v1.3.8 - Security Updates

Changes in v1.3.8

• Update golang.org/x/crypto to v0.40.0 to address security vulnerabilities
• Update golang.org/x/net to v0.42.0 to address security vulnerabilities

This release addresses several security vulnerabilities in dependencies:

1. Fixed critical and high severity issues in golang.org/x/crypto:

   • Misuse of ServerConfig.PublicKeyCallback that could cause authorization bypass
   • Denial of Service (DoS) vulnerability via Slow or Incomplete Key Exchange

2. Fixed medium severity issues in golang.org/x/net:

   • Cross-site Scripting vulnerability
   • HTTP Proxy bypass using IPv6 Zone IDs

v1.3.7 - SQL Server Locker Support

Changes in v1.3.7

• Add SQL Server support for the Locker interface using sp_getapplock/sp_releaseapplock
• Fix SQL Server transaction handling for concurrent migrations

This release completes the roadmap item for SQL Server support in clustered environments by implementing the Locker interface for SQL Server. The implementation uses SQL Server's sp_getapplock and sp_releaseapplock stored procedures with session-based locks to ensure that only one process can run migrations at a time.

v1.3.6

What's Changed

• Bump golang.org/x/net from 0.10.0 to 0.23.0 by @dependabot in #30

Full Changelog: v1.3.5...v1.3.6

v1.3.5

What's Changed

• Fix embedded migrations example by @kalafut in #24
• Bump golang.org/x/crypto from 0.1.0 to 0.17.0 by @dependabot in #27
• Bump github.com/docker/docker from 20.10.24+incompatible to 24.0.7+incompatible by @dependabot in #26
• Bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 by @dependabot in #28
• Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible by @dependabot in #29

Full Changelog: v1.3.4...v1.3.5

v1.3.4

What's Changed

• Bump golang.org/x/net from 0.0.0-20220617184016-355a448f1bc9 to 0.7.0 by @dependabot in #18
• Update golangci-lint by @adlio in #22
• Bump golang.org/x/crypto from 0.0.0-20201016220609-9e8e0b390897 to 0.1.0 by @dependabot in #19
• Bump github.com/docker/docker from 20.10.17+incompatible to 20.10.24+incompatible by @dependabot in #21
• Bump github.com/opencontainers/runc from 1.1.3 to 1.1.5 by @dependabot in #20

Full Changelog: v1.3.3...v1.3.4

v1.3.3

Full Changelog: v1.3.1...v1.3.3

v1.3.1

What's Changed

• Update ory/dockertest Dependency to 3.9.1 by @adlio in #17

Full Changelog: v1.3.0...v1.3.1

1.3.0

What's Changed

• Initial SQL Server support from @pubkraal in #15
• Fix tests on M1 Macs by @adlio in #16

New Contributors

• @pubkraal made their first contribution in #15

Full Changelog: v1.2.3...v1.3.0

1.2.3

What's Changed

• Restore ability to chain NewMigrartor().Apply() by @adlio in #14

Full Changelog: v1.2.2...v1.2.3

1.2.2

Full Changelog: v1.2.1...v1.2.2