This automated MR removes usage of SNAPSHOT versions in the first party library dependencies.
Since SNAPSHOT dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
Dependency Information Before the Upgrade
Branch: master
SHA: b74d46d040a389a3f29d3282abee66ec25c375c9
Maven: 0.18.0-SNAPSHOT
| Maven Dependencies |
Root |
testing/ |
| core-lib-azure |
0.14.0-rc2 |
0.6.1 |
| core-lib-gcp |
0.16.0 |
|
| os-core-lib-aws |
0.18.0-SNAPSHOT |
0.13.0, 0.3.16 |
| obm |
0.16.0 |
|
| oqm |
0.16.0 |
|
| os-core-common |
0.13.0 |
0.13.0 |
| os-core-lib-ibm |
0.16.0-rc1 |
0.15.2, 0.7.0 |
| os-schema-core |
0.18.0-SNAPSHOT |
0.16.0-SNAPSHOT |
| osm |
0.16.0 |
|
| (3rd Party) com.fasterxml.jackson.core.jackson-databind |
2.13.2.2 |
2.13.2.2, 2.11.3 |
| (3rd Party) net.minidev.json-smart |
2.4.7 |
2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api |
2.17.1 |
2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core |
2.17.1 |
2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul |
2.17.1 |
2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl |
2.17.1 |
2.13.3 |
| (3rd Party) org.springframework.spring-webflux |
5.3.12 |
|
| (3rd Party) org.springframework.spring-webmvc |
5.3.22 |
5.3.12 |
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.os-schema-azure == 0.18.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
Dependency Information After the Upgrade
Branch: remove-snapshots
SHA: 9df0237b9bc87a6815ca5a73627a3fcf8082ef8e
Maven: 0.18.0-SNAPSHOT
| Maven Dependencies |
Root |
testing/ |
| core-lib-azure |
0.14.0-rc2 |
0.6.1 |
| core-lib-gcp |
0.16.0 |
|
| os-core-lib-aws |
0.17.0 |
0.13.0, 0.3.16 |
| obm |
0.16.0 |
|
| oqm |
0.16.0 |
|
| os-core-common |
0.13.0 |
0.13.0 |
| os-core-lib-ibm |
0.16.0-rc1 |
0.15.2, 0.7.0 |
| osm |
0.16.0 |
|
| (3rd Party) com.fasterxml.jackson.core.jackson-databind |
2.13.2.2 |
2.13.2.2, 2.11.3 |
| (3rd Party) net.minidev.json-smart |
2.4.7 |
2.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api |
2.17.1 |
2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core |
2.17.1 |
2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul |
2.17.1 |
2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl |
2.17.1 |
2.13.3 |
| (3rd Party) org.springframework.spring-webflux |
5.3.12 |
|
| (3rd Party) org.springframework.spring-webmvc |
5.3.22 |
5.3.22 |
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.os-schema-azure == 0.18.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
