Schema merge requestshttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests2023-07-06T22:03:14Zhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/517Syncing AWS Code Commit to Gitlab2023-07-06T22:03:14ZSolomon AyalewSyncing AWS Code Commit to GitlabSyncing AWS Code changes to GitlabSyncing AWS Code changes to GitlabSolomon AyalewSolomon Ayalewhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/514Fix instance name2023-06-29T16:51:16ZAleh Shubko [EPAM]Fix instance nameM19 - Release 0.22Madalyn MarabellaMadalyn Marabellahttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/513Fix instance name2023-06-29T15:34:31ZAleh Shubko [EPAM]Fix instance nameM19 - Release 0.22Madalyn MarabellaMadalyn Marabellahttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/504ws-fixes for schema service2023-07-17T19:34:56ZSudesh Tagadpallewarws-fixes for schema serviceAddresses vuln issue in https://community.opengroup.org/osdu/platform/system/schema-service/-/issues/130Addresses vuln issue in https://community.opengroup.org/osdu/platform/system/schema-service/-/issues/130M19 - Release 0.22https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/500Cherry-pick 'fix dependency vulnerability complaint' into release/0.212023-05-29T09:05:34ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'fix dependency vulnerability complaint' into release/0.21**Original MR**: !499
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !499
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/schema-service/-/pipelines/new?ref=cherry-pick-for-499)M18 - Release 0.21David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/499fix dependency vulnerability complaint2023-05-29T09:23:13ZBill Wangfix dependency vulnerability complaintWe have received reports that
```Since Requests v2.3.0, Requests has been vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how r...We have received reports that
```Since Requests v2.3.0, Requests has been vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. Note this behavior has only been observed to affect proxied requests when credentials are supplied in the URL user information component (e.g. https://username:password@proxy:8080).```M18 - Release 0.21Bill WangBill Wanghttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/496Fixing variable for aws2023-05-19T22:33:40ZAbhay JoshiFixing variable for aws(cherry picked from commit 2f203588bc5ac0ba9b5ac7ed868361dd1a6cadcb)(cherry picked from commit 2f203588bc5ac0ba9b5ac7ed868361dd1a6cadcb)M18 - Release 0.21Abhay JoshiYong ZengMadalyn MarabellaAbhay Joshihttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/490UserAgent Changes2023-05-12T19:14:36ZAbhay JoshiUserAgent Changes(cherry picked from commit d4ebc88569f88fa73a5ce563b8025d0f952d839c)(cherry picked from commit d4ebc88569f88fa73a5ce563b8025d0f952d839c)M18 - Release 0.21Okoun-Ola Fabien HouetoAbhay JoshiYong ZengOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/486M18 service and CICD updates2023-05-09T18:39:31ZMadalyn MarabellaM18 service and CICD updatesAWS code changes only.
Changes in `testing/schema-test-core` only update `AwsServicePrincipalUtil.java` and `os-core-lib-aws` version in `pom.xml`AWS code changes only.
Changes in `testing/schema-test-core` only update `AwsServicePrincipalUtil.java` and `os-core-lib-aws` version in `pom.xml`M18 - Release 0.21Madalyn MarabellaMadalyn Marabellahttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/484add and upgrade snakeyaml dependency2023-05-09T16:10:29ZAbhay Joshiadd and upgrade snakeyaml dependency(cherry picked from commit 5baad7263a76de68caf8f869f663da244d8ff3a5)(cherry picked from commit 5baad7263a76de68caf8f869f663da244d8ff3a5)M18 - Release 0.21Okoun-Ola Fabien HouetoAbhay JoshiYong ZengOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/474Full Upgrade of First Party Library Dependencies for Release 0.202023-05-22T15:50:40ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.20This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: c6bc65a3773a3d009e7e9e2d7e3ac72cc663ad49
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ---------------- | ---------- |
| core-lib-azure | 0.14.0-rc2 | 0.6.1 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.21.0-rc1 | 0.13.0 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.19.0-rc6 | 0.19.0-rc6 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| osm | 0.18.0 | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 1.26 | 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ org.springframework.boot.spring-boot-autoconfigure == 2.7.7
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.os-schema-core == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-aws == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-test == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-gc == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-test == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-ibm == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.os-schema-azure == 0.21.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-test == 2.4.12
│ └─ org.springframework.boot.spring-boot-starter == 2.4.12
│ └─ org.yaml.snakeyaml == 1.26
└─ testing/
└─ org.opengroup.osdu.schema-test-core == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-schema-core == 0.21.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
```
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.os-schema-azure == 0.21.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-webflux == 2.6.6
└─ org.springframework.spring-webflux == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-3
SHA: 79045808c04ca813e2d4e8374cb8514c5358821f
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------ | ---------- | ---------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.20.0 | |
| os-core-lib-aws | 0.21.0-rc2 | 0.21.0-rc2 |
| obm | 0.20.0 | |
| oqm | 0.20.0 | |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| osm | 0.20.0 | |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0 | 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
└─ org.springdoc.springdoc-openapi-ui == 1.6.14
└─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
└─ org.springdoc.springdoc-openapi-common == 1.6.14
└─ org.springframework.boot.spring-boot-autoconfigure == 2.7.7
└─ io.swagger.core.v3.swagger-core == 2.2.7
└─ org.yaml.snakeyaml == 1.30
```M18 - Release 0.21Srinivasan NarayananSrinivasan Narayananhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/472AWS Integration merge2023-04-06T01:25:56ZManish JangidAWS Integration mergeAWS Integration mergeAWS Integration mergeM18 - Release 0.21https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/468Continue build if dependency-maven-check failed2023-03-30T17:21:22ZYash DholakiaContinue build if dependency-maven-check failedContinue build if dependency-maven-check failed. It fails when nvd.nist is down.Continue build if dependency-maven-check failed. It fails when nvd.nist is down.M17 - Release 0.20Okoun-Ola Fabien HouetoOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/467AWS merge2023-04-03T14:23:48ZYash DholakiaAWS mergecommit f272ea09
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 08:41:17 GMT-0700 (Pacific Daylight Time)
removing old ssl stuff
commit db82dbca
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 07:30:19 GMT-0700 (P...commit f272ea09
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 08:41:17 GMT-0700 (Pacific Daylight Time)
removing old ssl stuff
commit db82dbca
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 07:30:19 GMT-0700 (Pacific Daylight Time)
Renaming variable
commit 67c6914b
Author: Abhay <bios@amazon.com>
Date: Mon Mar 20 2023 10:48:54 GMT-0700 (Pacific Daylight Time)
adding changes for rootFilesystemM17 - Release 0.20https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/460Renaming dependency helm chart repo to osdu-aws and removing versioning const...2023-03-17T19:47:09ZMarc Burnie [AWS]Renaming dependency helm chart repo to osdu-aws and removing versioning constraintsM17 - Release 0.20Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/459Update MongoDB settings2023-03-17T17:31:18ZAleh Shubko [EPAM]Update MongoDB settingsM17 - Release 0.20Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/457Add switch terraform parameter for MongoDB2023-03-16T13:23:48ZAleh Shubko [EPAM]Add switch terraform parameter for MongoDBAWS DevOps Changes OnlyAWS DevOps Changes OnlyM17 - Release 0.20Aleh Shubko [EPAM]Marc Burnie [AWS]Aleh Shubko [EPAM]https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/451Cherry-pick 'adding support for EKS 1.23' into release/0.192023-02-11T01:57:18ZMarc Burnie [AWS]Cherry-pick 'adding support for EKS 1.23' into release/0.19Adding support for EKS 1.23
Original MR: osdu/platform/system/schema-service!448
(cherry picked from commit 7d0a638c0896523be79a8fca8db917717ef9068a)
Only AWS Helm Chart changesAdding support for EKS 1.23
Original MR: osdu/platform/system/schema-service!448
(cherry picked from commit 7d0a638c0896523be79a8fca8db917717ef9068a)
Only AWS Helm Chart changesM16 - Release 0.19David Diederichd.diederich@opengroup.orgMarc Burnie [AWS]David Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/448Adding support for EKS 1.232023-02-10T21:13:23ZMarc Burnie [AWS]Adding support for EKS 1.23M16 - Release 0.19Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/441Update core common lib version and fix vulnerable libs2023-07-25T07:11:24ZManish JangidUpdate core common lib version and fix vulnerable libs* Updating versions of vulnerable libraries
- https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/120
- https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/121
- https...* Updating versions of vulnerable libraries
- https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/120
- https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/121
- https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/123
- https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/124
- https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/125
- https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/130
* Using latest version of core common lib which has Spring boot 2.7.7
* Migration from Springfox to springdoc-openapi. Related ISSUE: https://community.opengroup.org/osdu/platform/system/indexer-service/-/issues/74M16 - Release 0.19