Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency org.postgresql:postgresql to v42.7.2 #513

Merged
merged 3 commits into from
Mar 4, 2024
Merged

fix(deps): update dependency org.postgresql:postgresql to v42.7.2 #513

merged 3 commits into from
Mar 4, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 20, 2024
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.postgresql:postgresql (source) 42.7.1 -> 42.7.2 age adoption passing confidence

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.2

Security
  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a -
    such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
    This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.
Changed
  • fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed PR #​3101
  • perf: Avoid autoboxing bind indexes by @​bokken in PR #​1244
  • refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in PR #​3084
Added
  • feat: Add PasswordUtil for encrypting passwords client side PR #​3082

Configuration

📅 Schedule: Branch creation - "after 10pm" in timezone Europe/Prague, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the type: dependency-upgrade Upgrade a dependency label Feb 20, 2024
sdelamo
sdelamo requested changes Feb 28, 2024
View reviewed changes
Copy link
Contributor

@sdelamo sdelamo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wetted use the version from SQL https://github.com/micronaut-projects/micronaut-sql/blob/master/gradle/libs.versions.toml#L36

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Mar 1, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

Warning: custom changes will be lost.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 1, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@wetted wetted requested a review from sdelamo March 1, 2024 16:19
@sdelamo sdelamo added the relates-to: build label for issues related to the build file or CI label Mar 4, 2024
@sdelamo sdelamo merged commit e08ea2c into master Mar 4, 2024
11 checks passed
@sdelamo sdelamo deleted the renovate/postgresql branch March 4, 2024 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sdelamo sdelamo sdelamo approved these changes

Assignees

@wetted wetted

Labels
relates-to: build label for issues related to the build file or CI type: dependency-upgrade Upgrade a dependency
Projects
4.4.0 Release
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sdelamo @wetted