mbarre / schemacrawler-additional-lints

Some additionnal lints for Schemacrawler
Other
12 stars 7 forks source link

Bump postgresql from 42.2.6 to 42.5.0 #383

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps postgresql from 42.2.6 to 42.5.0.

Changelog

Sourced from postgresql's changelog.

[42.5.0] (2022-08-23 11:20:11 -0400)

Changed

[42.4.2] (2022-08-17 10:33:40 -0400)

Changed

  • fix: add alias to the generated getUDT() query for clarity (PR #2553)[https://github-redirect.dependabot.com/pgjdbc/pgjdbc/pull/2553]

Added

Fixed

  • fix: regression with GSS. Changes introduced to support building with Java 17 caused failures [Issue #2588](pgjdbc/pgjdbc#2588)
  • fix: set a timeout to get the return from requesting SSL upgrade. [PR #2572](pgjdbc/pgjdbc#2572)
  • feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

[42.4.1] (2022-08-01 16:24:20 -0400)

Security

  • fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
    • Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands.
    • Also adds a new test class ResultSetRefreshTest to verify this change.
    • Reported by Sho Kato

Changed

  • chore: skip publishing pgjdbc-osgi-test to Central
  • chore: bump Gradle to 7.5
  • test: update JUnit to 5.8.2

Added

  • chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
  • chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
  • chore: support building pgjdbc with Java 17
  • feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

[42.4.0] (2022-06-09 08:14:02 -0400)

Changed

  • fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group startup parameters in a transaction (default=false like 42.2.x) fixes [Issue #2425](pgjdbc/pgjdbc#2497) pgbouncer cannot deal with transactions in statement pooling mode [PR #2425](pgjdbc/pgjdbc#2425)

Fixed

... (truncated)

Commits
  • f490edf put entry in CHANGELOG and release notes for 42.5.0 (#2601)
  • d62ba27 fix: revert change in PR#2597 where float was aliased to float4 from float8. ...
  • 08b2db3 bump version number for next release
  • 389be0a Update changelog for release (#2596)
  • 364662e fix erroneous method signature and null subjectCallAs (#2595)
  • 04dc96a update last copyright year (#2593)
  • f76ca46 fix checkstyle
  • a45b4d8 get rid of javadoc warnings
  • abf3bcb fix mismatched types for invokeExact. Have to tell invokeExact what type we a...
  • 96f2561 fix: make setObject accept UUID array (#2587)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

dependabot[bot] commented 1 year ago

Superseded by #401.