diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 37f4756..62f912e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -39,11 +39,11 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v1
+ uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
- uses: github/codeql-action/autobuild@v1
+ uses: github/codeql-action/autobuild@v3
# âšī¸ Command-line programs to run using the OS shell.
# đ https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v1
+ uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 104bb85..4f244b1 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -15,7 +15,7 @@ jobs:
services:
postgres:
- image: postgres:13
+ image: postgres:17
env:
POSTGRES_PASSWORD: postgres
# Set health checks to wait until postgres has started
@@ -28,13 +28,14 @@ jobs:
- 5432:5432
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v4
- name: Set up JDK
- uses: actions/setup-java@v1
+ uses: actions/setup-java@v4
with:
- java-version: 8
+ distribution: 'temurin'
+ java-version: '21'
- name: Cache local Maven repository
- uses: actions/cache@v2
+ uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
diff --git a/.zappr.yaml b/.zappr.yaml
index e8d3aec..0eae9a4 100644
--- a/.zappr.yaml
+++ b/.zappr.yaml
@@ -1,8 +1,12 @@
approvals:
- pattern: "^(:\\+1:|đ|\\+1|:thumbsup:|[Ll][Gg][Tt][Mm])$"
- minimum: 1
- from:
- orgs:
- - zalando
- - zalando-stups
- collaborators: true
+ groups:
+ zalando:
+ minimum: 1
+ from:
+ orgs:
+ - "zalando"
+ - "zalando-stups"
+X-Zalando-Type: code
+X-Zalando-Team: acid
+
+
diff --git a/cve-suppressions.xml b/cve-suppressions.xml
deleted file mode 100644
index 0e1c309..0000000
--- a/cve-suppressions.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-
- spring-.*-5\.3\.23\.jar
- CVE-2016-1000027
-
-
diff --git a/docker-compose.yml b/docker-compose.yml
index 7a3f3fe..63dd21d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
version: '3'
services:
db:
- image: 'postgres:13'
+ image: 'postgres:17'
environment:
POSTGRES_PASSWORD: 'postgres'
ports:
diff --git a/pom.xml b/pom.xml
index b0ca837..472eb9b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
org.zalando
zalando-sprocwrapper
- 3.2.2-SNAPSHOT
+ 4.0.0-SNAPSHOT
Stored Procedure Wrapper
Library to make PostgreSQL stored procedures available through simple Java "*SProcService" interfaces
@@ -59,11 +59,10 @@
UTF-8
- 8
- 8
- 5.3.23
- 42.5.1
- 7.2.1
+ 21
+ 21
+ 6.2.0
+ 42.7.4
@@ -83,31 +82,21 @@
${postgresql.version}
- commons-lang
- commons-lang
- 2.6
-
-
- commons-beanutils
- commons-beanutils
- 1.9.4
-
-
- commons-logging
- commons-logging
-
-
+ org.apache.commons
+ commons-lang3
+ 3.17.0
org.hibernate.validator
hibernate-validator
- 6.1.5.Final
+ 9.0.0.Beta3
org.glassfish
- javax.el
- 3.0.1-b08
+ jakarta.el
+ 5.0.0-M1
+
org.reflections
reflections
@@ -117,7 +106,7 @@
com.google.guava
guava
- 30.1-jre
+ 33.3.1-jre
javax.persistence
@@ -143,6 +132,11 @@
${spring.version}
test
+
+ org.springframework
+ spring-beans
+ ${spring.version}
+
org.springframework
spring-test
@@ -197,24 +191,6 @@
-
- org.owasp
- dependency-check-maven
- ${dependency-check-maven.version}
-
-
-
- check
-
-
-
-
- true
-
- cve-suppressions.xml
-
-
-
org.basepom.maven
duplicate-finder-maven-plugin
@@ -272,7 +248,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.4
+ 0.8.12
prepare-agent
diff --git a/src/main/java/org/zalando/sprocwrapper/dsprovider/BitmapShardDataSourceProvider.java b/src/main/java/org/zalando/sprocwrapper/dsprovider/BitmapShardDataSourceProvider.java
index 1871f77..d803518 100644
--- a/src/main/java/org/zalando/sprocwrapper/dsprovider/BitmapShardDataSourceProvider.java
+++ b/src/main/java/org/zalando/sprocwrapper/dsprovider/BitmapShardDataSourceProvider.java
@@ -3,7 +3,7 @@
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
-import org.apache.commons.beanutils.BeanUtils;
+import org.springframework.beans.BeanWrapperImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -89,18 +89,19 @@ public BitmapShardDataSourceProvider(final Class dataSourc
for (final Entry entry : connectionUrls.entrySet()) {
final DataSource ds = dataSourceClass.getDeclaredConstructor().newInstance();
+ var dsBeanWrapper = new BeanWrapperImpl(ds);
for (final Entry prop : commonDataSourceProperties.entrySet()) {
- BeanUtils.setProperty(ds, prop.getKey(), prop.getValue());
+ dsBeanWrapper.setPropertyValue(prop.getKey(), prop.getValue());
}
final String[] parts = entry.getValue().split("\\|");
- BeanUtils.setProperty(ds, "jdbcUrl", parts[0]);
+ dsBeanWrapper.setPropertyValue("jdbcUrl", parts[0]);
if (parts.length > 1) {
// a little bit hacky, because "initSQL" is boneCP-specific
- BeanUtils.setProperty(ds, "initSQL", parts[1]);
+ dsBeanWrapper.setPropertyValue("initSQL", parts[1]);
}
for (int i = 0; i < dataSources.length; i++) {
diff --git a/src/main/java/org/zalando/sprocwrapper/proxy/executors/ValidationExecutorWrapper.java b/src/main/java/org/zalando/sprocwrapper/proxy/executors/ValidationExecutorWrapper.java
index 1ee3b62..7cc1b22 100644
--- a/src/main/java/org/zalando/sprocwrapper/proxy/executors/ValidationExecutorWrapper.java
+++ b/src/main/java/org/zalando/sprocwrapper/proxy/executors/ValidationExecutorWrapper.java
@@ -6,11 +6,11 @@
import org.slf4j.LoggerFactory;
import javax.sql.DataSource;
-import javax.validation.ConstraintViolation;
-import javax.validation.ConstraintViolationException;
-import javax.validation.Validation;
-import javax.validation.Validator;
-import javax.validation.ValidatorFactory;
+import jakarta.validation.ConstraintViolation;
+import jakarta.validation.ConstraintViolationException;
+import jakarta.validation.Validation;
+import jakarta.validation.Validator;
+import jakarta.validation.ValidatorFactory;
import java.util.Set;
/**
diff --git a/src/main/java/org/zalando/sprocwrapper/util/NameUtils.java b/src/main/java/org/zalando/sprocwrapper/util/NameUtils.java
index 050e8f0..2a78c8b 100644
--- a/src/main/java/org/zalando/sprocwrapper/util/NameUtils.java
+++ b/src/main/java/org/zalando/sprocwrapper/util/NameUtils.java
@@ -4,7 +4,7 @@
import java.util.Locale;
-import static org.apache.commons.lang.StringUtils.splitByCharacterTypeCamelCase;
+import static org.apache.commons.lang3.StringUtils.splitByCharacterTypeCamelCase;
/**
* Static utility methods for naming conventions.
diff --git a/src/main/java/org/zalando/typemapper/core/fieldMapper/DateFieldMapper.java b/src/main/java/org/zalando/typemapper/core/fieldMapper/DateFieldMapper.java
index ca66f4f..ba3b656 100644
--- a/src/main/java/org/zalando/typemapper/core/fieldMapper/DateFieldMapper.java
+++ b/src/main/java/org/zalando/typemapper/core/fieldMapper/DateFieldMapper.java
@@ -1,5 +1,6 @@
package org.zalando.typemapper.core.fieldMapper;
+import java.nio.charset.StandardCharsets;
import java.sql.Date;
import java.sql.SQLException;
import java.sql.Timestamp;
@@ -24,7 +25,8 @@ public Object mapField(final String string, final Class clazz) {
Timestamp date = null;
try {
- date = postgresJDBCDriverReusedTimestampUtils.toTimestamp(null, string);
+ date = postgresJDBCDriverReusedTimestampUtils.toTimestamp(null, string.getBytes(
+ StandardCharsets.UTF_8));
} catch (final SQLException e) {
LOG.error("Invalid date/time string: {}", string, e);
}
diff --git a/src/main/java/org/zalando/typemapper/postgres/PgTypeHelper.java b/src/main/java/org/zalando/typemapper/postgres/PgTypeHelper.java
index cf03400..d025fe3 100644
--- a/src/main/java/org/zalando/typemapper/postgres/PgTypeHelper.java
+++ b/src/main/java/org/zalando/typemapper/postgres/PgTypeHelper.java
@@ -3,7 +3,6 @@
import javax.persistence.Column;
import com.google.common.base.Optional;
-import org.postgresql.core.BaseConnection;
import org.postgresql.jdbc.PostgresJDBCDriverReusedTimestampUtils;
import org.postgresql.util.PGobject;
import org.slf4j.Logger;
@@ -268,7 +267,7 @@ public int compare(final Field a, final Field b) {
for (final Field f : fields) {
final DatabaseFieldDescriptor databaseFieldDescriptor = getDatabaseFieldDescriptor(f);
if (databaseFieldDescriptor != null) {
- if (!f.isAccessible()) {
+ if (!f.canAccess(obj)) {
f.setAccessible(true);
}
@@ -501,17 +500,7 @@ public static String toPgString(Object o, final Connection connection) {
} else {
tmpd = new Timestamp(((Date) o).getTime());
}
-
- if (connection instanceof BaseConnection) {
-
- // if we do have a valid postgresql connection use this one:
- final BaseConnection postgresBaseConnection = (BaseConnection) connection;
- sb.append(postgresBaseConnection.getTimestampUtils().toString(null, tmpd));
- } else {
-
- // no valid postgresql connection - use that one:
- sb.append(postgresJDBCDriverReusedTimestampUtils.toString(null, tmpd));
- }
+ sb.append(postgresJDBCDriverReusedTimestampUtils.toString(null, tmpd));
} else if (o instanceof Map) {
final Map map = (Map) o;
sb.append(HStore.serialize(map));
diff --git a/src/test/java/org/zalando/sprocwrapper/SimpleIT.java b/src/test/java/org/zalando/sprocwrapper/SimpleIT.java
index 097ae86..83fce4f 100644
--- a/src/test/java/org/zalando/sprocwrapper/SimpleIT.java
+++ b/src/test/java/org/zalando/sprocwrapper/SimpleIT.java
@@ -17,7 +17,7 @@
import java.util.List;
import java.util.Optional;
import javax.sql.DataSource;
-import javax.validation.ConstraintViolationException;
+import jakarta.validation.ConstraintViolationException;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
diff --git a/src/test/java/org/zalando/sprocwrapper/example/ExampleDomainObjectWithValidation.java b/src/test/java/org/zalando/sprocwrapper/example/ExampleDomainObjectWithValidation.java
index 9444b92..e0c609d 100644
--- a/src/test/java/org/zalando/sprocwrapper/example/ExampleDomainObjectWithValidation.java
+++ b/src/test/java/org/zalando/sprocwrapper/example/ExampleDomainObjectWithValidation.java
@@ -1,8 +1,8 @@
package org.zalando.sprocwrapper.example;
-import javax.validation.constraints.Max;
-import javax.validation.constraints.Min;
-import javax.validation.constraints.NotNull;
+import jakarta.validation.constraints.Max;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotNull;
import org.zalando.typemapper.annotations.DatabaseField;
diff --git a/src/test/java/org/zalando/sprocwrapper/example/ExampleValidationSProcService.java b/src/test/java/org/zalando/sprocwrapper/example/ExampleValidationSProcService.java
index 2cbed0e..9d5c0f8 100644
--- a/src/test/java/org/zalando/sprocwrapper/example/ExampleValidationSProcService.java
+++ b/src/test/java/org/zalando/sprocwrapper/example/ExampleValidationSProcService.java
@@ -1,6 +1,6 @@
package org.zalando.sprocwrapper.example;
-import javax.validation.constraints.NotNull;
+import jakarta.validation.constraints.NotNull;
import org.zalando.sprocwrapper.SProcCall;
import org.zalando.sprocwrapper.SProcCall.Validate;