chore(deps): bump org.postgresql:postgresql from 42.2.26 to 42.3.9

[dependabot]

Bumps org.postgresql:postgresql from 42.2.26 to 42.3.9.

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.3.8

What's Changed

• backpatch changes for 42.5.1 by @​davecramer in pgjdbc/pgjdbc#2674

Full Changelog: pgjdbc/pgjdbc@REL42.3.7...REL42.3.8

v42.3.7

What's Changed

• backpatch changes from GHSA-r38f-c4h4-hqq2 security advisory for CVE-2022-31197 by @​davecramer in pgjdbc/pgjdbc#2607

Full Changelog: pgjdbc/pgjdbc@REL42.3.6...REL42.3.7

v42.3.6

What's Changed

• Fix heading format for version numbers [SKIP-CI] by @​davecramer in pgjdbc/pgjdbc#2504
• fix: close refcursors when underlying cursor==null instead of relying on defaultRowFetchSize by @​vlsi in pgjdbc/pgjdbc#2377
• Created release notes for 42.3.6 [SKIP-CI] by @​davecramer in pgjdbc/pgjdbc#2515

Full Changelog: pgjdbc/pgjdbc@REL42.3.5...REL42.3.6

v42.3.5

What's Changed

• move version to 42.3.5 [SKIP-CI] by @​davecramer in pgjdbc/pgjdbc#2493
• perf: enable tcpNoDelay by default by @​obourgain in pgjdbc/pgjdbc#2495
• docs: fix readme.md after #2495 by @​obourgain in pgjdbc/pgjdbc#2496
• Added KEYS file to allow for verifying artifacts by @​davecramer in pgjdbc/pgjdbc#2499
• feat: targetServerType=preferPrimary connection parameter by @​mitya555 in pgjdbc/pgjdbc#2483
• fix: revert removal of toOffsetDateTime(String timestamp) fixes #Issue 2497 by @​davecramer in pgjdbc/pgjdbc#2501
• chore: use GitHub Action concurrency feature to terminate CI jobs on fast PR pushes by @​vlsi in pgjdbc/pgjdbc#2405
• Releasenotes 42.3.5 by @​davecramer in pgjdbc/pgjdbc#2502
• More changlog additions added chore to terminate CI jobs on fast PR pushes [SKIP-CI] by @​davecramer in pgjdbc/pgjdbc#2503

New Contributors

• @​obourgain made their first contribution in pgjdbc/pgjdbc#2495
• @​mitya555 made their first contribution in pgjdbc/pgjdbc#2483

Full Changelog: pgjdbc/pgjdbc@REL42.3.4...REL42.3.5

v42.3.4

What's Changed

• Use non-synchronized getTimeZone in TimestampUtils by @​TeslaCN in pgjdbc/pgjdbc#2451
• docs: Update testing documentation by @​davecramer in pgjdbc/pgjdbc#2446
• fix: Throw an exception if the driver cannot parse the URL instead of returning NULL by @​davecramer in pgjdbc/pgjdbc#2441
• fix: Use PGProperty instead of the property names directly by @​davecramer in pgjdbc/pgjdbc#2444
• fix: change PGInterval parseISO8601Format to support fractional second by @​paulo-kluh in pgjdbc/pgjdbc#2457
• docs: update changelog, missing links at bottom and formatting by @​davecramer in pgjdbc/pgjdbc#2460
• docs: Fix CHANGELOG.md misformatted markdown headings by @​fcv in pgjdbc/pgjdbc#2461

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

[42.7.8] (2025-09-18)

Added

• feat: Add configurable boolean-to-numeric conversion for ResultSet getters [PR #3796](pgjdbc/pgjdbc#3796)

Changed

• perf: remove QUERY_ONESHOT flag when calling getMetaData [PR #3783](pgjdbc/pgjdbc#3783)
• perf: use BufferedInputStream with FileInputStream [PR #3750](pgjdbc/pgjdbc#3750)
• perf: enable server-prepared statements for DatabaseMetaData

Fixed

• fix: avoid NullPointerException when cancelling a query if cancel key is not known yet
• fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" [PR #3774](pgjdbc/pgjdbc#3774)
• fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength [PR #3746](pgjdbc/pgjdbc#3746)
• fix: make sure getImportedExportedKeys returns columns in consistent order
• fix: Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException [PR #3660](pgjdbc/pgjdbc#3660)
• fix: unable to open replication connection to servers < 12
• fix: avoid closing statement caused by driver's internal ResultSet#close()
• fix: return empty metadata for empty catalog names as it was before
• fix: Incorrect class comparison in PGXmlFactoryFactory validation

[42.7.7] (2025-06-10)

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

• test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

[42.7.6]

Features

• fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

... (truncated)

Commits

• d93c741 Merge pull request from GHSA-24rp-q3w6-vc56
• 16a4fb7 Merge pull request from GHSA-24rp-q3w6-vc56
• e73c6b6 backpatch changes to 42.3.x for 42.5.1 (#2674)
• 3ea7e61 bumped version for next release
• 0afaa71 backpatch changes from GHSA-r38f-c4h4-hqq2 security advisory for CVE-2022-311...
• 7714d03 Created release notes for 42.3.6 [SKIP-CI] (#2515)
• 85f8581 fix: close refcursors when underlying cursor==null instead of relying on defa...
• 12541c4 bumped version number
• 0872ad0 Fix heading format for version numbers (#2504)
• 0d6ccb1 More changlog additions added chore to terminate CI jobs on fast PR pushes [S...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.