.17David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/190Upgrade dependencies to fix vulnerability and migrating from springfox to ope...2022-10-03T16:53:46ZAshwani PandeyUpgrade dependencies to fix vulnerability and migrating from springfox to open-apiUpgrade dependencies to fix vulnerability and migrating from springfox to open-api. Moving springfox to open-api version because springfox-3.0.0 version is not compatible with latest spring boot version. For reference Please see issue: h...Upgrade dependencies to fix vulnerability and migrating from springfox to open-api. Moving springfox to open-api version because springfox-3.0.0 version is not compatible with latest spring boot version. For reference Please see issue: https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/74
Since spring-fox does not get updates anymore and is not compatible with new versions of spring-boot, it will block us in further dependency upgrades: https://github.com/springfox/springfox/issues/3462
Vulnerability issues fixes in this MR as below:
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21648
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/20154
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/4466
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/17552
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/4472
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/17551
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/22047
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21285
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/17551
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/4467
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21653
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21663
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21664
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21659
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/20152
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/20155
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/20151
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/20153
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21662
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21661
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21655
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/21647
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19145
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19144
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19143
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19142
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19141
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19140
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19139
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19138
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19135
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19134
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19133
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19132
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19131
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19127
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19126
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19124
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/19122
https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/security/vulnerabilities/4468M14 - Release 0.17Ashwani PandeyAshwani Pandeyhttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/198Update FOSSA NOTICE2022-10-02T21:34:12ZDavid Diederichd.diederich@opengroup.orgUpdate FOSSA NOTICEThis MR updates the attribution file for the project (also known as the `NOTICE` file).
It is important to keep this up to date to satisfy legal requirements of dependency licenses.
We use FOSSA as the tool to scan for and detect these ...This MR updates the attribution file for the project (also known as the `NOTICE` file).
It is important to keep this up to date to satisfy legal requirements of dependency licenses.
We use FOSSA as the tool to scan for and detect these changes.M14 - Release 0.17https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/194Upgrade Gson2022-10-07T17:23:02ZXiangliang MengUpgrade Gsoncommit 24132ac2
Author: David Meng <xlmeng@amazon.com>
Date: Mon Sep 26 2022 16:08:13 GMT-0400 (Eastern Daylight Time)
Upgrade Gsoncommit 24132ac2
Author: David Meng <xlmeng@amazon.com>
Date: Mon Sep 26 2022 16:08:13 GMT-0400 (Eastern Daylight Time)
Upgrade GsonM14 - Release 0.17Okoun-Ola Fabien HouetoXiangliang MengOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/195AWS Using Helm to Deploy2022-09-30T23:53:07ZMarc Burnie [AWS]AWS Using Helm to DeployM14 - Release 0.17Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/193GONRG-5722-Decrease_logs_severity_for_services2023-08-18T13:52:14ZYevhenii Orlov (EPAM) [GCP]GONRG-5722-Decrease_logs_severity_for_servicesM14 - Release 0.17https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/192Checkov Findings and Gitlab Helm Chart Deploy Variables2022-09-28T19:23:29ZMarc Burnie [AWS]Checkov Findings and Gitlab Helm Chart Deploy VariablesM14 - Release 0.17Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/187Add git secrets2022-09-21T14:58:45ZMorris EstepaAdd git secretscommit 0f352d7f
Author: Morris Estepa <estepamo@amazon.com>
Date: Thu Sep 08 2022 16:56:25 GMT-0500 (Central Daylight Time)
fix build
commit 4cdd788f
Author: Morris Estepa <estepamo@amazon.com>
Date: Thu Sep 08 2022 15:20:36 ...commit 0f352d7f
Author: Morris Estepa <estepamo@amazon.com>
Date: Thu Sep 08 2022 16:56:25 GMT-0500 (Central Daylight Time)
fix build
commit 4cdd788f
Author: Morris Estepa <estepamo@amazon.com>
Date: Thu Sep 08 2022 15:20:36 GMT-0500 (Central Daylight Time)
Add git secretsM14 - Release 0.17Morris EstepaMorris Estepahttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/191AWS Helm Build Update2022-09-20T22:28:10ZMarc Burnie [AWS]AWS Helm Build UpdateM14 - Release 0.17Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/189Changing Log Level to Info from Debug2023-08-18T13:52:15ZAayushi JainChanging Log Level to Info from DebugWI : https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_workitems/edit/13921/WI : https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_workitems/edit/13921/M14 - Release 0.17Aayushi JainAayushi Jainhttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/188Changing Log Level to Info from Debug2022-09-19T09:25:25ZAayushi JainChanging Log Level to Info from DebugWI : https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_workitems/recentlyupdated/WI : https://dev.azure.com/OpenEnergyPlatform/Open%20Energy%20Platform/_workitems/recentlyupdated/Aayushi JainAayushi Jainhttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/184Azure- swagger integration env var2022-09-12T13:04:14ZArturo Hernandez [EPAM]Azure- swagger integration env var* Added swagger specific endpoint for CRS.
Ref: https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/239* Added swagger specific endpoint for CRS.
Ref: https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/issues/239M14 - Release 0.17Arturo Hernandez [EPAM]Arturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/185enabling prometheus actuator endpoint2022-09-11T06:46:45ZSabarish K R Eenabling prometheus actuator endpointhttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/183Versioning helm charts2022-09-06T22:13:42ZMarc Burnie [AWS]Versioning helm chartsM14 - Release 0.17Marc Burnie [AWS]Gustavo UrdanetaMarc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/182change version of azure core lib to 0.17.0-rc9 and add change gitlab-ci.yaml2022-08-23T16:43:17ZAkshat Joshichange version of azure core lib to 0.17.0-rc9 and add change gitlab-ci.yamlhttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/181Adding AWS Helm Charts2022-08-22T16:00:07ZMarc Burnie [AWS]Adding AWS Helm ChartsM14 - Release 0.17Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/179Add CORS policy to Helm chart virtual service2022-08-22T04:54:53ZSean FisherAdd CORS policy to Helm chart virtual serviceSean FisherSean Fisherhttps://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/merge_requests/180Merge branch 'upgrade-dependencies-m13' into 'master'2022-08-18T19:00:32ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comMerge branch 'upgrade-dependencies-m13' into 'master'upgrade jackson-databind
See merge request osdu/platform/system/reference/crs-catalog-service!178
(cherry picked from commit 6f3e778cb9eb44f4b210defaaf9b611f3e27e666)
cf31c307 upgrade jackson-databindupgrade jackson-databind
See merge request osdu/platform/system/reference/crs-catalog-service!178
(cherry picked from commit 6f3e778cb9eb44f4b210defaaf9b611f3e27e666)
cf31c307 upgrade jackson-databindRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.com