Bump org.postgresql:postgresql from 42.2.14 to 42.5.0 in /dummy

[github-actions]

Bumps org.postgresql:postgresql from 42.2.14 to 42.5.0.

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.5.0] (2022-08-23 11:20:11 -0400)

Changed

• fix: revert change in [PR #1986](pgjdbc/pgjdbc#1986) where float was aliased to float4 from float8. float now aliases to float8 [PR #2598](pgjdbc/pgjdbc#2598) fixes [Issue #2597](pgjdbc/pgjdbc#2597)

[42.4.2] (2022-08-17 10:33:40 -0400)

Changed

• fix: add alias to the generated getUDT() query for clarity (PR #2553)[https://github-redirect.dependabot.com/Add table alias to the getUDT query for clarity pgjdbc/pgjdbc#2553]

Added

• fix: make setObject accept UUID array [PR #2587](pgjdbc/pgjdbc#2587)

Fixed

• fix: regression with GSS. Changes introduced to support building with Java 17 caused failures [Issue #2588](pgjdbc/pgjdbc#2588)
• fix: set a timeout to get the return from requesting SSL upgrade. [PR #2572](pgjdbc/pgjdbc#2572)
• feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

[42.4.1] (2022-08-01 16:24:20 -0400)

Security

• fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
  • Previously, the column names for both key and data columns in the table were copied as-is into the generated SQL. This allowed a malicious table with column names that include statement terminator to be parsed and executed as multiple separate commands.
  • Also adds a new test class ResultSetRefreshTest to verify this change.
  • Reported by Sho Kato

Changed

• chore: skip publishing pgjdbc-osgi-test to Central
• chore: bump Gradle to 7.5
• test: update JUnit to 5.8.2

Added

• chore: added Gradle Wrapper Validation for verifying gradle-wrapper.jar
• chore: added "permissions: contents: read" for GitHub Actions to avoid unintentional modifications by the CI
• chore: support building pgjdbc with Java 17
• feat: synchronize statement executions (e.g. avoid deadlock when Connection.isValid is executed from concurrent threads)

[42.4.0] (2022-06-09 08:14:02 -0400)

Changed

• fix: added GROUP_STARTUP_PARAMETERS boolean property to determine whether or not to group startup parameters in a transaction (default=false like 42.2.x) fixes [Issue #2425](pgjdbc/pgjdbc#2497) pgbouncer cannot deal with transactions in statement pooling mode [PR #2425](pgjdbc/pgjdbc#2425)

Fixed

• fix: queries with up to 65535 (inclusive) parameters are supported now (previous limit was 32767) [PR #2525](pgjdbc/pgjdbc#2525), [Issue #1311](pgjdbc/pgjdbc#1311)
• fix: workaround JarIndex parsing issue by using groupId/artifactId-version directory namings. Regression since 42.2.13. [PR #2531](pgjdbc/pgjdbc#2531), [issue #2527](pgjdbc/pgjdbc#2527)
• fix: use Locale.ROOT for toUpperCase() toLowerCase() calls

... (truncated)

Commits

• f490edf put entry in CHANGELOG and release notes for 42.5.0 (#2601)
• d62ba27 fix: revert change in PR#2597 where float was aliased to float4 from float8. ...
• 08b2db3 bump version number for next release
• 389be0a Update changelog for release (#2596)
• 364662e fix erroneous method signature and null subjectCallAs (#2595)
• 04dc96a update last copyright year (#2593)
• f76ca46 fix checkstyle
• a45b4d8 get rid of javadoc warnings
• abf3bcb fix mismatched types for invokeExact. Have to tell invokeExact what type we a...
• 96f2561 fix: make setObject accept UUID array (#2587)
• Additional commits viewable in compare view