Bump com.mchange:c3p0 from 0.9.5.5 to 0.10.0-pre2

[dependabot[bot]]

Bumps com.mchange:c3p0 from 0.9.5.5 to 0.10.0-pre2.

Changelog

Sourced from com.mchange:c3p0's changelog.

c3p0-0.10.0-pre2 -- Add "Automatic-Module-Name" entry to jar manifest for interoperability with Project Jigsaw / Java 9 modules See swaldman/c3p0#171 Thanks Jörg Hohwiller -- Try context ClassLoader if library ClassLoader fails to load a named, necessary driver class. See swaldman/c3p0#115 Thanks Rodrigo Merino! -- Let statement cache fail not-quietly if drivers provide PreparedStatements without a proper equals implementation. See swaldman/c3p0#59 Thanks Thomas Beckmann! -- Be slightly less negative in the docs about unreturnedConnectionTimeout. See swaldman/c3p0#160 Thanks Matteo Mazza! -- Implement more robustly accurate checkoutTimeout. See swaldman/c3p0#138 swaldman/c3p0#137 Thanks François JACQUES! -- Add support for JDBC 4.3 beginRequest and endRequest methods. See swaldman/c3p0#170 Thanks Fernanda Meheust! -- Consider ourselves to be a wrapper for a thing if the thing we wrap itself declares itself as the wrapper of that thing. See swaldman/c3p0#149 Thanks François JACQUES! -- Fix rare ConcurrentModificationException in GooGooStatementCache when Connections are closed. See swaldman/c3p0#22 Thanks Mathilde Ffrench, Joel Caplin! c3p0-0.10.0-pre1 -- Fix doc comments no longer acceptable under persnicketty JDK 11 -- Build with JDK 11 JVM (still emitting JDK 1.6 compatible sources) -- Get tests working under new mill build -- Reorganize to switch build from ant to mill -- Update to mchange-commons-java 0.2.20 c3p0-0.9.5.5 -- Update docs to describe new com.mchange.v2.log.MLog.useRedirectableLoggers setting, implemented in mchange-commons-java 0.2.19 -- Update to mchange-commons-java 0.2.19 -- Properly implement the JDBC 4.1 abort method. Thanks to Andrew Johnson for calling attention to this issue. c3p0-0.9.5.4 -- Disabling entity expansions, as we did in v.0.9.5.3 turns out not to be sufficient to prevent all XML-config parsing related attacks (if an attacker can control the XML config file that will be parsed). We now make XML parsing much more restrictove by default, but allow users to revert to the old, permissive pre-0.9.5.3 behavior by setting config property 'com.mchange.v2.c3p0.cfg.xml.usePermissiveParser' to true. That property replaces and leaves deprecated the 'com.mchange.v2.c3p0.cfg.xml.expandEntityReferences' property introduced on 0.9.5.3. Many thanks to Aaron Massey (amassey) at HackerOne for calling attention to the continued vulnerability of XML parsing to these kinds of attacks. -- Address situation where a throwable during forceKillAcquires() left the force_kill_acquires flag set to true, making it impossible for the pool to restart acquisition attempts on recovery. We now unset the flag under any circumstance, but log interrupts or unexpected throwables, and make a best effort to complete the intended expiration of waiting clients by throwing InterruptException Many thanks to Stefan Cordes (rscadrde on github), Vipin Nair (swvist on github), and Łukasz Jąder

... (truncated)

Commits

• 9d8d439 Bump version number, cap CHANGELOG, for c3p0-0.10.0-pre2
• 23d96e1 Add Automatic-Module-Name entry to jar manifest for interoperability with Pro...
• 331e715 Try context ClassLoader if library ClassLoader fails to load a named, necessa...
• 50ec313 Let statement cache fail not-quietly if drivers provide PreparedStatements wi...
• bce166e Slightly less negative editorializing about unreturnedConnectionTimeout in docs.
• 184d0e0 Implement more robustly accurate checkout timeout. (Thanks @​hypnoce!)
• 6accf55 Add support for JDBC 4.3 beginRequest and endRequest methods. (Thanks @​fmeheu...
• fec7956 Consider ourselves to be a wrapper for a thing if the thing we wrap itself de...
• 860800d Clean-up some loose ends from last commit.
• 9644a22 Fix rare ConcurrentModificationException in StatementCache on Connection.close()
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)