Bump liquibase-core from 4.15.0 to 4.16.1

[dependabot[bot]]

Bumps liquibase-core from 4.15.0 to 4.16.1.

Release notes

Sourced from liquibase-core's releases.

v4.16.1

New and Notable Capability

• Liquibase 4.16.0 incorrectly included the msal4j.jar and it's dependencies in internal/lib. This release does removes them. If you need the Azure authentication support provided by that library, you can continue to add it to the lib directory.

Enhancements

• None

Fixes

• None

Updates

Security Updates

• None

JDBC Driver and Third-Party Library Updates

• Upgraded mssql-jdbc from 11.2.0.jre8 to 11.2.1.jre8 by @​dependabot in liquibase/liquibase#3262

OWASP Dependency Check: Reported Vulnerabilities

• snakeyaml.jar - This is a "medium" vulnerability reported against the snakeyaml library. We are currently on the newest version of snakeyaml and there is no fix for the issue as of yet.

New Contributors

• None this time

Full Changelog: https://github.com/liquibase/liquibase/compare/v4.16.0...v4.16.1

Get Certified

Learn all the Liquibase fundamentals from free online courses by Liquibase experts and see how to apply them in the real world at https://learn.liquibase.com/.

Read the Documentation

Please check out and contribute to the continually improving docs, now at https://docs.liquibase.com/.

Meet the Community

Our community has built a lot. From extensions to integrations, you’ve helped make Liquibase the amazing open source project that it is today. Keep contributing to making it stronger:

Contribute code Make doc updates Help by asking and answering questions Set up a chat with the Product team

Thanks to everyone who helps make the Liquibase community strong!

File Descriptions

• Liquibase CLI -- Includes open source + commercial functionality
• liquibase-x.y.z.tar.gz -- Archive in tar.gz format
• liquibase-x.y.z.zip -- Archive in zip format
• liquibase-windows-x64-installer-x.y.z.exe -- Installer for Windows
• liquibase-macos-installer-x.y.z.dmg -- Installer for MacOS
• Primary Libraries - For embedding in other software

... (truncated)

Changelog

Sourced from liquibase-core's changelog.

Liquibase Core Changelog

Changes in version 4.16.1 (2022.09.14)

New and Notable Capability

• Liquibase 4.16.0 incorrectly included the msal4j.jar and it's dependencies in internal/lib. This release does not include that SqlServer related library
• Upgraded snakeyaml to 1.32

Enhancements

• None

Fixes

• None

Changes in version 4.16.0 (2022.09.08)

New and Notable Capability

• [LABS] The liquibase flow command and flow files are still available under the Liquibase Labs license. If you want to try and provide feedback on this capability, please email mario@liquibase.com
• [PRO] The Quality Checks for Databases are now available to all Pro license users. These checks inspect your active database, or a liquibase-generated snapshot for compliance with your rules. Learn more at https://docs.liquibase.com/quality-checks

Enhancements

• Introduced "contextFilter" and "labelFilter" replacement settings by @​nvoxland in #2971
• Added support for changeset references in rollback for Formatted SQL changelogs by @​atzawada in #1386
• Add schemas and includeSchema parameters to maven generateChangeLog by @​MalloD12 in #3210
• [PRO] Two new Pro commands update-one-changeset and update-one-changeset-sql serving as complements to rollback-one-changeset and roll-back-one-changeset-sql

Fixes

• Fix addColumn on mysql when including a "value" attribute by @​nvoxland in #3070
• Add support for AS clause for H2 since version 2.0 by @​marcus-nl in #3047
• Fixed NUMBER not compatible with H2 by @​nick318 in #3098
• SpringResourceAccessor: fix issue with incorrect match pattern for files from classPath root by @​danilmalkin in #3095
• Made liquibase.snapshot.ResultSetCache an extensible class. by @​breglerj in #2087
• Added support for \u2116 symbol win1251 cyrillic symbol of number by @​Stuchalin in #1324
• Tidy ExecutorService code, remove superfluous map access (Issue 1841) by @​jamey-clari in #1842
• Fixed order of enum values on MySQL 8 by @​Tantalon in #3150
• Removed invalid warning in Maven by @​nvoxland in #3189
• [PRO] QC: checks show changes (--show-cols flag, drop some, etc) by @​dyadyushko in #3187

Changes in version 4.15.0 (2022.08.04)

Notable Changes

• liquibase flow and new flow-file (DAT-10419) by in #2946 This is currently a Liquibase Labs restricted capability, so please contact mario@liquibase.com to request a license key. Learn more at http://docs.liquibase.com/flow

Fixes

• Fix maven plugin pro commands for local developer install by @​StevenMassaro in #3101
• Update Derby reserved words by @​andrewhj in #1971
• Output "may lose settings" warning on mysql/mariadb for more impacted change types by @​nvoxland in #3045
• Improved "include" fix performance: optimized normalizePath method by @​lzxgyh in #3063

... (truncated)

Commits

• 7a5ac7c Updated snakeyaml to 1.32
• bee0bcc Merge remote-tracking branch 'origin/master'
• 7f86550 Updated changelog.txt for 4.16.1
• b82e691 Merge pull request #3270 from liquibase/dependabot/maven/org.yaml-snakeyaml-1.32
• 5461b11 Bump snakeyaml from 1.31 to 1.32
• c3b320c Added 4.16.1 release notes
• efcc526 Merge pull request #3262 from liquibase/dependabot/maven/com.microsoft.sqlser...
• f624d0a Merge branch 'master' into dependabot/maven/com.microsoft.sqlserver-mssql-jdb...
• 2dcca45 Merge pull request #3263 from julianladisch/snakeyaml-1.31
• a3ecd35 Bump snakeyaml from 1.27 to 1.31 fixing CVE-2022-25857
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)