Full Upgrade of First Party Library Dependencies
-
Review changes -
-
Download -
Patches
-
Plain diff
This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release. The intent is to keep all dependent libraries up to date. This upgrade can be merged immediately without further approval if the CI pipeline reports success.
If this MR has failed, we need to work with the maintainers and affected provider teams to find a solution.
Dependency Information Before the Upgrade
Branch: master
SHA: 5ed6d24f617dd2084df7aab051a79b9a5782d25a
Maven: 0.24.0-SNAPSHOT
Maven Dependencies | Root | testing/ |
---|---|---|
core-lib-azure | 0.14.0-rc2 | 0.6.1 |
core-lib-gc | 0.23.0 | |
os-core-lib-aws | 0.23.0 | 0.23.0 |
obm | 0.23.0 | |
oqm | 0.23.0 | |
os-core-common | 0.23.1, 0.19.0-rc6 | 0.3.23 |
os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
osm | 0.23.0 | |
(3rd Party) net.minidev.json-smart | 2.4.9 | 2.3 |
(3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1, 2.17.2 | 2.13.3 |
(3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
(3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
(3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1, 2.17.2 | 2.13.3 |
(3rd Party) org.springframework.spring-webflux | 5.3.12 | |
(3rd Party) org.yaml.snakeyaml | 2.0 | 1.26 |
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.os-schema-azure == 0.24.0-SNAPSHOT
└─ org.springframework.boot.spring-boot-starter-webflux == 2.6.6
└─ org.springframework.spring-webflux == 5.3.12
Dependency Information After the Upgrade
Branch: dependency-upgrade
SHA: aaff88afa15981fea0a0d875b4815115f16e1696
Maven: 0.24.0-SNAPSHOT
Maven Dependencies | Root | testing/ |
---|---|---|
core-lib-azure | 0.23.2 | 0.23.2 |
core-lib-gc | 0.23.1 | |
os-core-lib-aws | 0.23.0 | 0.23.0 |
obm | 0.23.0 | |
oqm | 0.23.0 | |
os-core-common | 0.23.3 | 0.23.3 |
os-core-lib-ibm | 0.23.0 | 0.23.0 |
osm | 0.23.0 |
Merge request reports
Activity
Filter activity
- Approvals
- Assignees & reviewers
- Comments (from bots)
- Comments (from users)
- Commits & branches
- Edits
- Labels
- Lock status
- Mentions
- Merge request status
- Tracking
Please register or sign in to reply
Loading