Schema merge requestshttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests2023-10-20T10:04:13Zhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/563Draft: Fetching correct AKS during Schema Data seeding2023-10-20T10:04:13ZRitushi ShankerDraft: Fetching correct AKS during Schema Data seeding**What is happening :** The script responsible for schema data seeding unintentionally fetches the backup AKS cluster as it lists them from the resource group and uses the first value that is being returned.
**What is the fix :** A min...**What is happening :** The script responsible for schema data seeding unintentionally fetches the backup AKS cluster as it lists them from the resource group and uses the first value that is being returned.
**What is the fix :** A minor code change which ensures that the proper AKS cluster is being fetched to load the schemas in it.Ritushi ShankerRitushi Shankerhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/560Draft: vulnerability fixes2023-09-26T16:16:55ZVidyaDharani LokamDraft: vulnerability fixesM21 - Release 0.24VidyaDharani LokamVidyaDharani Lokamhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/556Draft: Introduce variable for java version2023-09-21T04:57:25Zsaketh somarajuDraft: Introduce variable for java version* This MR introduces a variable to manage java version in azure ci-cd job and removes redundant `azure_test` inheritance
* This change would help in configuring azure integration test seamlessly* This MR introduces a variable to manage java version in azure ci-cd job and removes redundant `azure_test` inheritance
* This change would help in configuring azure integration test seamlesslyM21 - Release 0.24saketh somarajusaketh somarajuhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/550Fix s360 vulnerabilities on m182023-09-06T16:53:54ZChristophe MonginFix s360 vulnerabilities on m18https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/544Draft: resolving netty dependency issue.2023-09-04T02:05:08ZNishant VidyasagarDraft: resolving netty dependency issue.https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/543Draft: Removing netty depedendcy2023-09-04T02:05:21ZNishant VidyasagarDraft: Removing netty depedendcyhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/531Trusted schematestresiliency22023-07-26T11:34:33ZAbhiram BondadaTrusted schematestresiliency2Abhiram BondadaAbhiram Bondadahttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/528Draft: Refactored code2023-07-25T07:51:45ZShreya ShahDraft: Refactored codeShreya ShahShreya Shahhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/527Draft: Az/ss refactoring2023-07-21T09:59:13ZShreya ShahDraft: Az/ss refactoringShreya ShahShreya Shahhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/518GONRG-7492: fix helm version2023-07-19T07:33:28ZYauheni Rykhter (EPAM)GONRG-7492: fix helm versionM20 - Release 0.23Yauheni Rykhter (EPAM)Yauheni Rykhter (EPAM)https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/517Syncing AWS Code Commit to Gitlab2023-07-06T22:03:14ZSolomon AyalewSyncing AWS Code Commit to GitlabSyncing AWS Code changes to GitlabSyncing AWS Code changes to GitlabSolomon AyalewSolomon Ayalewhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/513Fix instance name2023-06-29T15:34:31ZAleh Shubko [EPAM]Fix instance nameM19 - Release 0.22Madalyn MarabellaMadalyn Marabellahttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/505Updated Maven dependency2023-07-05T13:39:49ZShreya ShahUpdated Maven dependency# Fixes :
https://community.opengroup.org/osdu/platform/system/schema-service/-/security/vulnerabilities/19973
https://community.opengroup.org/osdu/platform/system/schema-service/-/security/vulnerabilities/21551
# Issues :
https://commu...# Fixes :
https://community.opengroup.org/osdu/platform/system/schema-service/-/security/vulnerabilities/19973
https://community.opengroup.org/osdu/platform/system/schema-service/-/security/vulnerabilities/21551
# Issues :
https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/166
https://community.opengroup.org/osdu/platform/security-and-compliance/home/-/issues/167M19 - Release 0.22Shreya ShahShreya Shahhttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/494Reverted the changes made in MR 4692023-06-05T14:58:20ZDeepa KumariReverted the changes made in MR 469M19 - Release 0.22Deepa KumariDeepa Kumarihttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/493Draft: reverted the changes made in MR 4692023-05-19T09:41:23ZDeepa KumariDraft: reverted the changes made in MR 469Deepa KumariDeepa Kumarihttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/491Fixed library versions to remove vulnerabilities2023-12-08T15:21:46ZVineeth Guna [Microsoft]Fixed library versions to remove vulnerabilitieshttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/489Schema Resiliency Enhacements2023-05-18T11:44:08ZChahat KumarSchema Resiliency Enhacementshttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/481Updated mappers.2023-06-05T13:34:19ZRiabokon Stanislav(EPAM)[GCP]Updated mappers.Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/479Set FailOnError to false2023-04-28T19:41:11ZYash DholakiaSet FailOnError to falseSet FailOnError to false so build does not fail when dependency-check-maven fails.Set FailOnError to false so build does not fail when dependency-check-maven fails.Yash DholakiaYash Dholakiahttps://community.opengroup.org/osdu/platform/system/schema-service/-/merge_requests/474Full Upgrade of First Party Library Dependencies for Release 0.202023-05-22T15:50:40ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.20This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: c6bc65a3773a3d009e7e9e2d7e3ac72cc663ad49
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ----------------------------------------------------- | ---------------- | ---------- |
| core-lib-azure | 0.14.0-rc2 | 0.6.1 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.21.0-rc1 | 0.13.0 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.19.0-rc6 | 0.19.0-rc6 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| osm | 0.18.0 | |
| (3rd Party) net.minidev.json-smart | 2.4.7 | 2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.yaml.snakeyaml | 1.30, 1.33, 1.26 | 1.30 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.springdoc.springdoc-openapi-ui == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
│ │ └─ org.springdoc.springdoc-openapi-common == 1.6.14
│ │ └─ org.springframework.boot.spring-boot-autoconfigure == 2.7.7
│ │ └─ io.swagger.core.v3.swagger-core == 2.2.7
│ │ └─ org.yaml.snakeyaml == 1.30
│ ├─ org.opengroup.osdu.os-schema-core == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-aws == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-test == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-gc == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-test == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.os-schema-ibm == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.os-schema-azure == 0.21.0-SNAPSHOT
│ └─ org.springframework.boot.spring-boot-starter-test == 2.4.12
│ └─ org.springframework.boot.spring-boot-starter == 2.4.12
│ └─ org.yaml.snakeyaml == 1.26
└─ testing/
└─ org.opengroup.osdu.schema-test-core == 0.21.0-SNAPSHOT
└─ org.opengroup.osdu.os-schema-core == 0.21.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-web == 2.7.7
└─ org.springframework.boot.spring-boot-starter == 2.7.7
└─ org.yaml.snakeyaml == 1.30
```
```
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.os-schema-azure == 0.21.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-webflux == 2.6.6
└─ org.springframework.spring-webflux == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-3
SHA: 79045808c04ca813e2d4e8374cb8514c5358821f
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------ | ---------- | ---------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.20.0 | |
| os-core-lib-aws | 0.21.0-rc2 | 0.21.0-rc2 |
| obm | 0.20.0 | |
| oqm | 0.20.0 | |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| osm | 0.20.0 | |
| (3rd Party) org.yaml.snakeyaml | 1.30, 2.0 | 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
└─ _Root_
└─ org.springdoc.springdoc-openapi-ui == 1.6.14
└─ org.springdoc.springdoc-openapi-webmvc-core == 1.6.14
└─ org.springdoc.springdoc-openapi-common == 1.6.14
└─ org.springframework.boot.spring-boot-autoconfigure == 2.7.7
└─ io.swagger.core.v3.swagger-core == 2.2.7
└─ org.yaml.snakeyaml == 1.30
```M18 - Release 0.21Srinivasan NarayananSrinivasan Narayanan