Skip to content

fix(deps): update dependency org.jdbi:jdbi3-core to v3.53.0 (release/5.0.x)#5198

Merged
joschi merged 1 commit into
release/5.0.xfrom
renovate/release/5.0.x-jdbi3.version
May 23, 2026
Merged

fix(deps): update dependency org.jdbi:jdbi3-core to v3.53.0 (release/5.0.x)#5198
joschi merged 1 commit into
release/5.0.xfrom
renovate/release/5.0.x-jdbi3.version

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Mar 23, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
org.jdbi:jdbi3-core (source) 3.51.03.53.0 age confidence

Release Notes

jdbi/jdbi (org.jdbi:jdbi3-core)

v3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary
Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user
dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has
renamed a number of their jar files. Jdbi still supports
testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to
2.x, make sure that you reference the org.testcontainers:jdbc and
org.testcontainers:junit-jupiter dependencies. Those used to be
available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the
org.testcontainers:testcontainers-jdbc and
org.testcontainers:testcontainers-junit-jupiter dependencies must be
available.

  • Update testcontainers dependency to 2.0.5 (from 1.21.4)
  • Add StatementContext parameter to SqlExceptionHandler and remove return value

v3.52.1

  • fix regression for java.time.Instant mapping from 3.52.0 (#​2955, reported by @​Eng-Fouad and @​toadzky)
  • Add missing mappers for java.sql.Date and java.sql.Time
  • Add support for java.time.OffsetTime
  • Add support for java.time.ZoneOffset

v3.52.0

Changes to java.time related classes

JDBC 4.2 added full support to map java.time classes onto SQL types
in 2014. This release of Jdbi switches from mapping these objects onto
"classic" (java.sql.Date, Time, Timestamp) to using the JDBC 4.2 API
(PreparedStatement#setObject and ResultSet#getObject).

These changes should not be visible for any database, except if you
were brave enough to map types with time zones or offsets
(ZonedDateTime and OffsetDateTime) onto SQL types that have no
timezone (TIMESTAMP or DATETIME). This affects databases that do
not support the TIMESTAMP WITH TIMEZONE data type. IAW MySQL.

If you use MySQL with Jdbi and map any of these data types, you are
already losing the zone/offset information. Now you actually get an
error (which is the correct behavior of the driver!) unless you load
the new MysqlPlugin which restores the mapping.

If your application relies on legacy mappings, you can also use the
new @Legacy annotation to force the old behavior. See the
documentation at https://jdbi.org/ for details.

  • Add MySQL specific module (jdbi3-mysql) and plugin (MysqlPlugin).
  • Add new SqlExceptionHandler hook to handle database exceptions thrown during statement execution
  • Add option to not attach sensitive binding data with OpenTelemetry (#​2941, thanks @​gmellemstrand !)
  • Add configuration for Jackson serialization of types with custom polymorphic handling (#​2915)
  • Update to JUnit 6.0.2
  • Retire Apache Derby integration (#​2866)
  • Run test suite against Spring Framework 7 (#​2919)
  • Add OraclePlugin that sets untyped null argument to Types.NULL for Oracle compatibility (#​1003)
  • Support INOUT parameters for stored procedure Call statements (#​1606)
  • Map java.time types according to JDBC 4.2 spec (using setObject) (#​988)
  • Add @Legacy annotation to restore old timestamp mapping behavior
  • Make @BindMethodsList work with the String template engine (fixes #​2917, reported by @​agavrilov76, fixed by @​JScodeconcise)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Mar 23, 2026
@renovate renovate Bot requested review from a team as code owners March 23, 2026 01:06
@github-actions github-actions Bot added this to the 5.0.7 milestone Mar 23, 2026
@renovate renovate Bot force-pushed the renovate/release/5.0.x-jdbi3.version branch 2 times, most recently from 888e172 to b18f703 Compare March 30, 2026 04:58
@renovate renovate Bot force-pushed the renovate/release/5.0.x-jdbi3.version branch 2 times, most recently from 109d0c3 to b094c00 Compare April 6, 2026 09:07
@renovate renovate Bot changed the title fix(deps): update dependency org.jdbi:jdbi3-core to v3.52.0 (release/5.0.x) fix(deps): update dependency org.jdbi:jdbi3-core to v3.52.1 (release/5.0.x) Apr 9, 2026
@renovate renovate Bot force-pushed the renovate/release/5.0.x-jdbi3.version branch from b094c00 to 506c48c Compare April 9, 2026 20:56
@renovate renovate Bot force-pushed the renovate/release/5.0.x-jdbi3.version branch 2 times, most recently from f77d640 to 2823f00 Compare April 20, 2026 09:50
@renovate renovate Bot force-pushed the renovate/release/5.0.x-jdbi3.version branch from 2823f00 to 11e4208 Compare April 28, 2026 06:01
@renovate renovate Bot changed the title fix(deps): update dependency org.jdbi:jdbi3-core to v3.52.1 (release/5.0.x) fix(deps): update dependency org.jdbi:jdbi3-core to v3.53.0 (release/5.0.x) Apr 28, 2026
@renovate renovate Bot force-pushed the renovate/release/5.0.x-jdbi3.version branch from 11e4208 to b9c89d9 Compare May 4, 2026 05:14
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 4, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate Bot force-pushed the renovate/release/5.0.x-jdbi3.version branch 2 times, most recently from 6ac6489 to 3a0f4d8 Compare May 18, 2026 04:32
@renovate renovate Bot force-pushed the renovate/release/5.0.x-jdbi3.version branch from 3a0f4d8 to d790d61 Compare May 18, 2026 10:49
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 18, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@joschi joschi merged commit aed45fb into release/5.0.x May 23, 2026
5 checks passed
@joschi joschi deleted the renovate/release/5.0.x-jdbi3.version branch May 23, 2026 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

5.0.7

Development

Successfully merging this pull request may close these issues.

1 participant

@joschi