Update dependency org.postgresql:postgresql to v42.7.4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.postgresql:postgresql (source)	42.4.0 -> 42.7.4

---

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.4

Added

• chore: SCRAM dependency to 3.1 and support channel binding PR #​3188
• chore: Add PostgreSQL 15, 16, and 17beta1 to CI tests PR #​3299
• test: Update to 17beta3 PR #​3308
• chore: Implement direct SSL ALPN connections PR #​3252
• translation: Add Korean translation file PR #​3276

Fixed

• fix: PgInterval ignores case for represented interval string PR #​3344
• perf: Avoid extra copies when receiving int4 and int2 in PGStream PR #​3295
• fix: Add support for Infinity::numeric values in ResultSet.getObject PR #​3304
• fix: Ensure order of results for getDouble PR #​3301
• perf: Replace BufferedOutputStream with unsynchronized PgBufferedOutputStream, allow configuring different Java and SO_SNDBUF buffer sizes PR #​3248
• fix: Fix SSL tests PR #​3260
• fix: Support bytea in preferQueryMode=simple PR #​3243
• fix: Fix #​3234 - Return -1 as update count for stored procedure calls PR #​3235
• fix: Fix #​3224 - conversion for TIME '24:00' to LocalTime breaks in binary-mode PR #​3225
• perf: Speed up getDate by parsing bytes instead of String PR #​3141
• fix: support PreparedStatement.setBlob(1, Blob) and PreparedStatement.setClob(1, Clob) for lobs that return -1 for length PR #​3136
• fix: Validates resultset Params in PGStatement constructor. uses assertThro… PR #​3171
• fix: Validates resultset parameters PR #​3167
• docs: Replace greater to with greater than PR #​3315
• docs: Clarify binaryTransfer and prepareThreshold PR #​3338
• docs: use.md, typo PR #​3314
• test: Use docker v2 which changes docker-compose to docker compose #​3339
• refactor: Merge PgPreparedStatement#setBinaryStream int and long methods PR #​3165
• test: Test both binaryMode=true,false when creating connections in DatabaseMetaDataTest PR #​3231
• docs: Fixed typos in all source code and documentations PR #​3242
• chore: Remove self-hosted runner PR #​3227
• docs: Add cancelSignalTimeout in README PR #​3190
• docs: Document READ_ONLY_MODE in README PR #​3175
• test: Test for +/- infinity double values PR #​3294
• test: Switch localhost and auth-test around for test-gss PR #​3343
• fix: remove preDescribe from internalExecuteBatch PR #​2883

Deprecated

• test: Deprecate all PostgreSQL versions older than 9.1 PR #​3335

v42.7.3

Changed

• chore: gradle config enforces 17+ PR #​3147

Fixed

• fix: boolean types not handled in SimpleQuery mode PR #​3146
  • make sure we handle boolean types in simple query mode
  • support uuid as well
  • handle all well known types in text mode and change else if to switch
• fix: released new versions of 42.2.29, 42.3.10, 42.4.5, 42.5.6, 42.6.2 to deal with NoSuchMethodError on ByteBuffer#position when running on Java 8

v42.7.2

Security

• security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a -
  such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment.
  This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

• fix: Use simple query for isValid. Using Extended query sends two messages checkConnectionQuery was never ever set or used, removed PR #​3101
• perf: Avoid autoboxing bind indexes by @​bokken in PR #​1244
• refactor: Document that encodePassword will zero out the password array, and remove driver's default encodePassword by @​vlsi in PR #​3084

Added

• feat: Add PasswordUtil for encrypting passwords client side PR #​3082

v42.7.1

Changed

• perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing PR #​3044

Fixed

• fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken PR #​3040
• fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc PR #​2720 Fixes Issue #​2690.
• fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes Issue #​3014
• Revert "PR #​2925 Use canonical DateStyle name" PR #​3035
  Fixes Issue #​3008
• Revert "PR ##​2973 feat: support SET statements combining with other queries with semicolon in PreparedStatement" PR #​3010
  Fixes Issue #​3007
• fix: avoid timezone conversions when sending LocalDateTime to the database #​2852 Fixes Issue #​1390
  ,Issue #​2850
  Closes [Issue #​1391(https://github.com/pgjdbc/pgjdbc/issues/1391)

v42.7.0

Changed

• fix: Deprecate for removal PGPoint.setLocation(java.awt.Point) to cut dependency to java.desktop module. PR #​2967
• feat: return all catalogs for getCatalogs metadata query closes ISSUE #​2949 PR #​2953
• feat: support SET statements combining with other queries with semicolon in PreparedStatement PR ##​2973

Fixed

• chore: add styleCheck Gradle task to report style violations PR #​2980
• fix: Include currentXid in "Error rolling back prepared transaction" exception message PR #​2978
• fix: add varbit as a basic type inside the TypeInfoCache PR #​2960
• fix: Fix failing tests for version 16. PR #​2962
• fix: allow setting arrays with ANSI type name PR #​2952
• feat: Use KeepAlive to confirm LSNs PR #​2941
• fix: put double ' around log parameter PR #​2936 fixes ISSUE #​2935
• fix: Fix Issue #​2928 number of ports not equal to number of servers in datasource PR #​2929
• fix: Use canonical DateStyle name (#​2925) fixes pgbouncer issue
• fix: Method getFastLong should be able to parse all longs PR #​2881
• docs: Fix typos in info.html PR #​2860
• fix: Return correct default from PgDatabaseMetaData.getDefaultTransactionIsolation PR #​2992 fixes Issue #​2991
• test: fix assertion in RefCursorFetchTestultFetchSize rows
• test: use try-with-resources in LogicalReplicationStatusTest

v42.6.0

Changed

• fix: use PhantomReferences instead of Obejct.finalize() to track Connection leaks PR #​2847

  The change replaces all uses of Object.finalize with PhantomReferences.
  The leaked resources (Connections) are tracked in a helper thread that is active as long as
  there are connections in use. By default, the thread keeps running for 30 seconds after all
  the connections are released. The timeout is set with pgjdbc.config.cleanup.thread.ttl system property.

• refactor:(loom) replace the usages of synchronized with ReentrantLock PR #​2635
  Fixes Issue #​1951

v42.5.4

Fixed

• fix: fix testGetSQLTypeQueryCache by searching for xid type. We used to search for box type but it is now cached. xid is not cached, this nuance is required for the test.
• fix OidValueCorrectnessTest BOX_ARRAY OID, by adding BOX_ARRAY to the oidTypeName map [PR #​2810](https://github.com/pgjdbc/pgjdbc/pull/28100).
• fixes Issue #​2804.
• fix: Make sure that github CI runs tests on all(https://redirect.github.com/pgjdbc/pgjdbc/pull/2809)dbc/pgjdbc/pull/2809\)).

v42.5.3

Fixed

• fix: Add box to TypeInfoCache, fixes Issue #​2746 PR #​2747
• fix: regression in PgResultSet LONG_MIN copy and paste error fixes Issue #​2748 PR#2749

v42.5.2

Changed

• regression: This release has 2 known regressions which make it unusable see the notes above. We advise people to use 42.5.3 instead.
• docs: specify that timeouts are in seconds and there is a maximum. Housekeeping on some tests fixes #Issue 2671 PR #​2686
• docs: clarify binaryTransfer and add it to README PR# 2698
• docs: Document the need to encode reserved characters in the connection URL PR #​2700
• feat: Define binary transfer for custom types dynamically/automatically fixes Issue #​2554 PR #​2556

Added

• fix: added gssResponseTimeout as part of PR #​2687 to make sure we don't wait forever on a GSS RESPONSE

Fixed

• fix: Ensure case of XML tags in Maven snippet is correct PR #​2682
• fix: Make sure socket is closed if an exception is thrown in createSocket fixes Issue #​2684 PR #​2685
• fix: Apply patch from Issue #​2683 to fix hanging ssl connections PR #​2687
• fix - binary conversion of (very) long numeric values (longer than 4 * 2^15 digits) PR #​2697 fixes Issue #​2695
• minor: enhance readability connection of startup params PR #​2705

v42.5.1

Security

• security: StreamWrapper spills to disk if setText, or setBytea sends very large Strings or arrays to the server. createTempFile creates a file which can be read by other users on unix like systems (Not macos).
  This has been fixed in this version fixes CVE-2022-41946 see the security advisory for more details. Reported by Jonathan Leitschuh This has been fixed in versions 42.5.1, 42.4.3 42.3.8, 42.2.27.jre7. Note there is no fix for 42.2.26.jre6. See the security advisory for work arounds.

Fixed

• fix: make sure we select array_in from pg_catalog to avoid duplicate array_in functions fixes #Issue 2548 PR #​2552
• fix: binary decoding of bool values PR #​2640
• perf: improve performance of PgResultSet getByte/getShort/getInt/getLong for float-typed columns PR #​2634
• chore: fix various spelling errors PR #​2592
• chore: Feature/urlparser improve URLParser PR #​2641

v42.5.0

Changed

• fix: revert change in PR #​1986 where float was aliased to float4 from float8.
  float now aliases to float8 PR #​2598 fixes Issue #​2597

v42.4.2

Changed

• fix: add alias to the generated getUDT() query for clarity (PR #​2553)[https://github.com/pgjdbc/pgjdbc/pull/2553](https://redirect.github.com/pgjdbc/pgjdbc/pull/2553)3]

Added

• fix: make setObject accept UUID array PR #​2587

Fixed

• fix: regression with GSS. Changes introduced to support building with Java 17 caused failures Issue #​2588
• fix: set a timeout to get the return from requesting SSL upgrade. PR #​2572
• feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

v42.4.1

Security

• fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
  • Previously, the column names for both key and data columns in the table were copied as-is into the generated
    SQL. This allowed a malicious table with column names that include statement terminator to be parsed and
    executed as multiple separate commands.
  • Also adds a new test class ResultSetRefreshTest to verify this change.
  • Reported by Sho Kato

Changed

• chore: skip publishing pgjdbc-osgi-test to Central
• chore: bump Gradle to 7.5
• test: update JUnit to 5.8.2

Added

• chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
• chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
• chore: support building pgjdbc with Java 17
• feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coveralls]

Pull Request Test Coverage Report for Build #910

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 97.605%

---

Totals
Change from base Build #907:	0.0%
Covered Lines:	652
Relevant Lines:	668

---

💛 - Coveralls

[coveralls]

Pull Request Test Coverage Report for Build #1014

Details

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 97.605%

---

Totals
Change from base Build #1003:	0.0%
Covered Lines:	652
Relevant Lines:	668

---

💛 - Coveralls