build(deps): bump org.postgresql:postgresql from 42.7.8 to 42.7.9

[dependabot]

Bumps org.postgresql:postgresql from 42.7.8 to 42.7.9.

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.9

Changes

• Added changelogs for version 42.7.9 @​davecramer (#3908)
• the classloader is nullable, and remove a space @​davecramer (#3907)
• fix: incorrect pg_stat_replication.reply_time calculation @​atorik (#3906)
• fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only @​davecramer (#3897)
• fix badges for maven central and search paths. Sonatype has changed the search paths @​davecramer (#3901)
• fix: make all Calendar instances proleptic Gregorian (#3837) @​m-van-tilburg (#3887)
• test: add CI tests with Java 26 @​vlsi (#3893)
• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder @​vlsi (#3866)
• use ssl_is_used() to check for ssl connection @​davecramer (#3867)
• Add PEMKeyManager to handle PEM based certs and keys. @​harinath001 (#3700)
• Comment and simplify the complex state machine logic in QueryExecutorImpl @​davecramer (#3850)
• Revert "fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN" @​davecramer (#3851)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN @​ShenFeng312 (#3838)
• Small simplication of locking patterns in QueryExecutorBase @​Sanne (#3849)
• doc: update property quoteReturningIdentifiers default value @​sodekim (#3847)
• feat: default query timeout property @​cfredri4 (#3705)
• create action to deploy docs to https://pgjdbc.github.io/ @​davecramer (#3819)
• fix homepage release note @​davecramer (#3817)

🐛 Bug Fixes

• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @​vlsi (#3903)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @​vlsi (#3886)

📝 Documentation

• doc: add the new PGP signing key to the official documentation @​vlsi (#3813)

🧰 Maintenance

• chore: remove unused com.github.spotbugs Gradle plugin dependency @​vlsi (#3868)
• chore: drop SpotBugs as we do not seem to use it @​vlsi (#3834)
• chore: bump version to 42.7.9 after 42.7.8 release @​vlsi (#3810)

⬆️ Dependencies

• chore(deps): update actions/create-github-app-token digest to 29824e6 @​renovate-bot (#3898)
• chore(deps): update actions/setup-java digest to c1e3236 @​renovate-bot (#3899)
• chore(deps): update codecov/codecov-action digest to 671740a @​renovate-bot (#3900)
• fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed @​renovate-bot (#3884)
• fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 @​renovate-bot (#3883)
• fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 @​renovate-bot (#3885)
• fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 @​renovate-bot (#3882)
• chore(deps): update github/codeql-action digest to 497990d @​renovate-bot (#3881)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.9] (2026-01-14)

Added

• feat: query timeout property [PR #3705](pgjdbc/pgjdbc#3705)
• feat: Add PEMKeyManager to handle PEM based certs and keys [PR #3700](pgjdbc/pgjdbc#3700)

Changed

• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder
• doc: update property quoteReturningIdentifiers default value [PR #3847](pgjdbc/pgjdbc#3847)
• security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class

Fixed

• fix: incorrect pg_stat_replication.reply_time calculation [PR #3906](pgjdbc/pgjdbc#3906)
• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob
• fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR #3897](pgjdbc/pgjdbc#3897)
• fix: make all Calendar instances proleptic Gregorian [PR #3837](pgjdbc/pgjdbc#3887)
• fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR #3897](pgjdbc/pgjdbc#3849)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR #3886](pgjdbc/pgjdbc#3886)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN [PR #3838](pgjdbc/pgjdbc#3838)
• fix: use ssl_is_used() to check for ssl connection [PR #3867](pgjdbc/pgjdbc#3867)
• fix: the classloader is nullable [PR #3907](pgjdbc/pgjdbc#3907)

Commits

• 79b784e Added changelogs for version 42.7.9 (#3908)
• 1c00ffc doc: add the new PGP signing key to the official documentation
• f774000 chore(deps): update actions/create-github-app-token digest to 29824e6
• 27daf3b chore(deps): update actions/setup-java digest to c1e3236
• 6eb01ff chore(deps): update codecov/codecov-action digest to 671740a
• dbf1e57 the classloader is nullable, and remove a space (#3907)
• 6a20574 Merge commit from fork
• c07721a fix: incorrect pg_stat_replication.reply_time calculation (#3906)
• 83023f3 fix: close temporary lob descriptors that are used internally in PreparedStat...
• 62c9805 fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[owasp-dt-bot]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00% (target: -1.00%)	✅ ∅ (target: 70.00%)

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (d5bb934)	24512	19940	81.35%
Head commit (262efdb)	24512 (+0)	19940 (+0)	81.35% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#5700)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences