Update dependency org.postgresql:postgresql to v42.3.8

[joshn-whitesource-app]

This PR contains the following updates:

Package	Type	Update	Change
org.postgresql:postgresql (source)	compile	patch	42.3.1 -> 42.3.8

By merging this PR, the issue #8 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2022-21724
Critical	9.8	CVE-2022-26520
Critical	9.8	WS-2022-0080
High	8.0	CVE-2022-31197
Medium	5.5	CVE-2022-41946

---

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.3.6

Changed

Added

Fixed

• fix: close refcursors when underlying cursor==null instead of relying on defaultRowFetchSize PR #​2377

v42.3.5

Changed

• test: polish TimestampUtilsTest
• chore: use GitHub Action concurrency feature to terminate CI jobs on fast PR pushes

Added

• Added KEYS file to allow for verifying artifacts PR 2499

Fixed

• perf: enable tcpNoDelay by default PR 2495.
  This is a regression from 42.2.x versions where tcpNoDelay defaulted to true
• docs: fix readme.md after PR 2495 PR 2496
• feat: targetServerType=preferPrimary connection parameter PR 2483
• fix: revert removal of toOffsetDateTime(String timestamp) fixes Issue #​2497 PR 2501

v42.3.4

Changed

• fix: change name of build cache PR 2471
• feat: add support for ResultSet#getObject(OffsetTime.class) and PreparedStatement#setObject(OffsetTime.class) PR 2467
• fix: Use non-synchronized getTimeZone in TimestampUtils PR 2451
• docs: Fix CHANGELOG.md misformatted markdown headings PR 2461
• docs: remove loggerLevel and loggerFile from docs and issues PR 2489
• feat: use direct wire format -> LocalDate conversion without resorting to java.util.Date, java.util.Calendar,
  and default timezones PR 2464 fixes Issue #​2221

Added

Fixed

• docs: Update testing documentation PR 2446
• fix: Throw an exception if the driver cannot parse the URL instead of returning NULL fixes Issue #​2421 PR 2441
• fix: Use PGProperty instead of the property names directly PR 2444
• docs: update changelog, missing links at bottom and formatting PR 2460
• fix: Remove isDeprecated from PGProperty. It was originally intended to help produce automated docs. Fixes Issue #​2479 PR 2480
• fix: change PGInterval parseISO8601Format to support fractional second PR 2457
• fix: GSS login to use TGT from keytab fixes Issue #​2469 PR 2470
• fix: More test and fix for issues discovered by PR #​2476 PR #​2488

v42.3.3

Changed

• fix: Removed loggerFile and loggerLevel configuration. While the properties still exist.
  They can no longer be used to configure the driver logging. Instead use java.util.logging
  configuration mechanisms such as logging.properties.

Added

Fixed

v42.3.2

Security

• CVE-2022-21724 pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName,
  sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties.
  However, the driver did not verify if the class implements the expected interface before instantiating the class. This
  would allow a malicious class to be instantiated that could execute arbitrary code from the JVM. Fixed in commit

Changed

• perf: read in_hot_standby GUC on connection PR #​2334
• test: materialized view privileges PR #​2209 fixes Issue #​2060
• docs: add info about convenience maven project PR #​2407
• docs: Document timezone reversal from POSIX to ISO PR #​2413
• fix: we will ask the server if it supports GSS Encryption if gssEncryption
  is prefer or require PR #​2396 remove the need to have a ticket in the cache before asking the server if gss encryptions are supported
• docs: remove Java 6 and 7 references from contributing PR #​2385
• style: remove Java 8 / JDBC 4.2 checks PR #​2383 Remove all remaining checks whether the source is lower than Java 8
  or JDBC 4.2.
• fix: throw SQLException for #getBoolean BIT(>1) PR #​2386 Throw SQLException instead of ClassCastException when calling
  CallableStatement#getBoolean(int) on BIT(>1).
• style: import java.time types in more classes PR #​2382 Use imports for java.time types in all remaining classes.
• style: import java.time types in TimestampUtils PR #​2380 Use imports for java.time types in TimestampUtils.
• refactor: Change internal constructors to pass only connection Properties
  Changes internal constructors for PgConnection and related classes to only accept the connection properties object and
  remove the user and password arguments. Any locations that required those fields can retrieve them from the properties map.
• test: Fix DatabaseMetadataTest to perform mview tests only on 9.3+
• perf: read in_hot_standby GUC on connection PR #​2334
• doc: improv doc around binary decoding of numeric data #​2331
• Add cert key type checking to chooseClientAlias PR #​2417

Added

• feat: Add authenticationPluginClassName option to provide passwords at runtime
  Adds authenticationPluginClassName connection property that allows end users to specify a class
  that will provide the connection passwords at runtime. Users implementing that interface must
  ensure that each invocation of the method provides a new char[] array as the contents
  will be filled with zeroes by the driver after use.Call sites within the driver have been updated to use the char[] directly wherever possible.
  This includes direct usage in the GSS authentication code paths that internally were already converting the String password into a char[] for internal usage.
  This allows configuring a connection with a password that must be generated on the fly or periodically changes. PR #​2369 original issue Issue #​2102
• feat: add tcpNoDelay option PR #​2341 fixes Issue #​2324
• feat: pg_service.conf and .pgpass support (jdbc:postgresql://?service=my-service) PR #​2260 fixes Issue #​2278

Fixed

• Use local TimestampUtil in PgStatement and PgResultset for thread safety PR #​2291
  fixes Issue #​921 synchronize modification of shared calendar
• fix: PgObject isNull() was reporting the opposite fixes Issue #​2411 PR #​2414
• fix: default file name is ".pg_service.conf" on Windows (not "pg_service.conf") PR #​2398 fixes Issue #​2278
• test: Fix RefCursorFetchTest on older platforms
• fix: do not close refcursor after reading if fetchsize has been set fixes Issue #​2227 PR #​2371
• fix: rework gss authentication to use the principal name to get the credentials fixes Issue #​2235 PR #​2352
• fix: return getIndexInfo metadata columns in UPPER CASE PR #​2368
• fix: Connection leak in ConnectionFactoryImpl#tryConnect PR #​2350 Issue #​2351
• fix: Fix For IS_AUTOGENERATED Flag PR #​2348
• fix: parsing service file tests for windows PR #​2347
• fix: The spec says that calling close() on a closed connection is a noop. PR #​2345 fixes Issue #​2300
• fix: add microsecond precision to getTimestamp() called on sql TIME(6) Currently, "when fetching a value of type TIME(6) through
  resultSet.getTimestamp() only ms precision is retained, the microsecond fractional digits are lost." This change will retain the microsecond
  precision when .getTimestamp() is called on TIME(6). PR #​2181 Closes Issue #​1537
• test: materialized view privileges PR #​2209 add and drop a materialized view
  Add to TestUtil and also to DatabaseMetaData setup and teardown fixes Issue #​2060
• fix: typo in connect.md PR #​2338 OutOfMemoryException => OutOfMemoryError
• fix: use local TimestampUtil in PgStatement and PgResultset for thread
  safety TimestampUtil is not thread safe. It raises exceptions when multiple threads use ResultSets of one connection. PR #​2291
  fixes Issue #​921
  If PgStatement and PgResultSet use their own TimestampUtil no synchronize is needed.
• fix: typo in CONTRIBUTING.md PR #​2332 seccion => section

---

• If you want to rebase/retry this PR, check this box