fix(deps): update jdbi3.version to v3.53.0 (release/4.2.x)#5256
Closed
renovate[bot] wants to merge 1 commit into
Closed
fix(deps): update jdbi3.version to v3.53.0 (release/4.2.x)#5256renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
renovate
Bot
force-pushed
the
renovate/release/4.2.x-jdbi3.version
branch
from
d04b9b3 to
2729e8d
Compare
renovate
Bot
force-pushed
the
renovate/release/4.2.x-jdbi3.version
branch
from
2729e8d to
5c38c7b
Compare
|
Contributor
Author
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update ( If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.49.6→3.53.0Release Notes
jdbi/jdbi (org.jdbi:jdbi3-core)
v3.53.0Compare Source
Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4
The Freemarker configuration allows templates to construct arbitrary
Java types, including
freemarker.template.utility.Execute.While exploiting this requires other unsafe practices (letting a user
dictate template input), it seems prudent to disable template class resolution.
Please see GHSA-mggx-p7jf-jgw4 for more details.
Upgrade to testcontainers 2.x
While this required no code changes, the testcontainers project has
renamed a number of their jar files. Jdbi still supports
testcontainers 1.x and now also testcontainers 2.x:
If you are using testcontainers with Jdbi today and can not update to
2.x, make sure that you reference the
org.testcontainers:jdbcandorg.testcontainers:junit-jupiterdependencies. Those used to beavailable as transitive dependency from
jdbi3-testcontainers.If you upgrade to testcontainers 2.x, the
org.testcontainers:testcontainers-jdbcandorg.testcontainers:testcontainers-junit-jupiterdependencies must beavailable.
v3.52.1Compare Source
java.time.Instantmapping from 3.52.0 (#2955, reported by @Eng-Fouad and @toadzky)java.time.OffsetTimejava.time.ZoneOffsetv3.52.0Compare Source
Changes to java.time related classes
JDBC 4.2 added full support to map java.time classes onto SQL types
in 2014. This release of Jdbi switches from mapping these objects onto
"classic" (
java.sql.Date,Time,Timestamp) to using the JDBC 4.2 API(
PreparedStatement#setObjectandResultSet#getObject).These changes should not be visible for any database, except if you
were brave enough to map types with time zones or offsets
(
ZonedDateTimeandOffsetDateTime) onto SQL types that have notimezone (
TIMESTAMPorDATETIME). This affects databases that donot support the
TIMESTAMP WITH TIMEZONEdata type. IAW MySQL.If you use MySQL with Jdbi and map any of these data types, you are
already losing the zone/offset information. Now you actually get an
error (which is the correct behavior of the driver!) unless you load
the new
MysqlPluginwhich restores the mapping.If your application relies on legacy mappings, you can also use the
new
@Legacyannotation to force the old behavior. See thedocumentation at https://jdbi.org/ for details.
@Legacyannotation to restore old timestamp mapping behavior@BindMethodsListwork with the String template engine (fixes #2917, reported by @agavrilov76, fixed by @JScodeconcise)v3.51.0Compare Source
Add new
jackson3artifact for Jackson 3 ( #2878 )Support configuring log level for SqlLogger (#2901, thanks @phinjensen! )
Update to SLF4J 2, to allow for configurable log levels in SqlLogger (#2902)
Deprecate for removal installPlugins plugin discovery. It's too easy to get yourself into trouble.
Support TYPE_USE
@Nullableannotations like JSpecify ( #2899, thanks @protocol7 ! )Allow
@GetGeneratedKeyson@SqlUpdatemethods to return multiple results as Lists or arrays (#2897, original PR by @aharin, thank you!)v3.50.0Compare Source
JDK Baseline Update
3.50.0 is the first release of Jdbi to require Java 17. Thank you Java 11 for your service!
We intend to do occasional bug patches for significant bugs or security issues but there
will be no further active development work.
Experimental Java Native support
3.50.0 is the first release to support using Jdbi directly in native compilation. We only
support using the Java 25+ GraalVM toolchain and fully expect that there are bugs, breakages
and things that are not working well. If you use Jdbi in a native environment and find any
problems, we would be thrilled to get bug reports!
Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.