Re: JDBC driver has EOL'd component

*> override the checker-qual dependency.*

Noting that the checker-qual dependency is not actually needed [as a
transitive dependency] and instead can be *excluded* altogether (e.g. via
maven exclusions) rather than updated.

Cheers, Rob.

On Sun, 15 Oct 2023 at 05:11, Sehrope Sarkuni <sehrope(at)jackdb(dot)com> wrote:

> On Fri, Oct 13, 2023 at 6:48 PM Suren Sethumadhavan <
> Suren(dot)Sethumadhavan(at)veritas(dot)com> wrote:
>
>> Looks like JDBC drivers are shipping with an EOL’s version of Checker
>> Qual (v 3.5.0).
>>
>>
>> 1. Can you please confirm this?
>> 2. If confirmed, when can we expect a version with newer versions of
>> this component?
>>
>>
> This is not a security issue and should be directed to the general pgjdbc
> mailing list (cc'ed).
>
> The pgjdbc driver does not ship with any embedded dependencies. The driver
> dependencies are part of the the Maven pom and the latest version of the
> driver has a checker-qual dependency of 3.31.0:
> https://repo1.maven.org/maven2/org/postgresql/postgresql/42.6.0/postgresql-42.6.0.pom
>
> While we periodically update the minimum dependency versions for the
> driver's internal dependencies as we leverage new features, there is no
> specific schedule for it. In the interim, if you want to use a newer
> version of that dependency, you'll need to update your local pom.xml or
> gradle config to override the checker-qual dependency.
>
> Regards,
> -- Sehrope Sarkuni
> Founder & CEO | JackDB, Inc. | https://www.jackdb.com/
>
>