Bump the dependencies group with 3 updates #252

dependabot · 2026-01-19T23:51:27Z

Bumps the dependencies group with 3 updates: org.postgresql:postgresql, ch.qos.logback:logback-classic and io.freefair.lombok.

Updates org.postgresql:postgresql from 42.7.8 to 42.7.9

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.9

Changes

Added changelogs for version 42.7.9 @davecramer (#3908)

the classloader is nullable, and remove a space @davecramer (#3907)

fix: incorrect pg_stat_replication.reply_time calculation @atorik (#3906)

fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only @davecramer (#3897)

fix badges for maven central and search paths. Sonatype has changed the search paths @davecramer (#3901)

fix: make all Calendar instances proleptic Gregorian (#3837) @m-van-tilburg (#3887)

test: add CI tests with Java 26 @vlsi (#3893)

perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder @vlsi (#3866)

use ssl_is_used() to check for ssl connection @davecramer (#3867)

Add PEMKeyManager to handle PEM based certs and keys. @harinath001 (#3700)

Comment and simplify the complex state machine logic in QueryExecutorImpl @davecramer (#3850)

Revert "fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN" @davecramer (#3851)

fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN @ShenFeng312 (#3838)

Small simplication of locking patterns in QueryExecutorBase @Sanne (#3849)

doc: update property quoteReturningIdentifiers default value @sodekim (#3847)

feat: default query timeout property @cfredri4 (#3705)

create action to deploy docs to https://pgjdbc.github.io/ @davecramer (#3819)

fix homepage release note @davecramer (#3817)

🐛 Bug Fixes

fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @vlsi (#3903)

fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @vlsi (#3886)

📝 Documentation

doc: add the new PGP signing key to the official documentation @vlsi (#3813)

🧰 Maintenance

chore: remove unused com.github.spotbugs Gradle plugin dependency @vlsi (#3868)

chore: drop SpotBugs as we do not seem to use it @vlsi (#3834)

chore: bump version to 42.7.9 after 42.7.8 release @vlsi (#3810)

⬆️ Dependencies

chore(deps): update actions/create-github-app-token digest to 29824e6 @renovate-bot (#3898)

chore(deps): update actions/setup-java digest to c1e3236 @renovate-bot (#3899)

chore(deps): update codecov/codecov-action digest to 671740a @renovate-bot (#3900)

fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed @renovate-bot (#3884)

fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 @renovate-bot (#3883)

fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 @renovate-bot (#3885)

fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 @renovate-bot (#3882)

chore(deps): update github/codeql-action digest to 497990d @renovate-bot (#3881)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.9] (2026-01-14)

Added

feat: query timeout property [PR #3705](pgjdbc/pgjdbc#3705)

feat: Add PEMKeyManager to handle PEM based certs and keys [PR #3700](pgjdbc/pgjdbc#3700)

Changed

perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder

doc: update property quoteReturningIdentifiers default value [PR #3847](pgjdbc/pgjdbc#3847)

security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class

Fixed

fix: incorrect pg_stat_replication.reply_time calculation [PR #3906](pgjdbc/pgjdbc#3906)

fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob

fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR #3897](pgjdbc/pgjdbc#3897)

fix: make all Calendar instances proleptic Gregorian [PR #3837](pgjdbc/pgjdbc#3887)

fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR #3897](pgjdbc/pgjdbc#3849)

fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR #3886](pgjdbc/pgjdbc#3886)

fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN [PR #3838](pgjdbc/pgjdbc#3838)

fix: use ssl_is_used() to check for ssl connection [PR #3867](pgjdbc/pgjdbc#3867)

fix: the classloader is nullable [PR #3907](pgjdbc/pgjdbc#3907)

Commits

79b784e Added changelogs for version 42.7.9 (#3908)
1c00ffc doc: add the new PGP signing key to the official documentation
f774000 chore(deps): update actions/create-github-app-token digest to 29824e6
27daf3b chore(deps): update actions/setup-java digest to c1e3236
6eb01ff chore(deps): update codecov/codecov-action digest to 671740a
dbf1e57 the classloader is nullable, and remove a space (#3907)
6a20574 Merge commit from fork
c07721a fix: incorrect pg_stat_replication.reply_time calculation (#3906)
83023f3 fix: close temporary lob descriptors that are used internally in PreparedStat...
62c9805 fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...
Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.24 to 1.5.25

Commits

f426e00 prepare release of 1.5.25
d28931f restrict object creation to expected supertype
aa264f7 test default variable values in appender-ref ref attribute
8fb403a adjust copyright year
b294a12 check optionList in start()
b65040a Add EpochConverter for milliseconds/seconds since epoch (related to issue #96...
0690174 cla for Duncan Jauncey
71dc2af Removed email address for Tony.
1f97ae1 check for undeclared by referenced appenders
b07355e Move the artifact version checking code to VersionUtil in logback-core.
Additional commits viewable in compare view

Updates io.freefair.lombok from 9.1.0 to 9.2.0

Release notes

Sourced from io.freefair.lombok's releases.

9.2.0

What's Changed

Bump io.freefair.settings.plugin-versions from 9.0.0 to 9.1.0 by @dependabot[bot] in freefair/gradle-plugins#1569

Bump com.squareup.okhttp3:okhttp-bom from 5.3.0 to 5.3.1 by @dependabot[bot] in freefair/gradle-plugins#1574

Bump com.squareup.okhttp3:okhttp-bom from 5.3.1 to 5.3.2 by @dependabot[bot] in freefair/gradle-plugins#1575

Bump org.tukaani:xz from 1.10 to 1.11 by @dependabot[bot] in freefair/gradle-plugins#1577

Bump io.freefair.settings.plugin-versions from 8.14.2 to 8.14.3 in /examples by @dependabot[bot] in freefair/gradle-plugins#1573

Bump org.springframework.boot:spring-boot-starter from 3.5.6 to 3.5.7 in /examples by @dependabot[bot] in freefair/gradle-plugins#1567

Bump org.junit:junit-bom from 5.14.0 to 5.14.1 by @dependabot[bot] in freefair/gradle-plugins#1564

Bump io.freefair.settings.plugin-versions from 8.14.2 to 8.14.3 by @dependabot[bot] in freefair/gradle-plugins#1563

Bump org.aspectj:aspectjrt from 1.9.24 to 1.9.25 in /examples by @dependabot[bot] in freefair/gradle-plugins#1566

Bump de.larsgrefer.sass:sass-embedded-host from 4.3.1 to 4.4.0 by @dependabot[bot] in freefair/gradle-plugins#1586

Bump actions/checkout from 5 to 6 by @dependabot[bot] in freefair/gradle-plugins#1580

Bump com.gradle.develocity from 4.2.2 to 4.3 by @dependabot[bot] in freefair/gradle-plugins#1593

Bump org.mockito:mockito-core from 5.20.0 to 5.21.0 by @dependabot[bot] in freefair/gradle-plugins#1591

Bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 7.0.1.6134 to 7.2.0.6526 by @dependabot[bot] in freefair/gradle-plugins#1588

Bump de.larsgrefer.sass:sass-embedded-host from 4.3.1 to 4.4.0 by @dependabot[bot] in freefair/gradle-plugins#1581

Bump org.junit:junit-bom from 6.0.1 to 6.0.2 by @dependabot[bot] in freefair/gradle-plugins#1608

Bump org.junit:junit-bom from 5.14.1 to 5.14.2 by @dependabot[bot] in freefair/gradle-plugins#1607

Bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin from 7.2.0.6526 to 7.2.2.6593 by @dependabot[bot] in freefair/gradle-plugins#1603

Bump gradle/actions from 4 to 5 by @dependabot[bot] in freefair/gradle-plugins#1523

Full Changelog: freefair/gradle-plugins@9.1.0...9.2.0

Commits

76c5485 Merge branch '8.x' of github.com:freefair/gradle-plugins
06b4fde Update to maven-plugin-plugin 3.15.2
5fe8130 Update to org.graalvm.buildtools.native 0.11.3
d2b733e Merge branch 'main' of github.com:freefair/gradle-plugins
5e93b6d Bump gradle/actions from 4 to 5 (#1523)
f9736b4 Merge branch '8.x' of github.com:freefair/gradle-plugins
9bef6ba Bump org.sonarsource.scanner.gradle:sonarqube-gradle-plugin (#1603)
d384c72 Update to Spring Boot 4.0.1
6a62611 Merge branch '8.x' of github.com:freefair/gradle-plugins
715ea0c Update to Maven 3.9.12
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 3 updates: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc), [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) and [io.freefair.lombok](https://github.com/freefair/gradle-plugins). Updates `org.postgresql:postgresql` from 42.7.8 to 42.7.9 - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.8...REL42.7.9) Updates `ch.qos.logback:logback-classic` from 1.5.24 to 1.5.25 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.24...v_1.5.25) Updates `io.freefair.lombok` from 9.1.0 to 9.2.0 - [Release notes](https://github.com/freefair/gradle-plugins/releases) - [Commits](freefair/gradle-plugins@9.1.0...9.2.0) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-version: 42.7.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.25 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: io.freefair.lombok dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 19, 2026

rfresh2 merged commit f9636f7 into 1.21.4 Jan 19, 2026
2 checks passed

rfresh2 deleted the dependabot/gradle/dependencies-c52c66c1c1 branch January 19, 2026 23:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the dependencies group with 3 updates #252

Bump the dependencies group with 3 updates #252

dependabot bot commented on behalf of github Jan 19, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the dependencies group with 3 updates #252

Bump the dependencies group with 3 updates #252

Conversation

dependabot bot commented on behalf of github Jan 19, 2026

v42.7.9

Changes

🐛 Bug Fixes

📝 Documentation

🧰 Maintenance

⬆️ Dependencies

[42.7.9] (2026-01-14)

Added

Changed

Fixed

9.2.0

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants