Bump liquibase-core from 4.16.1 to 4.17.2

[dependabot]

Bumps liquibase-core from 4.16.1 to 4.17.2.

Release notes

Sourced from liquibase-core's releases.

v4.17.2

Liquibase 4.17.2 Patch Release

This is a patch release that upgrades the HSQL driver to remove a security vulnerability. NOTE: The newest HSQL driver requires Java 11, so if you use HSQL and JAVA 8, you will need to upgrade your Java.

Security Updates

• No security updates are necessary

JDBC Driver and Third-Party Library Updates

• Upgrade hsqldb from 2.5.2 to 2.7.1 by @​dependabot in liquibase/liquibase#3400
• [opencsv-upgrade] Updates opencsv to 5.7.1 by @​abrackx in liquibase/liquibase#3419

Full Changelog: liquibase/liquibase@v4.17.1...v4.17.2

Get Certified

Learn all the Liquibase fundamentals from free online courses by Liquibase experts and see how to apply them in the real world at https://learn.liquibase.com/.

Read the Documentation

Please check out and contribute to the continually improving docs, now at https://docs.liquibase.com/.

Meet the Community

Our community has built a lot. From extensions to integrations, you’ve helped make Liquibase the amazing open source project that it is today. Keep contributing to making it stronger:

Contribute code Make doc updates Help by asking and answering questions Set up a chat with the Product team

Thanks to everyone who helps make the Liquibase community strong!

File Descriptions

• Liquibase CLI -- Includes open source + commercial functionality

• liquibase-x.y.z.tar.gz -- Archive in tar.gz format

• liquibase-x.y.z.zip -- Archive in zip format

• liquibase-windows-x64-installer-x.y.z.exe -- Installer for Windows

• liquibase-macos-installer-x.y.z.dmg -- Installer for MacOS

• Primary Libraries - For embedding in other software

  • liquibase-core-x.y.z.jar – Base Liquibase library (open source)
  • liquibase-commerical-x.y.z.jar – Additional commercial functionality

• liquibase-additional-x.y.z.zip – Contains additional, less commonly used files

  • Additional libraries such as liquibase-maven-plugin.jar and liquibase-cdi.jar
  • Javadocs for all the libraries
  • Source archives for all the open source libraries
  • ASC/MD5/SHA1 verification hashes for all files

  NOTE: liquibase-core-.jar contains only the open-source license. If you use Liquibase Pro or other commercial add-ons, you must also install liquibase-commercial-.jar

v4.17.1

... (truncated)

Changelog

Sourced from liquibase-core's changelog.

Liquibase Core Changelog

Changes in version 4.17.2 (2022.11.02)

This is a patch release that upgrades the HSQL driver to remove a security vulnerability. NOTE: The newest HSQL driver requires Java 11, so if you use HSQL and JAVA 8, you will need to upgrade your Java.

Fixes

No Fixes

Updates

Security Updates

JDBC Driver and Third-Party Library Updates

• Upgrade hsqldb from 2.5.2 to 2.7.1 by @​dependabot in liquibase/liquibase#3400
• [opencsv-upgrade] Updates opencsv to 5.7.1 by @​abrackx in liquibase/liquibase#3419

OWASP Dependency Check: Reported Vulnerabilities

Full Changelog: liquibase/liquibase@v4.17.1...v4.17.2

Changes in version 4.17.1 (2022.10.21)

Fixes

• fix: Use default localhost finder for MacOs - fix #2098 by @​grzi in liquibase/liquibase#2134
• Allow renameColumn on newer SQLite versions by @​MalloD12 in liquibase/liquibase#3264
• Implement logic to validate dbms set at changeset and stored procedure levels by @​MalloD12 in liquibase/liquibase#3291
• Fixed URIResource.resolveSibling by @​nvoxland in liquibase/liquibase#3354
• Use liquibase StringUtil not lang3.StringUtils by @​nvoxland in liquibase/liquibase#3338
• Handle absolute path in getAll method by @​wwillard7800 in liquibase/liquibase#3369

Dependency Updates

• Bump ojdbc8 from 21.6.0.0.1 to 21.7.0.0 by @​dependabot in liquibase/liquibase#3223
• Bump maven-shade-plugin from 3.3.0 to 3.4.0 by @​dependabot in liquibase/liquibase#3276
• Bump slf4j-jdk14 from 2.0.2 to 2.0.3 by @​dependabot in liquibase/liquibase#3321
• Upgrade snakeyaml maven reference from 1.32 to 1.33 by @​nvoxland in liquibase/liquibase#3359
• Upgrade commons text transitive dependency by @​abrackx in liquibase/liquibase#3384

Changes in version 4.17.0 (2022.10.05)

Notable Changes

• [PRO] The liquibase flow command and flow files are available with a Pro license. It allows you to create portable, platform-independent workflows that can run across different tools without modifying each workflow.

  • Learn more about flow here: liquibase flow file and command
  • If you want to provide feedback on this capability, please email [email protected].

• [PRO] Pro license users can now integrate Amazon S3 with Liquibase. You can extend Liquibase to use remote file locations to enable secure, centralized file management.

... (truncated)

Commits

• 347c33d Update changelog with 4.17.2 changes (#3433)
• 1fb44ca Upgrade hsqldb from 2.5.2 to 2.7.1 (#3400)
• 9949ca0 Revert Use PathHandler for writing log files (#3420)
• 96c10dd [opencsv-upgrade] Updates opencsv to 5.7.1 (#3419)
• d9451da Merge pull request #3411 from liquibase/kevin-atx-liquibase-product-name-update
• c7b969c Update README.md
• 4d1bb4d Use PathHandler for writing log files, which allows using S3 and other extens...
• 28804f3 Update README.md
• 745d022 Fix "No inverse to CreateProcedureChange" error when using rollbackOneChangeS...
• 3a22791 Update README.md
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[sonarcloud]

SonarCloud Quality Gate failed.   

1 Bug
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

66.7% Coverage
0.0% Duplication

[dependabot]

A newer version of org.liquibase:liquibase-core exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[splitfeed]

@flowertwig Is there a reason for this being left, or was it just forgotten?

[flowertwig]

@splitfeed The reason is this issue that I reported over a year ago: liquibase/liquibase#3205
Judging from the comments, there now appears to be a workaround, so I think we should try that out.