Skip to content

[Snyk] Security upgrade org.postgresql:postgresql from 42.2.8 to 42.2.26 #16

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 208 commits into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade org.postgresql:postgresql from 42.2.8 to 42.2.26 #16

wants to merge 208 commits into from

Conversation

chayim
Copy link

@chayim chayim commented Aug 5, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • postgres/pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity Reachability
high severity 630/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 SQL Injection
SNYK-JAVA-ORGPOSTGRESQL-2970521		 org.postgresql:postgresql:
42.2.8 -> 42.2.26
No Proof of Concept No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 SQL Injection

jmarton and others added 30 commits March 31, 2019 11:31
@jmarton
Add option to skip loading but generate only data files for PostgreSQL.
0dc7f67 
ldbc#69
@jmarton
Re-order env variables in the PostgreSQL loader script and docs
9cc948d
@jmarton
Add option to generate message file (of posts and comments) PostgreSQL.
5fa9731 
ldbc#68
@szarnyasg
Use 0.4.0-SNAPSHOT version of the driver
59dd882
@szarnyasg
Update links. Fixes ldbc#97
f36f816
@szarnyasg
Classes for Cypher delete queries
3dfd4dd
@szarnyasg
Fix CI
2773770
@jackwaudby
initial cypher delete queries
bb67f38
@szarnyasg
Add newlines at the ends of file
73a7979
@szarnyasg
Bump Neo4j version to 4.0.0
7047d78
@szarnyasg
Merge branch 'neo4j-4' into cypher-delete
d987d5c
@szarnyasg
Bump Java version
54c5508
@szarnyasg
Fix function call on pattern comprehension
2ac3fa2
@szarnyasg
Adjust Neo4j import scripts and variables to 4.0
20dd563
@szarnyasg
Merge branch 'cypher-deletes' into cypher-delete
c979142
@szarnyasg
Adjust CSVs to new Datagen output (draft)
7e972c8
@szarnyasg
Remove typo from hashbang
552fed6
@szarnyasg
Show Neo4j log after importing/restarting the database
4359487
@szarnyasg
Rework Neo4j setup and import process
f27be93
@szarnyasg
Fix README instructions
67eeba9
@szarnyasg
Minor improvements in Neo4j scripts
bb5b6a5
@szarnyasg
Use Date and DateTime types when importing data to Neo4j
9dc10de
@szarnyasg
Update Neo4j test data to match schema
8bd062e
@szarnyasg
Fix import
cb2d9e3
@szarnyasg
Update Travis configuration to match env var names
f02d19c
@szarnyasg
Remove tests for deprecated BI queries
ee101ad
@szarnyasg
Remove deprecated Cypher queries
4ba371a
@szarnyasg
Drop curly braces around Neo4j parameters. Fixes ldbc#103
248aba0
@szarnyasg
Use native date type in Neo4j, update parameter syntax
61b8ca8
@szarnyasg
Optimize Cypher implementation of BI Q7
e3e5bdd
szarnyasg and others added 29 commits January 6, 2021 16:22
@szarnyasg
Clarify versioning
02ca463
@szarnyasg
Rename variable in recursive CTEs in SQL queries: s/depth/level/g
6bcb4c2
@szarnyasg
Fix direction of edge in BI Q20
365cebc
@szarnyasg
Cleanup Cypher README
13a589b
@szarnyasg
Add missing 'ORDER BY' clause
d0a9413
@szarnyasg
Change error message
2af8a2c
@szarnyasg
Add docs to releases table
ab32c6f
@szarnyasg
Remove typo, fix direction of edge
be4d39a
@szarnyasg
Newline
988e425
@szarnyasg
Add tmp file to gitignore
5c45b76
@szarnyasg
Add 'e' flag to Bash scripts
55d51e4
@szarnyasg
Drop '-e' flag from sourced script
cf03bf1
@szarnyasg
Add e/pipefail options to Neo4j scripts
8c1c260
@szarnyasg
Use working data set
70684a4
@szarnyasg
Update cityIds for new example data set
e5125c0
@szarnyasg
Add test Python script
7294731
@szarnyasg
Run BI script in CI
0750b07
@szarnyasg
Use type designators for parameter files
7314c6e
@szarnyasg
Fix BI Q11: add projection to only count each triangle once
963b129
@szarnyasg
Use correct type (DateTime -> Date) in the example parameters/scripts…
fb9363f 
… of BI Q16
@szarnyasg
Make env vars script zsh-compatible
4034a1f
@szarnyasg
Spell out locale verbosely (POSIX=C), see issue ldbc#157
acfa0fe
@szarnyasg
Spell out query ids (necessitated by Q14a/b)
2804124
@szarnyasg
Add conversion script for parameters files
b240abe
@szarnyasg
Fix Python script running Cypher queries
1e4b570
@szarnyasg
Add instructions on using the example data set
475ce05
@szarnyasg
Fix parameters: separate date/datetime parameters
bf0bc7f
@szarnyasg
Use new filenames (with PascalCase node label names)
0c90eae
@snyk-bot
fix: postgres/pom.xml to reduce vulnerabilities
0e3e540 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGPOSTGRESQL-2970521
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@chayim @jmarton @szarnyasg @jackwaudby @petere @filipecosta90 @snyk-bot