fix(deps): update dependency org.xerial:sqlite-jdbc to v3.41.2.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.xerial:sqlite-jdbc	3.39.3.0 -> 3.41.2.2

GitHub Vulnerability Alerts

CVE-2023-32697

Summary

Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL.

Impacted versions :

3.6.14.1-3.41.2.1

References

https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2

---

Release Notes

xerial/sqlite-jdbc (org.xerial:sqlite-jdbc)

v3.41.2.2

Compare Source

Changelog

🚀 Features

jdbc

• add support for LocalDate, LocalTime, LocalDateTime in ResultSet#getObject (1d2ff63)
• implement PreparedStatement getParameterType and getParameterTypeName (bdb3d8a)

native-image

• resource optimization and configuration to export native lib (6f42683)

🐛 Fixes

• use random UUID for external resources (edb4b8a)

🛠 Build

deps

• bump native-maven-plugin from 0.9.21 to 0.9.22 (48e8ebe)
• bump graal-sdk from 22.3.0 to 22.3.2 (128d9b2)
• bump surefire.version from 3.0.0 to 3.1.0 (658e907)
• bump maven-gpg-plugin from 3.0.1 to 3.1.0 (f149f9f)
• bump jreleaser-maven-plugin from 1.5.1 to 1.6.0 (d028636)
• bump native-maven-plugin from 0.9.20 to 0.9.21 (08b5e35)
• bump maven-enforcer-plugin from 3.2.1 to 3.3.0 (3b3af82)
• bump maven-compiler-plugin from 3.10.1 to 3.11.0 (52b7701)
• bump versions-maven-plugin from 2.13.0 to 2.15.0 (a0e0191)
• bump maven-help-plugin from 3.3.0 to 3.4.0 (739a27c)

deps-dev

• bump junit-jupiter from 5.9.2 to 5.9.3 (e64e348)
• bump mockito-core from 5.3.0 to 5.3.1 (6e94e6b)
• bump logback-classic from 1.4.6 to 1.4.7 (5a4f485)
• bump mockito-core from 5.2.0 to 5.3.0 (d0adb0f)
• bump junit-pioneer from 2.0.0 to 2.0.1 (2b00983)
• bump junit-jupiter from 5.9.1 to 5.9.2 (c917e81)
• bump logback-classic from 1.4.5 to 1.4.6 (eab4939)

unscoped

• replace jdk 19 with 20 (0c5a645)
• replace asciidoc variables during release (0053e60)
• run spotless:check during maven verify phase (043efd7)

📝 Documentation

• use markdown for SECURITY.md because Github doesn't support Asciidoc (00e9c3f)
• convert markdown to asciidoc (fb0f263)

Contributors

We'd like to thank the following people for their contributions:
Andrew Pikler, Andy Cheung, Gauthier, Gauthier Roebroeck, Javier Goday, Kristof, Taro L. Saito

v3.41.2.1

Changelog

🚀 Features

sqlite

• bump sqlite to 3.41.2 (8cdaf59)

🛠 Build

jreleaser

• categorize scopes in changelog (e3e5ae7)

Contributors

We'd like to thank the following people for their contributions:
Gauthier Roebroeck

v3.41.0.1

Compare Source

Changelog

🚀 Features

• jdbc: remove length/dimension in DatabaseMetaData#getColumns TYPE_NAME (b09e093)
• sqlite: add support for legacy_alter_table flag (26df15f), closes #​481
• add SQLiteDataSource #setBusyTimeout (12f2113)

🐛 Fixes

• jdbc: return DatabaseMetaData#getColumns DATA_TYPE as int instead of String (b7c40c3), closes #​859
• database from jar resource no longer keeps the jar file-descriptor open (38c25af)
• keep SQLiteConfig cached busyTimeout more consistent with busy_timeout pragma (8be7243)

🛠 Build

• deps-dev: bump mockito-core from 4.8.1 to 5.2.0 (1874299)
• deps: bump native-maven-plugin from 0.9.19 to 0.9.20 (a99ac0c)
• deps-dev: bump assertj-core from 3.23.1 to 3.24.2 (12d1f2c)
• deps: bump jreleaser-maven-plugin from 1.4.0 to 1.5.1 (5fba437)
• deps: bump surefire.version from 3.0.0-M7 to 3.0.0 (15db506)
• deps-dev: bump junit-pioneer from 1.7.1 to 2.0.0 (db56d15)
• deps: bump maven-javadoc-plugin from 3.4.1 to 3.5.0 (7085bf4)
• deps-dev: bump archunit-junit5 from 1.0.0 to 1.0.1 (bfe7c1b)
• deps-dev: bump logback-classic from 1.3.4 to 1.4.5 (276f682)
• deps: bump maven-enforcer-plugin from 3.1.0 to 3.2.1 (f67c97a)
• dependabot: enable updates for all deps (8a2a5b1)
• jreleaser: add missing perf labeler (c2bfaa4)

Contributors

We'd like to thank the following people for their contributions:
Gauthier, Gauthier Roebroeck, Kristof, Sualeh Fatehi, Talha Javed, mruddy

v3.41.0.0

Compare Source

Changelog

🚀 Features

• bump sqlite to 3.41.0 (a1c3625)

🐛 Fixes

• jdbc: DatabaseMetaData#getColumns now returns SCOPE_CATALOG column instead of SCOPE_CATLOG (4429515), closes #​837

🛠 Build

• use junit-jupiter in POM to pull all dependencies transitively (7863376), closes #​838

Contributors

We'd like to thank the following people for their contributions:
Gauthier Roebroeck

v3.40.1.0

Compare Source

Changelog

🚀 Features

• update SQLite to 3.40.1 (4ba7c8c)
• allow correct recognition of android os if running termux (89ceb0d)

🐛 Fixes

• jdbc: DatabaseMetaData#getPrimaryKeys and getExportedKeys should return an empty ResultSet for sqlite_schema (0dc6ad9), closes #​831
• jdbc: DatabaseMetaData#getColumns should also retrieve columns from SYSTEM TABLE types (473f528)
• DatabaseMetaData#getTypeInfo's result should be ordered by DATA_TYPE (05bb929), closes #​832
• native: fixes and improvements for backup/restore (b13c908)
• jdbc: DatabaseMetaData#getImportedKeys reports empty FK_NAME when created using quotes (ba69b2e), closes #​506

🔄️ Changes

• replace mention of sqlite_master with sqlite_schema (e68bc05)

🛠 Build

• release depends on test_graalvm (9f521a4)
• refine GraalVM native-image configuration and fix native test execution (e437b3f)
• hide bot names from release contributors (5d1a280)
• replace java 18 with java 19 (4c80ee7)
• try to fix build native for PRs (f7bd3cd)
• try to fix build native for PRs (b23de9e)
• try to fix build native for PRs (5aa6a30)
• add 2023 url for amalgamation download (e3b6f8c)
• deps: bump JReleaser to 1.4.0 (0db312f)
• add test for unixepoch (3904e83)

📝 Documentation

• use https for links to www.sqlite.org (7ac8de8)
• update README badge for CI (832d26f)
• changelog shows breaking change description (5ad78ba), closes #​814

Contributors

We'd like to thank the following people for their contributions:
Andrew Pikler, Gauthier, Gauthier Roebroeck, Kristof, Sebastiano Galeazzo, pyckle, 谭九鼎

v3.40.0.0

Compare Source

Changelog

🚀 Features

• 🚨 enable new math functions: previously log() computed the natural logarithm, now it computes a base-10 logarithm (0f41f46)
• upgrade SQLite to 3.40.0 (5e73a5c)

🛠 Build

• disable DriverManager.setLogWriter (dd878d9)

📝 Documentation

• fix CI badge link (e11aecf)

Contributors

We'd like to thank the following people for their contributions:
Gauthier, Gauthier Roebroeck, github-actions

v3.39.4.1

Compare Source

Changelog

🐛 Fixes

• jdbc: don't check if ResultSet is open in markCol (6d6f756)
• jdbc: throw SQLException instead of IllegalStateException (4bfb174)
• jdbc: properly handle updateCount for PreparedStatement (6a910b9)
• jdbc: don't close ResultSet when last row is passed (a21229d)
• jdbc: properly reset Statement between reuse (f497c43)

🛠 Build

• fix boolean conditions, once more (f11b824)
• fix boolean conditions (857ed4c)
• print event inputs (83dbe02)
• add failing tests for PreparedStatement getMetaData before execution (6c95a88)
• add failing tests for PreparedStatement getMoreResults and getUpdateCount (98f00d3)
• polish (87c4601)
• replace deprecated set-output usage (7ee209c)
• add a release flag on CI workflow dispatch (f9e5e7f)
• add failing tests when getting ResultSet metadata past last row (64771ef)
• add failing tests when reusing statements (267e80b)
• deps: bump andymckay/cancel-action from 0.2 to 0.3 (67b5899)
• fix attach-javadoc failing with release profile (9d3e2ca)
• change jreleaser's changelog format (4896a15)
• multi-release JAR with module-info.java (5bf7566)

📝 Documentation

• update release process (d91948e)

Contributors

We'd like to thank the following people for their contributions:
Gauthier, Gauthier Roebroeck, GitHub, Petr Hadraba, dependabot[bot], github-actions

v3.39.4.0

Compare Source

Changelog

🚀 Features

• 8bcba01 jdbc: implement ResultSet#getObject with requested type
• 9e9d144 allow override of detected architecture
• 7f03781 update SQLite to 3.39.4
• fcb321e jdbc: DatabaseMetaData.getTypeInfo() returns more accurate values
• be935e1 jdbc: add support for DatabaseMetaData#getSearchStringEscape

🐛 Fixes

• f178b4e jdbc: ResultSet#isNullable() now checks for nullability instead of primary key
• fe8f8d0 jdbc: simplify ResultSet#getBigDecimal
• e8ba9dc jdbc: ResultSet#getBigDecimal could return 0 instead of null in some conditions
• 58858f7 jdbc: Statement#getUpdateCount could return incorrect result when used concurrently
• 8361efa jdbc: incorrect SQL could be generated in DatabaseMetaData#getImportedKeys
• c8e86ae jdbc: DatabaseMetaData.getTables() shows all types if no type is provided
• da570ba jdbc: DatabaseMetaData.getTables() returns sqlite_schema as SYSTEM TABLE
• 8c78a66 jdbc: add missing description for DriverPropertyInfo

🔄️ Changes

• 22720f1 use SQLFeatureNotSupportedException when possible

🛠 Build

• 3a115b0 bump nexus-staging-maven-plugin from 1.6.8 to 1.6.13
• accc542 bump jreleaser-maven-plugin from 1.1.0 to 1.3.1
• cd9a36a bump maven-gpg-plugin from 1.6 to 3.0.1
• 574da41 bump maven-javadoc-plugin from 3.2.0 to 3.4.1
• 47bf67d bump maven-bundle-plugin from 2.4.0 to 5.1.8
• 507c718 bump maven-jar-plugin from 3.2.0 to 3.3.0
• 5a3c89e bump maven-compiler-plugin from 3.1 to 3.10.1
• f13f53d bump maven-help-plugin from 3.2.0 to 3.3.0
• efcde7c bump spotless-maven-plugin from 2.12.3 to 2.27.2
• fd60f9b bump mockito-core from 4.8.0 to 4.8.1
• eaae213 add maven-enforcer-plugin
• 4238573 add versions-maven-plugin
• ee7a5a9 disable test_graalvm
• 5565528 exclude architecture tests from native
• af1ae47 add test architecture tests
• 9a19b8a add architecture tests
• bad80f2 deps: bump JUnit Pioneer from 1.4.2 to 1.7.1
• ec066ac deps: bump JUnit from 5.7.2 to 5.9.1
• c61c028 jdbc: add numeric types tests for ResultSet
• 8c5cd18 typo in workflow descriptions [skip ci]

📝 Documentation

• 7912b6b document usage for Android applications

Contributors

We'd like to thank the following people for their contributions:
Gauthier Roebroeck, GitHub, Petr Hadraba, Valentin Koeltgen, github-actions

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.