Update dependency org.xerial:sqlite-jdbc to v3.41.2.2 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.xerial:sqlite-jdbc	3.34.0 -> 3.41.2.2

GitHub Vulnerability Alerts

CVE-2023-32697

Summary

Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL.

Impacted versions :

3.6.14.1-3.41.2.1

References

https://github.com/xerial/sqlite-jdbc/releases/tag/3.41.2.2

---

Release Notes

xerial/sqlite-jdbc (org.xerial:sqlite-jdbc)

v3.41.2.2

Compare Source

Changelog

🚀 Features

jdbc

• add support for LocalDate, LocalTime, LocalDateTime in ResultSet#getObject (1d2ff63)
• implement PreparedStatement getParameterType and getParameterTypeName (bdb3d8a)

native-image

• resource optimization and configuration to export native lib (6f42683)

🐛 Fixes

• use random UUID for external resources (edb4b8a)

🛠 Build

deps

• bump native-maven-plugin from 0.9.21 to 0.9.22 (48e8ebe)
• bump graal-sdk from 22.3.0 to 22.3.2 (128d9b2)
• bump surefire.version from 3.0.0 to 3.1.0 (658e907)
• bump maven-gpg-plugin from 3.0.1 to 3.1.0 (f149f9f)
• bump jreleaser-maven-plugin from 1.5.1 to 1.6.0 (d028636)
• bump native-maven-plugin from 0.9.20 to 0.9.21 (08b5e35)
• bump maven-enforcer-plugin from 3.2.1 to 3.3.0 (3b3af82)
• bump maven-compiler-plugin from 3.10.1 to 3.11.0 (52b7701)
• bump versions-maven-plugin from 2.13.0 to 2.15.0 (a0e0191)
• bump maven-help-plugin from 3.3.0 to 3.4.0 (739a27c)

deps-dev

• bump junit-jupiter from 5.9.2 to 5.9.3 (e64e348)
• bump mockito-core from 5.3.0 to 5.3.1 (6e94e6b)
• bump logback-classic from 1.4.6 to 1.4.7 (5a4f485)
• bump mockito-core from 5.2.0 to 5.3.0 (d0adb0f)
• bump junit-pioneer from 2.0.0 to 2.0.1 (2b00983)
• bump junit-jupiter from 5.9.1 to 5.9.2 (c917e81)
• bump logback-classic from 1.4.5 to 1.4.6 (eab4939)

unscoped

• replace jdk 19 with 20 (0c5a645)
• replace asciidoc variables during release (0053e60)
• run spotless:check during maven verify phase (043efd7)

📝 Documentation

• use markdown for SECURITY.md because Github doesn't support Asciidoc (00e9c3f)
• convert markdown to asciidoc (fb0f263)

Contributors

We'd like to thank the following people for their contributions:
Andrew Pikler, Andy Cheung, Gauthier, Gauthier Roebroeck, Javier Goday, Kristof, Taro L. Saito

v3.41.2.1

Changelog

🚀 Features

sqlite

• bump sqlite to 3.41.2 (8cdaf59)

🛠 Build

jreleaser

• categorize scopes in changelog (e3e5ae7)

Contributors

We'd like to thank the following people for their contributions:
Gauthier Roebroeck

v3.41.0.1

Compare Source

Changelog

🚀 Features

• jdbc: remove length/dimension in DatabaseMetaData#getColumns TYPE_NAME (b09e093)
• sqlite: add support for legacy_alter_table flag (26df15f), closes #​481
• add SQLiteDataSource #setBusyTimeout (12f2113)

🐛 Fixes

• jdbc: return DatabaseMetaData#getColumns DATA_TYPE as int instead of String (b7c40c3), closes #​859
• database from jar resource no longer keeps the jar file-descriptor open (38c25af)
• keep SQLiteConfig cached busyTimeout more consistent with busy_timeout pragma (8be7243)

🛠 Build

• deps-dev: bump mockito-core from 4.8.1 to 5.2.0 (1874299)
• deps: bump native-maven-plugin from 0.9.19 to 0.9.20 (a99ac0c)
• deps-dev: bump assertj-core from 3.23.1 to 3.24.2 (12d1f2c)
• deps: bump jreleaser-maven-plugin from 1.4.0 to 1.5.1 (5fba437)
• deps: bump surefire.version from 3.0.0-M7 to 3.0.0 (15db506)
• deps-dev: bump junit-pioneer from 1.7.1 to 2.0.0 (db56d15)
• deps: bump maven-javadoc-plugin from 3.4.1 to 3.5.0 (7085bf4)
• deps-dev: bump archunit-junit5 from 1.0.0 to 1.0.1 (bfe7c1b)
• deps-dev: bump logback-classic from 1.3.4 to 1.4.5 (276f682)
• deps: bump maven-enforcer-plugin from 3.1.0 to 3.2.1 (f67c97a)
• dependabot: enable updates for all deps (8a2a5b1)
• jreleaser: add missing perf labeler (c2bfaa4)

Contributors

We'd like to thank the following people for their contributions:
Gauthier, Gauthier Roebroeck, Kristof, Sualeh Fatehi, Talha Javed, mruddy

v3.41.0.0

Compare Source

Changelog

🚀 Features

• bump sqlite to 3.41.0 (a1c3625)

🐛 Fixes

• jdbc: DatabaseMetaData#getColumns now returns SCOPE_CATALOG column instead of SCOPE_CATLOG (4429515), closes #​837

🛠 Build

• use junit-jupiter in POM to pull all dependencies transitively (7863376), closes #​838

Contributors

We'd like to thank the following people for their contributions:
Gauthier Roebroeck

v3.40.1.0

Compare Source

Changelog

🚀 Features

• update SQLite to 3.40.1 (4ba7c8c)
• allow correct recognition of android os if running termux (89ceb0d)

🐛 Fixes

• jdbc: DatabaseMetaData#getPrimaryKeys and getExportedKeys should return an empty ResultSet for sqlite_schema (0dc6ad9), closes #​831
• jdbc: DatabaseMetaData#getColumns should also retrieve columns from SYSTEM TABLE types (473f528)
• DatabaseMetaData#getTypeInfo's result should be ordered by DATA_TYPE (05bb929), closes #​832
• native: fixes and improvements for backup/restore (b13c908)
• jdbc: DatabaseMetaData#getImportedKeys reports empty FK_NAME when created using quotes (ba69b2e), closes #​506

🔄️ Changes

• replace mention of sqlite_master with sqlite_schema (e68bc05)

🛠 Build

• release depends on test_graalvm (9f521a4)
• refine GraalVM native-image configuration and fix native test execution (e437b3f)
• hide bot names from release contributors (5d1a280)
• replace java 18 with java 19 (4c80ee7)
• try to fix build native for PRs (f7bd3cd)
• try to fix build native for PRs (b23de9e)
• try to fix build native for PRs (5aa6a30)
• add 2023 url for amalgamation download (e3b6f8c)
• deps: bump JReleaser to 1.4.0 (0db312f)
• add test for unixepoch (3904e83)

📝 Documentation

• use https for links to www.sqlite.org (7ac8de8)
• update README badge for CI (832d26f)
• changelog shows breaking change description (5ad78ba), closes #​814

Contributors

We'd like to thank the following people for their contributions:
Andrew Pikler, Gauthier, Gauthier Roebroeck, Kristof, Sebastiano Galeazzo, pyckle, 谭九鼎

v3.40.0.0

Compare Source

Changelog

🚀 Features

• 🚨 enable new math functions: previously log() computed the natural logarithm, now it computes a base-10 logarithm (0f41f46)
• upgrade SQLite to 3.40.0 (5e73a5c)

🛠 Build

• disable DriverManager.setLogWriter (dd878d9)

📝 Documentation

• fix CI badge link (e11aecf)

Contributors

We'd like to thank the following people for their contributions:
Gauthier, Gauthier Roebroeck, github-actions

v3.39.4.1

Compare Source

Changelog

🐛 Fixes

• jdbc: don't check if ResultSet is open in markCol (6d6f756)
• jdbc: throw SQLException instead of IllegalStateException (4bfb174)
• jdbc: properly handle updateCount for PreparedStatement (6a910b9)
• jdbc: don't close ResultSet when last row is passed (a21229d)
• jdbc: properly reset Statement between reuse (f497c43)

🛠 Build

• fix boolean conditions, once more (f11b824)
• fix boolean conditions (857ed4c)
• print event inputs (83dbe02)
• add failing tests for PreparedStatement getMetaData before execution (6c95a88)
• add failing tests for PreparedStatement getMoreResults and getUpdateCount (98f00d3)
• polish (87c4601)
• replace deprecated set-output usage (7ee209c)
• add a release flag on CI workflow dispatch (f9e5e7f)
• add failing tests when getting ResultSet metadata past last row (64771ef)
• add failing tests when reusing statements (267e80b)
• deps: bump andymckay/cancel-action from 0.2 to 0.3 (67b5899)
• fix attach-javadoc failing with release profile (9d3e2ca)
• change jreleaser's changelog format (4896a15)
• multi-release JAR with module-info.java (5bf7566)

📝 Documentation

• update release process (d91948e)

Contributors

We'd like to thank the following people for their contributions:
Gauthier, Gauthier Roebroeck, GitHub, Petr Hadraba, dependabot[bot], github-actions

v3.39.4.0

Compare Source

Changelog

🚀 Features

• 8bcba01 jdbc: implement ResultSet#getObject with requested type
• 9e9d144 allow override of detected architecture
• 7f03781 update SQLite to 3.39.4
• fcb321e jdbc: DatabaseMetaData.getTypeInfo() returns more accurate values
• be935e1 jdbc: add support for DatabaseMetaData#getSearchStringEscape

🐛 Fixes

• f178b4e jdbc: ResultSet#isNullable() now checks for nullability instead of primary key
• fe8f8d0 jdbc: simplify ResultSet#getBigDecimal
• e8ba9dc jdbc: ResultSet#getBigDecimal could return 0 instead of null in some conditions
• 58858f7 jdbc: Statement#getUpdateCount could return incorrect result when used concurrently
• 8361efa jdbc: incorrect SQL could be generated in DatabaseMetaData#getImportedKeys
• c8e86ae jdbc: DatabaseMetaData.getTables() shows all types if no type is provided
• da570ba jdbc: DatabaseMetaData.getTables() returns sqlite_schema as SYSTEM TABLE
• 8c78a66 jdbc: add missing description for DriverPropertyInfo

🔄️ Changes

• 22720f1 use SQLFeatureNotSupportedException when possible

🛠 Build

• 3a115b0 bump nexus-staging-maven-plugin from 1.6.8 to 1.6.13
• accc542 bump jreleaser-maven-plugin from 1.1.0 to 1.3.1
• cd9a36a bump maven-gpg-plugin from 1.6 to 3.0.1
• 574da41 bump maven-javadoc-plugin from 3.2.0 to 3.4.1
• 47bf67d bump maven-bundle-plugin from 2.4.0 to 5.1.8
• 507c718 bump maven-jar-plugin from 3.2.0 to 3.3.0
• 5a3c89e bump maven-compiler-plugin from 3.1 to 3.10.1
• f13f53d bump maven-help-plugin from 3.2.0 to 3.3.0
• efcde7c bump spotless-maven-plugin from 2.12.3 to 2.27.2
• fd60f9b bump mockito-core from 4.8.0 to 4.8.1
• eaae213 add maven-enforcer-plugin
• 4238573 add versions-maven-plugin
• ee7a5a9 disable test_graalvm
• 5565528 exclude architecture tests from native
• af1ae47 add test architecture tests
• 9a19b8a add architecture tests
• bad80f2 deps: bump JUnit Pioneer from 1.4.2 to 1.7.1
• ec066ac deps: bump JUnit from 5.7.2 to 5.9.1
• c61c028 jdbc: add numeric types tests for ResultSet
• 8c5cd18 typo in workflow descriptions [skip ci]

📝 Documentation

• 7912b6b document usage for Android applications

Contributors

We'd like to thank the following people for their contributions:
Gauthier Roebroeck, GitHub, Petr Hadraba, Valentin Koeltgen, github-actions

v3.39.3.0

Compare Source

Changelog

🚀 Features

• 1cab301 [jdbc] support Statement.execute methods with autoGeneratedKeys parameter
• 954dd4c [jdbc] ResultSetMetaData.getColumnClassName returns more accurate type
• 0ede2be [jdbc] support for read-only transactions, fix timeout handling

🐛 Fixes

• f4eaac4 [native] JRE crash on connection close with CommitListener and auto commit disabled
• 7c3f7de [jdbc] Statement.setEscapeProcessing should not throw unsupported exception
• e14fcd0 [jdbc] throw SQLFeatureNotSupportedException instead of SQLException for unsupported features
• 09d4db2 [jdbc] DatabaseMetaData.supportsFullOuterJoins returns true for SQLite 3.39+
• bbb7d2c [jdbc] incorrect DatabaseMetaData JDBC version major/minor
• bc5174b [jdbc] getDate, getTime, and getTimestamp crash on empty text
• 1c84e06 [jdbc] ResultSetMetaData.getColumnType now returns BIGINT if the value is large
• b7396a1 [jdbc] detect TIMESTAMP stored in SQLITE_TEXT

🛠 Build

• eec8880 [native] update SQLite to 3.39.3
• 6117c94 fix build-native directory when downloading native libraries
• 628a38e [native] update dockcross windows x86/x64 images
• 90550cc [native] update dockcross images, fixes issue when running on Mac M1
• 0bfe4f0 replace junit jupiter assumptions with assertJ
• 12263cd test with external amalgamation
• c408b8f add graalvm argument following assertj migration
• f3ac947 migrate to assertJ
• 487f225 remove old travis files
• ea3c662 fix missing condition for build-native workflow

📝 Documentation

• 4b5d0a6 mention support of Linux musl 32bits

Contributors

We'd like to thank the following people for their contributions:
GitHub, Gauthier Roebroeck, Martin, github-actions, Gauthier, martin.haeusler

v3.39.2.1

Compare Source

Changelog

🚀 Features

• 0795636 add support for Linux musl x86 32bits
• 4102c1d support JDBC 4.2 large methods
• fc72417 enable DBSTAT Virtual Table

🐛 Fixes

• 5387c7a use directory stream for temp dir cleanup
• 9979ba5 compile armv5 with soft float and without vfp
• 99cac10 empty result set should not be returned as closed
• 7e171d4 various correctness, memory leak and race condition fixes
• 9517b3a minor bug fixes and code cleanup
• 896054b getImportedKeys should not fail if referenced table does not exist
• 05c45bb return generated columns in DatabaseMetaData.getColumns
• 19cb96d getClob() should return null if the data is null

🔄️ Changes

• b619cfa use java.nio for file operations
• 0a194de comments as javadoc
• 1749e12 apply IntelliJ suggestions
• 3bf5ada use try-with-resource and assertThrows
• 49bf4e7 apply IntelliJ suggestions

🛠 Build

• 6dd5a50 [native] rename alpine-linux64 target to linux-musl64
• f4e478d build native libraries by workflow_dispatch or PR comment
• 3fb1a21 apply IntelliJ suggestions
• f8e39f4 [native] sign Mac 64 binary
• 22b5f87 [native] add dockerfile for rcodesign
• 63c6c4a [native] build Mac arm64 with Docker
• cf8fe36 ignore dependabot for push events, will run on pull_request anyway
• 0770e1d change distribution to temurin for consistency
• 1926c63 add dependabot
• 97cc99d cleanup invalid compile option
• a96917e conditionally run MathFunctionsTest depending on compilation options
• 3e191e9 skip DBMetaDataTest.version if not compiled by us
• e48422c extract function to retrieve compile options
• 2022752 don't run deploy job on forks
• 97f8faf run CI on branches
• f0be678 add math functions test
• bcf889f publish jar file as release asset
• 3c84e2d force push tags for release commits [skip ci]

📝 Documentation

• d5cbe62 document how to load specific native library
• c77bbd1 add contribution section in README.md
• 4b05f4a build instructions for external amalgamation archive
• a4b954e remove provided scope for Maven Shade hint
• aa14ab6 remove outdated javadoc comment about unsupported aggregate functions
• c84a077 update documentation

---

• 329fe0a [deps] bump actions/setup-java from 2 to 3 (#​770)

Bumps actions/setup-java from 2 to 3.

• c2412cf properly add JDBC_EXTENSIONS pragma (#​761)

Instead of relying of changing ifdefs use the variable declaration as anchor

• fd53f17 return correct values for column data type details (#​758)

provide valid COLUMN_SIZE and DECIMAL_DIGITS values for columns queried using

Contributors

We'd like to thank the following people for their contributions:
Sebastian Baumhekel, dependabot[bot], Michael Osipov, GitHub, Gauthier Roebroeck, github-actions, Gauthier, Andrew Pikler

v3.39.2.0

Compare Source

Changelog

🛠 Build

• 63e0467 create the release commit only after successful push to Maven Central
• 5aaeb8c attach javadoc when creating the jar in release profile
• 7310a45 add missing project url in pom.xml
• 13d2369 automatic release via workflow_dispatch
• 6537808 add jreleaser plugin
• 9f9ce09 remove maven-release-plugin and adjust version number
• 10ab71c add test for #​720
• c7b54a2 expand multiarch test to arm64/alpine and ppc64/ubuntu
• 50c0458 simplify matrix on test job using include instead of exclude
• 972f1db run mvn with --batch-mode --no-transfer-progress
• 7fc747f use actions/checkout@v3
• 8409e5c display more information during OSInfoTest
• 062440a build on jdk 17 (#​747)

📝 Documentation

• 5c03f58 update list of supported platforms in README.md
• d23711e remove bitbucket links
• 766a51f syntax highlighting in README.md

---

• 481b803 fix memory leak when calling Connection.getMetaData() (#​757)

fix memory leak when calling Connection.getMetaData()

• bb84601 show numeric code instead of UNKNOWN_ERROR (#​689)

Show numeric code instead of UNKNOWN_ERROR

• 085700f compile OSInfo on the fly if needed by make (#​715)

Removed outdated version of OSInfo.class

• 67159a5 add snapshot badge to README.md
• 5da0039 Publish snapshots to OSSRH automatically from CI
• 6c4f373 Use setUseCaches instead of setDefaultUseCaches (#​755)

Use of setDefaultUseCaches impacts all URLClassLoaders and HttpURLConnections, which can lead to erratic behavior of non-sqlite components running on a system since the variable is static.

• e1d282c Wrap Statement Pointers to prevent use after free race
• 6ee09e1 add ppc64el/ppc64le mapping

Closes: #​450

• 49facf5 Update changelog for 3.35.0.1 through 3.36.0.3 (#​702)
• e737a19 Musl check improvements

• Fix older linux compatibility with MUSL check

• 14d5903 org.sqlite.SQLiteConfig.setDatePrecision(String) throws unnecessary S… (#​751)
• a6d63ee add native binary for Linux aarch64 with musl (#​704)
• f55b2aa Upgrade to 3.39.2 (#​746)

• Update dockcross scripts

• ada2b14 detect musl by checking /proc/self/map_files (#​675)

• detect musl by checking /proc/self/map_files

• 15ecb1b Use more specific types instead of String when fetching JDBC3ResultSet.getBigDecimal (#​666)
• c57be93 Add native libs for Android arm64, x86, x86_64 via dockcross (#​662)

• cleanup OSInfo.java with IDE suggestions

• 1481bf2 Fix file descriptor (handle) leak when opening database fails (#​665)
• 1716215 Update Eclipse settings to use Java 8 (#​664)
• 7ac4c87 Switch to Temurin JDK builds as AdoptJDK has been discontinued (#​660)
• 4958df0 update CI badge on README.md (#​661)
• 674288c Add CI tests for aarch64 and armv7 (#​658)

• multiarch test

• 9c03d9c migrate to setup-java@v2 with built-in maven cache (#​657)
• 0ecb95b Update cross prefix following recent dockcross updates (#​655)

• simplify the cross prefix, as the binaries are available in the PATH

• 3d04d7d Code formatting via Spotless with google java format (#​653)

• add spotless with google java format

• ec79c49 Makefile: remove -it/-ti flags from docker calls (#​654)

These control whether to run docker in interactive mode and attach the tty,

• f5889a4 Next snapshot:

Contributors

We'd like to thank the following people for their contributions:
GitHub, Gauthier Roebroeck, Andy-2639, Andrey.Tarashevskiy, github-actions, Villena Guillaume, Carl Dea, Gauthier, Changwei Miao, Andrew Pikler, mdavidsaver, Lukas, Taro L. Saito, Tim McCormack, Michael Osipov, Aurora Lahtela, pyckle, Roman Parshikov

v3.36.0.3

Compare Source

• Fixes for GraalVM
• Internal update: Migrate to JUnit5. Add CI with GraalVM

v3.36.0.2

Compare Source

New Features

• Support custom collation creation (#​627)

Newly Supported OS and Arch

• Windows armv7 and arm64 (e.g., Surface Pro X) (#​644)
• FreeBSD aarch64 (#​642)
• Bring back Linux armv6 support (#​628)
• FreeBSD x86 and x86_64 (#​639)
• Dropped DragonFlyBSD support (#​641)

Other Intenal Fixes

• Add reflect-config, jni-config and native-image.properties to graalvm native image compilation (#​631)
• Fix multipleClassLoader test when directory is renamed (#​647)
• CI tests for Windows and MacOS (#​645)

Special thanks to @​gotson for adding collation support and build configurations for more OS and CPU types!

v3.36.0.1

Compare Source

• Fixed a date parsing issue https://github.com/xerial/sqlite-jdbc/issues/88
• Added CI for testing JDK16 compatibility. sqlite-jdbc works for JDK8 to JDK16

v3.36.0

Compare Source

• Upgrade to SQLite 3.36.0

v3.35.0.1

Compare Source

• Upgraded to SQLite 3.35.0
• Avoid using slower ByteBuffer decode() method (#​575)
• Allow increasing SQLite limits (#​568)
• Add Automatic-Module-Name for OSGi (#​558
• Avoid using shared resource streams between class loaders when extracting the native library. (#​578)

(Note: Don't use 3.35.0 if you are Apple Silicon (M1) user. 3.35.0 failed to include M1 binary)

v3.35.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.