Skip to content

Work done by Laird Nelson for JDBC Module #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
bhatpmk wants to merge 23 commits into
base: main
Choose a base branch
from
Draft

Work done by Laird Nelson for JDBC Module #2

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
bd2fd48
Add TOML media type (#12082)
tomas-langer Jun 9, 2026
d66d38b
27.x: upgrade jackson, typesafe-config, snakeyaml (#11998)
barchetta Jun 9, 2026
eef416f
Adds data/runtime, data/jdbc/jdbc, and data/jdbc/executor modules
ljnelson Apr 15, 2026
8f1caf1
Squashable commit; refactoring
ljnelson Apr 15, 2026
1bb02dd
Squashable commit; refactoring
ljnelson Apr 15, 2026
f2ab2fb
Squashable commit; introduces data/plan modules; adds data/jdbc/named…
ljnelson Apr 16, 2026
a64eea1
Squashable commit; adds typeMap to connection state and JdbcPlanImpl
ljnelson Apr 16, 2026
86cd8fd
Squashable commit; ensure typeMap is immutable
ljnelson Apr 16, 2026
61f48f7
Squashable commit; ensuring clientInfo is copied
ljnelson Apr 16, 2026
3fe3e9c
Squashable commit; binding view implemented
ljnelson Apr 16, 2026
e238112
Squashable commit; introduces simple generic argument processing in J…
ljnelson Apr 16, 2026
8de10c7
Squashable commit; introduces JDBC transactions skeletally; tweaks Na…
ljnelson Apr 16, 2026
700481d
Squashable commit; JDBC transaction engine now functionally complete
ljnelson Apr 17, 2026
4a50381
Squashable commit; refactoring
ljnelson Apr 19, 2026
19e8eb2
Squashable commit; adds transformation abilities to plan/jdbc; adds t…
ljnelson Apr 21, 2026
69360c3
Squashable commit; moved poor-man's integration test of JDBC Transact…
ljnelson Apr 21, 2026
ff649d4
Squashable commit; refactoring
ljnelson Apr 23, 2026
7238919
Squashable commit; refactoring; JdbcResults now supports multiple sta…
ljnelson Apr 24, 2026
850e450
Squashable commit; refactoring; adds support for batch execution
ljnelson Apr 24, 2026
a2815b6
Squashable commit; refactoring; cleaning up naming
ljnelson Apr 24, 2026
0e72009
Squashable commit; refactoring; runtime layer first cut complete
ljnelson Apr 28, 2026
a3b6cbc
Squashable commit; refactoring and documentation
ljnelson May 11, 2026
dcdfda0
Squashable commit; interim checking before rebasing
ljnelson May 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
27.x: upgrade jackson, typesafe-config, snakeyaml (helidon-io#11998) 
* Upgrade Jakcson to 2.21.3, snakeyaml to 2.6, typesafe to 1.4.8
* Add suppressions for prometheues and graphql false positives
  • Loading branch information
@barchetta
barchetta authored Jun 9, 2026
commit d66d38b6def148af121fcf3ad8fbd6916b23f813
6 changes: 3 additions & 3 deletions dependencies/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
<version.lib.hibernate>${version.lib.hibernate.family}.1.Final</version.lib.hibernate>
<version.lib.hibernate-validator>8.0.2.Final</version.lib.hibernate-validator>
<version.lib.hikaricp>5.0.1</version.lib.hikaricp>
<version.lib.jackson>2.21.1</version.lib.jackson>
<version.lib.jackson>2.21.3</version.lib.jackson>
<version.lib.jakarta.activation-api>2.1.3</version.lib.jakarta.activation-api>
<version.lib.jakarta.annotation-api>2.1.1</version.lib.jakarta.annotation-api>
<!-- Needed for transaction/jta -->
Expand Down Expand Up @@ -103,9 +103,9 @@
<version.lib.prometheus>0.16.0</version.lib.prometheus>
<version.lib.reactivestreams>1.0.4</version.lib.reactivestreams>
<version.lib.slf4j>2.0.17</version.lib.slf4j>
<version.lib.snakeyaml>2.5</version.lib.snakeyaml>
<version.lib.snakeyaml>2.6</version.lib.snakeyaml>
<version.lib.testcontainers>1.21.4</version.lib.testcontainers>
<version.lib.typesafe-config>1.4.4</version.lib.typesafe-config>
<version.lib.typesafe-config>1.4.8</version.lib.typesafe-config>
<version.lib.yasson>3.0.4</version.lib.yasson>
<version.lib.zookeeper>3.5.7</version.lib.zookeeper>
</properties>
Expand Down
36 changes: 35 additions & 1 deletion etc/dependency-check-suppression.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@
</suppress>

<!-- False Positive.
Another FP against prometheus server (not prometheus simple client)
This CVE is against prometheus server (not client libraries).
-->
<suppress>
<notes><![CDATA[
Expand All @@ -114,6 +114,20 @@
<packageUrl regex="true">^pkg:maven/io\.prometheus/simpleclient.*@.*$</packageUrl>
<cve>CVE-2026-42154</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: prometheus-metrics-core-1.3.10.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.prometheus/prometheus-metrics-.*@.*$</packageUrl>
<cve>CVE-2026-42154</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: micrometer-registry-prometheus-1.15.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.micrometer/micrometer-registry-prometheus.*@.*$</packageUrl>
<cve>CVE-2026-42154</cve>
</suppress>

<!-- False Positives.
These are confusing prometheus simple client tracer for otel with OTel dotnet, Go, python
Expand Down Expand Up @@ -278,5 +292,25 @@
<cve>CVE-2025-67030</cve>
</suppress>

<!-- False Positive
These CVEs are against GraphQL, not dataloader.
https://github.com/dependency-check/DependencyCheck/issues/8387
-->
<suppress>
<notes><![CDATA[
file name: java-dataloader-3.3.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.graphql-java/java-dataloader@.*$</packageUrl>
<cve>CVE-2022-37734</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: java-dataloader-3.3.0.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.graphql-java/java-dataloader@.*$</packageUrl>
<cve>CVE-2023-28867</cve>
</suppress>



</suppressions>