You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@arrow.apache.org by GitBox <gi...@apache.org> on 2022/04/06 10:44:50 UTC
[GitHub] [arrow] dependabot[bot] opened a new pull request, #12807: Bump h2 from 1.4.196 to 2.1.210 in /java/adapter/jdbc
dependabot[bot] opened a new pull request, #12807:
URL: https://github.com/apache/arrow/pull/12807
Bumps [h2](https://github.com/h2database/h2database) from 1.4.196 to 2.1.210.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/h2database/h2database/releases">h2's releases</a>.</em></p>
<blockquote>
<h2>Version 2.1.210</h2>
<p><strong>Two security vulnerabilities in H2 Console (CVE-2022-23221 and possible DNS rebinding attack) are fixed.</strong></p>
<p>Persistent databases created by H2 2.0.x don't need to be upgraded.
Persistent databases created by H2 1.4.200 and older versions require export into SQL script with that old version and creation of a new database with the new version and execution of this script in it.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/h2database/h2database/commit/ca926f8b646aa3dd3da5f7a81bbee055b19a8d6a"><code>ca926f8</code></a> Merge remote-tracking branch 'h2database/master'</li>
<li><a href="https://github.com/h2database/h2database/commit/be306de97cfb6c9a55e83facbce65999094e5260"><code>be306de</code></a> Version advancement</li>
<li><a href="https://github.com/h2database/h2database/commit/030eb7213f86905da7cc873bcb2456476eafab3c"><code>030eb72</code></a> Improve migration documentation</li>
<li><a href="https://github.com/h2database/h2database/commit/86d58c459f2ab997d2033ae09785af92599a93bc"><code>86d58c4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/h2database/h2database/issues/3381">#3381</a> from katzyn/legacy</li>
<li><a href="https://github.com/h2database/h2database/commit/b613598226c4bde0543272d11a3f41832bd487e9"><code>b613598</code></a> Typo</li>
<li><a href="https://github.com/h2database/h2database/commit/d6e4eb8cf70e08fbb288633e2f40bd33fc9a7292"><code>d6e4eb8</code></a> Add IDENTITY() and SCOPE_IDENTITY() to LEGACY mode</li>
<li><a href="https://github.com/h2database/h2database/commit/36e790d6e0c5494162fedb4161fd707f0627fcfd"><code>36e790d</code></a> make javadoc happier</li>
<li><a href="https://github.com/h2database/h2database/commit/1c0ca27ed75820c02d3f9e4581a947dbc9635a54"><code>1c0ca27</code></a> Add "of this server" to adminWebExternalNames text</li>
<li><a href="https://github.com/h2database/h2database/commit/0f83f489c0c317ffac9ce1247751b4442dc24ff0"><code>0f83f48</code></a> Convert host names to lower case</li>
<li><a href="https://github.com/h2database/h2database/commit/c5f11a5d084c3dad01d390c78ad8f2a01233e29a"><code>c5f11a5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/h2database/h2database/issues/3378">#3378</a> from katzyn/lob</li>
<li>Additional commits viewable in <a href="https://github.com/h2database/h2database/compare/version-1.4.196...version-2.1.210">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/arrow/network/alerts).
</details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] dependabot[bot] closed pull request #12807: Bump h2 from 1.4.196 to 2.1.210 in /java/adapter/jdbc
Posted by "dependabot[bot] (via GitHub)" <gi...@apache.org>.
dependabot[bot] closed pull request #12807: Bump h2 from 1.4.196 to 2.1.210 in /java/adapter/jdbc
URL: https://github.com/apache/arrow/pull/12807
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] github-actions[bot] commented on pull request #12807: Bump h2 from 1.4.196 to 2.1.210 in /java/adapter/jdbc
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on PR #12807:
URL: https://github.com/apache/arrow/pull/12807#issuecomment-1090146403
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
Thanks for opening a pull request!
If this is not a [minor PR](https://github.com/apache/arrow/blob/master/CONTRIBUTING.md#Minor-Fixes). Could you open an issue for this pull request on JIRA? https://issues.apache.org/jira/browse/ARROW
Opening JIRAs ahead of time contributes to the [Openness](http://theapacheway.com/open/#:~:text=Openness%20allows%20new%20users%20the,must%20happen%20in%20the%20open.) of the Apache Arrow project.
Then could you also rename pull request title in the following format?
ARROW-${JIRA_ID}: [${COMPONENT}] ${SUMMARY}
or
MINOR: [${COMPONENT}] ${SUMMARY}
See also:
* [Other pull requests](https://github.com/apache/arrow/pulls/)
* [Contribution Guidelines - How to contribute patches](https://arrow.apache.org/docs/developers/contributing.html#how-to-contribute-patches)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] lidavidm commented on pull request #12807: Bump h2 from 1.4.196 to 2.1.210 in /java/adapter/jdbc
Posted by "lidavidm (via GitHub)" <gi...@apache.org>.
lidavidm commented on PR #12807:
URL: https://github.com/apache/arrow/pull/12807#issuecomment-1434632404
@dependabot rebase
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [arrow] dependabot[bot] commented on pull request #12807: Bump h2 from 1.4.196 to 2.1.210 in /java/adapter/jdbc
Posted by "dependabot[bot] (via GitHub)" <gi...@apache.org>.
dependabot[bot] commented on PR #12807:
URL: https://github.com/apache/arrow/pull/12807#issuecomment-1434634261
Looks like com.h2database:h2 is no longer updatable, so this is no longer needed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@arrow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org