From 91e14f70423bba6bceec7682cc3e6a7606331eec Mon Sep 17 00:00:00 2001
From: Lukas Eder <lukas.eder@datageekery.com>
Date: Mon, 6 Jan 2025 10:05:58 +0100
Subject: [PATCH] [jOOQ/jOOQ#17823] Upgrade errorprone transitive dependencies
 to mitigate CVE-2023-2976

---
 jOOQ-checker/pom.xml | 12 ++++++------
 pom.xml              |  7 +++----
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/jOOQ-checker/pom.xml b/jOOQ-checker/pom.xml
index ff767c32cd..9db21f3cc7 100644
--- a/jOOQ-checker/pom.xml
+++ b/jOOQ-checker/pom.xml
@@ -85,13 +85,13 @@
             <artifactId>checker</artifactId>
         </dependency>
 
-        <!-- [#12884] [#14055] [#17315]
-             Explicit upgrade of transitive dependency due to CVE-2021-22569, CVE-2024-7254
-             TODO: Remove again when https://github.com/google/error-prone/pull/2819 is released  -->
+        <!-- [#17823]
+             Explicit upgrade of transitive dependency due to CVE-2020-8908, CVE-2023-2976
+             TODO: Remove again when https://github.com/jOOQ/jOOQ/issues/17823  -->
         <dependency>
-            <groupId>com.google.protobuf</groupId>
-            <artifactId>protobuf-java</artifactId>
-            <version>3.25.5</version>
+            <groupId>io.github.eisop</groupId>
+            <artifactId>dataflow-errorprone</artifactId>
+            <version>3.42.0-eisop5</version>
         </dependency>
         <dependency>
             <groupId>com.google.errorprone</groupId>
diff --git a/pom.xml b/pom.xml
index cfc89b631b..4f9f432e9b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,7 +31,7 @@
 
         <!-- JDBC drivers for jOOQ-xyz-extensions modules and vendor-specific API access -->
         <postgres.version>42.7.3</postgres.version>
-        <sqlserver.version>12.8.1.jre11</sqlserver.version>
+        <sqlserver.version>12.9.0.jre11-preview</sqlserver.version>
         <oracle.version>23.5.0.24.07</oracle.version>
 
         <!-- R2DBC SPI version and some matching driver versions -->
@@ -64,9 +64,8 @@
         <liquibase.version>4.25.1</liquibase.version>
         <checkerframework.version>3.44.0</checkerframework.version>
         <spring.version>6.1.14</spring.version>
-        <!-- [#12884] TODO: Remove explicit upgrade of protobuf-java again when https://github.com/google/error-prone/pull/2819 is released  -->
-        <errorprone.version>2.28.0</errorprone.version>
-        <testcontainers.version>1.19.8</testcontainers.version>
+        <errorprone.version>2.36.0</errorprone.version>
+        <testcontainers.version>1.20.4</testcontainers.version>
         <jackson.version>2.16.1</jackson.version>
         <jackson.version.databind>2.16.1</jackson.version.databind>
         <jetbrains.annotations.version>24.1.0</jetbrains.annotations.version>