Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: update dependency org.postgresql:postgresql to v42.7.2 [security] #1507

Merged
merged 1 commit into from
Feb 21, 2024
Merged

deps: update dependency org.postgresql:postgresql to v42.7.2 [security] #1507

merged 1 commit into from
Feb 21, 2024

Conversation

renovate-bot
Copy link
Contributor

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.postgresql:postgresql (source) 42.7.1 -> 42.7.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-1597

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate-bot renovate-bot requested review from a team as code owners February 21, 2024 00:08
@trusted-contributions-gcf trusted-contributions-gcf bot added kokoro:force-run Add this label to force Kokoro to re-run the tests. owlbot:run Add this label to trigger the Owlbot post processor. labels Feb 21, 2024
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Feb 21, 2024
@gcf-owl-bot gcf-owl-bot bot removed the owlbot:run Add this label to trigger the Owlbot post processor. label Feb 21, 2024
@product-auto-label product-auto-label bot added the api: spanner Issues related to the googleapis/java-spanner-jdbc API. label Feb 21, 2024
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Feb 21, 2024
@olavloite olavloite merged commit caacd05 into googleapis:main Feb 21, 2024
24 checks passed
@release-please release-please bot mentioned this pull request Feb 20, 2024
Merged
gcf-merge-on-green bot pushed a commit that referenced this pull request Feb 21, 2024
@release-please
chore(main): release 2.15.5 (#1500)
6768a19 
🤖 I have created a release *beep* *boop*
---


## [2.15.5](https://togithub.com/googleapis/java-spanner-jdbc/compare/v2.15.4...v2.15.5) (2024-02-21)


### Dependencies

* Update dependency com.google.cloud:google-cloud-spanner-bom to v6.60.0 ([#1508](https://togithub.com/googleapis/java-spanner-jdbc/issues/1508)) ([0f7e59c](https://togithub.com/googleapis/java-spanner-jdbc/commit/0f7e59c7aabdb9fe69fde23f35c5451d19332076))
* Update dependency org.postgresql:postgresql to v42.7.2 ([#1503](https://togithub.com/googleapis/java-spanner-jdbc/issues/1503)) ([dd5142f](https://togithub.com/googleapis/java-spanner-jdbc/commit/dd5142faab667817b9fe6bff7f0388c5e43e7dee))
* Update dependency org.postgresql:postgresql to v42.7.2 [security] ([#1507](https://togithub.com/googleapis/java-spanner-jdbc/issues/1507)) ([caacd05](https://togithub.com/googleapis/java-spanner-jdbc/commit/caacd056f245f1cf57119653627b0c5097730f41))
* Update dependency org.springframework.data:spring-data-bom to v2023.1.3 ([#1499](https://togithub.com/googleapis/java-spanner-jdbc/issues/1499)) ([34151b6](https://togithub.com/googleapis/java-spanner-jdbc/commit/34151b6cae097c97fc49839e2594f5adbd6393c3))

---
This PR was generated with [Release Please](https://togithub.com/googleapis/release-please). See [documentation](https://togithub.com/googleapis/release-please#release-please).
@renovate-bot renovate-bot deleted the renovate/maven-org.postgresql-postgresql-vulnerability branch March 12, 2024 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olavloite olavloite olavloite approved these changes

Assignees
No one assigned
Labels
api: spanner Issues related to the googleapis/java-spanner-jdbc API. size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@renovate-bot @olavloite @yoshi-kokoro