⬆️ Bump h2 from 1.4.200 to 2.0.206 #543
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [h2](https://github.com/h2database/h2database) from 1.4.200 to 2.0.206. - [Release notes](https://github.com/h2database/h2database/releases) - [Commits](h2database/h2database@version-1.4.200...version-2.0.206) --- updated-dependencies: - dependency-name: com.h2database:h2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
|
Kudos, SonarCloud Quality Gate passed!
|
|
Hi @treo, the dependabot suggests us to update the h2 to the latest version due to security vulnerability, is that ok to do so? |
This means we can't just update it without an additional migration step. I think this may be a good opportunity to factor out the migration parts of the application into its own tool, otherwise we will need to hold on to old versions of things forever. On the topic of the security vulnerability: As far as I'm aware, classifai uses H2 only in embedded mode, so the Console isn't active, therefore it isn't directly affected by it. We still should update, but it isn't quite as urgent. |
Thank you @treo for your explanation, now I understood the issue. I will put this task on hold first and will seek your advice again when we come back to classifai backend. |
|
Superseded by #544. |
Bumps h2 from 1.4.200 to 2.0.206.
Release notes
Sourced from h2's releases.
Commits
3d957a0Release 2.0.206 preparation2b6e303Update changelogb24aa46Check URL scheme4a2e677Get data types directly from linked tables from H269aff24Fix ValueVarcharIgnoreCase.equals()0ebf142Fix group-sorted optimization for data types with different equal values8aca5f4Correct Date and Time part in tutorial.html4bfd6f0Add support of H2 2.0+ to source.html and sourceError.html927c830Update copyright yearsabac6c8Next development versionDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.