** Bug
* [HHH-14740] - HHH-14740 Still need the nullcheck removed in HHH-14727
* [HHH-14724] - Metamodel generates invalid model classes for converters and user types
** Improvement
* [HHH-14755] - Allow to instantiate a DefaultIdentifierGeneratorFactory which does not bind to the BeanManager
** Task
* [HHH-10661] - Method serialize() in StatefulPersistenceContext has duplicate code
** Bug
* [HHH-14730] - Failure during lazy loading of bytecode-enhancement proxy triggered by the loading of a collection with eager references to that proxy
* [HHH-14722] - InformationExtractorJdbcDatabaseMetaDataImpl#getCurrentSchema() method returns currentCatalog if schema == null
* [HHH-14720] - Aliases generated for mixed-case column names that end in a number are not all lower-case
* [HHH-14719] - Hibernate has a dependency on apache-derby:10.11.1.1 that is vulnerable to CVE-2015-1832 with a CVSS of 9.1 and CVE-2018-1313 with a CVSS of 5.3
* [HHH-14715] - Hibernate has a dependency to maven-core:3.0.5 that is vulnerable to CVE-2021-26291 with a CVSS of 9.1
* [HHH-14608] - Merge causes StackOverflow when JPA proxy compliance is enabled
** Improvement
* [HHH-14734] - No good reason tu use TypeCache(s) with WithInlineExpunction in ByteBuddy proxy generation
* [HHH-14733] - Not useful to clear the bycodeprovider caches on sessionFactoryClosing
* [HHH-14732] - ProxyDefinitionHelpers are immutable and can be declared static
* [HHH-14731] - Simplify SPI ProxyFactoryFactory#buildBasicProxyFactory to accept a single class or interface only
* [HHH-14728] - Include CamelCaseToUnderscoresNamingStrategy from Spring Boot
* [HHH-14727] - Minor code cleanup in StandardSQLExceptionConverter
* [HHH-14706] - Improve error message on incompatible types due to mismatched classloader
* [HHH-14688] - Get IdentifierGenerator from BeanContainer if not registered
** Task
* [HHH-14709] - Upgrade to Gradle 6.7.1 and move to Gradle's built-in way of testing Java modules
* [HHH-14707] - Upgrade to Byte Buddy 1.11.8
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Bumps hibernate-core from 5.4.31.Final to 5.5.5.Final.
Changelog
Sourced from hibernate-core's changelog.
... (truncated)
Commits
3de90a25.5.5.Finalb1975baHHH-11926 : Add FailureExpected test83975eaHHH-14755 Allow configuring the DefaultIdentifierGeneratorFactory to ignore B...d4ed421HHH-14755 Remove some dead code from DefaultIdentifierGeneratorFactory1a6924cHHH-14724 Fix generation of problematic metamodel classes which use TYPE_USE ...0fdf431HHH-14724 Add test for intersection typese868e61HHH-14724 Test-case demonstrating compilation issues with converters and vali...aa5d408HHH-10661 Reduce code duplication in serialize method of StatefulPersistenceC...ff9f6efHHH-11413 Fixing code style787f0a4HHH-11413: Native named query creation fails unintuitively when no resultClas...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)