Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump com.mchange:c3p0 from 0.9.5.5 to 0.10.0-pre2 #474

Merged
merged 1 commit into from
Feb 16, 2024
Merged

Bump com.mchange:c3p0 from 0.9.5.5 to 0.10.0-pre2 #474

merged 1 commit into from
Feb 16, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 16, 2024

Bumps com.mchange:c3p0 from 0.9.5.5 to 0.10.0-pre2.

Changelog

Sourced from com.mchange:c3p0's changelog.

c3p0-0.10.0-pre2 -- Add "Automatic-Module-Name" entry to jar manifest for interoperability with Project Jigsaw / Java 9 modules See swaldman/c3p0#171 Thanks Jörg Hohwiller -- Try context ClassLoader if library ClassLoader fails to load a named, necessary driver class. See swaldman/c3p0#115 Thanks Rodrigo Merino! -- Let statement cache fail not-quietly if drivers provide PreparedStatements without a proper equals implementation. See swaldman/c3p0#59 Thanks Thomas Beckmann! -- Be slightly less negative in the docs about unreturnedConnectionTimeout. See swaldman/c3p0#160 Thanks Matteo Mazza! -- Implement more robustly accurate checkoutTimeout. See swaldman/c3p0#138 swaldman/c3p0#137 Thanks François JACQUES! -- Add support for JDBC 4.3 beginRequest and endRequest methods. See swaldman/c3p0#170 Thanks Fernanda Meheust! -- Consider ourselves to be a wrapper for a thing if the thing we wrap itself declares itself as the wrapper of that thing. See swaldman/c3p0#149 Thanks François JACQUES! -- Fix rare ConcurrentModificationException in GooGooStatementCache when Connections are closed. See swaldman/c3p0#22 Thanks Mathilde Ffrench, Joel Caplin! c3p0-0.10.0-pre1 -- Fix doc comments no longer acceptable under persnicketty JDK 11 -- Build with JDK 11 JVM (still emitting JDK 1.6 compatible sources) -- Get tests working under new mill build -- Reorganize to switch build from ant to mill -- Update to mchange-commons-java 0.2.20 c3p0-0.9.5.5 -- Update docs to describe new com.mchange.v2.log.MLog.useRedirectableLoggers setting, implemented in mchange-commons-java 0.2.19 -- Update to mchange-commons-java 0.2.19 -- Properly implement the JDBC 4.1 abort method. Thanks to Andrew Johnson for calling attention to this issue. c3p0-0.9.5.4 -- Disabling entity expansions, as we did in v.0.9.5.3 turns out not to be sufficient to prevent all XML-config parsing related attacks (if an attacker can control the XML config file that will be parsed). We now make XML parsing much more restrictove by default, but allow users to revert to the old, permissive pre-0.9.5.3 behavior by setting config property 'com.mchange.v2.c3p0.cfg.xml.usePermissiveParser' to true. That property replaces and leaves deprecated the 'com.mchange.v2.c3p0.cfg.xml.expandEntityReferences' property introduced on 0.9.5.3. Many thanks to Aaron Massey (amassey) at HackerOne for calling attention to the continued vulnerability of XML parsing to these kinds of attacks. -- Address situation where a throwable during forceKillAcquires() left the force_kill_acquires flag set to true, making it impossible for the pool to restart acquisition attempts on recovery. We now unset the flag under any circumstance, but log interrupts or unexpected throwables, and make a best effort to complete the intended expiration of waiting clients by throwing InterruptException Many thanks to Stefan Cordes (rscadrde on github), Vipin Nair (swvist on github), and Łukasz Jąder

... (truncated)

Commits
  • 9d8d439 Bump version number, cap CHANGELOG, for c3p0-0.10.0-pre2
  • 23d96e1 Add Automatic-Module-Name entry to jar manifest for interoperability with Pro...
  • 331e715 Try context ClassLoader if library ClassLoader fails to load a named, necessa...
  • 50ec313 Let statement cache fail not-quietly if drivers provide PreparedStatements wi...
  • bce166e Slightly less negative editorializing about unreturnedConnectionTimeout in docs.
  • 184d0e0 Implement more robustly accurate checkout timeout. (Thanks @​hypnoce!)
  • 6accf55 Add support for JDBC 4.3 beginRequest and endRequest methods. (Thanks @​fmeheu...
  • fec7956 Consider ourselves to be a wrapper for a thing if the thing we wrap itself de...
  • 860800d Clean-up some loose ends from last commit.
  • 9644a22 Fix rare ConcurrentModificationException in StatementCache on Connection.close()
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump com.mchange:c3p0 from 0.9.5.5 to 0.10.0-pre2
e33f2ca 
Bumps [com.mchange:c3p0](https://github.com/swaldman/c3p0) from 0.9.5.5 to 0.10.0-pre2.
- [Changelog](https://github.com/swaldman/c3p0/blob/v0.10.0-pre2/CHANGELOG)
- [Commits](swaldman/c3p0@c3p0-0.9.5.5...v0.10.0-pre2)

---
updated-dependencies:
- dependency-name: com.mchange:c3p0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner February 16, 2024 12:20
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 16, 2024
@liweinan liweinan merged commit 00efcb9 into main Feb 16, 2024
6 checks passed
@dependabot dependabot bot deleted the dependabot/maven/com.mchange-c3p0-0.10.0-pre2 branch February 16, 2024 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@liweinan