Skip to content

Bump the dependencies group with 5 updates#287

Merged
rfresh2 merged 1 commit into1.21.4from
dependabot/gradle/dependencies-0ff582e1a5
May 5, 2026
Merged

Bump the dependencies group with 5 updates#287
rfresh2 merged 1 commit into1.21.4from
dependabot/gradle/dependencies-0ff582e1a5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 5, 2026

Bumps the dependencies group with 5 updates:

Package From To
org.jline:jline 4.0.13 4.0.15
org.postgresql:postgresql 42.7.10 42.7.11
tools.jackson:jackson-bom 3.1.2 3.1.3
io.freefair.lombok 9.4.0 9.5.0
gradle-wrapper 9.4.1 9.5.0

Updates org.jline:jline from 4.0.13 to 4.0.15

Release notes

Sourced from org.jline:jline's releases.

JLine 4.0.15 is a patch release fixing status bar rendering after terminal resize.

Bug Fixes

When the terminal height shrinks, some terminal emulators keep the old bottom status line just above the new status area, causing duplicated status bar rows. This release clears the stale status rows during resize.

Full Changelog: jline/jline3@4.0.14...4.0.15

JLine 4.0.14

  • fix: correct inverted bounds check in readBuffered methods (3.x backport) (#1855) @​gnodet

📦 Dependency updates

Commits
  • f6bb2b8 fix: status bar duplication after vertical resize (backport #1860)
  • 329f24c fix: remove proactive isNativeAccessEnabled() checks from terminal providers ...
  • 5e62717 fix: prevent DA response bytes from leaking to parent shell (#1856)
  • 2700ff2 chore: Bump org.graalvm.buildtools:native-maven-plugin (#1851)
  • b37b1fa chore: Bump actions/upload-pages-artifact from 4 to 5 (#1850)
  • 3befc1b chore: Bump org.graalvm.sdk:graal-sdk from 25.0.2 to 25.0.3 (#1852)
  • edc3637 fix: correct inverted bounds check in readBuffered methods (#1854)
  • See full diff in compare view

Updates org.postgresql:postgresql from 42.7.10 to 42.7.11

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.11

Security

  • fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Changes

🐛 Bug Fixes

  • fix: ensure extended protocol messages end with Sync message @​vlsi (#3728)
  • fix: enable cursor-based fetching in extended protocol when transaction started via SQL command @​vlsi (#3996)
  • fix: retry with SSL on IOException when sslMode=ALLOW @​vlsi (#3973)
  • fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in @​vlsi (#3968)
  • fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers @​vlsi (#3962)
  • fix: use compareTo for LogSequenceNumber comparison @​vlsi (#3961)
  • fix: release COPY lock on IOException to prevent connection hang (#3957) @​vlsi (#3960)

🧰 Maintenance

⬆️ Dependencies

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.11] (2026-04-28)

Security

  • fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Added

Changed

Fixed

Commits
  • 78e261f fix: Add sources and javadocs to shaded published lib generation
  • 1e09fa0 update Changelog and website for release of 42.7.11 (#4042)
  • d479fa5 Fix scram fix location in changelog and update published artifact developer l...
  • b04fc46 docs: Add scram max iters fix to changelog
  • cf54822 test: Disable scram test on older version without scram_iterations GUC
  • 7dbcc79 test: Add SCRAM max iteration tests
  • c9d41d1 fix: Limit SCRAM PBKDF2 iterations accepted from the server
  • a340cb2 style: replace @​exception with @​throws in getBoolean javadoc
  • 77837f8 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 23af03b chore(deps): update actions/checkout action to v6
  • Additional commits viewable in compare view

Updates tools.jackson:jackson-bom from 3.1.2 to 3.1.3

Commits
  • c2ea79e [maven-release-plugin] prepare release jackson-bom-3.1.3
  • 3906b27 Prep for 3.1.3 release
  • b17b616 Post-release dep version bump
  • 36cf999 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates io.freefair.lombok from 9.4.0 to 9.5.0

Release notes

Sourced from io.freefair.lombok's releases.

9.5.0

What's Changed

New Contributors

Full Changelog: freefair/gradle-plugins@9.4.0...9.5.0

Commits
  • f24a7d5 Merge pull request #1755 from freefair/dependabot/gradle/examples/main/org.sp...
  • 278081c fix deprecation warnings
  • a1cf246 Merge pull request #1754 from dtrunk90/fix/delombok-sourcepath-for-modules
  • 91dbece Merge branch 'main' of github.com:freefair/gradle-plugins
  • 88570fc fix checkstyle
  • 9ad981d Bump org.springframework.boot:spring-boot-dependencies in /examples (#1756)
  • 7bf9d6e Bump org.graalvm.buildtools.native from 1.0.0 to 1.1.0 in /examples (#1758)
  • f527dd0 fix javadoc link config
  • 27901ff Update to Gradle 9.5.0
  • 8cfe90c Bump org.springframework.boot from 4.0.5 to 4.0.6 in /examples (#1757)
  • Additional commits viewable in compare view

Updates gradle-wrapper from 9.4.1 to 9.5.0

Release notes

Sourced from gradle-wrapper's releases.

9.5.0

The Gradle team is excited to announce Gradle 9.5.0.

Here are the highlights of this release:

  • Task provenance in reports and failure messages
  • Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.5.0 RC4

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group with 5 updates
34ed810 
Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [org.jline:jline](https://github.com/jline/jline3) | `4.0.13` | `4.0.15` |
| [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `42.7.10` | `42.7.11` |
| [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `3.1.2` | `3.1.3` |
| [io.freefair.lombok](https://github.com/freefair/gradle-plugins) | `9.4.0` | `9.5.0` |
| [gradle-wrapper](https://github.com/gradle/gradle) | `9.4.1` | `9.5.0` |


Updates `org.jline:jline` from 4.0.13 to 4.0.15
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.0.13...4.0.15)

Updates `org.postgresql:postgresql` from 42.7.10 to 42.7.11
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.10...REL42.7.11)

Updates `tools.jackson:jackson-bom` from 3.1.2 to 3.1.3
- [Commits](FasterXML/jackson-bom@jackson-bom-3.1.2...jackson-bom-3.1.3)

Updates `io.freefair.lombok` from 9.4.0 to 9.5.0
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](freefair/gradle-plugins@9.4.0...9.5.0)

Updates `gradle-wrapper` from 9.4.1 to 9.5.0
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.4.1...v9.5.0)

---
updated-dependencies:
- dependency-name: org.jline:jline
  dependency-version: 4.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: io.freefair.lombok
  dependency-version: 9.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: gradle-wrapper
  dependency-version: 9.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 5, 2026
@rfresh2 rfresh2 merged commit b532357 into 1.21.4 May 5, 2026
2 checks passed
@rfresh2 rfresh2 deleted the dependabot/gradle/dependencies-0ff582e1a5 branch May 5, 2026 02:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rfresh2