chore(deps): bump org.postgresql:postgresql from 42.7.7 to 42.7.8

[dependabot]

Bumps org.postgresql:postgresql from 42.7.7 to 42.7.8.

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.8

Notable changes:

• Releases are signed with a new PGP key which is generated at GitHub Actions and stored only there @​vlsi (#3701)

Changes

• fix: Update release plugin config to use .set(...) for props and inject nexus secrets via props @​sehrope (#3802)
• update version to 42.7.8 @​davecramer (#3801)
• change logs for version 42.7.8 @​davecramer (#3797)
• Fix getNotifications() documentation @​pdewacht (#3800)
• fix(deps): update dependency om.ongres.scram:scram-client to 3.2 @​jorsol (#3799)
• Add configurable boolean-to-numeric conversion for ResultSet getters @​vwassan (#3796)
• Update CONTRIBUTING.md @​davecramer (#3794)
• perf: remove QUERY_ONESHOT flag when calling getMetaData @​ShenFeng312 (#3783)
• test: add bench for batch insert via unnest with arrays @​lantalex (#3782)
• fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" @​simon-greatrix (#3774)
• Use BufferedInputStream with FileInputStream @​jgardn3r (#3750)
• Fix #3747: Incorrect class comparison in PGXmlFactoryFactory validation @​eitch (#3748)
• fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength @​sly461 (#3746)
• test: add channelBinding to SslTest @​vlsi (#3665)
• fix: remove excessive ReentrantLock.lock usages @​vlsi (#3703)
• test: add ossf-scorecard security scanning @​vlsi (#3695)
• fix indentation to let CI pass @​mohitsatr (#3682)
• test: extract pgjdbc/testFixtures to testkit project @​vlsi (#3666)
• fix: make sure getImportedExportedKeys returns columns in consistent order @​vlsi (#3663)
• feat: use PreparedStatement for DatabaseMetaData.getCrossReference, getImportedKeys, getExportedKeys @​vlsi (#3641)
• Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException @​SophiahHo (#3660)

🐛 Bug Fixes

• fix: avoid IllegalStateException: Timer already cancelled when StatementCancelTimerTask.run throws a runtime error @​vlsi (#3778)
• fix: avoid NullPointerException when cancelling a query if cancel key is not known yet @​vlsi (#3780)
• fix: unable to open replication connection to servers < 12 @​vlsi (#3678)

🧰 Maintenance

• chore: fix published project name @​vlsi (#3809)
• chore: update publish to Central Portal task name after bumping nmcp @​vlsi (#3808)
• fix(deps): update com.gradleup.nmcp to 1.1.0 @​vlsi (#3807)
• Revert "fix: Update release plugin config to use .set(...) for props and inject nexus creds via gradle props" @​vlsi (#3803)
• chore: group com.gradleup.nmcp version updates @​vlsi (#3805)
• chore: use bump org.apache.bcel:bcel test dependency in testCompileClasspath as well @​vlsi (#3775)
• Fix typo in PGReplicationStream.java @​atorik (#3758)
• chore: remove JDK versions from the key workflow names @​vlsi (#3759)
• chore: add GitHub Actions workflow for generating release PGP key @​vlsi (#3701)
• chore: replace StandardCharsets with Charsets to simplify code @​vlsi (#3751)
• chore: migrate publish workflow to Central Portal publishing via com.gradleup.nmcp @​vlsi (#3686)
• chore: adjust the default branch name for ossf scorecard scan @​vlsi (#3697)
• chore: add top-level read-only permissions for GitHub Actions when missing @​vlsi (#3696)
• chore: use config:best-practices preset for Renovate @​vlsi (#3687)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.8] (2025-09-18)

Added

• feat: Add configurable boolean-to-numeric conversion for ResultSet getters [PR #3796](pgjdbc/pgjdbc#3796)

Changed

• perf: remove QUERY_ONESHOT flag when calling getMetaData [PR #3783](pgjdbc/pgjdbc#3783)
• perf: use BufferedInputStream with FileInputStream [PR #3750](pgjdbc/pgjdbc#3750)
• perf: enable server-prepared statements for DatabaseMetaData

Fixed

• fix: avoid NullPointerException when cancelling a query if cancel key is not known yet
• fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" [PR #3774](pgjdbc/pgjdbc#3774)
• fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength [PR #3746](pgjdbc/pgjdbc#3746)
• fix: make sure getImportedExportedKeys returns columns in consistent order
• fix: Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException [PR #3660](pgjdbc/pgjdbc#3660)
• fix: unable to open replication connection to servers < 12
• fix: avoid closing statement caused by driver's internal ResultSet#close()
• fix: return empty metadata for empty catalog names as it was before
• fix: Incorrect class comparison in PGXmlFactoryFactory validation

Commits

• 9a5492d chore: fix published project name
• ca064f8 chore: update publish to Central Portal task name after bumping nmcp
• 3d97bb8 fix: avoid IllegalStateException: Timer already cancelled when StatementCanc...
• faa7dfc test: move BaseTest4 to testkit module
• dbf2847 fix(deps): update com.gradleup.nmcp to 1.1.0
• 9245e26 Revert "fix: Update release plugin config to use .set(...) for props and inje...
• 8e833c3 chore: group com.gradleup.nmcp version updates
• ec5a088 fix: Update release plugin config to use .set(...) for props and inject nexus...
• c03db58 update version to 42.7.8 (#3801)
• 50ff169 change logs for version 42.7.8 (#3797)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

📦 Artifacts

Name	Size	Updated	Expiration
	428.58 MB	Sep 22, 25, 11:15:16 PM UTC	Sep 29, 25, 11:15:00 PM UTC

🛡 Trivy

Vulnerability in: Java

Vulnerability	Severity	Package	Installed Version	Fixed Version
CVE-2025-48734	HIGH	commons-beanutils:commons-beanutils	1.10.0	1.11.0
CVE-2025-48924	MEDIUM	commons-lang:commons-lang	2.4
CVE-2025-58057	MEDIUM	io.netty:netty-codec	4.1.119.Final	4.1.125.Final
CVE-2025-58057	MEDIUM	io.netty:netty-codec-compression	4.2.4.Final	4.2.5.Final
CVE-2025-58057	MEDIUM	io.netty:netty-codec-compression	4.2.4.Final	4.2.5.Final
CVE-2025-58056	LOW	io.netty:netty-codec-http	4.1.119.Final	4.1.125.Final, 4.2.5.Final
CVE-2025-58056	LOW	io.netty:netty-codec-http	4.2.4.Final	4.1.125.Final, 4.2.5.Final
CVE-2025-58056	LOW	io.netty:netty-codec-http	4.2.4.Final	4.1.125.Final, 4.2.5.Final
CVE-2025-55163	HIGH	io.netty:netty-codec-http2	4.1.119.Final	4.2.4.Final, 4.1.124.Final
CVE-2024-57699	HIGH	net.minidev:json-smart	2.5.0	2.5.2

🧪 Java Unit Tests

	Tests	Passed ✅	Skipped ⚠️	Failed	Time ⏱
Java Tests Report	207 ran	165 ✅	42 ⚠️	0 ❌	4m 39s 506ms