build(deps): bump the minor-and-patch group across 1 directory with 5 updates

[dependabot]

Bumps the minor-and-patch group with 5 updates in the / directory:

Package	From	To
org.springframework.cloud:spring-cloud-dependencies	2025.0.1	2025.1.1
org.postgresql:postgresql	42.7.8	42.7.9
org.postgresql:r2dbc-postgresql	1.0.9.RELEASE	1.1.1.RELEASE
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8
org.sonatype.central:central-publishing-maven-plugin	0.7.0	0.10.0

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.0.1 to 2025.1.1

Release notes

Sourced from org.springframework.cloud:spring-cloud-dependencies's releases.

v2025.1.1

What's Changed

• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs by @​dependabot[bot] in spring-cloud/spring-cloud-release#447
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#454
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#453
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in spring-cloud/spring-cloud-release#456
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#461
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#460

Full Changelog: spring-cloud/spring-cloud-release@v2025.1.0...v2025.1.1

Commits

• dbb12bf Update SNAPSHOT to 2025.1.1
• edc8bcb Bumping versions
• a9f4183 Use Spring Boot 4.0.2-SNAPSHOT
• da7ad03 Merge pull request #460 from spring-cloud/dependabot/maven/org.apache.maven-m...
• 49b10e6 Merge pull request #461 from spring-cloud/dependabot/maven/main/org.apache.ma...
• 59782be Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12
• 89c8dd1 Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12
• 96a5fb0 Merge pull request #456 from spring-cloud/dependabot/github_actions/main/acti...
• 5d22a1d Bump actions/cache from 4 to 5
• ec45c6d Bumping versions
• Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.8 to 42.7.9

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.9

Changes

• Added changelogs for version 42.7.9 @​davecramer (#3908)
• the classloader is nullable, and remove a space @​davecramer (#3907)
• fix: incorrect pg_stat_replication.reply_time calculation @​atorik (#3906)
• fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only @​davecramer (#3897)
• fix badges for maven central and search paths. Sonatype has changed the search paths @​davecramer (#3901)
• fix: make all Calendar instances proleptic Gregorian (#3837) @​m-van-tilburg (#3887)
• test: add CI tests with Java 26 @​vlsi (#3893)
• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder @​vlsi (#3866)
• use ssl_is_used() to check for ssl connection @​davecramer (#3867)
• Add PEMKeyManager to handle PEM based certs and keys. @​harinath001 (#3700)
• Comment and simplify the complex state machine logic in QueryExecutorImpl @​davecramer (#3850)
• Revert "fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN" @​davecramer (#3851)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN @​ShenFeng312 (#3838)
• Small simplication of locking patterns in QueryExecutorBase @​Sanne (#3849)
• doc: update property quoteReturningIdentifiers default value @​sodekim (#3847)
• feat: default query timeout property @​cfredri4 (#3705)
• create action to deploy docs to https://pgjdbc.github.io/ @​davecramer (#3819)
• fix homepage release note @​davecramer (#3817)

🐛 Bug Fixes

• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @​vlsi (#3903)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @​vlsi (#3886)

📝 Documentation

• doc: add the new PGP signing key to the official documentation @​vlsi (#3813)

🧰 Maintenance

• chore: remove unused com.github.spotbugs Gradle plugin dependency @​vlsi (#3868)
• chore: drop SpotBugs as we do not seem to use it @​vlsi (#3834)
• chore: bump version to 42.7.9 after 42.7.8 release @​vlsi (#3810)

⬆️ Dependencies

• chore(deps): update actions/create-github-app-token digest to 29824e6 @​renovate-bot (#3898)
• chore(deps): update actions/setup-java digest to c1e3236 @​renovate-bot (#3899)
• chore(deps): update codecov/codecov-action digest to 671740a @​renovate-bot (#3900)
• fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed @​renovate-bot (#3884)
• fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 @​renovate-bot (#3883)
• fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 @​renovate-bot (#3885)
• fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 @​renovate-bot (#3882)
• chore(deps): update github/codeql-action digest to 497990d @​renovate-bot (#3881)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.9] (2026-01-14)

Added

• feat: query timeout property [PR #3705](pgjdbc/pgjdbc#3705)
• feat: Add PEMKeyManager to handle PEM based certs and keys [PR #3700](pgjdbc/pgjdbc#3700)

Changed

• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder
• doc: update property quoteReturningIdentifiers default value [PR #3847](pgjdbc/pgjdbc#3847)
• security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class

Fixed

• fix: incorrect pg_stat_replication.reply_time calculation [PR #3906](pgjdbc/pgjdbc#3906)
• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob
• fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR #3897](pgjdbc/pgjdbc#3897)
• fix: make all Calendar instances proleptic Gregorian [PR #3837](pgjdbc/pgjdbc#3887)
• fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR #3897](pgjdbc/pgjdbc#3849)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR #3886](pgjdbc/pgjdbc#3886)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN [PR #3838](pgjdbc/pgjdbc#3838)
• fix: use ssl_is_used() to check for ssl connection [PR #3867](pgjdbc/pgjdbc#3867)
• fix: the classloader is nullable [PR #3907](pgjdbc/pgjdbc#3907)

Commits

• 79b784e Added changelogs for version 42.7.9 (#3908)
• 1c00ffc doc: add the new PGP signing key to the official documentation
• f774000 chore(deps): update actions/create-github-app-token digest to 29824e6
• 27daf3b chore(deps): update actions/setup-java digest to c1e3236
• 6eb01ff chore(deps): update codecov/codecov-action digest to 671740a
• dbf1e57 the classloader is nullable, and remove a space (#3907)
• 6a20574 Merge commit from fork
• c07721a fix: incorrect pg_stat_replication.reply_time calculation (#3906)
• 83023f3 fix: close temporary lob descriptors that are used internally in PreparedStat...
• 62c9805 fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...
• Additional commits viewable in compare view

Updates org.postgresql:r2dbc-postgresql from 1.0.9.RELEASE to 1.1.1.RELEASE

Release notes

Sourced from org.postgresql:r2dbc-postgresql's releases.

v1.1.1.RELEASE

🐞 Bug Fixes

• Codec preference is not considered leading to OID value decoding through DayOfWeek #693

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​turneand

v1.1.0.RELEASE

⭐ New Features

• Expose API to subscribe to Postgres notice messages #570
• Add codecs for DayOfWeek, Month, MonthDay, Period, Year, YearMonth #591
• Make CodecMetadata.getDataTypes() more flexible #600
• Add PostgresqlResult.filter(…) overrides to return PostgresqlResult instead of Result #602
• Support for pgvector #612
• Add support for dynamic usernames and passwords #613
• Set SNI on SSL connections #634
• Performance issue with PostgresqlRow.getColumn(String name) when select many columns #636
• Defer oid and typarray to stage when an extension is supported #649
• Add support for sslnegotation=direct #651
• Introduce fast-path handling for decoding primitive values #662
• Introduce ObjectCodec to support bindNull(Object.class) #664
• Explore acquisition scheduler offloading #668
• Add JSpecify nullability annotations to Java APIs #689

🐞 Bug Fixes

• Cancel signal does not interrupt cursored query fetching #536
• Implement support for interval units. #566
• Error when storing BC dates (e.g. "0000-12-31T01:01:00Z") #578
• Creating connections can hang during server downtime #595
• Driver reports I/O error when rowsUpdated is greater than Integer.MAX_VALUE #597
• Do not require typarray column when auto-registering extensions #621
• NullPointerException at SingleHostConnectionFunction#getCredentials when configuration password is null #622
• Do not require typarray column when auto-registering extensions #632
• SNIHostName is going to throw an exception when hostname has a trailing dot #656
• Postgres 11 compatibility #657
• Fix self-suppression when standby is unavailable #678
• Include OID explicitly in the SELECT clause for older Postgres databases #680

💡 Other

• Remove rogue newline in readme #569
• Integration test fails on JDK > 8 because of Instant resolution change #572
• Bump Netty to 4.1.89.Final, CVE-2022-41915 #584
• Upgrade to Project Reactor 2022.0.3 #585
• key param javadoc description #593
• Adapt integration test to be Java 11 forward-compatible #594
• Upgrade to Reactor 2022.0.9 #604
• Bump org.postgresql:postgresql from 42.6.0 to 42.7.2 #637
• Resolve a LEAK warning in unit test #642

... (truncated)

Changelog

Sourced from org.postgresql:r2dbc-postgresql's changelog.

1.1.1.RELEASE

• Codec preference is not considered leading to OID value decoding through DayOfWeek #693

1.1.0.RELEASE

• Cancel signal does not interrupt cursored query fetching #536
• Implement support for interval units. #566
• Bump postgresql from 42.5.0 to 42.5.1 #568
• Remove rogue newline in readme #569
• Expose API to subscribe to Postgres notice messages #570
• Integration test fails on JDK > 8 because of Instant resolution change #572
• Error when storing BC dates (e.g. "0000-12-31T01:01:00Z") #578
• Bump Netty to 4.1.89.Final, CVE-2022-41915 #584
• Upgrade to Project Reactor 2022.0.3 #585
• Add codecs for DayOfWeek, Month, MonthDay, Period, Year, YearMonth #591
• key param javadoc description #593
• Adapt integration test to be Java 11 forward-compatible #594
• Creating connections can hang during server downtime #595
• Driver reports I/O error when rowsUpdated is greater than Integer.MAX_VALUE #597
• Upgrade dependencies #599
• Make CodecMetadata.getDataTypes() more flexible #600
• Add PostgresqlResult.filter(…) overrides to return PostgresqlResult instead of Result #602
• Upgrade to Reactor 2022.0.9 #604
• Support for pgvector #612
• Add support for dynamic usernames and passwords #613
• Upgrade dependencies #616
• Do not require typarray column when auto-registering extensions #621
• NullPointerException at SingleHostConnectionFunction#getCredentials when configuration password is null #622
• Upgrade dependencies #628
• Do not require typarray column when auto-registering extensions #632
• README.md #633
• Set SNI on SSL connections #634
• Performance issue with PostgresqlRow.getColumn(String name) when select many columns #636
• Bump org.postgresql:postgresql from 42.6.0 to 42.7.2 #637
• Resolve a LEAK warning in unit test #642
• Update SCRAM dependency to 3.0 #645
• Defer oid and typarray to stage when an extension is supported #649
• Add support for sslnegotation=direct #651
• SNIHostName is going to throw an exception when hostname has a trailing dot #656
• Postgres 11 compatibility #657
• Update scram-client to 3.1 #659
• Introduce fast-path handling for decoding primitive values #662
• Introduce ObjectCodec to support bindNull(Object.class) #664
• Explore acquisition scheduler offloading #668
• Fix self-suppression when standby is unavailable #678
• Include OID explicitly in the SELECT clause for older Postgres databases #680
• Switch to Sonatype Central Publishing #681
• Bump com.ongres.scram:scram-common from 3.1 to 3.2 #682
• Upgrade to JTS 1.20.0 #688

... (truncated)

Commits

• 50ffb36 Release 1.1.1.RELEASE.
• 65bfa26 Update changelog.
• db559d9 Polishing.
• 4e828b3 Introduce PreferredCodec for codec preference.
• f6d742a Bump Logback version to 1.5.20.
• 0f432ce Polishing.
• 4436be2 Prepare next development iteration.
• bc4c43c Release 1.1.0.RELEASE.
• 88d8f86 Update changelog.
• 2f4c03a Refine releases.
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.8

🐛 Bug Fixes

• Make empty classifier null (not empty string) (#287) @​cstamas

📝 Documentation updates

• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#129) @​Bukama
• Describe how to prime a specific GPG key (#128) @​kwin

👻 Maintenance

• Enable GitHub issues (#134) @​Bukama
• Prefer Guice constructor injection (#126) @​elharo

📦 Dependency updates

• Update parent POM to 45 (#284) @​cstamas
• Bump bouncycastleVersion from 1.78.1 to 1.80 (#127) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125) @dependabot[bot]
• Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1 (#131) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#124) @dependabot[bot]

Commits

• 8a46455 [maven-release-plugin] prepare release maven-gpg-plugin-3.2.8
• 7012821 Fix issueManagement, ciManagement system and url
• a9a8c84 Make empty classifier null (not empty string) (#287)
• a8368b0 Add .mvn
• f0e45e0 Update parent POM to 45 (#284)
• cb1236c Bump bouncycastleVersion from 1.78.1 to 1.80 (#127)
• 5377a10 Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133)
• 8b63932 Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125)
• 54ea518 Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1
• a6a412d Remove old JIRA issue link
• Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.7.0 to 0.10.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions