Bump liquibase-core from 3.3.0 to 4.8.0 in /spring-boot-dependencies

[dependabot]

Bumps liquibase-core from 3.3.0 to 4.8.0.

Release notes

Sourced from liquibase-core's releases.

v4.8.0

Liquibase 4.8.0 release

Please report any issues to https://github.com/liquibase/liquibase/issues.

Notable Changes

Liquibase 4.8.0 introduces the following functionality:

• The init hub subcommand that connects your local Liquibase activity to Liquibase Hub and sets up the Liquibase environment to use Liquibase Hub. [DAT-8769]

Note: For more information, see init hub and Getting Started with Liquibase Hub.

• [PRO] The sqlcmd utility support to process complex SQL for MSSQL Server. Liquibase provides the liquibase.sqlcmd.conf file to pass arguments to your executor when running Liquibase Pro. [DAT-7447]

Note: For more information, see Using the SQLCMD integration and runWith attribute with Liquibase Pro and MSSQL Server.

• Changes to the behavior of the XML parser, which no longer allows referencing external DTD files for security reasons. If you use externally defined entities or any other potentially insecure XML feature in your changelogs, set liquibase.secureParsing=false. [PR#2384] [LB-2218]

Note: For more information about the ways to set the parameter, see Command Parameters.

• The upgrade of the postgresql (from 42.2.12 to 42.3.2) and h2 (from 2.0.206 to 2.1.210) drivers that Liquibase includes in the installation package. If you use those drivers and upgrade an existing Liquibase installation, remove the earlier versions of drivers from the LIQUIBASE_HOME/lib directory.

Enhancements

• Implemented the SimpleObjectConstructor interface for DB2 on z/OS [DAT-8580]
• Included the CLI instructions on how to use the properties file with a nonstandard name when running the init project subcommand [DAT-9041]
• Improved the output message for init start-h2 when the H2 database driver is specified, but there is no connection detected [DAT-8992]
• Added validation errors for the enableCheckConstraint, disableCheckConstraint, dropPackage, dropPackageBody Change Types [DAT-9017]
• [PR#2367] [Mike Olivas] Added example rollback scripts to the example-changelog.sql file [LB-2220]
• [PR#1648] [Daniel Gray] Improved the exception error message for the customChange node with no class attribute [LB-1144]
• [PR#2222] [msimko81] Added the offline mode support for the rollback-sql <tag> operation [LB-2198]
• [PR#2273] [Tsvi Zandany] Added the autocomplete quality checks commands for macOS
• [PR#2308] [Valentin Blistin] Added the close method for the ClassLoaderResourceAccessor class [LB-2205]

Fixes

• Fixed the renameSequence Change Type generating an uppercase SQL instead of lowercase and causing failures with case-sensitive databases [LB-1763]
• Fixed the generate-changelog and diff commands to show and generate a proper SQL with autoincrement for PostgreSQL [DAT-8779]
• [PR#1320] [PR#2329] [Anatoly S] [Nathan Voxland] [Matteo Turra] Improved the UTF-8 character support in the <sql> tags [LB-562]
• [PR#2139] [wziebicki] Improved the UniqueConstraintSnapshotGenerator class to add a table name to the Oracle database query so that the cache key can contain it, and the unique constraint can be read from cache [LB-2206]
• [PR#2335] [erzsebet] Removed duplicated DATABASECHANGELOGLOCK SQL statements when running the update-sql command against a new database [LB-2208]
• [PR#2505] [Nathan Voxland] [Dries Samyn] [erzsebet] Fixed the OSGI support with the MANIFEST.MF file in the liquibase-core-4.7.0.jar file. The PR fixes PR#2361.
• [PR#2366] [Steven Massaro] Made the sp_rename function to be lowercase when using MSSQL Server
• [PR#2429] [Nathan Voxland] [Mirko Dostmann] [Alex Litovsky] Fixed the Ant and Apache Derby support. The PR fixes PR#2388 and PR#2391. [LB-2222]
• [PR#2397] [Nathan Voxland] [maxencelaurent] Implemented the logging of exceptions in the CDI integration. The PR fixes PR#2354. [LB-2223]
• [PR#2398] [Nathan Voxland] [urvanov-ru] Fixed the handling of schema snapshots with an underscore. The PR fixes PR#1604. [LB-2219]
• [PR#2340] [Nathan Voxland] [nickshoe] Enabled adding the computed=true columns with no type set in the createTable Change Type. The PR fixes PR#2283. [LB-2215]
• [PR#2372] [Nathan Voxland] [Henrik Sachse] [rburgst] Fixed the autoincrement syntax for H2 2.0 and later versions. The PR fixes PR#2362. [LB-2216]
• [PR#2549] [Nathan Voxland] [jenhae] Added validation errors for Liquibase and MSSQL Server if the ordered clause is specified in the createSequence or alterSequence Change Type. The PR fixes PR#2528.
• [PR#2351] [Wesley Willard] [Joseph Cen] Fixed the handling of properties defined with different dbms filters. The PR fixes PR#2231. [LB-2217]

... (truncated)

Changelog

Sourced from liquibase-core's changelog.

Liquibase Core Changelog

Changes in version 4.9.1 (2022.03.25)

Liquibase 4.9.1 patch release

Please report any issues to https://github.com/liquibase/liquibase/issues.

Notable Changes

[PR#2666] [nvoxland] Liquibase 4.9.1 release is a patch release that fixes the MANIFEST.MF location in the liquibase.jar file for tools that require the MANIFEST.MF file to be the first entry in the jar archive. If the MANIFEST.MF file is not the first entry, java.util.jar.JarInputStream#getManifest() reading the MANIFEST.MF file will not return the manifest information appropriately. The PR fixes issue #2648.

[Issue#2672] Addresses the remaining OSGi-related packaging problems to fully restore Liquibase support in OSGi environments.

Fixes

[PR#2651] Fixed the issue with a malicious software alert for the Liquibase macOS Installer preventing from proceeding with the installation. [DAT-9524]

[PR#2643] Fixed an issue in snapshot on PostgreSQL where non-integer datatypes that used a default value with a sequence would not be handled correctly [DAT-8670]

[PR#2691] Fixed invalid JSON in the example-changelog.json file [DAT-9893]

Changes in version 4.9.0 (2022.03.17)

Notable Changes

Liquibase 4.9.0 introduces the following functionality:

• [PRO] Quality checks output in a JSON format
• Quality checks for Maven - checks run and checks show goals
• [PR#2558] [kavya-shastri] The extension of the usage of the Liquibase global configuration for the secureParsing parameter to prevent the entity resolver from falling back to looking on the network for missing XSDs. If you reference an XSD other than one of Liquibase, Liquibase will no longer automatically download the XSD from the internet and use it. The default value for secureParsing is true, but you can override it in any of the Liquibase configuration locations. For more information, see the Example Changelogs: XML Format documentation.
• [PR#2529] [Krzysztof Sierszeń] [LB-1781] The uniqueConstraintExists precondition to check for the existence of unique constraints before running the update. You can check the constraint by constraint name or columns:

... (truncated)

Commits

• 887e441 Fixing re-version check
• 74bfc03 Fixing re-version check
• efab2bd Fixing re-version check
• 0892c27 Merge pull request #2559 from liquibase/update-changelog-4.8.0
• bb76633 Updated changelog
• 4549314 updated changelog txt
• 3a76197 Merge pull request #2560 from liquibase/updated-xsd-4.8.0
• abb4d77 create liquibase changelog xsd 4.8.0
• 221f681 update changelog 4.8.0
• 0bb2eae DAT-8615: init hub command (#2326)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.