Description
Security
- fix: CVE-2022-31197 Fixes SQL generated in PgResultSet.refresh() to escape column identifiers so as to prevent SQL injection.
- Previously, the column names for both key and data columns in the table were copied as-is into the generated
SQL. This allowed a malicious table with column names that include statement terminator to be parsed and
executed as multiple separate commands. - Also adds a new test class ResultSetRefreshTest to verify this change.
- Reported by [Sho Kato](https://github.com/kato-sho)