Skip to content

[Snyk] Security upgrade org.postgresql:postgresql from 42.2.8 to 42.3.3 #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 208 commits into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade org.postgresql:postgresql from 42.2.8 to 42.3.3 #15

wants to merge 208 commits into from

Conversation

@snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • postgres/pom.xml

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity Reachability
medium severity 530/1000
Why? Recently disclosed, Has a fix available, CVSS 6.6		 Arbitrary Code Injection
SNYK-JAVA-ORGPOSTGRESQL-2401816		 org.postgresql:postgresql:
42.2.8 -> 42.3.3
No No Known Exploit No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

jmarton and others added 30 commits March 31, 2019 11:31
@jmarton
Add option to skip loading but generate only data files for PostgreSQL.
0dc7f67 
ldbc#69
@jmarton
Re-order env variables in the PostgreSQL loader script and docs
9cc948d
@jmarton
Add option to generate message file (of posts and comments) PostgreSQL.
5fa9731 
ldbc#68
@szarnyasg
Use 0.4.0-SNAPSHOT version of the driver
59dd882
@szarnyasg
Update links. Fixes ldbc#97
f36f816
@szarnyasg
Classes for Cypher delete queries
3dfd4dd
@szarnyasg
Fix CI
2773770
@jackwaudby
initial cypher delete queries
bb67f38
@szarnyasg
Add newlines at the ends of file
73a7979
@szarnyasg
Bump Neo4j version to 4.0.0
7047d78
@szarnyasg
Merge branch 'neo4j-4' into cypher-delete
d987d5c
@szarnyasg
Bump Java version
54c5508
@szarnyasg
Fix function call on pattern comprehension
2ac3fa2
@szarnyasg
Adjust Neo4j import scripts and variables to 4.0
20dd563
@szarnyasg
Merge branch 'cypher-deletes' into cypher-delete
c979142
@szarnyasg
Adjust CSVs to new Datagen output (draft)
7e972c8
@szarnyasg
Remove typo from hashbang
552fed6
@szarnyasg
Show Neo4j log after importing/restarting the database
4359487
@szarnyasg
Rework Neo4j setup and import process
f27be93
@szarnyasg
Fix README instructions
67eeba9
@szarnyasg
Minor improvements in Neo4j scripts
bb5b6a5
@szarnyasg
Use Date and DateTime types when importing data to Neo4j
9dc10de
@szarnyasg
Update Neo4j test data to match schema
8bd062e
@szarnyasg
Fix import
cb2d9e3
@szarnyasg
Update Travis configuration to match env var names
f02d19c
@szarnyasg
Remove tests for deprecated BI queries
ee101ad
@szarnyasg
Remove deprecated Cypher queries
4ba371a
@szarnyasg
Drop curly braces around Neo4j parameters. Fixes ldbc#103
248aba0
@szarnyasg
Use native date type in Neo4j, update parameter syntax
61b8ca8
@szarnyasg
Optimize Cypher implementation of BI Q7
e3e5bdd
szarnyasg and others added 29 commits January 6, 2021 16:22
@szarnyasg
Clarify versioning
02ca463
@szarnyasg
Rename variable in recursive CTEs in SQL queries: s/depth/level/g
6bcb4c2
@szarnyasg
Fix direction of edge in BI Q20
365cebc
@szarnyasg
Cleanup Cypher README
13a589b
@szarnyasg
Add missing 'ORDER BY' clause
d0a9413
@szarnyasg
Change error message
2af8a2c
@szarnyasg
Add docs to releases table
ab32c6f
@szarnyasg
Remove typo, fix direction of edge
be4d39a
@szarnyasg
Newline
988e425
@szarnyasg
Add tmp file to gitignore
5c45b76
@szarnyasg
Add 'e' flag to Bash scripts
55d51e4
@szarnyasg
Drop '-e' flag from sourced script
cf03bf1
@szarnyasg
Add e/pipefail options to Neo4j scripts
8c1c260
@szarnyasg
Use working data set
70684a4
@szarnyasg
Update cityIds for new example data set
e5125c0
@szarnyasg
Add test Python script
7294731
@szarnyasg
Run BI script in CI
0750b07
@szarnyasg
Use type designators for parameter files
7314c6e
@szarnyasg
Fix BI Q11: add projection to only count each triangle once
963b129
@szarnyasg
Use correct type (DateTime -> Date) in the example parameters/scripts…
fb9363f 
… of BI Q16
@szarnyasg
Make env vars script zsh-compatible
4034a1f
@szarnyasg
Spell out locale verbosely (POSIX=C), see issue ldbc#157
acfa0fe
@szarnyasg
Spell out query ids (necessitated by Q14a/b)
2804124
@szarnyasg
Add conversion script for parameters files
b240abe
@szarnyasg
Fix Python script running Cypher queries
1e4b570
@szarnyasg
Add instructions on using the example data set
475ce05
@szarnyasg
Fix parameters: separate date/datetime parameters
bf0bc7f
@szarnyasg
Use new filenames (with PascalCase node label names)
0c90eae
@snyk-bot
fix: postgres/pom.xml to reduce vulnerabilities
34a96f1 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGPOSTGRESQL-2401816
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@snyk-bot @jmarton @szarnyasg @jackwaudby @petere @filipecosta90