fix(deps): bump: bump org.mariadb.jdbc:mariadb-java-client from 3.5.8 to 3.5.9

[dependabot]

Bumps org.mariadb.jdbc:mariadb-java-client from 3.5.8 to 3.5.9.

Release notes

Sourced from org.mariadb.jdbc:mariadb-java-client's releases.

MariaDB Connector/Java 3.5.9

3.5.9 (Jun 2026)

Full Changelog

Key Enhancements

• CONJ-1223 - cache TLS trust/key managers across connections to reduce SSL connection cost
• CONJ-1314 - add SPI for interactive dialog (PAM) authentication callback
• CONJ-1311 - add dedicated option useIpForKillQuery for query cancellation
• CONJ-1310 - Add full native image support and CI coverage

Issues Resolved

• CONJ-1320 - PAM (dialog) authentication must require a secure connection (report by fg0x0)
• CONJ-1319 - Use constant-time comparison when validating the server certificate fingerprint (report by jmestwa-coder)
• CONJ-1318 - enforce allowLocalInfile=false on the server's local-infile request, so a malicious server cannot read a client file despite the option being disabled
• CONJ-1322 - match local infile filename case-sensitively (thanks to jmestwa-coder)
• CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)
• CONJ-1315 - cap BigDecimal/BigInteger string parsing length to prevent CPU exhaustion if MitM (report by tonghuaroot)
• CONJ-1317 - ensure non-UTF8 charset cannot be used for protocol exchanges (report by fg0x0)
• CONJ-1304 - CallableStatement parameter metadata read from mysql.proc, with MySQL info_schema fallback
• CONJ-1299 - keep VALUES literals after the last placeholder when rewriting batches
• CONJ-1313 - race condition in HaMode#getAvailableHostInOrder can cause NPE
• CONJ-1311 - Connection.cancelCurrentQuery fails with SslMode.VERIFY_FULL when client socket IP is set
• CONJ-1264 - handle LocalDateTime as a zoneless wall-clock value
• CONJ-1316 - pin Locale.ROOT on locale-sensitive call sites and date/time/Duration text formatting (fixes locale-dependent parsing/formatting, e.g. under tr_TR) (thanks to jmestwa-coder)
• CONJ-1324 - fix SQL parser to correctly handle '--' in expressions and reset lastChar after block comments
• CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)

Changelog

Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.

3.5.9 (Jun 2026)

Full Changelog

Key Enhancements

• CONJ-1223 - cache TLS trust/key managers across connections to reduce SSL connection cost
• CONJ-1314 - add SPI for interactive dialog (PAM) authentication callback
• CONJ-1311 - add dedicated option useIpForKillQuery for query cancellation
• CONJ-1310 - Add full native image support and CI coverage

Issues Resolved

• CONJ-1320 - PAM (dialog) authentication must require a secure connection (report by fg0x0)
• CONJ-1319 - Use constant-time comparison when validating the server certificate fingerprint (report by jmestwa-coder)
• CONJ-1318 - enforce allowLocalInfile=false on the server's local-infile request, so a malicious server cannot read a client file despite the option being disabled
• CONJ-1322 - match local infile filename case-sensitively (thanks to jmestwa-coder)
• CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)
• CONJ-1315 - cap BigDecimal/BigInteger string parsing length to prevent CPU exhaustion if MitM (report by tonghuaroot)
• CONJ-1317 - ensure non-UTF8 charset cannot be used for protocol exchanges (report by fg0x0)
• CONJ-1304 - CallableStatement parameter metadata read from mysql.proc, with MySQL info_schema fallback
• CONJ-1299 - keep VALUES literals after the last placeholder when rewriting batches
• CONJ-1313 - race condition in HaMode#getAvailableHostInOrder can cause NPE
• CONJ-1311 - Connection.cancelCurrentQuery fails with SslMode.VERIFY_FULL when client socket IP is set
• CONJ-1264 - handle LocalDateTime as a zoneless wall-clock value
• CONJ-1316 - pin Locale.ROOT on locale-sensitive call sites and date/time/Duration text formatting (fixes locale-dependent parsing/formatting, e.g. under tr_TR) (thanks to jmestwa-coder)
• CONJ-1324 - fix SQL parser to correctly handle '--' in expressions and reset lastChar after block comments
• CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)

3.4.3 (Jun 2026)

Full Changelog

Bugs Fixed

• CONJ-1315 - cap BigDecimal/BigInteger string parsing length to prevent CPU exhaustion if Mitm (report by tonghuaroot)
• CONJ-1316 - pin Locale.ROOT on locale-sensitive call sites and date/time/Duration text formatting (fixes locale-dependent parsing/formatting, e.g. under tr_TR) (thanks to jmestwa-coder)
• CONJ-1259 - DatabaseMetaData read-only detection: handle MariaDB 12.0 @@read_only returning ON/OFF instead of 1/0
• CONJ-1317 - ensure non-UTF8 charset cannot be used for protocol exchanges (report by fg0x0)
• CONJ-1320 - PAM (dialog) authentication now requires a secure connection (TLS or unix socket), like mysql_clear_password (report by fg0x0)
• CONJ-1319 - use constant-time comparison when validating the server certificate fingerprint (thanks to jmestwa-coder)
• CONJ-1322 - match local infile filename case-sensitively (thanks to jmestwa-coder)
• CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)

3.3.5 (Jun 2026)

... (truncated)

Commits

• df4ebe2 [misc] enhance TcpProxy and TcpProxySocket for improved thread safety and con...
• 687c840 [misc] update environment variable for Maxscale version
• 4466ad6 [misc] test stability improvement : update proxy close method in PooledConnec...
• 1e29819 [misc] update README version
• da297f1 Merge branch 'develop'
• 83d3da9 [misc] Update CHANGELOG
• e39e8b9 match local infile filename case-sensitively
• d90b987 [misc] Implement secure authentication checks and add regression tests for cr...
• f4a727c [CONJ-1320] PAM (dialog) authentication must require a secure connection
• a87c711 [misc] update CHANGELOG
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)