LibrePlan / libreplan

LibrePlan - Open Web Planning
https://www.libreplan.dev
GNU Affero General Public License v3.0
291 stars 172 forks source link

Bump hibernate-core from 5.1.1.Final to 5.4.24.Final #1945

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Bumps hibernate-core from 5.1.1.Final to 5.4.24.Final.

Release notes

Sourced from hibernate-core's releases.

Hibernate ORM 5.2.0

5.2.0 includes many improvements and bug-fixes. For a complete list of changes, see https://hibernate.atlassian.net/projects/HHH/versions/23150/tab/release-report-done.

Many of the changes in 5.2.0 have important ramifications in terms of both usage and extension. Be sure to read the 5.2 Migration Guide for details.

Below is a discussion of the major changes.

Java 8 baseline

5.2 moves to Java 8 as its baseline. This means:

  • The hibernate-java8 module has been removed, and that functionality has been moved into hibernate-core.
  • Native support for Java 8 date/time types as Query parameters.
  • Support for streaming (java.util.stream.Stream) query results.
  • Support for java.util.Optional as return from methods that may return null.
  • Leveraging Java 8 "default methods" when introducing new methods to extension points.

Consolidating JPA support into hibernate-core.

That effectively means that the hibernate-entitymanager module no longer exists. Its functionality being consumed into hibernate-core.

JCache support

Support for using any JCache-compliant cache impl as a second-level caching provider.

Session-level batch size support

Support has been added for specifying a batch size for write operations per Session.

Changelog

Sourced from hibernate-core's changelog.

Changes in 5.4.24.Final (November 17, 2020)

https://hibernate.atlassian.net/projects/HHH/versions/31892

** Bug * [HHH-14333] - Pessimistic Lock causes FOR UPDATE on outer join statements * [HHH-14329] - DirtinessTracker usage for enhanced entities doesn't respect mutable types * [HHH-14322] - HBM many-to-one property-ref broken since 5.3.2 due to HHH-12684 * [HHH-14317] - Avoid closing datasource in AgroalConnectionProvider if datasource is not initialized * [HHH-14316] - Avoid accessing state in DriverManagerConnectionProviderImpl if null * [HHH-14312] - Padded batch style entity loader ignores entity graph * [HHH-14310] - Document hibernate.query.in_clause_parameter_padding * [HHH-14288] - Complex batch insert query stopped to work * [HHH-14279] - Broken 'with key(...)' operator on entity-key maps * [HHH-14276] - Nested ID class using derived identifiers fails with strange AnnotationException: unable to find column reference in the @​MapsId mapping: game_id * [HHH-14257] - An Entity A with a map collection having as index an Embeddable with a an association to the Entity A fails with a NPE * [HHH-13310] - getParameterValue() not working for collections

** Improvement * [HHH-14332] - Make it easier for Quarkus SPI to avoid loading XML * [HHH-14325] - Add Query hint for specifying "query spaces" for native queries * [HHH-14158] - Upgrade Javassist to the latest version

** Task * [HHH-14324] - Add .gradletasknamecache to .gitignore * [HHH-14309] - Improve BulkOperationCleanupAction#affectedEntity * [HHH-14225] - CVE-2020-25638 Potential for SQL injection on use_sql_comments logging enabled

Changes in 5.4.23.Final (November 01, 2020)

https://hibernate.atlassian.net/projects/HHH/versions/31887

** Bug * [HHH-14279] - Broken 'with key(...)' operator on entity-key maps * [HHH-14275] - Broken link to Infinispan User Guide in Hibernate 5.3 User Guide * [HHH-14260] - Dead links in user guide * [HHH-14259] - HHH-13980 is not merged into 5.4 * [HHH-14249] - MultiLineImport fails when script contains blank spaces or tabs at the end of the last sql statement * [HHH-14247] - Automatic release scripts, wrong Jira release url * [HHH-14227] - Insert statements are not ordered with entities that use inheritance and reference a subclass

** Improvement * [HHH-14305] - Analyse retained heap after bootstrap to trim memory consumption * [HHH-14304] - Replacing eager initialization of LockingStrategy within AbstractEntityPersister * [HHH-14303] - Upgrade to JBoss Loging 3.4.1.Final * [HHH-14302] - Upgrade to Agroal 1.9 * [HHH-14301] - Upgrade to Byte Buddy 1.10.17

... (truncated)

Commits
  • 0b5d3a2 5.4.24.Final
  • 33123d2 HHH-14333 Pessimistic Lock causes FOR UPDATE on outer join statements
  • 84e37c1 HHH-14332 Make it easier for Quarkus SPI to avoid loading XML related resources
  • da8706e HHH-14329 Amend existing DirtyTrackingTest
  • 2669848 HHH-14329 consider mutable types always as potentially dirty when using Dirti...
  • 5ea0d92 HHH-14329 test case showing that DirtinessTracker usage for enhanced entities...
  • c444d5f HHH-14325 - Add Query hint for specifying "query spaces" for native queries
  • 49ae7bd HHH-14325 - Add Query hint for specifying "query spaces" for native queries
  • fe2230f HHH-14276 Amend style and formatting
  • a8fdb4d HHH-14276 Avoid quoting column name for looking up references during composit...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LibrePlan/libreplan/network/alerts).