build(deps): bump the minor-patch-group group with 7 updates

[dependabot]

Bumps the minor-patch-group group with 7 updates:

Package	From	To
org.springframework.cloud:spring-cloud-dependencies	2025.1.0	2025.1.1
org.postgresql:postgresql	42.7.8	42.7.9
org.jooq.jooq-codegen-gradle	3.19.29	3.20.11
org.springframework.boot:spring-boot-gradle-plugin	4.0.1	4.0.2
com.diffplug.spotless:spotless-lib	4.1.0	4.3.0
com.diffplug.spotless:spotless-plugin-gradle	8.1.0	8.2.1
gradle-wrapper	9.2.1	9.3.1

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.1.0 to 2025.1.1

Release notes

Sourced from org.springframework.cloud:spring-cloud-dependencies's releases.

v2025.1.1

What's Changed

• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs by @​dependabot[bot] in spring-cloud/spring-cloud-release#447
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#454
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#453
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in spring-cloud/spring-cloud-release#456
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#461
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#460

Full Changelog: spring-cloud/spring-cloud-release@v2025.1.0...v2025.1.1

Commits

• dbb12bf Update SNAPSHOT to 2025.1.1
• edc8bcb Bumping versions
• a9f4183 Use Spring Boot 4.0.2-SNAPSHOT
• da7ad03 Merge pull request #460 from spring-cloud/dependabot/maven/org.apache.maven-m...
• 49b10e6 Merge pull request #461 from spring-cloud/dependabot/maven/main/org.apache.ma...
• 59782be Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12
• 89c8dd1 Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12
• 96a5fb0 Merge pull request #456 from spring-cloud/dependabot/github_actions/main/acti...
• 5d22a1d Bump actions/cache from 4 to 5
• ec45c6d Bumping versions
• Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.8 to 42.7.9

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.9

Changes

• Added changelogs for version 42.7.9 @​davecramer (#3908)
• the classloader is nullable, and remove a space @​davecramer (#3907)
• fix: incorrect pg_stat_replication.reply_time calculation @​atorik (#3906)
• fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only @​davecramer (#3897)
• fix badges for maven central and search paths. Sonatype has changed the search paths @​davecramer (#3901)
• fix: make all Calendar instances proleptic Gregorian (#3837) @​m-van-tilburg (#3887)
• test: add CI tests with Java 26 @​vlsi (#3893)
• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder @​vlsi (#3866)
• use ssl_is_used() to check for ssl connection @​davecramer (#3867)
• Add PEMKeyManager to handle PEM based certs and keys. @​harinath001 (#3700)
• Comment and simplify the complex state machine logic in QueryExecutorImpl @​davecramer (#3850)
• Revert "fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN" @​davecramer (#3851)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN @​ShenFeng312 (#3838)
• Small simplication of locking patterns in QueryExecutorBase @​Sanne (#3849)
• doc: update property quoteReturningIdentifiers default value @​sodekim (#3847)
• feat: default query timeout property @​cfredri4 (#3705)
• create action to deploy docs to https://pgjdbc.github.io/ @​davecramer (#3819)
• fix homepage release note @​davecramer (#3817)

🐛 Bug Fixes

• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @​vlsi (#3903)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @​vlsi (#3886)

📝 Documentation

• doc: add the new PGP signing key to the official documentation @​vlsi (#3813)

🧰 Maintenance

• chore: remove unused com.github.spotbugs Gradle plugin dependency @​vlsi (#3868)
• chore: drop SpotBugs as we do not seem to use it @​vlsi (#3834)
• chore: bump version to 42.7.9 after 42.7.8 release @​vlsi (#3810)

⬆️ Dependencies

• chore(deps): update actions/create-github-app-token digest to 29824e6 @​renovate-bot (#3898)
• chore(deps): update actions/setup-java digest to c1e3236 @​renovate-bot (#3899)
• chore(deps): update codecov/codecov-action digest to 671740a @​renovate-bot (#3900)
• fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed @​renovate-bot (#3884)
• fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 @​renovate-bot (#3883)
• fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 @​renovate-bot (#3885)
• fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 @​renovate-bot (#3882)
• chore(deps): update github/codeql-action digest to 497990d @​renovate-bot (#3881)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.9] (2026-01-14)

Added

• feat: query timeout property [PR #3705](pgjdbc/pgjdbc#3705)
• feat: Add PEMKeyManager to handle PEM based certs and keys [PR #3700](pgjdbc/pgjdbc#3700)

Changed

• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder
• doc: update property quoteReturningIdentifiers default value [PR #3847](pgjdbc/pgjdbc#3847)
• security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class

Fixed

• fix: incorrect pg_stat_replication.reply_time calculation [PR #3906](pgjdbc/pgjdbc#3906)
• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob
• fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR #3897](pgjdbc/pgjdbc#3897)
• fix: make all Calendar instances proleptic Gregorian [PR #3837](pgjdbc/pgjdbc#3887)
• fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR #3897](pgjdbc/pgjdbc#3849)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR #3886](pgjdbc/pgjdbc#3886)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN [PR #3838](pgjdbc/pgjdbc#3838)
• fix: use ssl_is_used() to check for ssl connection [PR #3867](pgjdbc/pgjdbc#3867)
• fix: the classloader is nullable [PR #3907](pgjdbc/pgjdbc#3907)

Commits

• 79b784e Added changelogs for version 42.7.9 (#3908)
• 1c00ffc doc: add the new PGP signing key to the official documentation
• f774000 chore(deps): update actions/create-github-app-token digest to 29824e6
• 27daf3b chore(deps): update actions/setup-java digest to c1e3236
• 6eb01ff chore(deps): update codecov/codecov-action digest to 671740a
• dbf1e57 the classloader is nullable, and remove a space (#3907)
• 6a20574 Merge commit from fork
• c07721a fix: incorrect pg_stat_replication.reply_time calculation (#3906)
• 83023f3 fix: close temporary lob descriptors that are used internally in PreparedStat...
• 62c9805 fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...
• Additional commits viewable in compare view

Updates org.jooq.jooq-codegen-gradle from 3.19.29 to 3.20.11

Release notes

Sourced from org.jooq.jooq-codegen-gradle's releases.

3.20.11

Version 3.20.11 - January 29, 2026

This is a 3.20 patch release with minor improvements and bug fixes

Bug Fixes

#19484 - Work around DuckDB limitation where RETURNING clauses don't support bind values #19487 - DuckDB doesn't support the ON CONFLICT .. WHERE clause, only the DO UPDATE .. WHERE clause #19495 - Error with DuckDB DECIMAL bind value cast for large decimals #19499 - Work around DuckDB limitation of not being able to qualify UDT arrays #19500 - Cannot bind UDT arrays in DuckDB #19502 - JSON parser should be able to handle non-standard JSON NaN and Infinity values #19506 - Confusing warning about dialect version support #19510 - DuckDB doesn't support binding lobs in ClobBinding #19513 - DuckDBDatabase produces both identity flags and DEFAULT expression #19517 - Multiset JSON emulation should use explicit JSON_ARRAYAGG .. ORDER BY clause where derived table ordering is unstable #19520 - Bad DuckDB interval bind values formatting #19522 - Bad decoding of spatial data from DuckDB database #19525 - Bad cast type for DuckDB INTERVAL DAY TO SECOND type #19528 - Bad date time arithmetic rendered for DuckDB DATE + INTERVAL expressions #19535 - Optimistic locking may produce unsupported FOR UPDATE clause in DuckDB #19538 - DuckDB NestedCollectionEmulation.JSON emulation can't nest MULTISET expressions in ROW expressions #19541 - Add support for DuckDB TIMESTAMP_NS, TIMESTAMP_MS, TIMESTAMP_S types #19546 - DuckDBDatabase shouldn't use INFORMATION_SCHEMA.KEY_COLUMN_USAGE.POSITION_IN_UNIQUE_CONSTRAINT #19552 - Upgrade log4j-core dependency to mitigate CVE-2025-68161 #19559 - Error when using IS [NOT] DISTINCT FROM with LOB columns in Oracle #19564 - Meta.getTables(Name) should allow for partially qualified lookups #19573 - HSQLDBDatabase doesn't correctly implement includeSystemCheckConstraints when identifiers are quoted #19580 - Bad formatting of CAST() function content #19585 - QOM.Array should implement SimpleCheckQueryPart, and return true if there are only few elements #19592 - SortFieldImpl should implement ComplexCheckQueryPart to delegate formatting decisions to contents #19595 - Improve formatting of PARTITION BY and ORDER BY clauses in window functions #19598 - SQLExceptionLoggerListener logs incorrect message about precision when truncated numeric value cannot be inserted for some other reason #19603 - Support emulating EXCLUDED in MySQL, when used in expressions #19607 - MULTISET returns invalid JSONB for JSON string scalar values #19611 - Inlined JSON should be rendered as JSON literal in DuckDB #19616 - Unable to disable generation of implicit many-to-many path methods #19622 - jOOQ-bom pom.xml should be published using packaging=pom

3.20.10

Version 3.20.10 - December 5, 2025

This is a 3.20 patch release with minor improvements and bug fixes

Features and Improvements

... (truncated)

Commits

• 9b8a104 Release 3.20.11
• fd47c09jOOQ/jOOQ#19621
• 6186acajOOQ/jOOQ#19614
• 7c27f54jOOQ/jOOQ#19606
• 7ff8e98jOOQ/jOOQ#19610
• a8f3507jOOQ/jOOQ#19606
• 9c65220jOOQ/jOOQ#16942
• 30dd29ajOOQ/jOOQ#19591
• 99e6b1ejOOQ/jOOQ#19584
• a72a52bjOOQ/jOOQ#19584
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-gradle-plugin from 4.0.1 to 4.0.2

Release notes

Sourced from org.springframework.boot:spring-boot-gradle-plugin's releases.

v4.0.2

⚠️ Noteworthy Changes

• The dependency on org.eclipse.jetty.ee11:jetty-ee11-servlets has been removed from spring-boot-jetty as it was unnecessary and unused. If your application code depends on a class from jetty-ee11-servlets, declare a dependency on it in your build configuration. #48677

🐞 Bug Fixes

• No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 #48880
• Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48840
• When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48838
• SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax #48830
• Setting graphql schema location to "classpath*:graphql/**/" causes failure due to incorrectly packaged test resource #48829
• Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image #48828
• CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient #48826
• RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private #48820
• SSL metrics are no longer auto-configured #48819
• Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48812
• DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48703
• The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security #48685
• Application JAR created by extract command is not reproductible #48678
• AOT processing of tests should not be disabled when 'skipTests' is set #48662
• @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server #48653
• Fix zero-length byte buffer in InspectedContent #48650
• Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer #48635
• HttpServiceClientProperties incorrectly uses the @ConfigurationProperties annotation on a LinkedHashMap class #48616
• spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there #48585
• App fails to start with starter-webmvc and starter-zipkin #48581
• Micrometer test modules should have an api dependency on micrometer-observation-test #48386

📔 Documentation

• Fix typo in REST client documentation #48907
• Remove duplicate word #48874
• Document support for configuring arguments passed to Docker Compose #48806
• The documentation related to EnvironmentPostProcessor links to deprecated interface #48803
• Update documentation for Buildpack's AOT Cache support #48769
• Correct docs to use new location for error handling configuration properties #48767
• Document spring-boot-starter-cloudfoundry on Cloud Foundry Support Page #48675
• Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48659
• Example using excludeDevtools property should document that optional dependencies should be enabled #48641
• Fix grammar and typos in the reference guide #48601
• Update Tracing section for Spring Boot 4's modularity #48576

🔨 Dependency Upgrades

• Upgrade to Classmate 1.7.3 #48783
• Upgrade to Elasticsearch Client 9.2.3 #48721
• Upgrade to Hibernate 7.2.1.Final #48857
• Upgrade to HttpClient5 5.5.2 #48784
• Upgrade to Jackson 2 Bom 2.20.2 #48910

... (truncated)

Commits

• fae3545 Release v4.0.2
• 9fde744 Merge branch '3.5.x' into 4.0.x
• 650236d Remove breaking and unnecessary Undertow TLS with RSA test
• 547bc77 Upgrade to Spring Batch 6.0.2
• 4387cbb Upgrade to Jackson Bom 3.0.4
• abec26e Polish
• f677fba Upgrade to Spring Integration 7.0.2
• 849c2ee Upgrade to Spring GraphQL 2.0.2
• facd456 Upgrade to Nullability Plugin 0.0.10
• e99c08f Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-lib from 4.1.0 to 4.3.0

Release notes

Sourced from com.diffplug.spotless:spotless-lib's releases.

Lib v4.3.0

Added

• Add P2Provisioner interface in lib-extra to enable build-tool-specific caching strategies for Eclipse P2 dependencies, fixing OutOfMemoryError in large multi-project builds. (#2788)

Fixed

• removeSemicolons() should not be applied to multiline strings in groovy #2780 (#2792)

Lib v4.2.0

Added

• Add a expandWildcardImports API for java (#2679)
• Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)

Fixed

• Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)
• Git ratchet no longer throws an error with Git worktrees. (#2779)

Changes

• Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
• Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
• Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

Changelog

Sourced from com.diffplug.spotless:spotless-lib's changelog.

[4.3.0] - 2026-01-27

Added

• Add P2Provisioner interface in lib-extra to enable build-tool-specific caching strategies for Eclipse P2 dependencies, fixing OutOfMemoryError in large multi-project builds. (#2788)

Fixed

• removeSemicolons() should not be applied to multiline strings in groovy #2780 (#2792)

[4.2.0] - 2026-01-22

Added

• Add a expandWildcardImports API for java (#2679)
• Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)

Fixed

• Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)
• Git ratchet no longer throws an error with Git worktrees. (#2779)

Changes

• Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
• Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
• Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

Commits

• 78e26e9 Published lib/4.3.0
• 33692c2 [fix] removeSemicolons() should not be applied to multiline strings in groo...
• 90628d8 Update changelog.
• 61864a2 Merge branch 'main' into fix-removeSemicolons
• 4864bc8 Fix Gradle Cache performance issue by supporting cached P2 provisionning via ...
• 075895c docs: Mention P2 caching for gradle plugin caching
• 57214bf feat: Supports P2 in predeclare
• 8aee8ac chore: Adds a GradleProvisioner test
• 859326c chore: Use a caching TestP2Provisioner in tests
• 39d4fc5 feat: Move p2 provisioning outside EquoBasedStepBuilder, as first citizen
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-plugin-gradle from 8.1.0 to 8.2.1

Release notes

Sourced from com.diffplug.spotless:spotless-plugin-gradle's releases.

Gradle Plugin v8.2.1

Fixed

• Fix OutOfMemoryError and slow configuration phase in large multi-project builds when using Eclipse-based formatters (Eclipse JDT, GrEclipse, Eclipse CDT) by implementing P2 dependency caching. (#2788)

Gradle Plugin v8.2.0

Added

• Add a expandWildcardImports API for java (#2679)
• Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)
• Add support for passing multiple file paths using the -PspotlessIdeHook option. (#2774)

Fixed

• configuration cache for groovy. (#2797)
• [fix] NPE due to workingTreeIterator being null for git ignored files. #911 (#2771)
• Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)

Changes

• Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
• Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
• Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

Commits

• 2b7f9de Published gradle/8.2.1
• 78e26e9 Published lib/4.3.0
• 33692c2 [fix] removeSemicolons() should not be applied to multiline strings in groo...
• 90628d8 Update changelog.
• 61864a2 Merge branch 'main' into fix-removeSemicolons
• 4864bc8 Fix Gradle Cache performance issue by supporting cached P2 provisionning via ...
• 075895c docs: Mention P2 caching for gradle plugin caching
• 57214bf feat: Supports P2 in predeclare
• 8aee8ac chore: Adds a GradleProvisioner test
• 859326c chore: Use a caching TestP2Provisioner in tests
• Additional commits viewable in compare view

Updates gradle-wrapper from 9.2.1 to 9.3.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Dankoy]

@dependabot rebase

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.