Schema merge requests
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests
2020-12-04T13:19:13Z
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/41
Decoupling common tenant
2020-12-04T13:19:13Z
Abhishek Kumar (SLB)
Decoupling common tenant
The basic objective of this change is to decouple SHARED tenant name as common.
Now, the shared tenant name can be injected through the pipeline, by default the name is "common".
The basic objective of this change is to decouple SHARED tenant name as common.
Now, the shared tenant name can be injected through the pipeline, by default the name is "common".
ethiraj krishnamanaidu
ethiraj krishnamanaidu
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/294
Adding CRS, CT schemas
2022-05-11T21:09:38Z
Marc Burnie [AWS]
Adding CRS, CT schemas
1. Adding CoordinateReferenceSystem and CoordinateTransformation schema 1.1.0 versions for CRS v3 update.
2. Bumping AWS lib version.
1. Adding CoordinateReferenceSystem and CoordinateTransformation schema 1.1.0 versions for CRS v3 update.
2. Bumping AWS lib version.
M12 - Release 0.15
Joe
Spencer Sutton
suttonsp@amazon.com
Marc Burnie [AWS]
Okoun-Ola Fabien Houeto
Joe
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/425
jar type vulnerability fix for schema-service
2023-03-28T10:14:32Z
Pintu Gupta
jar type vulnerability fix for schema-service
Following CVE has been fix in this MR :
| cve | link |
|------------------|-------------------------------------------------|
| CVE-2022-42003 | https://nvd.nist.gov/vuln/detail...
Following CVE has been fix in this MR :
| cve | link |
|------------------|-------------------------------------------------|
| CVE-2022-42003 | https://nvd.nist.gov/vuln/detail/CVE-2022-42003 |
| CVE-2022-42004 | https://nvd.nist.gov/vuln/detail/CVE-2022-42004 |
| CVE-2022-22965 | https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
| PRISMA-2022-0239 | https://github.com/square/okhttp/issues/6738 |
| CVE-2022-22965 | https://nvd.nist.gov/vuln/detail/CVE-2022-22965 |
| CVE-2022-23181 | https://nvd.nist.gov/vuln/detail/CVE-2022-23181 |
| CVE-2022-42252 | https://nvd.nist.gov/vuln/detail/CVE-2022-42252 |
| CVE-2022-25857 | https://nvd.nist.gov/vuln/detail/CVE-2022-25857 |
M17 - Release 0.20
Pintu Gupta
Pintu Gupta
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/467
AWS merge
2023-04-03T14:23:48Z
Yash Dholakia
AWS merge
commit f272ea09
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 08:41:17 GMT-0700 (Pacific Daylight Time)
removing old ssl stuff
commit db82dbca
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 07:30:19 GMT-0700 (P...
commit f272ea09
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 08:41:17 GMT-0700 (Pacific Daylight Time)
removing old ssl stuff
commit db82dbca
Author: Abhay <bios@amazon.com>
Date: Tue Mar 21 2023 07:30:19 GMT-0700 (Pacific Daylight Time)
Renaming variable
commit 67c6914b
Author: Abhay <bios@amazon.com>
Date: Mon Mar 20 2023 10:48:54 GMT-0700 (Pacific Daylight Time)
adding changes for rootFilesystem
M17 - Release 0.20
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/474
Full Upgrade of First Party Library Dependencies for Release 0.20
2023-05-22T15:50:40Z
David Diederich
d.diederich@opengroup.org
Full Upgrade of First Party Library Dependencies for Release 0.20
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: c6bc65a3773a3d009e7e9e2d7e3ac72cc663ad49
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ---------------- | ---------- |
| core-lib-azure | 0.14.0-rc2 | 0.6.1 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.21.0-rc1 | 0.13.0 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.19.0-rc6 | 0.19.0-rc6 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| osm | 0.18.0 | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 1.26 | 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ org.springframework.boot.spring-boot-autoconfigure == 2.7.7
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.os-schema-core == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-aws == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-test == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-gc == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-test == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-ibm == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.os-schema-azure == 0.21.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-test == 2.4.12
│ └─ org.springframework.boot.spring-boot-starter == 2.4.12
│ └─ org.yaml.snakeyaml == 1.26
└─ testing/
└─ org.opengroup.osdu.schema-test-core == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-schema-core == 0.21.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
```
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.os-schema-azure == 0.21.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-webflux == 2.6.6
└─ org.springframework.spring-webflux == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-3
SHA: 79045808c04ca813e2d4e8374cb8514c5358821f
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------ | ---------- | ---------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.20.0 | |
| os-core-lib-aws | 0.21.0-rc2 | 0.21.0-rc2 |
| obm | 0.20.0 | |
| oqm | 0.20.0 | |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| osm | 0.20.0 | |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0 | 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
└─ org.springdoc.springdoc-openapi-ui == 1.6.14
└─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
└─ org.springdoc.springdoc-openapi-common == 1.6.14
└─ org.springframework.boot.spring-boot-autoconfigure == 2.7.7
└─ io.swagger.core.v3.swagger-core == 2.2.7
└─ org.yaml.snakeyaml == 1.30
```
M18 - Release 0.21
Srinivasan Narayanan
Srinivasan Narayanan
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/513
Fix instance name
2023-06-29T15:34:31Z
Aleh Shubko [EPAM]
Fix instance name
M19 - Release 0.22
Madalyn Marabella
Madalyn Marabella
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/517
Syncing AWS Code Commit to Gitlab
2023-07-06T22:03:14Z
Solomon Ayalew
Syncing AWS Code Commit to Gitlab
Syncing AWS Code changes to Gitlab
Syncing AWS Code changes to Gitlab
Solomon Ayalew
Solomon Ayalew
https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/640
Draft: Refactor to address sonar issues
2024-02-29T18:58:52Z
Solomon Ayalew
Draft: Refactor to address sonar issues
Address Cognitive and Cyclomatic complexity to bring the project to the acceptable threshold
Address Cognitive and Cyclomatic complexity to bring the project to the acceptable threshold
M23 - Release 0.26