mbarre / schemacrawler-additional-lints

Some additionnal lints for Schemacrawler
Other
12 stars 7 forks source link

Bump liquibase-maven-plugin from 3.6.3 to 4.11.0 #364

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps liquibase-maven-plugin from 3.6.3 to 4.11.0.

Release notes

Sourced from liquibase-maven-plugin's releases.

v4.11.0

Liquibase 4.11 release

Please report any issues to https://github.com/liquibase/liquibase/issues.

Breaking Changes

Starting with 4.11, we moved the global libraries we ship with the CLI from the lib directory to a new internal directory structure. The lib directory is still included in the classpath as the place users can add whatever additional global drivers/libraries they need.

The liquibase --version output has been enhanced to also include the 3rd party libraries being used and their versions.

Impacts:

  • If you are upgrading Liquibase by overwriting an existing directory, you will have duplicate libraries between lib and internal/lib. You should manually delete any files in lib which you did not add yourself. Liquibase will continue to work even with the duplicate libraries, but you may not be running the latest version of ones we ship, since the lib files take priority over what is in internal/lib. New installs are not impacted by this.
  • If you have any automation that did anything with our shipped files in lib you will need to update it to reflect the new internal/lib location

For security reasons, we have also changed what is logged by the CLI to only log liquibase channel messages by default, rather than all log channels. If you are relying on logging from non-Liquibase libraries, you can add channels with the new --log-channels flag, including --log-channels=all to restore the old functionality.

Enhancements

Fixes

Updates

Security Updates

  • No security updates needed in this release

JDBC Driver and Third-Party Library Updates

... (truncated)

Changelog

Sourced from liquibase-maven-plugin's changelog.

Liquibase Core Changelog

Changes in version 4.11.0 (2022.05.19)

Enhancements

JDBC Driver and Third-Party Library Updates

Fixes

Full Changelog: https://github.com/liquibase/liquibase/compare/v4.10.0...v4.11.0

Changes in version 4.10.0 (2022.05.04)

Breaking Change

Upgraded mssql driver to 10.2.0 by @​nvoxland in liquibase/liquibase#2790

End User Impact: The driver changed the encryption default from "false" to "true" between 8.x and 10.x. If you have a self-signed certificate in your database, you must do one of the following: add encrypt=false; add trustServerCertificate=true; or add the server certificate to the java trusted certificate list. For production systems, Liquibase recommends against using self-signed certificates without adding the server certificate to the Java keystore. For more information on installing the trusted certificate, see https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/manage-certificates?view=sql-server-ver15

Security Updates

Upgraded postgresql from 42.3.2 to 42.3.4 to address CVE-2022-26520 by @​dependabot in liquibase/liquibase#2769

  • Vulnerability introduced in org.postgresql:postgresql@42.3.2
  • Fixed in org.postgresql:postgresql@42.3.3

JDBC Driver and Third-Party Library Updates

... (truncated)

Commits
  • 0a9d6d8 Merge pull request #2859 from liquibase/add-log-channels
  • edb548a Added ability to set --log-channels=all
  • 7845624 - Added liquibase.logChannels CLI argument
  • d67e4cd Created 4.11 XSD filese
  • 2284401 Merge pull request #2565 from joserebelo/foreign-key-constraint-exists
  • 08452bd Create internal lib dir (#2850)
  • 03e9f33 Spring Boot: better support relativeToChangelogfile when ResourceLoaders retu...
  • cbdc9fd Merge branch 'foreign-key-constraint-exists' of https://github.com/joserebelo...
  • bb4691f Fixed fk exists test to work with databases like hsql which don't allow dupli...
  • a71e855 Merge branch 'master' into joserebelo-foreign-key-constraint-exists
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

dependabot[bot] commented 2 years ago

Superseded by #369.