Bump org.postgresql:postgresql from 42.2.14 to 42.4.1 in /dummy

[github-actions]

Bumps org.postgresql:postgresql from 42.2.14 to 42.4.1.

Release notes

Sourced from org.postgresql:postgresql's releases.

42.4.0

What's Changed

• Enhancement: Made TimestampUtils.utcTz static and renamed to UTC_TIMEZONE by @svendiedrichsen in pgjdbc/pgjdbc#2519
• fix: return correct base type for domain from getUDTs (#2520) by @alurie in pgjdbc/pgjdbc#2522
• fix: support queries with up to 65535 (inclusive) parameters by @vlsi in pgjdbc/pgjdbc#2525
• chore: use META-INF/licenses/$group/$artifact-$version/... folder for licenses by @vlsi in pgjdbc/pgjdbc#2531
• fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group startup parameters in a transaction or not fixes Issue 2423 pgbouncer cannot deal with transactions in statement pooling mode by @davecramer in pgjdbc/pgjdbc#2425
• chore: Make the readme version agnostic by @jorsol in pgjdbc/pgjdbc#2540
• Release notes 42.4.0 by @davecramer in pgjdbc/pgjdbc#2541

New Contributors

• @svendiedrichsen made their first contribution in pgjdbc/pgjdbc#2519

Full Changelog: pgjdbc/pgjdbc@REL42.3.6...REL42.4.0

Changelog

Sourced from org.postgresql:postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.4.1] (2022-08-01 16:24:20 -0400)

Security

• fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
  • Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands.
  • Also adds a new test class ResultSetRefreshTest to verify this change.
  • Reported by Sho Kato

Changed

• chore: skip publishing pgjdbc-osgi-test to Central
• chore: bump Gradle to 7.5
• test: update JUnit to 5.8.2

Added

• chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
• chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
• chore: support building pgjdbc with Java 17

Fixed

[42.4.0] (2022-06-09 08:14:02 -0400)

Changed

• fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group startup parameters in a transaction (default=false like 42.2.x) fixes [Issue #2425](pgjdbc/pgjdbc#2497) pgbouncer cannot deal with transactions in statement pooling mode [PR #2425](pgjdbc/pgjdbc#2425)

Fixed

• fix: queries with up to 65535 (inclusive) parameters are supported now (previous limit was 32767) [PR #2525](pgjdbc/pgjdbc#2525), [Issue #1311](pgjdbc/pgjdbc#1311)
• fix: workaround JarIndex parsing issue by using groupId/artifactId-version directory namings. Regression since 42.2.13. [PR #2531](pgjdbc/pgjdbc#2531), [issue #2527](pgjdbc/pgjdbc#2527)
• fix: use Locale.ROOT for toUpperCase() toLowerCase() calls
• doc: add Vladimir Sitnikov's PGP key
• fix: return correct base type for domain from getUDTs [PR #2520](pgjdbc/pgjdbc#2520) [Issue #2522](pgjdbc/pgjdbc#2522)
• perf: utcTz static and renamed to UTC_TIMEZONE [PR #2519](pgjdbc/pgjdbc#2520)
• doc: fix release version for #2377 (it should be 42.3.6, not 42.3.5)

... (truncated)

Commits

• bd91c4c Prepare for release (#2580)
• 739e599 Merge pull request from GHSA-r38f-c4h4-hqq2
• 736f959 fix: replace syncronization in Connection.close with compareAndSet
• 4673fd2 feat: synchronize statement executions (e.g. avoid deadlock when Connection.i...
• fd31a06 update the website content (#2578)
• a6044d0 set a timeout to get the return from requesting SSL upgrade. (#2572)
• 58d6fa0 test: bump system-stubs-jupiter to 2.0.1 to support Java 16+
• b452d8c test: avoid concurrent executions of tests that update environment and system...
• aa5758a test: update JUnit to 5.8.2
• 36cd24c fix: log connection URL when it can't be parsed
• Additional commits viewable in compare view