Skip to content

fix(deps): update auto-update-external#146

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/auto-update-external
May 5, 2026
Merged

fix(deps): update auto-update-external#146
renovate[bot] merged 1 commit intomainfrom
renovate/auto-update-external

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 4, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
org.flywaydb:flyway-mysql 12.4.012.5.0 age confidence
org.flywaydb:flyway-core 12.4.012.5.0 age confidence
org.jdbi:jdbi3-sqlobject (source) 3.52.13.53.0 age confidence
org.jdbi:jdbi3-core (source) 3.52.13.53.0 age confidence

Release Notes

jdbi/jdbi (org.jdbi:jdbi3-sqlobject)

v3.53.0

Compare Source

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary
Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user
dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has
renamed a number of their jar files. Jdbi still supports
testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to
2.x, make sure that you reference the org.testcontainers:jdbc and
org.testcontainers:junit-jupiter dependencies. Those used to be
available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the
org.testcontainers:testcontainers-jdbc and
org.testcontainers:testcontainers-junit-jupiter dependencies must be
available.

  • Update testcontainers dependency to 2.0.5 (from 1.21.4)
  • Add StatementContext parameter to SqlExceptionHandler and remove return value

Configuration

📅 Schedule: (in timezone Asia/Tokyo)

  • Branch creation
    • "every 1 hour after 06:00 and before 23:59"
  • Automerge
    • "every 1 hour after 06:00 and before 23:59 every day"

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label May 4, 2026
@renovate renovate Bot force-pushed the renovate/auto-update-external branch from 3b00e9c to af979d4 Compare May 5, 2026 00:52
@renovate renovate Bot changed the title fix(deps): update auto-update-external to v12.5.0 fix(deps): update auto-update-external May 5, 2026
@renovate renovate Bot merged commit 4729392 into main May 5, 2026
2 checks passed
@renovate renovate Bot deleted the renovate/auto-update-external branch May 5, 2026 05:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants