Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency org.postgresql:postgresql to v42.7.3 #1285

Merged
merged 2 commits into from
Apr 1, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 20, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.postgresql:postgresql (source) 42.7.1 -> 42.7.3 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.3

Changed
Fixed
  • fix: boolean types not handled in SimpleQuery mode PR #​3146
    • make sure we handle boolean types in simple query mode
    • support uuid as well
    • handle all well known types in text mode and change else if to switch
  • fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with NoSuchMethodError on ByteBuffer#position when running on Java 8

v42.7.2

Security
  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a -
    such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
    This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.
Changed
  • fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed PR #​3101
  • perf: Avoid autoboxing bind indexes by @​bokken in PR #​1244
  • refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in PR #​3084
Added
  • feat: Add PasswordUtil for encrypting passwords client side PR #​3082

Configuration

📅 Schedule: Branch creation - "after 10pm" in timezone Europe/Prague, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the type: dependency-upgrade Upgrade a dependency label Feb 20, 2024
@renovate renovate bot force-pushed the renovate/managed.postgres.driver branch from 252f733 to 73209d1 Compare March 14, 2024 19:17
@renovate renovate bot changed the title fix(deps): update dependency org.postgresql:postgresql to v42.7.2 fix(deps): update dependency org.postgresql:postgresql to v42.7.3 Mar 14, 2024
@sdelamo sdelamo merged commit 4da5dc9 into master Apr 1, 2024
4 checks passed
@sdelamo sdelamo deleted the renovate/managed.postgres.driver branch April 1, 2024 17:47
Copy link

sonarqubecloud bot commented Apr 1, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type: dependency-upgrade Upgrade a dependency
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant