Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the maven group across 7 directories with 8 updates #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the maven group across 7 directories with 8 updates #2

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 21, 2024

Bumps the maven group with 1 update in the /apache-pulsar directory: org.apache.pulsar:pulsar-client.
Bumps the maven group with 1 update in the /cache-invalidation directory: org.postgresql:postgresql.
Bumps the maven group with 2 updates in the /camel-component directory: org.postgresql:postgresql and org.apache.kafka:kafka-clients.
Bumps the maven group with 4 updates in the /graphql/aggregator directory: org.apache.kafka:kafka_2.12, org.apache.kafka:kafka-streams, org.apache.kafka:kafka-clients and com.google.guava:guava.
Bumps the maven group with 1 update in the /jpa-aggregations/jpa-test directory: com.fasterxml.jackson.core:jackson-databind.
Bumps the maven group with 1 update in the /kstreams-live-update/event-source directory: org.postgresql:postgresql.
Bumps the maven group with 4 updates in the /testcontainers directory: org.postgresql:postgresql, org.apache.kafka:kafka-clients, com.fasterxml.jackson.core:jackson-databind and com.jayway.jsonpath:json-path.

Updates org.apache.pulsar:pulsar-client from 2.9.2 to 2.9.3

Release notes

Sourced from org.apache.pulsar:pulsar-client's releases.

v2.9.3

Important notice

  • [PIP-146] ManagedCursorInfo compression #14542
  • [PIP-153] Optimize metadataPositions in MLPendingAckStore #15137
  • [PIP-163] Add lowWaterMark check before appending entry to TB #15424

Broker

  • [cleanup][broker] Cleanup already deleted namespace topics #12597
  • [cleanup][broker] Override close method to avoid caching exception #15529
  • [cleanup][broker] Remove useless code to avoid confusion in OpReadEntry#checkReadCompletion #15104
  • [fix][broker] Avoid heartbeat topic to offload #15008
  • [fix][broker] Cancel fencedTopicMonitoringTask when topic closed normally #15202
  • [fix][broker] Check for blank advertised listener name #14306
  • [fix][broker] Close publishLimiter when disable it #15520
  • [fix][broker] Fast return if ack cumulative illegal #15695
  • [fix][broker] Fix MessageDeduplication#inactiveProducers may not be persistence correctly #15206
  • [fix][broker] Fix MultiRolesTokenAuthorizationProvider authorize issue #15454
  • [fix][broker] Fix NPE in MessageDeduplication #15820
  • [fix][broker] Fix NPE when ledger id not found in OpReadEntry #15837
  • [fix][broker] Fix NPE when put value to RangeCache #15707
  • [fix][broker] Fix NPE when set AutoTopicCreationOverride #15653
  • [fix][broker] Fix NPE when subscription is already removed #14363
  • [fix][broker] Fix REST produce msg redirect issue #15551
  • [fix][broker] Fix call sync method in onPoliciesUpdate method #13885
  • [fix][broker] Fix call sync method in onPoliciesUpdate method #15227
  • [fix][broker] Fix cannot delete namespace with system topic #14730
  • [fix][broker] Fix creating producer failure when set backlog quota #15663
  • [fix][broker] Fix creating system namespace topic failure #14949
  • [fix][broker] Fix deadlock in broker after race condition in topic creation failure #15570
  • [fix][broker] Fix getPendingAckInternalStats redirect issue #14876
  • [fix][broker] Fix inconsistent prompt message when schema version is empty using AVRO #14626
  • [fix][broker] Fix incorrect entryId in warning logs when reading an entry from tiered storage #14685
  • [fix][broker] Fix metadata store deadlock when checking BacklogQuota #14634
  • [fix][broker] Fix no value present #14891
  • [fix][broker] Fix normal topic named ends with healthcheck becomes system topic issue #14671
  • [fix][broker] Fix parameter saslJaasBrokerSectionName in broker.conf #15110
  • [fix][broker] Fix potential to add duplicated consumer #15051
  • [fix][broker] Fix precision issue and initial value for Consumer#avgMessagesPerEntry #14666
  • [fix][broker] Fix problem at RateLimiter#tryAcquire #15306
  • [fix][broker] Fix producerFuture not completed in ServerCnx#handleProducer #14467
  • [fix][broker] Fix race condition between timeout and completion in OpAddEntry #15233
  • [fix][broker] Fix race condition in updating lastMarkDeleteEntry field #15031
  • [fix][broker] Fix rewind failed when redeliverUnacknowledgedMessages #15046
  • [fix][broker] Fix topic policy reader close bug #14897
  • [fix][broker] Fix typo in enum name and handle closing of the channel properly since writeAndFlush is asynchronous #15384
  • [fix][broker] Fix when nextValidLedger is null caused NPE #13975
  • [fix][broker] Fix wrong prompt exception when getting the non-persistent topic list without GET_BUDNLE permission #14638
  • [fix][broker] Fix wrong state for non-durable cursor #14869

... (truncated)

Commits
  • dd9a5f1 Release 2.9.3
  • 1fa9c2e [branch-2.9][fix][security] Add timeout of sync methods and avoid call sync m...
  • 3e84452 Removing log4j-1.2-api from dependencies (#15991)
  • e3b8e01 [branch-2.9] Fix compile issue by cherry-pick (#16086)
  • 4225887 Avoid AuthenticationDataSource mutation for subscription name (#16065)
  • 3211f91 Clean up C++ client curl configuration (#16064)
  • f80225d Fix wrong response type for swagger definitions (#16022)
  • 7349c23 [fix][client] Remove consumer when close consumer command is received (#15761)
  • 2e78141 [Function] provide default error handler for function log appender (#15728)
  • a767d37 [fix][admin] Fix typo in validation message (#16021)
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.4.1 to 42.4.4

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.4.3

What's Changed

Full Changelog: pgjdbc/pgjdbc@REL42.4.2...REL42.4.3

v42.4.2

What's Changed

New Contributors

Full Changelog: pgjdbc/pgjdbc@REL42.4.1...REL42.4.2

Changelog

Sourced from org.postgresql:postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.7.2] (2024-02-21 08:23:00 -0500)

Security

  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a - such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

Added

[42.7.1] (2023-12-06 08:34:00 -0500)

Changed

  • perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](pgjdbc/pgjdbc#3044)

Fixed

[42.7.0] (2023-11-20 09:33:00 -0500)

Changed

... (truncated)

Commits

Updates org.postgresql:postgresql from 42.4.1 to 42.4.4

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.4.3

What's Changed

Full Changelog: pgjdbc/pgjdbc@REL42.4.2...REL42.4.3

v42.4.2

What's Changed

New Contributors

Full Changelog: pgjdbc/pgjdbc@REL42.4.1...REL42.4.2

Changelog

Sourced from org.postgresql:postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.7.2] (2024-02-21 08:23:00 -0500)

Security

  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a - such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

Added

[42.7.1] (2023-12-06 08:34:00 -0500)

Changed

  • perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](pgjdbc/pgjdbc#3044)

Fixed

[42.7.0] (2023-11-20 09:33:00 -0500)

Changed

... (truncated)

Commits

Updates org.apache.kafka:kafka-clients from 2.4.0 to 2.6.3

Updates org.apache.kafka:kafka_2.12 from 3.2.0 to 7.6.0-ce

Updates org.apache.kafka:kafka-streams from 3.2.0 to 7.6.0-ce

Updates org.apache.kafka:kafka-clients from 3.2.0 to 7.6.0-ce

Updates com.google.guava:guava from 30.1-jre to 32.0.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

32.0.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.0.0-jre</version>
  <!-- or, for Android: -->
  <version>32.0.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

Security fixes

While CVE-2020-8908 was officially closed when we deprecated Files.createTempDir in Guava 30.0, we've heard from users that even recent versions of Guava have been listed as vulnerable in other databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used FileBackedOutputStream class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under "Incompatible changes" below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to 32.0.1 which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while we warn that common.io in particular may not work under Windows, we didn't intend to regress support.) Sorry for the trouble.

Incompatible changes

Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the guava artifact.

One change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations:

  • The new implementations of Files.createTempDir and FileBackedOutputStream throw an exception under Windows. This is fixed in 32.0.1. Sorry for the trouble.
  • guava-gwt now requires GWT 2.10.0.
  • This release makes a binary-incompatible change to a @Beta API in the separate artifact guava-testlib. Specifically, we changed the return type of TestingExecutors.sameThreadScheduledExecutor to ListeningScheduledExecutorService. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)

... (truncated)

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.13.2.2 to 2.13.4.2

Commits

Updates org.postgresql:postgresql from 42.4.1 to 42.4.4

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.4.3

What's Changed

Full Changelog: pgjdbc/pgjdbc@REL42.4.2...REL42.4.3

v42.4.2

What's Changed

New Contributors

Full Changelog: pgjdbc/pgjdbc@REL42.4.1...REL42.4.2

Changelog

Sourced from org.postgresql:postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.7.2] (2024-02-21 08:23:00 -0500)

Security

  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a - such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

Added

[42.7.1] (2023-12-06 08:34:00 -0500)

Changed

  • perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](pgjdbc/pgjdbc#3044)

Fixed

[42.7.0] (2023-11-20 09:33:00 -0500)

Changed

... (truncated)

Commits

Updates org.postgresql:postgresql from 42.4.1 to 42.4.4

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.4.3

What's Changed

Full Changelog: pgjdbc/pgjdbc@REL42.4.2...REL42.4.3

v42.4.2

What's Changed

New Contributors

Full Changelog: pgjdbc/pgjdbc@REL42.4.1...REL42.4.2

Changelog

Sourced from org.postgresql:postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.7.2] (2024-02-21 08:23:00 -0500)

Security

  • security: SQL Injection via line comment generation, it is possible in SimpleQuery mode to generate a line comment by having a placeholder for a numeric with a - such as -?. There must be second placeholder for a string immediately after. Setting the parameter to a -ve value creates a line comment. This has been fixed in this version fixes CVE-2024-1597. Reported by Paul Gerste. See the security advisory for more details. This has been fixed in versions 42.7.2, 42.6.1 42.5.5, 42.4.4, 42.3.9, 42.2.28.jre7. See the security advisory for work arounds.

Changed

Added

[42.7.1] (2023-12-06 08:34:00 -0500)

Changed

  • perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing [PR #3044](pgjdbc/pgjdbc#3044)

Fixed

[42.7.0] (2023-11-20 09:33:00 -0500)

Changed

... (truncated)

Commits

Updates org.apache.kafka:kafka-clients from 2.4.0 to 2.6.3

Updates com.fasterxml.jackson.core:jackson-databind from 2.12.6.1 to 2.12.7.1

Commits

Updates com.jayway.jsonpath:json-path from 2.4.0 to 2.9.0

Release notes

Sourced from com.jayway.jsonpath:json-path's releases.

json-path-2.9.0

What's Changed

New Contributors

@dependabot
Bump the maven group across 7 directories with 8 updates
11d75c7 
Bumps the maven group with 1 update in the /apache-pulsar directory: [org.apache.pulsar:pulsar-client](https://github.com/apache/pulsar).
Bumps the maven group with 1 update in the /cache-invalidation directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 2 updates in the /camel-component directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) and org.apache.kafka:kafka-clients.
Bumps the maven group with 4 updates in the /graphql/aggregator directory: org.apache.kafka:kafka_2.12, org.apache.kafka:kafka-streams, org.apache.kafka:kafka-clients and [com.google.guava:guava](https://github.com/google/guava).
Bumps the maven group with 1 update in the /jpa-aggregations/jpa-test directory: [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson).
Bumps the maven group with 1 update in the /kstreams-live-update/event-source directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 4 updates in the /testcontainers directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc), org.apache.kafka:kafka-clients, [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) and [com.jayway.jsonpath:json-path](https://github.com/jayway/JsonPath).


Updates `org.apache.pulsar:pulsar-client` from 2.9.2 to 2.9.3
- [Release notes](https://github.com/apache/pulsar/releases)
- [Commits](apache/pulsar@v2.9.2...v2.9.3)

Updates `org.postgresql:postgresql` from 42.4.1 to 42.4.4
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.4.1...REL42.4.4)

Updates `org.postgresql:postgresql` from 42.4.1 to 42.4.4
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.4.1...REL42.4.4)

Updates `org.apache.kafka:kafka-clients` from 2.4.0 to 2.6.3

Updates `org.apache.kafka:kafka_2.12` from 3.2.0 to 7.6.0-ce

Updates `org.apache.kafka:kafka-streams` from 3.2.0 to 7.6.0-ce

Updates `org.apache.kafka:kafka-clients` from 3.2.0 to 7.6.0-ce

Updates `com.google.guava:guava` from 30.1-jre to 32.0.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.13.2.2 to 2.13.4.2
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `org.postgresql:postgresql` from 42.4.1 to 42.4.4
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.4.1...REL42.4.4)

Updates `org.postgresql:postgresql` from 42.4.1 to 42.4.4
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.4.1...REL42.4.4)

Updates `org.apache.kafka:kafka-clients` from 2.4.0 to 2.6.3

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.12.6.1 to 2.12.7.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.jayway.jsonpath:json-path` from 2.4.0 to 2.9.0
- [Release notes](https://github.com/jayway/JsonPath/releases)
- [Changelog](https://github.com/json-path/JsonPath/blob/master/changelog.md)
- [Commits](json-path/JsonPath@json-path-2.4.0...json-path-2.9.0)

---
updated-dependencies:
- dependency-name: org.apache.pulsar:pulsar-client
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: org.apache.kafka:kafka-clients
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: org.apache.kafka:kafka_2.12
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: org.apache.kafka:kafka-streams
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: org.apache.kafka:kafka-clients
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:production
  dependency-group: maven-security-group
- dependency-name: org.postgresql:postgresql
  dependency-type: direct:development
  dependency-group: maven-security-group
- dependency-name: org.apache.kafka:kafka-clients
  dependency-type: direct:development
  dependency-group: maven-security-group
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:development
  dependency-group: maven-security-group
- dependency-name: com.jayway.jsonpath:json-path
  dependency-type: direct:development
  dependency-group: maven-security-group
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 21, 2024
@dependabot dependabot bot mentioned this pull request Feb 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants