Skip to content

chore(deps): bump com.microsoft.sqlserver:mssql-jdbc from 11.2.1.jre17 to 13.2.1.jre11 in /app/server #41499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: release
Choose a base branch
from
Open

chore(deps): bump com.microsoft.sqlserver:mssql-jdbc from 11.2.1.jre17 to 13.2.1.jre11 in /app/server #41499

dependabot wants to merge 1 commit into from
+1 −1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 5, 2026
edited by github-actions bot
Loading

Bumps com.microsoft.sqlserver:mssql-jdbc from 11.2.1.jre17 to 13.2.1.jre11.

Release notes

Sourced from com.microsoft.sqlserver:mssql-jdbc's releases.

[13.2.1] Hotfix & Stable Release

Added

  • Enable Vector data type tests on Azure SQL Database #2762 What was added: Vector data type tests are now enabled to run against Azure SQL Database. Who benefits: Developers testing VECTOR functionality in Azure SQL DB environments. Impact: Ensures VECTOR data type support test coverage.

  • Enable JSON data type tests on Azure SQL Database #2756 What was added: JSON data type tests are now enabled to run against Azure SQL Database. Who benefits: Developers testing JSON functionality in Azure SQL DB environments. Impact: Ensures JSON data type support test coverage.

Changed

  • Revert function/procedure filtering via sys.all_objects #2751 What changed: Reverted #2705 change that used sys.all_objects for filtering. Restores previous behavior to maintain consistency across metadata APIs. Who benefits: Developers using getProcedures() and getFunctions() in JDBC. Impact: Preserves compatibility with numbered procedures and avoids discrepancies between APIs.

Fixed issues

  • Address a hostname validation vulnerability by securely parsing certificate common names. #2801 What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks. Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation. Impact: This fix closes a security gap, protecting applications from man-in-the-middle attacks and ensuring compliance with security best practices.

  • JDK 8 compatibility for vector datatype handling #2750 What was fixed: Ensured fallback to JVM system property javax.net.ssl.trustStoreType if connection property is unset. Who benefits: Users configuring SSL via system properties. Impact: Enables proper SSL trust store resolution, improving compatibility with system configurations.

  • PreparedStatement getGeneratedKeys() failure with triggers #2742 What was fixed: Fixed error "The statement must be executed before any results can be obtained" when using insert triggers with generated keys. Who benefits: Developers retrieving generated keys from inserts with triggers. Impact: Restores correct behavior for both update count accuracy and generated keys retrieval in trigger scenarios.

  • Byte Buddy dependency scope #2755 What was fixed: Corrected Byte Buddy (1.15.11) dependency scope to test instead of compile. Who benefits: Developers and users of runtime artifacts. Impact: Reduces runtime artifact size (~8 MB) and ensures Byte Buddy is only included for unit tests.

  • DatabaseMetaData.getIndexInfo() NON_UNIQUE value inconsistency #2773 What was fixed: Fixed incorrect NON_UNIQUE values due to mismatched handling of sp_statistics and sys.indexes. Who benefits: Applications depending on accurate index metadata. Impact: Provides consistent value of NON_UNIQUE field across SQL Server and Azure Synapse Analytics.

  • DatabaseMetaData.getIndexInfo() invalid cursor position exception 2763 What was fixed: Fixed SQLException: Invalid cursor position caused when calling ResultSet.next() after exhaustion due to CachedRowSet strict cursor validation. Who benefits: Developers consuming metadata via DatabaseMetaData.getIndexInfo() on SQL Server or Azure Synapse DW.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Warning

Tests have not run on the HEAD 53aaa81 yet

Mon, 05 Jan 2026 23:24:30 UTC

@dependabot
chore(deps): bump com.microsoft.sqlserver:mssql-jdbc in /app/server
53aaa81 
Bumps [com.microsoft.sqlserver:mssql-jdbc](https://github.com/Microsoft/mssql-jdbc) from 11.2.1.jre17 to 13.2.1.jre11.
- [Release notes](https://github.com/Microsoft/mssql-jdbc/releases)
- [Changelog](https://github.com/microsoft/mssql-jdbc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Microsoft/mssql-jdbc/commits)

---
updated-dependencies:
- dependency-name: com.microsoft.sqlserver:mssql-jdbc
  dependency-version: 13.2.1.jre11
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added Dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 5, 2026
@dependabot dependabot bot added Dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 5, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 5, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sharat87 sharat87 Awaiting requested review from sharat87 sharat87 is a code owner

@nidhi-nair nidhi-nair Awaiting requested review from nidhi-nair nidhi-nair is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants