Skip to content
This repository has been archived by the owner on Jan 16, 2023. It is now read-only.

Bump postgresql from 42.3.1 to 42.5.0 #634

Merged
merged 1 commit into from
Aug 28, 2022
Merged

Bump postgresql from 42.3.1 to 42.5.0 #634

merged 1 commit into from
Aug 28, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 25, 2022
edited

Bumps postgresql from 42.3.1 to 42.5.0.

Changelog

Sourced from postgresql's changelog.

[42.5.0] (2022-08-23 11:20:11 -0400)

Changed

[42.4.2] (2022-08-17 10:33:40 -0400)

Changed

Added

Fixed

  • fix: regression with GSS. Changes introduced to support building with Java 17 caused failures [Issue #2588](pgjdbc/pgjdbc#2588)
  • fix: set a timeout to get the return from requesting SSL upgrade. [PR #2572](pgjdbc/pgjdbc#2572)
  • feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

[42.4.1] (2022-08-01 16:24:20 -0400)

Security

  • fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
    • Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands.
    • Also adds a new test class ResultSetRefreshTest to verify this change.
    • Reported by Sho Kato

Changed

  • chore: skip publishing pgjdbc-osgi-test to Central
  • chore: bump Gradle to 7.5
  • test: update JUnit to 5.8.2

Added

  • chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
  • chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
  • chore: support building pgjdbc with Java 17
  • feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

[42.4.0] (2022-06-09 08:14:02 -0400)

Changed

  • fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group startup parameters in a transaction (default=false like 42.2.x) fixes [Issue #2425](pgjdbc/pgjdbc#2497) pgbouncer cannot deal with transactions in statement pooling mode [PR #2425](pgjdbc/pgjdbc#2425)

Fixed

... (truncated)

Commits
  • f490edf put entry in CHANGELOG and release notes for 42.5.0 (#2601)
  • d62ba27 fix: revert change in PR#2597 where float was aliased to float4 from float8. ...
  • 08b2db3 bump version number for next release
  • 389be0a Update changelog for release (#2596)
  • 364662e fix erroneous method signature and null subjectCallAs (#2595)
  • 04dc96a update last copyright year (#2593)
  • f76ca46 fix checkstyle
  • a45b4d8 get rid of javadoc warnings
  • abf3bcb fix mismatched types for invokeExact. Have to tell invokeExact what type we a...
  • 96f2561 fix: make setObject accept UUID array (#2587)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 25, 2022
@dependabot dependabot bot mentioned this pull request Aug 25, 2022
Closed
@dependabot
Bump postgresql from 42.3.1 to 42.5.0
51daa44 
Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.3.1 to 42.5.0.
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.3.1...REL42.5.0)

---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/org.postgresql-postgresql-42.5.0 branch from ab8b8ff to 51daa44 Compare August 28, 2022 17:49
@Timmi6790 Timmi6790 merged commit c8d0205 into master Aug 28, 2022
@dependabot dependabot bot deleted the dependabot/maven/org.postgresql-postgresql-42.5.0 branch August 28, 2022 17:55
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@Timmi6790