build(deps): bump org.liquibase:liquibase-maven-plugin from 5.0.1 to 5.0.2

[dependabot]

Bumps org.liquibase:liquibase-maven-plugin from 5.0.1 to 5.0.2.

Release notes

Sourced from org.liquibase:liquibase-maven-plugin's releases.

Liquibase v5.0.2

5.0.2 Liquibase Community Release Notes

Liquibase Community v5.0.2 is here, with contributions from developers around the globe. This release includes a range of bug fixes across multiple database platforms along with several quality-of-life enhancements, with 19 contributors coming together to continue improving Liquibase for the entire community.

At Liquibase, we believe great database change management starts with a community that can rely on a predictable and transparent release process. To support this commitment, and starting with version 5.0.2, we are providing two clear ways for the community to access updates and improvements:

• Main Branch Builds on GitHub – Main branch builds are continuously published on GitHub, offering early access to the latest improvements and fixes as they are developed. These builds enable the community to test upcoming capabilities and provide feedback ahead of the next official release. Learn more on our GitHub README

• Quarterly Community Releases – Liquibase Community updates are released on a quarterly cadence (every second month of each calendar quarter) providing stable, production-ready versions that allow teams to plan upgrades and maintenance with confidence. These releases are available through all standard distribution channels, including GitHub, Maven Central, package managers, container registries, and other official Liquibase Community distribution locations.

Together, these options ensure that teams can choose the path that best fits their needs - whether prioritizing stability through scheduled releases or engaging early with the latest innovations in Liquibase.

A huge thank you to every contributor who filed an issue, submitted a pull request, or helped review code. You are the engine that drives Liquibase forward.

---

What’s in this release

Notable improvements

(#7451) by @​MalloD12 New: Added the ALLOW_INHERIT_LOGICAL_FILE_PATH global configuration property, which controls whether included changelogs inherit the logicalFilePath of their parent changelog when no explicit logicalFilePath is set.

(#6627 and #7390) by @​mkarg Improved: Custom change classes that cannot be found on the classpath no longer automatically fail the entire changelog. Liquibase now honors failOnError: false at the changeset level when the failure is caused by a missing custom change class. Additionally, a failing precondition with onFail="MARK_RAN" is now respected when the custom change class is not on the classpath.

(#7479) Improved Cassandra compatibility: Refactoring to enable third-party extensions like liquibase-cassandra to provide database-specific implementations and laying the groundwork for a future fix for CQL incompatibility errors.

Liquibase Community 5.0.2 moves more community repositories to the Functional Source License (FSL). See our FSL blog for details.

Performance improvements

(#7439) Performance fix for analytics: @​tati-qalified identified and resolved a performance degradation introduced with the analytics implementation. If you noticed Liquibase running slower since analytics was added, this is the fix you've been waiting for.

(#7539) Build improvements: Groovy source compilation has been moved to the module level in liquibase-extension-testing, removing redundant build steps from the root configuration.

Drivers and Dependencies

(7528) Updated bundled JDBC driver versions: MSSQL to v13.2.1.jre11 and Firebird to v6.0.3

(#7469) Dependency cleanup: Explicit exclusions added to liquibase-core pom.xml to fix duplicated commons-text dependency.

Fixes

(#7489) by @​MalloD12 Resolved an issue where the maven-update command logged duplicate messages when using the Java API. Summary output now defaults to LOG instead of ALL, which previously caused messages to be written to both the console and the log simultaneously. This behavior can still be overridden by explicitly setting the showSummaryOutput argument.

(#7395) by @​Parthiee Invalid or empty changelog file paths are now caught and rejected during serialization

Liquibase now validates that changelog file paths are properly defined and non-empty when serializing changelog configurations. Previously, incomplete or missing paths could pass through silently, resulting in invalid configurations.

... (truncated)

Changelog

Sourced from org.liquibase:liquibase-maven-plugin's changelog.

Liquibase Community 5.0.2 is a minor patch release

See the Liquibase Community 5.0.2 Release Notes for the complete set of release information.

Changes

• (#7540) DAT-21768: Fix sonar workflow inputs and add missing thisSha output @​jnewton03
• (#7483) Fix: Flush BufferedWriter in YamlSnapshotSerializer to prevent snapshot file truncation @​Folgerjun
• (#7510) feat: add comprehensive job summary to dry-run release workflow @​jandroav
• (#7509) fix: remove workflow-logs option to eliminate skipped job warnings @​jandroav
• (#7508) fix: add contents:write permission for draft release download @​jandroav
• (#7507) fix: add retry logic for draft release download in Maven job @​jandroav
• (#7506) fix: use gh CLI for dry-run Maven download in release-published.yml @​jandroav
• (#7425) Fixed Issue #7413: SQL Anywhere: Constraint name is not considered for PRIMARY KEY @​mkarg
• (#7380) Gh7374 remove oss mentions @​petepickerill

Notable Changes

• (#7439) Fix performance degradation since implementing analytics @​tati-qalified

New Features

• (#7452) fix: detect comment changes on columns and tables @​peteraisher
• (#7537) fix: Use default logger service instead of throwing exception in Scope#getCurrentScope() @​jnewton03
• (#7487) Creates a test to ensure all COMMAND_NAME and *_ARG constants are always public static final @​tati-qalified
• (#7448) rewrite: Simplified MSSQLDatabase escaping @​mkarg
• (#7539) fix(build): configure GMavenPlus 4.3.0 to detect Groovy in test scope @​filipelautert
• (#7528) DAT-21265 :: Jdbc drivers upgrade @​MalloD12
• (#7493) chore: update workflow permissions for release and test jobs @​sayaliM0412
• (#7479) Extract checksum compatibility logic in StandardChangeLogHistoryService @​maximevw
• (#7478) feat: Upgrade Ubuntu version in CI workflow to 24.04 @​sayaliM0412
• (#7465) DAT-21398: fix(tests): update macOS version in test matrix to macos-15-intel @​sayaliM0412
• (#7378) Add defensive null pointer checks across codebase @​filipelautert
• (#7401) chore: update Liquibase Pro reference to Liquibase Secure in README.md @​filipelautert

Bug Fixes

• (#7532) Fix clearCheckSums so checksums are correctly re-evaluated @​MalloD12
• (#7457) Fix issue 7184 @​MalloD12
• (#7468) Fix #7385: Fix PostgreSQL rollback with quoted numeric schema names @​RohanMittal-01
• (#7521) fix: Use correct grammar when reporting unexpected changes @​Vampire
• (#7569) Fix failing test @​MalloD12
• (#7451) Fixed undesired logicalFilePath inheritance of included changesets @​MalloD12
• (#7489) showSummaryOutput set to LOG by default for Liquibase API @​MalloD12
• (#7501) INT-1717: fix missing quotes in query in SetColumnRemarksGeneratorSnowflake @​HorbatenkoYehor
• (#7464) fix(mysql/mariadb): respect columnDataType in renameColumn for modern versions @​filipelautert
• (#7395) Liquibase throws exception when the filePath property is empty #7320 @​Parthiee
• (#7505) fix: use gh CLI for Maven dry-run release downloads @​jandroav
• (#7504) fix: use tag instead of releaseId for dry-run Maven downloads @​jandroav
• (#7503) fix: add id-token permission to package job in release-published.yml @​jandroav
• (#7502) DAT-21648: Pass tag parameter to package workflow for release downloads @​jandroav
• (#7469) (Fixes #7416) Add explicit dependencies with exclusions to liquibase-core pom.xml to fix problem with missing exclusions and duplicated dependency commons-text @​marwin1991
• (#7456) Fix Row affected count case sensitive issue @​MalloD12
• (#7417) Fix Incompatibility Between Quarkus and Liquibase @​MalloD12
• (#7390) Allow skipping a missing custom change (Copy of 6627) @​MalloD12

... (truncated)

Commits

• 2c889ad Update changelog.txt for 5.0.2 (#7583)
• bbb74fb Skip bot PRs in Claude Code review workflow (#7581)
• c6eaa32 chore(deps-dev): bump com.oracle.database.jdbc:ojdbc8 from 19.29.0.0 to 19.30...
• 49ec08e chore(deps): bump the production-deps group with 6 updates (#7568)
• a65eeb4 chore(deps): bump spring.version from 7.0.3 to 7.0.5 (#7567)
• fb9f288 chore(deps-dev): bump net.snowflake:snowflake-jdbc from 3.28.0 to 4.0.0 (#7541)
• c4c907e chore(deps-dev): bump org.javacc.plugin:javacc-maven-plugin from 3.0.3 to 3.8...
• 7f61ae5 chore(deps): bump the test-deps group with 4 updates (#7561)
• 00ef199 chore(deps): bump junit-jupiter.version from 6.0.2 to 6.0.3 (#7562)
• 8784316 chore(deps): bump the github-actions group across 1 directory with 4 updates ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 6ac50ed.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

parent-pom/pom.xml

Package	Version	License	Issue Type
org.liquibase:liquibase-maven-plugin	5.0.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/org.liquibase:liquibase-maven-plugin	5.0.2	Unknown	Unknown

Scanned Files

• parent-pom/pom.xml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

📚 Javadoc Generated

The Javadoc documentation has been generated for this PR. Download the javadoc artifact from the workflow run to view the complete API documentation with UML diagrams.