build: update OSCAL submodule to v1.2.1

[david-waltermire]

Summary

• Update OSCAL submodule from v1.2.0 to v1.2.1 (includes JSON schema corrections, assembly definition fixes, and constraint corrections)
• Move select-control-by-id and matching binding configurations from the profile metaschema section to the control-common metaschema section, matching OSCAL v1.2.1's consolidation of these definitions into oscal_control-common_metaschema.xml
• Update the FedRAMP profile validation test URL to the new OSCAL-Foundation/fedramp-automation repository (rev5 MODERATE baseline), since GSA/fedramp-automation is no longer publicly accessible

Test plan

• mvn install -PCI -Prelease passes
• All 49 unit tests pass (1 pre-existing @Disabled remains disabled)
• OscalValidationTest.testValidateOscalProfileXml now passes against the new FedRAMP repository URL

Summary by CodeRabbit

• Chores
  • Updated OSCAL subproject dependency to latest version
  • Reorganized internal configuration bindings for improved structure

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f3471eb4-8f86-4440-bba8-11a2699ca7d5

📥 Commits

Reviewing files that changed from the base of the PR and between a3e269e and da4da33.

📒 Files selected for processing (2)

• oscal
• src/main/metaschema-bindings/oscal-metaschema-bindings.xml

✅ Files skipped from review due to trivial changes (1)

• src/main/metaschema-bindings/oscal-metaschema-bindings.xml

🚧 Files skipped from review as they are similar to previous changes (1)

• oscal

---

📝 Walkthrough

Walkthrough

The pull request updates the oscal submodule to a newer commit and reorganizes two metaschema binding declarations (select-control-by-id and matching) from the profile metaschema to the control-common metaschema within the binding configuration file. Java class mappings remain unchanged.

Changes

Cohort / File(s)	Summary
Submodule Update .gitmodules	Updated oscal submodule reference from commit 8064bf7f to 26df0501c, pulling new content for the oscal subproject.
Metaschema Bindings Reorganization src/main/metaschema-bindings/oscal-metaschema-bindings.xml	Relocated select-control-by-id and matching assembly-binding declarations from oscal_profile_metaschema.xml to oscal_control-common_metaschema.xml reference; Java class mappings (ProfileSelectControlById and ProfileMatching) preserved.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• fix: update for OSCAL 1.2.0 model compatibility #223: Modifies the metaschema binding for the matching assembly and select-control-by-id binding with the same profile-specific mapping strategy.

Suggested reviewers

• aj-stein

Poem

🐰 Bindings hop between schemas with care,
From profile to control-common they dare,
Classes stay steady, no logic to mend,
Just reorganized to where they should blend!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: updating the OSCAL submodule to v1.2.1, which aligns with the PR's primary objective of submodule version upgrade.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/test/java/dev/metaschema/oscal/lib/validation/OscalValidationTest.java`:
- Line 83: The test in OscalValidationTest currently fetches the remote fixture
using a branch ref ("refs/heads/master"); update the URL to use an immutable
reference (a commit SHA or a release tag) so CI is deterministic. Locate the URL
string in OscalValidationTest (the remote fixture declaration for the
FedRAMP_rev5_MODERATE-baseline_profile.xml) and replace the "refs/heads/master"
portion with a specific commit SHA or release tag for that repository; verify
the new URL is accessible and update any test constants or comments to note the
pinned revision.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6cca70b2-5aaa-43fb-a90e-70a69ad78e3c

📥 Commits

Reviewing files that changed from the base of the PR and between 8bd5af0 and 14f7386.

📒 Files selected for processing (3)

• oscal
• src/main/metaschema-bindings/oscal-metaschema-bindings.xml
• src/test/java/dev/metaschema/oscal/lib/validation/OscalValidationTest.java