chore(deps): bump org.postgresql:postgresql from 42.7.2 to 42.7.9 by dependabot[bot] · Pull Request #131 · octodemo/java-springboot-demo

dependabot · 2026-01-19T04:51:32Z

Bumps org.postgresql:postgresql from 42.7.2 to 42.7.9.

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.9

Changes

Added changelogs for version 42.7.9 @davecramer (#3908)

the classloader is nullable, and remove a space @davecramer (#3907)

fix: incorrect pg_stat_replication.reply_time calculation @atorik (#3906)

fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only @davecramer (#3897)

fix badges for maven central and search paths. Sonatype has changed the search paths @davecramer (#3901)

fix: make all Calendar instances proleptic Gregorian (#3837) @m-van-tilburg (#3887)

test: add CI tests with Java 26 @vlsi (#3893)

perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder @vlsi (#3866)

use ssl_is_used() to check for ssl connection @davecramer (#3867)

Add PEMKeyManager to handle PEM based certs and keys. @harinath001 (#3700)

Comment and simplify the complex state machine logic in QueryExecutorImpl @davecramer (#3850)

Revert "fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN" @davecramer (#3851)

fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN @ShenFeng312 (#3838)

Small simplication of locking patterns in QueryExecutorBase @Sanne (#3849)

doc: update property quoteReturningIdentifiers default value @sodekim (#3847)

feat: default query timeout property @cfredri4 (#3705)

create action to deploy docs to https://pgjdbc.github.io/ @davecramer (#3819)

fix homepage release note @davecramer (#3817)

🐛 Bug Fixes

fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @vlsi (#3903)

fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @vlsi (#3886)

📝 Documentation

doc: add the new PGP signing key to the official documentation @vlsi (#3813)

🧰 Maintenance

chore: remove unused com.github.spotbugs Gradle plugin dependency @vlsi (#3868)

chore: drop SpotBugs as we do not seem to use it @vlsi (#3834)

chore: bump version to 42.7.9 after 42.7.8 release @vlsi (#3810)

⬆️ Dependencies

chore(deps): update actions/create-github-app-token digest to 29824e6 @renovate-bot (#3898)

chore(deps): update actions/setup-java digest to c1e3236 @renovate-bot (#3899)

chore(deps): update codecov/codecov-action digest to 671740a @renovate-bot (#3900)

fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed @renovate-bot (#3884)

fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 @renovate-bot (#3883)

fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 @renovate-bot (#3885)

fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 @renovate-bot (#3882)

chore(deps): update github/codeql-action digest to 497990d @renovate-bot (#3881)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.9] (2026-01-14)

Added

feat: query timeout property [PR #3705](pgjdbc/pgjdbc#3705)

feat: Add PEMKeyManager to handle PEM based certs and keys [PR #3700](pgjdbc/pgjdbc#3700)

Changed

perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder

doc: update property quoteReturningIdentifiers default value [PR #3847](pgjdbc/pgjdbc#3847)

security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class

Fixed

fix: incorrect pg_stat_replication.reply_time calculation [PR #3906](pgjdbc/pgjdbc#3906)

fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob

fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR #3897](pgjdbc/pgjdbc#3897)

fix: make all Calendar instances proleptic Gregorian [PR #3837](pgjdbc/pgjdbc#3887)

fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR #3897](pgjdbc/pgjdbc#3849)

fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR #3886](pgjdbc/pgjdbc#3886)

fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN [PR #3838](pgjdbc/pgjdbc#3838)

fix: use ssl_is_used() to check for ssl connection [PR #3867](pgjdbc/pgjdbc#3867)

fix: the classloader is nullable [PR #3907](pgjdbc/pgjdbc#3907)

[42.7.8] (2025-09-18)

Added

feat: Add configurable boolean-to-numeric conversion for ResultSet getters [PR #3796](pgjdbc/pgjdbc#3796)

Changed

perf: remove QUERY_ONESHOT flag when calling getMetaData [PR #3783](pgjdbc/pgjdbc#3783)

perf: use BufferedInputStream with FileInputStream [PR #3750](pgjdbc/pgjdbc#3750)

perf: enable server-prepared statements for DatabaseMetaData

Fixed

fix: avoid NullPointerException when cancelling a query if cancel key is not known yet

fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" [PR #3774](pgjdbc/pgjdbc#3774)

fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength [PR #3746](pgjdbc/pgjdbc#3746)

fix: make sure getImportedExportedKeys returns columns in consistent order

fix: Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException [PR #3660](pgjdbc/pgjdbc#3660)

fix: unable to open replication connection to servers < 12

fix: avoid closing statement caused by driver's internal ResultSet#close()

fix: return empty metadata for empty catalog names as it was before

fix: Incorrect class comparison in PGXmlFactoryFactory validation

[42.7.7] (2025-06-10)

Security

security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security

... (truncated)

Commits

79b784e Added changelogs for version 42.7.9 (#3908)
1c00ffc doc: add the new PGP signing key to the official documentation
f774000 chore(deps): update actions/create-github-app-token digest to 29824e6
27daf3b chore(deps): update actions/setup-java digest to c1e3236
6eb01ff chore(deps): update codecov/codecov-action digest to 671740a
dbf1e57 the classloader is nullable, and remove a space (#3907)
6a20574 Merge commit from fork
c07721a fix: incorrect pg_stat_replication.reply_time calculation (#3906)
83023f3 fix: close temporary lob descriptors that are used internally in PreparedStat...
62c9805 fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) from 42.7.2 to 42.7.9. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.2...REL42.7.9) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-version: 42.7.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jan 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump org.postgresql:postgresql from 42.7.2 to 42.7.9#131

chore(deps): bump org.postgresql:postgresql from 42.7.2 to 42.7.9#131
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/org.postgresql-postgresql-42.7.9

dependabot bot commented on behalf of github Jan 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Jan 19, 2026

v42.7.9

Changes

🐛 Bug Fixes

📝 Documentation

🧰 Maintenance

⬆️ Dependencies

[42.7.9] (2026-01-14)

Added

Changed

Fixed

[42.7.8] (2025-09-18)

Added

Changed

Fixed

[42.7.7] (2025-06-10)

Security

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants