Bump postgresql from 42.3.3 to 42.4.1 in /IGRP

[dependabot[bot]]

Bumps postgresql from 42.3.3 to 42.4.1.

Release notes

Sourced from postgresql's releases.

42.4.0

What's Changed

• Enhancement: Made TimestampUtils.utcTz static and renamed to UTC_TIMEZONE by @​svendiedrichsen in pgjdbc/pgjdbc#2519
• fix: return correct base type for domain from getUDTs (#2520) by @​alurie in pgjdbc/pgjdbc#2522
• fix: support queries with up to 65535 (inclusive) parameters by @​vlsi in pgjdbc/pgjdbc#2525
• chore: use META-INF/licenses/$group/$artifact-$version/... folder for licenses by @​vlsi in pgjdbc/pgjdbc#2531
• fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group startup parameters in a transaction or not fixes Issue 2423 pgbouncer cannot deal with transactions in statement pooling mode by @​davecramer in pgjdbc/pgjdbc#2425
• chore: Make the readme version agnostic by @​jorsol in pgjdbc/pgjdbc#2540
• Release notes 42.4.0 by @​davecramer in pgjdbc/pgjdbc#2541

New Contributors

• @​svendiedrichsen made their first contribution in pgjdbc/pgjdbc#2519

Full Changelog: https://github.com/pgjdbc/pgjdbc/compare/REL42.3.6...REL42.4.0

Changelog

Sourced from postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.4.1] (2022-08-01 16:24:20 -0400)

Security

• fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
  • Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands.
  • Also adds a new test class ResultSetRefreshTest to verify this change.
  • Reported by Sho Kato

Changed

• chore: skip publishing pgjdbc-osgi-test to Central
• chore: bump Gradle to 7.5
• test: update JUnit to 5.8.2

Added

• chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
• chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
• chore: support building pgjdbc with Java 17

Fixed

[42.4.0] (2022-06-09 08:14:02 -0400)

Changed

• fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group startup parameters in a transaction (default=false like 42.2.x) fixes [Issue #2425](pgjdbc/pgjdbc#2497) pgbouncer cannot deal with transactions in statement pooling mode [PR #2425](pgjdbc/pgjdbc#2425)

Fixed

• fix: queries with up to 65535 (inclusive) parameters are supported now (previous limit was 32767) [PR #2525](pgjdbc/pgjdbc#2525), [Issue #1311](pgjdbc/pgjdbc#1311)
• fix: workaround JarIndex parsing issue by using groupId/artifactId-version directory namings. Regression since 42.2.13. [PR #2531](pgjdbc/pgjdbc#2531), [issue #2527](pgjdbc/pgjdbc#2527)
• fix: use Locale.ROOT for toUpperCase() toLowerCase() calls
• doc: add Vladimir Sitnikov's PGP key
• fix: return correct base type for domain from getUDTs [PR #2520](pgjdbc/pgjdbc#2520) [Issue #2522](pgjdbc/pgjdbc#2522)
• perf: utcTz static and renamed to UTC_TIMEZONE [PR #2519](pgjdbc/pgjdbc#2520)
• doc: fix release version for #2377 (it should be 42.3.6, not 42.3.5)

... (truncated)

Commits

• bd91c4c Prepare for release (#2580)
• 739e599 Merge pull request from GHSA-r38f-c4h4-hqq2
• 736f959 fix: replace syncronization in Connection.close with compareAndSet
• 4673fd2 feat: synchronize statement executions (e.g. avoid deadlock when Connection.i...
• fd31a06 update the website content (#2578)
• a6044d0 set a timeout to get the return from requesting SSL upgrade. (#2572)
• 58d6fa0 test: bump system-stubs-jupiter to 2.0.1 to support Java 16+
• b452d8c test: avoid concurrent executions of tests that update environment and system...
• aa5758a test: update JUnit to 5.8.2
• 36cd24c fix: log connection URL when it can't be parsed
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NOSiCode-CV/IGRP-Framework/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.