Skip to content

chore(deps): bump org.apache.calcite.avatica:avatica-core from 1.26.0 to 1.28.0#902

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/org.apache.calcite.avatica-avatica-core-1.28.0
Open

chore(deps): bump org.apache.calcite.avatica:avatica-core from 1.26.0 to 1.28.0#902
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/org.apache.calcite.avatica-avatica-core-1.28.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026
edited
Loading

Bumps org.apache.calcite.avatica:avatica-core from 1.26.0 to 1.28.0.

Commits
  • 7d36626 [CALCITE-7495] Release Avatica 1.28.0
  • 849b19e [CALCITE-7507] NPE in ReleaseExtension.<init> when building from sources
  • 4e1cbcc [CALCITE-7500] Add support for jdk 24 in CI
  • 9efbff8 [CALCITE-6781] The isUpdateCapable method of calcite.avatica will incorrectly...
  • 49e2316 [CALCITE-7329] Remove slf4j-api from avatica-shadow jar
  • 2f226e0 Bump addressable from 2.8.7 to 2.9.0 in /site
  • 0b78b9c [CALCITE-7459] Upgrade Jackson in Avatica to 2.18.6 due to CVE
  • dc8a961 [CALCITE-7449] DateTimeUtils.intervalDayTimeToString silently truncates large...
  • 8f2b775 [CALCITE-7436] Add high-coverage Jazzer fuzzing for Avatica core modules
  • 4acf635 [CALCITE-6135] BEARER authentication support
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependency-upgrade Dependency upgrade is needed label May 12, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

🧪 Java Unit Tests

TestsPassed ✅Skipped ⚠️FailedTime ⏱
Java Tests Report309 ran256 ✅53 ⚠️0 ❌9m 40s 714ms

📦 Artifacts

Name Size Updated Expiration
jar 402.66 MB May 15, 26, 7:29:29 AM UTC May 22, 26, 7:29:14 AM UTC

🛡 Trivy

Vulnerability in: Java

Vulnerability Severity Package Installed Version Fixed Version
GHSA-72hv-8253-57qq MEDIUM com.fasterxml.jackson.core:jackson-core 2.21.0 2.21.1, 2.18.6
CVE-2025-53864 MEDIUM com.nimbusds:nimbus-jose-jwt 9.40 10.0.2, 9.37.4
CVE-2025-48924 MEDIUM commons-lang:commons-lang 2.4
CVE-2026-42583 HIGH io.netty:netty-codec-compression 4.2.12.Final 4.2.13.Final
CVE-2026-42583 HIGH io.netty:netty-codec-compression 4.2.12.Final 4.2.13.Final
CVE-2026-42583 HIGH io.netty:netty-codec-compression 4.2.9.Final 4.2.13.Final
CVE-2026-42579 HIGH io.netty:netty-codec-dns 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42579 HIGH io.netty:netty-codec-dns 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42584 HIGH io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42584 HIGH io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-41417 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-41417 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42580 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42580 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42581 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42581 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42585 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42585 MEDIUM io.netty:netty-codec-http 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-33870 HIGH io.netty:netty-codec-http 4.2.9.Final 4.1.132.Final, 4.2.10.Final
CVE-2026-42584 HIGH io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-41417 MEDIUM io.netty:netty-codec-http 4.2.9.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42580 MEDIUM io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42581 MEDIUM io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42585 MEDIUM io.netty:netty-codec-http 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http2 4.2.12.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-33871 HIGH io.netty:netty-codec-http2 4.2.9.Final 4.1.132.Final, 4.2.11.Final
CVE-2026-42587 HIGH io.netty:netty-codec-http2 4.2.9.Final 4.2.13.Final, 4.1.133.Final
CVE-2026-42578 LOW io.netty:netty-handler-proxy 4.2.12.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42578 LOW io.netty:netty-handler-proxy 4.2.12.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42578 LOW io.netty:netty-handler-proxy 4.2.9.Final 4.1.133.Final, 4.2.13.Final
CVE-2026-42577 HIGH io.netty:netty-transport-native-epoll 4.2.12.Final 4.2.13.Final
CVE-2026-42577 HIGH io.netty:netty-transport-native-epoll 4.2.12.Final 4.2.13.Final
CVE-2024-57699 HIGH net.minidev:json-smart 2.5.1 2.5.2
CVE-2026-34479 MEDIUM org.apache.logging.log4j:log4j-1.2-api 2.25.3 2.25.4
CVE-2026-34477 MEDIUM org.apache.logging.log4j:log4j-core 2.25.3 2.25.4
CVE-2026-34478 MEDIUM org.apache.logging.log4j:log4j-core 2.25.3 2.25.4
CVE-2026-34480 MEDIUM org.apache.logging.log4j:log4j-core 2.25.3 2.25.4
CVE-2026-40490 MEDIUM org.asynchttpclient:async-http-client 3.0.7 3.0.9, 2.14.5

🔁 Unreleased Commits

✅ No unreleased commits found.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026
edited
Loading

Tests report quick summary:

success ✅ > tests: 309, success: 256, skipped: 53, failed: 0

unfold for details
Project Status Success Skipped Failed
plugin-jdbc success ✅ 37 0 0
plugin-jdbc-access success ✅ 9 0 0
plugin-jdbc-actianvector success ✅ 7 0 0
plugin-jdbc-as400 success ✅ 1 0 0
plugin-jdbc-clickhouse success ✅ 17 0 0
plugin-jdbc-db2 success ✅ 10 0 0
plugin-jdbc-druid success ✅ 4 0 0
plugin-jdbc-duckdb success ✅ 28 0 0
plugin-jdbc-hana skipped ⏭️ 0 3 0
plugin-jdbc-mariadb success ✅ 18 0 0
plugin-jdbc-mysql success ✅ 34 0 0
plugin-jdbc-oracle success ✅ 26 0 0
plugin-jdbc-pinot success ✅ 5 0 0
plugin-jdbc-postgres success ✅ 30 0 0
plugin-jdbc-redshift success ✅ 4 0 0
plugin-jdbc-snowflake success ✅ 17 0 0
plugin-jdbc-sqlite success ✅ 17 0 0
plugin-jdbc-sqlserver success ✅ 22 0 0
plugin-jdbc-sybase success ✅ 6 0 0
plugin-jdbc-trino success ✅ 4 0 0
plugin-jdbc-vertica success ✅ 10 0 0

@fdelbrayelle
Copy link
Copy Markdown
Member

fdelbrayelle commented May 15, 2026

@dependabot rebase

@dependabot
chore(deps): bump org.apache.calcite.avatica:avatica-core
57f3a91 
Bumps [org.apache.calcite.avatica:avatica-core](https://github.com/apache/calcite-avatica) from 1.26.0 to 1.28.0.
- [Commits](apache/calcite-avatica@rel/avatica-1.26.0...rel/avatica-1.28.0)

---
updated-dependencies:
- dependency-name: org.apache.calcite.avatica:avatica-core
  dependency-version: 1.28.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/gradle/org.apache.calcite.avatica-avatica-core-1.28.0 branch from cc22faa to 57f3a91 Compare May 15, 2026 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependency-upgrade Dependency upgrade is needed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fdelbrayelle