Update dependency org.postgresql:postgresql to v42.7.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.postgresql:postgresql (source)	42.4.0 -> 42.7.3

---

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.3

Changed

• chore: gradle config enforces 17+ PR #​3147

Fixed

• fix: boolean types not handled in SimpleQuery mode PR #​3146
  • make sure we handle boolean types in simple query mode
  • support uuid as well
  • handle all well known types in text mode and change else if to switch
• fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with NoSuchMethodError on ByteBuffer#position when running on Java 8

v42.7.2

Security

• security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a -
  such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
  This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

• fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed PR #​3101
• perf: Avoid autoboxing bind indexes by @​bokken in PR #​1244
• refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in PR #​3084

Added

• feat: Add PasswordUtil for encrypting passwords client side PR #​3082

v42.7.1

Changed

• perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing PR #​3044

Fixed

• fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken PR #​3040
• fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc PR #​2720 Fixes Issue #​2690.
• fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes Issue #​3014
• Revert "PR #​2925 Use canonical DateStyle name" PR #​3035
  Fixes Issue #​3008
• Revert "PR ##​2973 feat: support SET statements combining with other queries with semicolon in PreparedStatement" PR #​3010
  Fixes Issue #​3007
• fix: avoid timezone conversions when sending LocalDateTime to the database #​2852 Fixes Issue #​1390
  ,Issue #​2850
  Closes [Issue #​1391(https://github.com/pgjdbc/pgjdbc/issues/1391)

v42.7.0

Changed

• fix: Deprecate for removal PGPoint.setLocation(java.awt.Point) to cut dependency to java.desktop module. PR #​2967
• feat: return all catalogs for getCatalogs metadata query closes ISSUE #​2949 PR #​2953
• feat: support SET statements combining with other queries with semicolon in PreparedStatement PR ##​2973

Fixed

• chore: add styleCheck Gradle task to report style violations PR #​2980
• fix: Include currentXid in "Error rolling back prepared transaction" exception message PR #​2978
• fix: add varbit as a basic type inside the TypeInfoCache PR #​2960
• fix: Fix failing tests for version 16. PR #​2962
• fix: allow setting arrays with ANSI type name PR #​2952
• feat: Use KeepAlive to confirm LSNs PR #​2941
• fix: put double ' around log parameter PR #​2936 fixes ISSUE #​2935
• fix: Fix Issue #​2928 number of ports not equal to number of servers in datasource PR #​2929
• fix: Use canonical DateStyle name (#​2925) fixes pgbouncer issue
• fix: Method getFastLong should be able to parse all longs PR #​2881
• docs: Fix typos in info.html PR #​2860
• fix: Return correct default from PgDatabaseMetaData.getDefaultTransactionIsolation PR #​2992 fixes Issue #​2991
• test: fix assertion in RefCursorFetchTestultFetchSize rows
• test: use try-with-resources in LogicalReplicationStatusTest

v42.6.0

Changed

• fix: use PhantomReferences instead of Obejct.finalize() to track Connection leaks PR #​2847

  The change replaces all uses of Object.finalize with PhantomReferences.
  The leaked resources (Connections) are tracked in a helper thread that is active as long as
  there are connections in use. By default, the thread keeps running for 30 seconds after all
  the connections are released. The timeout is set with pgjdbc.config.cleanup.thread.ttl system property.

• refactor:(loom) replace the usages of synchronized with ReentrantLock PR #​2635
  Fixes Issue #​1951

v42.5.4

Fixed

fix: fix testGetSQLTypeQueryCache by searching for xid type. We used to search for box type but it is now cached. xid is not cached, this nuance is required for the test.
fix OidValueCorrectnessTest BOX_ARRAY OID, by adding BOX_ARRAY to the oidTypeName map [PR #​2810](https://github.com/pgjdbc/pgjdbc/pull/28100).
fixes Issue #​2804.
fix: Make sure that github CI runs tests on all(https://togithub.com/pgjdbc/pgjdbc/pull/2809)dbc/pgjdbc/pull/2809\)).

v42.5.3

Fixed

fix: Add box to TypeInfoCache, fixes Issue #​2746 PR #​2747
fix: regression in PgResultSet LONG_MIN copy and paste error fixes Issue #​2748 PR#2749

v42.5.2

Changed

regression: This release has 2 known regressions which make it unusable see the notes above. We advise people to use 42.5.3 instead.
docs: specify that timeouts are in seconds and there is a maximum. Housekeeping on some tests fixes #Issue 2671 PR #​2686
docs: clarify binaryTransfer and add it to README PR# 2698
docs: Document the need to encode reserved characters in the connection URL PR #​2700
feat: Define binary transfer for custom types dynamically/automatically fixes Issue #​2554 PR #​2556

Added

fix: added gssResponseTimeout as part of PR #​2687 to make sure we don't wait forever on a GSS RESPONSE

Fixed

fix: Ensure case of XML tags in Maven snippet is correct PR #​2682
fix: Make sure socket is closed if an exception is thrown in createSocket fixes Issue #​2684 PR #​2685
fix: Apply patch from Issue #​2683 to fix hanging ssl connections PR #​2687
fix - binary conversion of (very) long numeric values (longer than 4 * 2^15 digits) PR #​2697 fixes Issue #​2695
minor: enhance readability connection of startup params PR #​2705

v42.5.1

Security

• security: StreamWrapper spills to disk if setText, or setBytea sends very large Strings or arrays to the server. createTempFile creates a file which can be read by other users on unix like systems (Not macos).
  This has been fixed in this version fixes CVE-2022-41946 see the security advisory for more details. Reported by Jonathan Leitschuh This has been fixed in versions 42.5.1, 42.4.3 42.3.8, 42.2.27.jre7. Note there is no fix for 42.2.26.jre6. See the security advisory for work arounds.

Fixed

• fix: make sure we select array_in from pg_catalog to avoid duplicate array_in functions fixes #Issue 2548 PR #​2552
• fix: binary decoding of bool values PR #​2640
• perf: improve performance of PgResultSet getByte/getShort/getInt/getLong for float-typed columns PR #​2634
• chore: fix various spelling errors PR #​2592
• chore: Feature/urlparser improve URLParser PR #​2641

v42.5.0

Changed

• fix: revert change in PR #​1986 where float was aliased to float4 from float8.
  float now aliases to float8 PR #​2598 fixes Issue #​2597

v42.4.2

Changed

• fix: add alias to the generated getUDT() query for clarity (PR #​2553)[https://github.com/pgjdbc/pgjdbc/pull/2553](https://togithub.com/pgjdbc/pgjdbc/pull/2553)3]

Added

• fix: make setObject accept UUID array PR #​2587

Fixed

• fix: regression with GSS. Changes introduced to support building with Java 17 caused failures Issue #​2588
• fix: set a timeout to get the return from requesting SSL upgrade. PR #​2572
• feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

v42.4.1

Security

• fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
  • Previously, the column names for both key and data columns in the table were copied as-is into the generated
    SQL. This allowed a malicious table with column names that include statement terminator to be parsed and
    executed as multiple separate commands.
  • Also adds a new test class ResultSetRefreshTest to verify this change.
  • Reported by Sho Kato

Changed

• chore: skip publishing pgjdbc-osgi-test to Central
• chore: bump Gradle to 7.5
• test: update JUnit to 5.8.2

Added

• chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
• chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
• chore: support building pgjdbc with Java 17
• feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[coveralls]

Pull Request Test Coverage Report for Build #910

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 97.605%

---

Totals
Change from base Build #907:	0.0%
Covered Lines:	652
Relevant Lines:	668

---

💛 - Coveralls