Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump liquibase.version from 4.31.0 to 4.31.1 #240

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump liquibase.version from 4.31.0 to 4.31.1 #240

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 18, 2025

Bumps liquibase.version from 4.31.0 to 4.31.1.
Updates org.liquibase:liquibase-core from 4.31.0 to 4.31.1

Release notes

Sourced from org.liquibase:liquibase-core's releases.

v4.31.1

Liquibase 4.31.1 is a patch release

[!IMPORTANT] Liquibase 4.31.1 patches vulnerability found in Snowlake driver (CVE-2025-24789) and resolves issue with logicalfilepath reported in 4.31.0 (see 4.31.0 Release Notes)

[!NOTE] See the Liquibase 4.31.1 Release Notes for the complete set of release information.

Notable Changes

[OSS]

logicalfilepath bug: in 4.31.0, the parent logicalfilepath value will be used in DBCL/DBCLH as the changelogfilepath value, as a result the changesets from the included changelogs that were deployed with the changelog level logicalFilePath in version 4.31.0 will be considered new and will be redeployed in the latest versions. 4.31.1 fixes this behavior and deployed changesets will not be redeployed.

[PRO] Changelog

🐛 Bug Fixes 🛠

  • DAT-19579: The changesets from the included changelogs that were deployed with the changelog level logicalFilePath in version 4.31.0 will be considered new and will be redeployed in the latest versions liquibase/liquibase#6716 @​filipelautert

[OSS] Changelog

🐛 Bug Fixes 🛠

🤖 [OSS] Security, Driver and Other Updates

Snowflake vulnerability update CVE-2025-24789

  • Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. Liquibase now includes a version with the fixed issue 3.22.0.

Full Changelog: liquibase/liquibase@v4.31.0...v4.31.1

Get Certified

Learn all the Liquibase fundamentals from free online courses by Liquibase experts and see how to apply them in the real world at https://learn.liquibase.com/.

Read the Documentation

Please check out and contribute to the continually improving docs, now at https://docs.liquibase.com/.

Join the Community

Our community has built a lot. From extensions to integrations, you’ve helped make Liquibase the amazing open source project that it is today. Keep contributing to making it stronger:

Contribute code Make doc updates Help by asking and answering questions Join our Discord server Sign up to provide feedback to the product team

Thanks to everyone who helps make Liquibase better!

... (truncated)

Changelog

Sourced from org.liquibase:liquibase-core's changelog.

Liquibase 4.31.1 is a patch release

[!IMPORTANT] Liquibase 4.31.1 patches vulnerability found in Snowlake driver (CVE-2025-24789) and resolves issue with include and logicalfilepath reported in 4.31.0 (see 4.31.0 Release Notes)

[!NOTE] See the Liquibase 4.31.1 Release Notes for the complete set of release information.

Notable Changes

[OSS]

Commits
  • 12ab20b feat: add smpkcs11.so utility for enhanced security integration
  • 1376fd2 fix: update release workflow to use the-actions-org/workflow-dispatch@v4 action
  • 13965ca Renew Code Signing Certificate for Liquibase Windows Installer
  • 284bc25 chore: changelog.txt for 4.31.1
  • f5b7491 fix: release build
  • 231abbf checkout release branch
  • 9fa6e78 Update build-extension-jars.yml
  • c852d39 update dependency of matching-branch-logic-pro
  • 7685f7e 🔧 Refactor matching branch logic in workflow for PRO repo (#6722)
  • a0b161e 🔧 Fix syntax for branch comparison in workflow script (#6721)
  • Additional commits viewable in compare view

Updates org.liquibase:liquibase-commercial from 4.31.0 to 4.31.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump liquibase.version from 4.31.0 to 4.31.1
ee43833 
Bumps `liquibase.version` from 4.31.0 to 4.31.1.

Updates `org.liquibase:liquibase-core` from 4.31.0 to 4.31.1
- [Release notes](https://github.com/liquibase/liquibase/releases)
- [Changelog](https://github.com/liquibase/liquibase/blob/v4.31.1/changelog.txt)
- [Commits](liquibase/liquibase@v4.31.0...v4.31.1)

Updates `org.liquibase:liquibase-commercial` from 4.31.0 to 4.31.1

---
updated-dependencies:
- dependency-name: org.liquibase:liquibase-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.liquibase:liquibase-commercial
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 18, 2025
@github-actions GitHub Actions
Copy link
Contributor

Label error: This PR is being prevented from merging because you have not added one of the labels: breakingChanges, newContributors, notableChanges, sdou, skipReleaseNotes, TypeBug, TypeEnhancement, TypeTest. You'll need to add it before this PR can be merged.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants