Skip to content

Bump org.postgresql:postgresql to 42.7.7 (CVE-2025-49146) #2445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mprins merged 1 commit into from
Jun 12, 2025
Merged

Bump org.postgresql:postgresql to 42.7.7 (CVE-2025-49146) #2445

mprins merged 1 commit into from
Jun 12, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 11, 2025

Bumps the maven group with 1 update in the /bag2-loader directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /bgt-loader directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-commandline directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-dist directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-init-util directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-loader directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-persistence directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-service directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-stufbg204 directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-test-util directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /brmo-topnl-loader directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /datamodel directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /docker directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /nhr-loader directory: org.postgresql:postgresql.

Updates org.postgresql:postgresql from 42.7.6 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings
Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.6 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings
Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.6 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings
Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.6 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings
Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.6 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings
Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.6 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings
Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.6 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings
Commits
  • 9217ed1 Merge commit from fork
  • cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
  • 10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
  • 6c5ea88 chore: fix the default branch name for dependency-submission action
  • 5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
  • 0d43f0a fix(deps): update dependency checkstyle to v10.25.0
  • d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
  • 7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
  • d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.6 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

  • security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

  • test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

  • fix: ensure Connection.isValid() returns true even if prepared statements deallocate @​vlsi (#3655)

🧰 Maintenance

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
  • chore: fix the default branch name for dependency-submission action @​vlsi (#3650)
  • chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @​vlsi (#3646)

⬆️ Dependencies

  • chore: bump slf4j and logback versions used for pgjdbc-osgi-test @​vlsi (#3653)
    • ...

    Description has been truncated

@dependabot
Bump the maven group across 14 directories with 1 update
25f7955 
Bumps the maven group with 1 update in the /bag2-loader directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /bgt-loader directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-commandline directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-dist directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-init-util directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-loader directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-persistence directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-service directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-stufbg204 directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-test-util directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /brmo-topnl-loader directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /datamodel directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /docker directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).
Bumps the maven group with 1 update in the /nhr-loader directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).


Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

Updates `org.postgresql:postgresql` from 42.7.6 to 42.7.7
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.6...REL42.7.7)

---
updated-dependencies:
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.7
  dependency-type: direct:production
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added java Pull requests that update Java code dependencies Pull requests that update a dependency file labels Jun 11, 2025
@codecov
Copy link

codecov bot commented Jun 11, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 40%. Comparing base (6c37608) to head (25f7955).
Report is 1 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff            @@
##             master   #2445   +/-   ##
========================================
  Coverage        40%     40%           
  Complexity      805     805           
========================================
  Files           367     367           
  Lines         18159   18159           
  Branches       1690    1690           
========================================
  Hits           7166    7166           
  Misses        10424   10424           
  Partials        569     569

see 2 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mprins mprins changed the title Bump the maven group across 14 directories with 1 update Bump org.postgresql:postgresql to 42.7.7 (CVE-2025-49146) Jun 12, 2025
@mprins mprins merged commit beff3bb into master Jun 12, 2025
6 checks passed
@mprins mprins deleted the dependabot/maven/bag2-loader/maven-29a5244609 branch June 12, 2025 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mprins