Bump org.postgresql:postgresql from 42.7.3 to 42.7.9

[dependabot]

Bumps org.postgresql:postgresql from 42.7.3 to 42.7.9.

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.9

Changes

• Added changelogs for version 42.7.9 @​davecramer (#3908)
• the classloader is nullable, and remove a space @​davecramer (#3907)
• fix: incorrect pg_stat_replication.reply_time calculation @​atorik (#3906)
• fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only @​davecramer (#3897)
• fix badges for maven central and search paths. Sonatype has changed the search paths @​davecramer (#3901)
• fix: make all Calendar instances proleptic Gregorian (#3837) @​m-van-tilburg (#3887)
• test: add CI tests with Java 26 @​vlsi (#3893)
• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder @​vlsi (#3866)
• use ssl_is_used() to check for ssl connection @​davecramer (#3867)
• Add PEMKeyManager to handle PEM based certs and keys. @​harinath001 (#3700)
• Comment and simplify the complex state machine logic in QueryExecutorImpl @​davecramer (#3850)
• Revert "fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN" @​davecramer (#3851)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN @​ShenFeng312 (#3838)
• Small simplication of locking patterns in QueryExecutorBase @​Sanne (#3849)
• doc: update property quoteReturningIdentifiers default value @​sodekim (#3847)
• feat: default query timeout property @​cfredri4 (#3705)
• create action to deploy docs to https://pgjdbc.github.io/ @​davecramer (#3819)
• fix homepage release note @​davecramer (#3817)

🐛 Bug Fixes

• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @​vlsi (#3903)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @​vlsi (#3886)

📝 Documentation

• doc: add the new PGP signing key to the official documentation @​vlsi (#3813)

🧰 Maintenance

• chore: remove unused com.github.spotbugs Gradle plugin dependency @​vlsi (#3868)
• chore: drop SpotBugs as we do not seem to use it @​vlsi (#3834)
• chore: bump version to 42.7.9 after 42.7.8 release @​vlsi (#3810)

⬆️ Dependencies

• chore(deps): update actions/create-github-app-token digest to 29824e6 @​renovate-bot (#3898)
• chore(deps): update actions/setup-java digest to c1e3236 @​renovate-bot (#3899)
• chore(deps): update codecov/codecov-action digest to 671740a @​renovate-bot (#3900)
• fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed @​renovate-bot (#3884)
• fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 @​renovate-bot (#3883)
• fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 @​renovate-bot (#3885)
• fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 @​renovate-bot (#3882)
• chore(deps): update github/codeql-action digest to 497990d @​renovate-bot (#3881)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.9] (2026-01-14)

Added

• feat: query timeout property [PR #3705](pgjdbc/pgjdbc#3705)
• feat: Add PEMKeyManager to handle PEM based certs and keys [PR #3700](pgjdbc/pgjdbc#3700)

Changed

• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder
• doc: update property quoteReturningIdentifiers default value [PR #3847](pgjdbc/pgjdbc#3847)
• security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class

Fixed

• fix: incorrect pg_stat_replication.reply_time calculation [PR #3906](pgjdbc/pgjdbc#3906)
• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob
• fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR #3897](pgjdbc/pgjdbc#3897)
• fix: make all Calendar instances proleptic Gregorian [PR #3837](pgjdbc/pgjdbc#3887)
• fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR #3897](pgjdbc/pgjdbc#3849)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR #3886](pgjdbc/pgjdbc#3886)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN [PR #3838](pgjdbc/pgjdbc#3838)
• fix: use ssl_is_used() to check for ssl connection [PR #3867](pgjdbc/pgjdbc#3867)
• fix: the classloader is nullable [PR #3907](pgjdbc/pgjdbc#3907)

[42.7.8] (2025-09-18)

Added

• feat: Add configurable boolean-to-numeric conversion for ResultSet getters [PR #3796](pgjdbc/pgjdbc#3796)

Changed

• perf: remove QUERY_ONESHOT flag when calling getMetaData [PR #3783](pgjdbc/pgjdbc#3783)
• perf: use BufferedInputStream with FileInputStream [PR #3750](pgjdbc/pgjdbc#3750)
• perf: enable server-prepared statements for DatabaseMetaData

Fixed

• fix: avoid NullPointerException when cancelling a query if cancel key is not known yet
• fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" [PR #3774](pgjdbc/pgjdbc#3774)
• fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength [PR #3746](pgjdbc/pgjdbc#3746)
• fix: make sure getImportedExportedKeys returns columns in consistent order
• fix: Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException [PR #3660](pgjdbc/pgjdbc#3660)
• fix: unable to open replication connection to servers < 12
• fix: avoid closing statement caused by driver's internal ResultSet#close()
• fix: return empty metadata for empty catalog names as it was before
• fix: Incorrect class comparison in PGXmlFactoryFactory validation

[42.7.7] (2025-06-10)

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security

... (truncated)

Commits

• 79b784e Added changelogs for version 42.7.9 (#3908)
• 1c00ffc doc: add the new PGP signing key to the official documentation
• f774000 chore(deps): update actions/create-github-app-token digest to 29824e6
• 27daf3b chore(deps): update actions/setup-java digest to c1e3236
• 6eb01ff chore(deps): update codecov/codecov-action digest to 671740a
• dbf1e57 the classloader is nullable, and remove a space (#3907)
• 6a20574 Merge commit from fork
• c07721a fix: incorrect pg_stat_replication.reply_time calculation (#3906)
• 83023f3 fix: close temporary lob descriptors that are used internally in PreparedStat...
• 62c9805 fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, java. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

This pull request is stale because it has been open for 14 days with no activity.

[github-actions]

This pull request was closed because it has been inactive for 7 days since being marked as stale.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.