Bump org.postgresql:postgresql from 42.7.5 to 42.7.6

[dependabot]

Bumps org.postgresql:postgresql from 42.7.5 to 42.7.6.

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.6

Changes

• Prepare release notes for release 42_7_6 (new format) @​davecramer (#3628)
• fix: isValid incorrectly called execute, instead of executeWithFlags fixes Issue #3630 @​davecramer (#3631)
• add override @​davecramer (#3629)
• add the ability to turn off automatic LSN flush @​davecramer (#3403)
• test: add tests with reWriteBatchedInserts=true @​vlsi (#3616)
• test: add CI executions with adaptive_fetch=true by default @​vlsi (#3615)
• test: simplify TestUtil.openDB, add tests with various assumeMinServerVersion values @​vlsi (#3614)
• Deprecate group startup parms @​davecramer (#3613)
• Add back application name setting @​joejensen (#3509)
• Copr: Use Java 21 as the build dependency @​mkoncek (#3607)
• fix indentation of return child to allow built pass in Checkstyle's CIs @​mohitsatr (#3611)
• Set column name explicitely when using current_database() in queries @​kneth (#3526)
• add PgMessageType and use static variables for protocol literals @​davecramer (#3609)
• Handle protocol 3.2 and wider cancel keys. @​davecramer (#3592)
• refactor empty resultset to use empty result set if the catalog is not correct @​davecramer (#3588)
• Use query to find the current catalog instead of relying on the database in the connection URL or connection properties as this could be different if connected through a pooler or proxy @​davecramer (#3565)
• ci: add Java 24 tests @​davecramer (#3580)
• docs: Relabel 42.7.4 as past version as it is no longer the latest @​sehrope (#3586)
• test: remove stale logging message from SslTest @​vlsi (#3584)
• chore: appply the latest byte-buddy version for tests so we support the latest Java versions @​vlsi (#3583)
• fix: make PgConnection#abort compatible with Java 24 @​vlsi (#3582)
• chore(deps): update plugin com.github.burrunan.s3-build-cache to v1.8.5 @​renovate-bot (#3573)
• Fix JavadocTagContinuationIndentation in AfterBeforeParameterResolver @​Anmol202005 (#3566)
• Revert "use in row values instead of union all (#3510)" @​vlsi (#3524)
• use in row values instead of union all @​davecramer (#3510)
• feat: enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property @​raminorujov (#3513)
• Nit: correct message in main.yml test action @​ecki (#3503)
• chore: use import instead of require to support modern NodeJS @​vlsi (#3502)
• chore: use PostgreSQL 17 rather than 17rc1 for CI tests @​vlsi (#3501)
• chore: add ErrorProne verification to catch bugs ealier @​vlsi (#3493)
• fix: ArrayIndexOutOfBounds when write big object into GSS enabled connection, make GSSInputStream robust in face of streams that produce incomplete reads @​vlsi (#3500)
• refactor: factor out duplicated .getBytes() when converting date/time to Date/Time/Timestamp @​vlsi (#3497)
• chore: exclude Oracle Java 17 from CI tests @​vlsi (#3499)
• chore: remove unused Travis CI configuration @​vlsi (#3498)
• Undeprecate sslfactoryarg connection property @​sehrope (#3496)
• fix:Fix sending extra_float_digits @​davecramer (#3491)

🐛 Bug Fixes

• fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 @​MrEasy (#3369)

🧰 Maintenance

• chore: use Java 21 for building pgjdbc by default @​vlsi (#3612)

⬆️ Dependencies

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.6]

Features

• fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

• performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR #3510](pgjdbc/pgjdbc#3510)
• feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR #3613](pgjdbc/pgjdbc#3613)

Bug Fixes

Protocol & Connection Handling

• fix: Send extra_float_digits=3 for PostgreSQL 12+ as well [PR #3491](pgjdbc/pgjdbc#3491)
• fix: Fixed handling of protocol 3.2 and wider cancel keys [PR #3592](pgjdbc/pgjdbc#3592)
• fix: Made PgConnection#abort compatible with Java 24 [PR #3582](pgjdbc/pgjdbc#3582)
• fix: Fixed ArrayIndexOutOfBounds when writing big objects into GSS enabled connections [PR #3500](pgjdbc/pgjdbc#3500)
• fix: Added back application name setting [PR #3509](pgjdbc/pgjdbc#3509)

Metadata & Catalog Handling

• fix: Set column name explicitly when using current_database() in queries [PR #3526](pgjdbc/pgjdbc#3526)
• fix: Use query to find the current catalog instead of relying on the database in the connection URL [pull #3565](pgjdbc/pgjdbc#3565)
• fix: Refactored empty resultset to use empty result set if the catalog is not correct [PR #3588](pgjdbc/pgjdbc#3588)

API Improvements

• fix: Undeprecated Fastpath API and fixed deprecation warnings [PR #3493](pgjdbc/pgjdbc#3493)
• fix: Undeprecated sslfactoryarg [PR #3496](pgjdbc/pgjdbc#3496)
• fix: Added PgMessageType and used static variables for protocol literals [PR #3609](pgjdbc/pgjdbc#3609)
• fix: Add the ability to turn off automatic LSN flush [PR #3403](pgjdbc/pgjdbc#3403)
• fix: isValid incorrectly called execute, instead of executeWithFlags [PR #3631](pgjdbc/pgjdbc#3631). Fixes [Issue #3630](pgjdbc/pgjdbc#3630)
• fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 Commit 0a88ea4. Fixes [Issue #3365](pgjdbc/pgjdbc#3365)

Infrastructure & Build Improvements

Java Support

• update: Updated to use Java 21 for building pgjdbc by default [PR #3612](pgjdbc/pgjdbc#3612)
• update: Updated Java 21 as the build dependency for copr [PR #3607](pgjdbc/pgjdbc#3607)
• update: Updated latest JDK to version 24 [PR #3580](pgjdbc/pgjdbc#3580)
• update: Applied the latest byte-buddy version for tests to support the latest Java versions [PR #3583](pgjdbc/pgjdbc#3583)

Testing & Quality

• test: Added ErrorProne verification to detect bugs earlier [PR #3493](pgjdbc/pgjdbc#3493)
• test: Simplified TestUtil.openDB, added tests with various assumeMinServerVersion values [PR #3624](pgjdbc/pgjdbc#3614)
• test: Updated to use PostgreSQL 17 rather than 17rc1 for CI tests [PR #3501](pgjdbc/pgjdbc#3501)
• test: Removed stale logging message from SslTest [PR #3584](pgjdbc/pgjdbc#3584)
• test: Added CI executions with adaptive_fetch=true by default for performance testing [PR #3615](pgjdbc/pgjdbc#3615)
• test: Added tests with reWriteBatchedInserts=true [PR #3616](pgjdbc/pgjdbc#3616)

Code Quality

• doc: Fixed javadoc warnings [PR #3493](pgjdbc/pgjdbc#3493)

... (truncated)

Commits

• 689708f Prepare release notes for release 42_7_6 (new format) (#3628)
• 0a88ea4 fix: EOFException on PreparedStatement#toString with unset bytea parameter si...
• 2de9b94 fix: make sure Connection.isValid correctly uses executeWithFlags fixes Issu...
• d9e2087 add override (#3629)
• 665b27b add the ability to turn off automatic LSN flush (#3403)
• 253c682 chore(deps): update burrunan/gradle-cache-action action to v3
• 2d1ae0c chore(deps): update plugin com.gradle.develocity to v4
• baeb893 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
• e24d599 fix(deps): update dependency com.google.errorprone:error_prone_core to v2.38.0
• 1617c68 fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.p...
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[gsmet]

The substitutions need a fix:

Error: Static modifier mismatch: private org.postgresql.sspi.ISSPIClient io.quarkus.jdbc.postgresql.runtime.graal.DisableSSPIClient.createSSPI(org.postgresql.core.PGStream,java.lang.String,boolean), private static org.postgresql.sspi.ISSPIClient org.postgresql.core.v3.ConnectionFactoryImpl.createSSPI(org.postgresql.core.PGStream,java.lang.String,boolean)
[1/8] Initializing...                                                                                    (0.0s @ 0.16GB)
com.oracle.svm.core.util.UserError$UserException: Static modifier mismatch: private org.postgresql.sspi.ISSPIClient io.quarkus.jdbc.postgresql.runtime.graal.DisableSSPIClient.createSSPI(org.postgresql.core.PGStream,java.lang.String,boolean), private static org.postgresql.sspi.ISSPIClient org.postgresql.core.v3.ConnectionFactoryImpl.createSSPI(org.postgresql.core.PGStream,java.lang.String,boolean)
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.util.UserError.abort(UserError.java:73)
	at org.graalvm.nativeimage.builder/com.oracle.svm.core.util.UserError.guarantee(UserError.java:97)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.substitute.AnnotationSubstitutionProcessor.findOriginalMethod(AnnotationSubstitutionProcessor.java:868)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.substitute.AnnotationSubstitutionProcessor.handleMethodInAliasClass(AnnotationSubstitutionProcessor.java:458)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.substitute.AnnotationSubstitutionProcessor.handleAliasClass(AnnotationSubstitutionProcessor.java:422)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.substitute.AnnotationSubstitutionProcessor.handleClass(AnnotationSubstitutionProcessor.java:395)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.substitute.AnnotationSubstitutionProcessor.init(AnnotationSubstitutionProcessor.java:351)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGenerator.createAnnotationSubstitutionProcessor(NativeImageGenerator.java:1029)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGenerator.setupNativeImage(NativeImageGenerator.java:907)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGenerator.doRun(NativeImageGenerator.java:590)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGenerator.run(NativeImageGenerator.java:550)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.buildImage(NativeImageGeneratorRunner.java:539)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.build(NativeImageGeneratorRunner.java:721)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.start(NativeImageGeneratorRunner.java:143)
	at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGeneratorRunner.main(NativeImageGeneratorRunner.java:98)

[gsmet]

I pushed a fix and rebased.

[quarkus-bot]

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit bb57af2.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

---

Flaky tests - Develocity

⚙️ JVM Tests - JDK 17

📦 extensions/infinispan-cache/deployment

✖ io.quarkus.cache.infinispan.InfinispanCacheTest.testGetAsyncWithParallelCalls - History

• expected: "thread1" but was: "thread2" - org.opentest4j.AssertionFailedError

org.opentest4j.AssertionFailedError: 

expected: "thread1"
 but was: "thread2"
	at io.quarkus.cache.infinispan.InfinispanCacheTest.testGetAsyncWithParallelCalls(InfinispanCacheTest.java:283)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at io.quarkus.test.QuarkusUnitTest.runExtensionMethod(QuarkusUnitTest.java:521)
	at io.quarkus.test.QuarkusUnitTest.interceptTestMethod(QuarkusUnitTest.java:435)

[lfgcampos]

hey @gsmet, is there a plan for a 3.23.1 or a 3.24.0 release soon-ish?
this fix would be important for us 🙂

[gsmet]

@lfgcampos interested in knowing which fix is important for you as we might think about backporting this to 3.20 if it's a common issue.

As for 3.23.1, it's planned for this Wednesday... but it's the first version we will try to release to Central Portal (the new infrastructure from Sonatype) so the release might be bumpier than usual :).

[lfgcampos]

@gsmet we get the same exception when/if we try to change the postgresql version

for example, we had to downgrade from 42.7.6 to 42.7.4 and it fails as follow:

Execution failed for task ':my-project:quarkusAppPartsBuild'.
> There was a failure while executing work items
   > A failure occurred while executing io.quarkus.gradle.tasks.worker.BuildWorker
      > io.quarkus.builder.BuildException: Build failure: Build failed due to errors
                [error]: Build step io.quarkus.deployment.pkg.steps.NativeImageBuildStep#build threw an exception: io.quarkus.deployment.pkg.steps.NativeImageBuildStep$ImageGenerationFailureException: Image generation failed. Exit code: 1
                at io.quarkus.deployment.pkg.steps.NativeImageBuildStep.imageGenerationFailed(NativeImageBuildStep.java:498)
                at io.quarkus.deployment.pkg.steps.NativeImageBuildStep.build(NativeImageBuildStep.java:289)
                at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:732)
                at io.quarkus.deployment.ExtensionLoader$3.execute(ExtensionLoader.java:856)
                at io.quarkus.builder.BuildContext.run(BuildContext.java:255)
                at org.jboss.threads.ContextHandler$1.runWith(ContextHandler.java:18)
                at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2651)
                at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2630)
                at org.jboss.threads.EnhancedQueueExecutor.runThreadBody(EnhancedQueueExecutor.java:1622)
                at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1589)
                at java.base/java.lang.Thread.run(Thread.java:840)
                at org.jboss.threads.JBossThread.run(JBossThread.java:501)

when I reported, the errors was the opposite - we were bumping from ~.4 to ~.6 hence we needed quarkus to bump too!

for ourselves, we use jOOQ and liquibase, do we have to also set the postgresql version which is probably clashing with the quarkus defined one.

---

btw, with the new quarkus version (3.23.2) and postgresql (42.7.6) it all works - build and execution
but we found a bug/outage under some circumstances where we had to revert for now and, even though this seems to be related to the postgresql, we also need to revert quarkus :/

[lasteris]

@gsmet just got a mailing list about 42.7.7, which fixes: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49146

Maybe that's important

[gsmet]

@lasteris yes, it's already merged and will be backported.