[Security] Bump quartz from 2.3.0 to 2.3.2

[dependabot-preview]

Bumps quartz from 2.3.0 to 2.3.2.

Release notes

Sourced from quartz's releases.

Quartz 2.3.2

This a bug fix release containing fixes for:

• #508 : Error with H2 1.4.200
• #505 : CronTrigger.getTriggerBuilder() changes misfire instruction from "ignore misfire" to "smart"
• #491 : StdJDBCDelegate.selectTriggerToAcquire may not respect maxCount
• #490 : Return at most maxCount triggers
• #482 : Update C3P0 version to 0.9.5.4 (CVE-2019-5427)
• #474 : StdSchedulerFactory ConcurrentModificationException reading system properties
• #467 : Security: XXE in initDocumentParser

quartz-2.3.1

THIS RELEASE REQUIRES JDK7

• #294 depen: Update hikaricp-java6:2.3.13 to hikaricp-java7:2.4.13
• #316 depen: Updated C3P0 version to 0.9.5.3
• #147 bugfix: Fix BINARY to BLOG type for job data for hsqldb
• #156 bugfix: Fix null string used in thread name with DirectSchedulerFactory
• #159 bugfix: Fix extra bad char tick on drop table qurtz_fired_triggers for postgres
• #146 bugfix: Release BLOCKED triggers in releaseAcquiredTrigger
• #212 bugfix: QuartzInitializerListener: fix a typo
• #193 bugfix: Job execution context impl returns incorrect recovering job key
• #172 bugfix: Miss notify SchedulerListeners in QuartzScheduler.java
• #220 bugifx: DailyTimeIntervalTrigger failed to set endingDailyAfterCount = 1
• #160 improv: Add drop table if exists check in sql script for postgres
• #214 improv: Reuse JobBuilder.storeDurably(boolean) in JobBuilder
• #281 improv: Fix no setter for dataSource property validateOnCheckout
• #264 improv: Fix no setter for dataSource property discardIdleConnectionsSeconds
• #245 improv: Sybase: Changed varchar length TRIGGER_NAME from 80 to 200
• #340 improv: Use all-caps table names in the liquibase script
• #189 improv: NPE thrown when acquiring next trigger due to null next fire time value
• #268 improv: Add configurable params for StdRowLockSemaphore for Failure obtaining db row lock
• #293 build: Setup Azure CI server for Quartz project
• #66 build: Remove unused 'svn' requirement during maven package build
• #301 build: Improve project with readme, and license changes log
• #302 build: Update mvnw wrapper to use Maven 3.6.0
• #226 build: Replace maven-forge-plugin with maven-jar-plugin
• #170 docs: Minor fix and improvement on Javadoc
• #203 docs: Minor fix and improvement on Javadoc
• #360 docs: Update docs and migrate it into main source repository

Changelog

Sourced from quartz's changelog.

== quartz-2.3.2

This release is still work in progress under quartz-2.3.x branch!

== quartz-2.3.1

Released on 25-Mar-2018

THIS RELEASE REQUIRES JDK7

• #294 depen: Update hikaricp-java6:2.3.13 to hikaricp-java7:2.4.13
• #316 depen: Updated C3P0 version to 0.9.5.3
• #147 bugfix: Fix BINARY to BLOG type for job data for hsqldb
• #156 bugfix: Fix null string used in thread name with DirectSchedulerFactory
• #159 bugfix: Fix extra bad char tick on drop table qurtz_fired_triggers for postgres
• #146 bugfix: Release BLOCKED triggers in releaseAcquiredTrigger
• #212 bugfix: QuartzInitializerListener: fix a typo
• #193 bugfix: Job execution context impl returns incorrect recovering job key
• #172 bugfix: Miss notify SchedulerListeners in QuartzScheduler.java
• #220 bugifx: DailyTimeIntervalTrigger failed to set endingDailyAfterCount = 1
• #160 improv: Add drop table if exists check in sql script for postgres
• #214 improv: Reuse JobBuilder.storeDurably(boolean) in JobBuilder
• #281 improv: Fix no setter for dataSource property validateOnCheckout
• #264 improv: Fix no setter for dataSource property discardIdleConnectionsSeconds
• #245 improv: Sybase: Changed varchar length TRIGGER_NAME from 80 to 200
• #340 improv: Use all-caps table names in the liquibase script
• #189 improv: NPE thrown when acquiring next trigger due to null next fire time value
• #268 improv: Add configurable params for StdRowLockSemaphore for Failure obtaining db row lock
• #293 build: Setup Azure CI server for Quartz project
• #66 build: Remove unused 'svn' requirement during maven package build
• #301 build: Improve project with readme, and license changes log
• #302 build: Update mvnw wrapper to use Maven 3.6.0
• #226 build: Replace maven-forge-plugin with maven-jar-plugin
• #170 docs: Minor fix and improvement on Javadoc
• #203 docs: Minor fix and improvement on Javadoc
• #360 docs: Update docs and migrate it into main source repository

Commits

• 3533e40 Release 2.3.2 from quartz-2.3.x
• 789afce Merge pull request #517 from chrisdennis/issue-508-2.3.x
• 941d184 Merge branch 'issue-508' into issue-508-2.3.x
• c069965 Merge pull request #520 from chrisdennis/issue-491-2.3.x
• de69c46 Issue #491 : Added unit test coverage
• bc6be51 Merge branch 'issue-491' into issue-491-2.3.x
• e990cd1 Merge pull request #521 from chrisdennis/c3p0-upgrade-2.3.x
• 99077cd Merge branch 'c3p0-upgrade' into c3p0-upgrade-2.3.x
• 8552008 Merge pull request #522 from chrisdennis/trigger-javadoc-fix
• 8ab547f Merge pull request #519 from chrisdennis/issue-505
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

We've just been alerted that this update fixes a security vulnerability:

Sourced from The GitHub Security Advisory Database.

XML external entity injection in Terracotta Quartz Scheduler
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

Affected versions: ["< 2.3.2"]