Bump the java-minor-patch group across 1 directory with 14 updates

[dependabot]

Bumps the java-minor-patch group with 14 updates in the / directory:

Package	From	To
org.apache.commons:commons-csv	1.9.0	1.11.0
org.apache.cxf:cxf-core	4.0.0	4.0.4
org.apache.cxf:cxf-rt-frontend-jaxws	4.0.0	4.0.4
com.h2database:h2	2.1.214	2.2.224
org.apache.httpcomponents:httpclient	4.5.13	4.5.14
com.fasterxml.jackson.core:jackson-databind	2.14.1	2.17.1
javax.xml.bind:jaxb-api	2.3.0	2.3.1
com.sun.xml.ws:jaxws-maven-plugin	4.0.0	4.0.1
com.sun.xml.ws:jaxws-rt	4.0.0	4.0.1
com.sun.xml.ws:jaxws-tools	4.0.0	4.0.1
jakarta.xml.ws:jakarta.xml.ws-api	4.0.0	4.0.1
org.projectlombok:lombok	1.18.24	1.18.32
org.postgresql:postgresql	42.5.1	42.7.3
org.springdoc:springdoc-openapi-ui	1.6.13	1.8.0

Updates org.apache.commons:commons-csv from 1.9.0 to 1.11.0

Changelog

Sourced from org.apache.commons:commons-csv's changelog.

Apache Commons CSV Version 1.11.0 Release Notes

This document contains the release notes for the 1.11.0 version of Apache Commons CSV. Commons CSV reads and writes files in variations of the Comma Separated Value (CSV) format.

Commons CSV requires at least Java 8.

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

Feature and bug fix release (Java 8 or above)

Changes in this version include:

New Features

• CSV-308: [Javadoc] Add example to CSVFormat#setHeaderComments() #344. Thanks to Buddhi De Silva, Gary Gregory.

•       Add and use CSVFormat#setTrailingData(boolean) in CSVFormat.EXCEL for Excel compatibility [#303](https://github.com/apache/commons-csv/issues/303). Thanks to DamjanJovanovic, Gary Gregory.
  

•       Add and use CSVFormat#setLenientEof(boolean) in CSVFormat.EXCEL for Excel compatibility [#303](https://github.com/apache/commons-csv/issues/303). Thanks to DamjanJovanovic, Gary Gregory.
  

Fixed Bugs

• CSV-306: Replace deprecated method in user guide, update external link #324, #325. Thanks to Sam Ng, Bruno P. Kinoshita.

•       Document duplicate header behavior [#309](https://github.com/apache/commons-csv/issues/309). Thanks to Seth Falco, Bruno P. Kinoshita.
  

•       Add missing docs [#328](https://github.com/apache/commons-csv/issues/328). Thanks to jkbkupczyk.
  

•       [StepSecurity] CI: Harden GitHub Actions [#329](https://github.com/apache/commons-csv/issues/329), [#330](https://github.com/apache/commons-csv/issues/330). Thanks to step-security-bot.
  

• CSV-147: Better error message during faulty CSV record read #347. Thanks to Steven Peterson, Benedikt Ritter, Gary Gregory, Joerg Schaible, Buddhi De Silva, Elliotte Rusty Harold.
• CSV-310: Misleading error message when QuoteMode set to None #352. Thanks to Buddhi De Silva.
• CSV-311: OutOfMemory for very long rows despite using column value of type Reader. Thanks to Christian Feuersaenger, Gary Gregory.

•       Use try-with-resources to manage JDBC Clob in CSVPrinter.printRecords(ResultSet). Thanks to Gary Gregory.
  

•       JDBC Blob columns are now output as Base64 instead of Object#toString(), which usually is InputStream#toString(). Thanks to Gary Gregory.
  

•       Support unusual Excel use cases: Add support for trailing data after the closing quote, and EOF without a final closing quote [#303](https://github.com/apache/commons-csv/issues/303). Thanks to DamjanJovanovic, Gary Gregory.
  

•       MongoDB CSV empty first column parsing fix [#412](https://github.com/apache/commons-csv/issues/412). Thanks to Igor Kamyshnikov, Gary Gregory.
  

Changes

•       Bump commons-io:commons-io: from 2.11.0 to 2.16.1 [#408](https://github.com/apache/commons-csv/issues/408), [#413](https://github.com/apache/commons-csv/issues/413). Thanks to Gary Gregory.
  

•       Bump commons-parent from 57 to 69 [#410](https://github.com/apache/commons-csv/issues/410). Thanks to Gary Gregory, Dependabot.
  

•       Bump h2 from 2.1.214 to 2.2.224 [#333](https://github.com/apache/commons-csv/issues/333), [#349](https://github.com/apache/commons-csv/issues/349), [#359](https://github.com/apache/commons-csv/issues/359). Thanks to Dependabot.
  

•       Bump commons-lang3 from 3.12.0 to 3.14.0. Thanks to Gary Gregory.
  

•       Update exception message in CSVRecord#getNextRecord() [#348](https://github.com/apache/commons-csv/issues/348). Thanks to Buddhi De Silva, Michael Osipov, Gary Gregory.
  

•       Bump tests using com.opencsv:opencsv from 5.8 to 5.9 [#373](https://github.com/apache/commons-csv/issues/373). Thanks to Dependabot.
  

Historical list of changes: https://commons.apache.org/proper/commons-csv/changes-report.html

For complete information on Apache Commons CSV, including instructions on how to submit bug reports,

... (truncated)

Commits

• 74e1274 Prepare for the next release candidate
• 89cbc7b Prepare for the next release candidate
• 447682e Match version to POM
• 4c186f2 Merge pull request #420 from apache/dependabot/github_actions/actions/checkou...
• 8af37f7 Merge pull request #418 from apache/dependabot/github_actions/github/codeql-a...
• 2238314 Merge pull request #419 from apache/dependabot/github_actions/actions/upload-...
• 2ccf668 Bump actions/checkout from 4.1.2 to 4.1.4
• 26cf90e Bump actions/upload-artifact from 4.3.2 to 4.3.3
• 586310a Bump github/codeql-action from 3.25.1 to 3.25.3
• bea505a Merge pull request #416 from apache/dependabot/github_actions/actions/upload-...
• Additional commits viewable in compare view

Updates org.apache.cxf:cxf-core from 4.0.0 to 4.0.4

Updates org.apache.cxf:cxf-rt-frontend-jaxws from 4.0.0 to 4.0.4

Updates org.apache.cxf:cxf-rt-frontend-jaxws from 4.0.0 to 4.0.4

Updates com.h2database:h2 from 2.1.214 to 2.2.224

Release notes

Sourced from com.h2database:h2's releases.

version-2.2.224

Patch release to fix Issue #3883 Performance regression in 2.2.222

version-2.2.222

Version 2.2.220

Changes since 2.1.214 release:

... (truncated)

Commits

• 19b770e in preparation of 2.2.224 release
• 493251f Replace Thread.holdsLock(Session) with Session.isLockedByCurrentThread()
• 8ba3ea3 in preparation for release
• 57d2332 protect FileStore.deadChunks against race codition
• 1fbf735 fix coments / renaming
• 13740e1 adjust housekeeping activity to be more aggresive when idle
• f85140a fix flaky test
• 3f1be47 Merge pull request #3873 from andreitokar/at-misc
• 9312571 ToC cache key is chunk id now, not version
• 0666a0b ToC cash is effectively not used after the first shutdown, due to a key mismatch
• Additional commits viewable in compare view

Updates org.apache.httpcomponents:httpclient from 4.5.13 to 4.5.14

Updates com.fasterxml.jackson.core:jackson-databind from 2.14.1 to 2.17.1

Commits

• See full diff in compare view

Updates javax.xml.bind:jaxb-api from 2.3.0 to 2.3.1

Commits

• 7de2ca1 Preparing for release 2.3.1
• 5cbac0c Merge pull request #62 from lukasj/fix
• c61c8df fix cp year
• bd6cdf6 Revert "Removed usage of .internal package pointing to JavaSE."
• 4d09bb1 allow running in OSGi on newer jdks
• e9625c8 Preparing for development 2.3.2-SNAPSHOT
• 9ef650f Preparing for release 2.3.1-RC1
• 7acf248 Preparing for development 2.3.2-SNAPSHOT
• c44722d Preparing for release 2.3.1-RC1
• f786240 Preparing for development 2.3.2-SNAPSHOT
• Additional commits viewable in compare view

Updates com.sun.xml.ws:jaxws-maven-plugin from 4.0.0 to 4.0.1

Updates com.sun.xml.ws:jaxws-rt from 4.0.0 to 4.0.1

Updates com.sun.xml.ws:jaxws-tools from 4.0.0 to 4.0.1

Updates jakarta.xml.ws:jakarta.xml.ws-api from 4.0.0 to 4.0.1

Release notes

Sourced from jakarta.xml.ws:jakarta.xml.ws-api's releases.

Jakarta XML Web Services API 4.0.1

What's Changed

• Supports OSGi Mediator spec
• Integrates Jakarta XML Binding API 4.0.1
• Integrates Jakarta SOAP with Attachments API 3.0.1

Full Changelog: jakartaee/jax-ws-api@4.0.0...4.0.1

Commits

• e1cd019 Update API version of jakarta.xml.ws:jakarta.xml.ws-api to 4.0.1
• 01bf2de Integrate SOAP API 3.0.1
• 5810e98 Integrate XML Binding API 4.0.1
• 09eac39 Update Contributing, Notice and security file
• 4a46b2e Integrate OSGi Mediator
• 95545da remove obsolete build instructions
• 3804c5b update gh build
• 220fa74 update build plugins,
• 0756262 Update API version of jakarta.xml.ws:jakarta.xml.ws-api to 4.0.1-SNAPSHOT
• 8b9afef Update API version of jakarta.xml.ws:jakarta.xml.ws-api to 4.0.0
• See full diff in compare view

Updates org.projectlombok:lombok from 1.18.24 to 1.18.32

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.32 (March 20th, 2024)

• PLATFORM: Initial JDK22 support added.
• PLAFTORM Added support for Eclipse 2024-03. [Issue #3620](projectlombok/lombok#3620).
• PLATFORM: Added support for recent versions of eclipse (released Q4 2023 or later or so) which would cause failures in the eclipse logs such as java.lang.NoSuchMethodError: 'java.lang.StringBuffer org.eclipse.jdt…. [Issue #3564](projectlombok/lombok#3564).
• FEATURE: @Locked has been introduced. Like @Synchronized but with java.util.concurrent.locks locks instead of the synchronized primitive. Thanks, Pim van der Loos for the PR! [Issue #3506](projectlombok/lombok#3506).
• NECROMANCY: Inlining a generated getter in eclipse would result in eclipse incorrectly replacing calls with @Getter instead of the actual field's name. [Issue #562](projectlombok/lombok#562). This issue is almost old enough to drink. Points for dedication go to Rawi for fixing this one.
• BUGFIX: When @SuperBuilder was used on a type with an annotated generic type, it would error wrong number of type arguments. [Issue #3592](projectlombok/lombok#3592).
• BUGFIX: It was possible to create an infinite build loop using @ExtensionMethod. [Issue #3225](projectlombok/lombok#3225).
• BUGFIX: Using @Getter(lazy=true) would fail if the expression contained a variable called value. [Issue #2917](projectlombok/lombok#2917).
• BUGFIX: Many lombok features wouldn't work properly on records contained within an outer type unless you explicitly marked it static. [Issue #3497](projectlombok/lombok#3497) [Issue #3559](projectlombok/lombok#3559).
• BUGFIX: Eclipse projects using the com.pro-crafting.tools:jasperreports-plugin will now compile.
• BUGFIX: @FieldNameConstants now works when generated fields are involved. [Issue #3529](projectlombok/lombok#3529).
• IMPROBABLE BREAKING CHANGE: For JSpecify, the package name changed from org.jspecify.nullness to org.jspecify.annotations, which might lead to a different null analysis. [Issue #3608](projectlombok/lombok#3608).

v1.18.30 (September 20th, 2023)

• PLATFORM: Initial JDK21 support added. [Issue #3393](projectlombok/lombok#3393).
• BUGFIX: Any @Helper class directly in a method (and not nested more deeply) wouldn't work. [Issue #3370](projectlombok/lombok#3370).
• BUGFIX: If using the module system and lombok is on the runtime classpath (shouldn't be, but happens), you'd get a split package error: Package org.objectweb.asm in both module lombok and module org.objectweb.asm. [Issue #3474](projectlombok/lombok#3474).
• BUGFIX: Lombok wasn't properly copying the annotations it should be copying when generating methods in records. [Issue #3315](projectlombok/lombok#3315).
• BUGFIX: Delomboking anything with @lombok.Singular in it wouldn't remove that annotation. [Issue #1377](projectlombok/lombok#1377).
• BUGFIX: Calling extension methods such that automatic widening is applied (i.e. calling void ext(long arg) with an int) would fail at runtime. [Issue #3463](projectlombok/lombok#3463).
• BUGFIX: Extension methods can now be used in records. [Issue #3450](projectlombok/lombok#3450).
• BUGFIX: @Getter(lazy=true) with complicated initialization expressions would fail on javac. [Issue #3314](projectlombok/lombok#3314).
• BUGFIX: Using the maven surefire plugin with a module-info.java based project would fail with a SurefireBooterForkException. [Issue #3474](projectlombok/lombok#3474).

v1.18.28 (May 24th, 2023)

• PLATFORM: JDK20 support added. [Issue #3353](projectlombok/lombok#3353).
• BUGFIX: Eclipse 4.27 and VSCode 1.14.0 would ignore lombok.config. [Issue #3332](projectlombok/lombok#3332).
• BUGFIX: @NonNull on a primitive array field on a record wouldn't work. [Issue #3366](projectlombok/lombok#3366).
• FEATURE: Jakarta has some non-null annotations (such as jakarta.annotation.Nonnull) which we now support. [Issue #3346](projectlombok/lombok#3346).
• BUGFIX: Eclipse didn't find usages of extension methods (@ExtensionMethod) in "find references" nor rename-refactoring. [Issue #3373](projectlombok/lombok#3373)

v1.18.26 (Feb 3rd, 2023)

• PLATFORM: JDK19 support added. [Issue #3264](projectlombok/lombok#3264).
• BUGFIX: Using the refactor script: "Rename field" in a @(Super)Builder-marked file in eclipse or VSCode would cause issues. [Issue #3181] (projectlombok/lombok#3181).
• BUGFIX: Using val together with any call to a method that explicitly resolves to a default impl in an interface didn't work in javac. [Issue #3242](projectlombok/lombok#3242).

Commits

• 2618848 [release] pre-release version bump
• 5719fde Update changelog in preparation for the upcoming release
• 1b713ad Add eclipse 2024-03 as test target
• 521be03 Remove unused string literal code
• 3b20b70 Support @​Delegate in eclipse 2024-03
• 98cdf67 Javadoc support for eclipse 2024-03
• e4824cb Fix Javadoc in Eclipse
• c93400d [fixes #2917] Use $value instead of value in lazy getter
• 23307eb [jdk22] Adds support for unnamed variables (JEP 456)
• a54ec70 Document using jdk22 GA
• Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.5.1 to 42.7.3

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.3

Changes

• bump version to 42.7.4 @​davecramer (#3164)
• fix Issue boolean types not handled in SimpleQuery mode @​davecramer (#3146)
• The Gradle config enforces 17+ @​OrangeDog (#3147)
• Fix 2 changelog entry titles @​crunchyjohn (#3142)
• chore: ensure CI jobs include tests for all the values of preferQueryMode, ssl, xa, gss @​vlsi (#3137)
• update jdbc website security page with latest security advisory @​davecramer (#3135)

v42.7.2

Security

CVE-2024-1597 and Security Advisory addressed. The vulnerability occurs only in non-default preferQueryMode=simple mode and only if a negative place holder -? is used. See the security advisory for details

What's Changed

• perf: avoid autoboxing bind indexes by @​bokken in pgjdbc/pgjdbc#1244
• add: Add PasswordUtil for encrypting passwords client side by @​sehrope in pgjdbc/pgjdbc#3082
• refactor: document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in pgjdbc/pgjdbc#3084
• change: Use simple query for isValid. Using Extended query sends two messages by @​davecramer in pgjdbc/pgjdbc#3101

Full Changelog: pgjdbc/pgjdbc@REL42.7.1...REL42.7.2

v42.7.1

Fixed regressions since 42.7.0

• Revert "Use canonical DateStyle name (#2925)" @​vlsi (#3035)
• Revert "feat: support SET statements combining with other queries with semicolon in PreparedStatement" @​vlsi (#3010)
• chore: use java.release=8 when building pgjdbc from the generated source distribution @​vlsi (#3038), the driver uses Java 8 methods only

Changes

• Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken @​davecramer (#3040)
• perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing @​vlsi (#3044)
• fix: avoid timezone conversions when sending LocalDateTime to the database @​vlsi (#2852)
• fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc @​chrullrich (#2720)

🧰 Maintenance

• chore: bump Gradle to 8.5 @​vlsi (#3045)
• chore: use Java 17 for building pgjdbc, and use --release 8 to target Java 8, add tests with Java 21 and 22 @​vlsi (#3026)
• fedora/rpm: move source build to java-17-openjdk-devel @​praiskup (#3036)
• Update site 42 7 0 @​davecramer (#3004)
• prepared for release 42.7.1 update changelogs @​davecramer (#3037)

⬆️ Dependencies

• fix(deps): update dependency org.checkerframework:org.checkerframework.gradle.plugin to v0.6.36 @​renovate-bot (#3060)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.3] (2024-04-14 14:51:00 -0400)

Changed

• chore: gradle config enforces 17+ [PR #3147](pgjdbc/pgjdbc#3147)

Fixed

• fix: boolean types not handled in SimpleQuery mode [PR #3146](pgjdbc/pgjdbc#3146)
  • make sure we handle boolean types in simple query mode
  • support uuid as well
  • handle all well known types in text mode and change else if to switch
• fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with NoSuchMethodError on ByteBuffer#position when running on Java 8

[42.7.2] (2024-02-21 08:23:00 -0500)

Security

• security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a - such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

• fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed [PR #3101](pgjdbc/pgjdbc#3101)
• perf: Avoid autoboxing bind indexes by @​bokken in [PR #1244](pgjdbc/pgjdbc#1244)
• refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in [PR #3084](pgjdbc/pgjdbc#3084)

Added

• feat: Add PasswordUtil for encrypting passwords client side [PR #3082](pgjdbc/pgjdbc#3082)

[42.7.1] (2023-12-06 08:34:00 -0500)

Changed

• perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](pgjdbc/pgjdbc#3044)

Fixed

• fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken [PR #3040](pgjdbc/pgjdbc#3040)
• fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc [PR #2720](pgjdbc/pgjdbc#2720) Fixes [Issue #2690](pgjdbc/pgjdbc#2720).
• fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes [Issue #3014](pgjdbc/pgjdbc#3014)
• Revert "[PR #2925](pgjdbc/pgjdbc#2925) Use canonical DateStyle name" [PR #3035](pgjdbc/pgjdbc#3035) Fixes [Issue #3008](pgjdbc/pgjdbc#3008)
• Revert "[PR ##2973](pgjdbc/pgjdbc#2973) feat: support SET statements combining with other queries with semicolon in PreparedStatement" [PR #3010](pgjdbc/pgjdbc#3010) Fixes [Issue #3007](pgjdbc/pgjdbc#3007)
• fix: avoid timezone conversions when sending LocalDateTime to the database #2852 Fixes [Issue #1390](pgjdbc/pgjdbc#1390) ,[Issue #2850](pgjdbc/pgjdbc#2850) Closes [Issue #1391(https://redirect.github.com/Fix #1390 LocalDateTime string serialization pgjdbc/pgjdbc#1391)

[42.7.0] (2023-11-20 09:33:00 -0500)

Changed

• fix: Deprecate for removal PGPoint.setLocation(java.awt.Point) to cut dependency to java.desktop module. [PR #2967](pgjdbc/pgjdbc#2967)
• feat: return all catalogs for getCatalogs metadata query closes [ISSUE #2949](pgjdbc/pgjdbc#2949) [PR #2953](pgjdbc/pgjdbc#2953)

... (truncated)

Commits

• 818953a fix Issue # 3145 boolean types not handled in SimpleQuery mode (#3146)
• 0e8ab63 The Gradle config enforces 17+ (#3147)
• b591b9f Fix 2 changelog entry titles (#3142)
• 81844e6 chore: ensure CI jobs include tests for all the values of preferQueryMode
• 2fada9e update security page (#3135)
• 388f027 fix: typo password_encrypton -> password_encryption in the error message
• 9cde4f5 Update site for release of 42.7.2 (#3133)
• df14e53 update version and last year modified
• 06abfb7 Merge pull request from GHSA-24rp-q3w6-vc56
• 93b0fcb Merge pull request from GHSA-24rp-q3w6-vc56
• Additional commits viewable in compare view

Updates org.springdoc:springdoc-openapi-ui from 1.6.13 to 1.8.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[raits]

@dependabot merge