Register merge requestshttps://community.opengroup.org/osdu/platform/system/register/-/merge_requests2023-07-18T07:07:09Zhttps://community.opengroup.org/osdu/platform/system/register/-/merge_requests/377Upgrade First Party Library Dependencies for Release 0.222023-07-18T07:07:09ZChad LeongUpgrade First Party Library Dependencies for Release 0.22This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: cc14d84ff359ac80c95d82b5dc45ea658ad64b1e
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------- | ----------------------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.13.0 |
| core-lib-gc | 0.21.0 | 0.21.0 |
| core-test-lib-gcp | | 0.21.0 |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| oqm | 0.21.0 | |
| os-core-common | 0.22.0-rc4 | 0.21.0, 0.13.0 |
| os-core-lib-ibm | 0.21.0 | 0.21.0 |
| osm | 0.21.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.2 | 2.15.0-rc1, 2.14.1, 2.13.2.2, 2.9.6 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.33, 2.0 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 9cd01862afde9ab10f8171c48219e806697b3c35
Maven: 0.23.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------- | ----------------------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.13.0 |
| core-lib-gc | 0.22.1 | 0.22.1 |
| core-test-lib-gcp | | 0.22.0 |
| os-core-lib-aws | 0.22.0 | 0.22.0 |
| oqm | 0.22.0 | |
| os-core-common | 0.22.0 | 0.22.0, 0.13.0 |
| os-core-lib-ibm | 0.22.0 | 0.22.0 |
| osm | 0.22.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.14.2 | 2.15.0-rc1, 2.14.1, 2.13.2.2, 2.9.6 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.30, 1.33, 2.0 |M19 - Release 0.22https://community.opengroup.org/osdu/platform/system/register/-/merge_requests/349update NOTICE file2023-05-22T13:32:07ZLong Chengupdate NOTICE file# Merge request template# Merge request templateM18 - Release 0.21Long ChengLong Chenghttps://community.opengroup.org/osdu/platform/system/register/-/merge_requests/268Cherry-pick 'Update FOSSA NOTICE' into release/0.182022-12-08T06:11:56ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Update FOSSA NOTICE' into release/0.18**Original MR**: !266
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !266
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/register/-/pipelines/new?ref=cherry-pick-for-266)M15 - Release 0.18David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/register/-/merge_requests/223Upgrade First Party Library Dependencies for Release 0.162022-08-16T17:37:55ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.16This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: b846eb8989ee5f2d107f9353390c5819c4cbd72a
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ | provider/register-reference/ |
| ------------------------------------------------------- | ------------------------ | ----------------------- | ---------------------------- |
| core-lib-azure | 0.15.2 | 0.13.0 | |
| core-lib-gcp | 0.16.0-rc1 | 0.1.21 | 0.15.0 |
| core-test-lib-gcp | | 0.0.2 | |
| os-core-lib-aws | 0.15.0 | 0.14.0-rc2 | |
| obm | 0.15.0 | | 0.15.0 |
| oqm | 0.15.0 | | 0.15.0 |
| os-core-common | 0.15.0 | 0.0.18, 0.13.0, 0.15.0 | 0.15.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 | |
| osm | 0.15.0 | | 0.15.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2, 2.12.5, 2.13.0 | 2.13.2.2, 2.11.4, 2.9.6 | 2.9.10.6 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | | |
| (3rd Party) org.springframework.spring-webmvc | 5.1.19.RELEASE, 5.3.12 | 5.1.9.RELEASE, 5.3.12 | 5.1.19.RELEASE |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: f326371ebb67ba300b326e4ca429a59d2452fe53
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ | provider/register-reference/ |
| ------------------------------------------------------- | ------------------------ | ----------------------------- | ---------------------------- |
| core-lib-azure | 0.16.0 | 0.13.0 | |
| core-lib-gcp | 0.16.0 | 0.1.21 | 0.16.0 |
| core-test-lib-gcp | | 0.0.2 | |
| os-core-lib-aws | 0.16.1 | 0.14.0-rc2 | |
| obm | 0.16.0 | | 0.16.0 |
| oqm | 0.16.0 | | 0.16.0 |
| os-core-common | 0.16.0 | 0.0.18, 0.13.0, 0.16.0 | 0.16.0 |
| os-core-lib-ibm | 0.16.0 | 0.16.0 | |
| osm | 0.16.0 | | 0.16.0 |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2, 2.12.5, 2.13.0 | 2.13.2.2, 2.11.4, 2.9.6 | 2.9.10.6 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | | |
| (3rd Party) org.springframework.spring-webmvc | 5.1.19.RELEASE, 5.3.12 | 5.1.9.RELEASE, 5.3.12, 5.3.22 | 5.1.19.RELEASE |
```
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
Critical: Found Vulnerable Jackson Databind dependency (<2.12.6.1 || >=2.13.0 <2.13.2.1)
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
```M13 - Release 0.16https://community.opengroup.org/osdu/platform/system/register/-/merge_requests/128Upgrade OSDU dependencies2022-01-25T17:26:16ZDavid Diederichd.diederich@opengroup.orgUpgrade OSDU dependenciesDavid Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.org