Skip to content

Bump the dev-dependencies group with 3 updates#403

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/gradle/dev-dependencies-0d9c240e19
Apr 29, 2026
Merged

Bump the dev-dependencies group with 3 updates#403
github-actions[bot] merged 1 commit intomainfrom
dependabot/gradle/dev-dependencies-0d9c240e19

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026

Bumps the dev-dependencies group with 3 updates: io.freefair.aspectj.post-compile-weaving, gradle-wrapper and org.postgresql:postgresql.

Updates io.freefair.aspectj.post-compile-weaving from 9.4.0 to 9.5.0

Release notes

Sourced from io.freefair.aspectj.post-compile-weaving's releases.

9.5.0

What's Changed

New Contributors

Full Changelog: freefair/gradle-plugins@9.4.0...9.5.0

Commits
  • f24a7d5 Merge pull request #1755 from freefair/dependabot/gradle/examples/main/org.sp...
  • 278081c fix deprecation warnings
  • a1cf246 Merge pull request #1754 from dtrunk90/fix/delombok-sourcepath-for-modules
  • 91dbece Merge branch 'main' of github.com:freefair/gradle-plugins
  • 88570fc fix checkstyle
  • 9ad981d Bump org.springframework.boot:spring-boot-dependencies in /examples (#1756)
  • 7bf9d6e Bump org.graalvm.buildtools.native from 1.0.0 to 1.1.0 in /examples (#1758)
  • f527dd0 fix javadoc link config
  • 27901ff Update to Gradle 9.5.0
  • 8cfe90c Bump org.springframework.boot from 4.0.5 to 4.0.6 in /examples (#1757)
  • Additional commits viewable in compare view

Updates gradle-wrapper from 9.4.1 to 9.5.0

Release notes

Sourced from gradle-wrapper's releases.

9.5.0

The Gradle team is excited to announce Gradle 9.5.0.

Here are the highlights of this release:

  • Task provenance in reports and failure messages
  • Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.5.0 RC4

... (truncated)

Commits

Updates org.postgresql:postgresql from 42.7.10 to 42.7.11

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.11

Security

  • fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Changes

🐛 Bug Fixes

  • fix: ensure extended protocol messages end with Sync message @​vlsi (#3728)
  • fix: enable cursor-based fetching in extended protocol when transaction started via SQL command @​vlsi (#3996)
  • fix: retry with SSL on IOException when sslMode=ALLOW @​vlsi (#3973)
  • fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in @​vlsi (#3968)
  • fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers @​vlsi (#3962)
  • fix: use compareTo for LogSequenceNumber comparison @​vlsi (#3961)
  • fix: release COPY lock on IOException to prevent connection hang (#3957) @​vlsi (#3960)

🧰 Maintenance

⬆️ Dependencies

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.11] (2026-04-28)

Security

  • fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Added

Changed

Fixed

Commits
  • 78e261f fix: Add sources and javadocs to shaded published lib generation
  • 1e09fa0 update Changelog and website for release of 42.7.11 (#4042)
  • d479fa5 Fix scram fix location in changelog and update published artifact developer l...
  • b04fc46 docs: Add scram max iters fix to changelog
  • cf54822 test: Disable scram test on older version without scram_iterations GUC
  • 7dbcc79 test: Add SCRAM max iteration tests
  • c9d41d1 fix: Limit SCRAM PBKDF2 iterations accepted from the server
  • a340cb2 style: replace @​exception with @​throws in getBoolean javadoc
  • 77837f8 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 23af03b chore(deps): update actions/checkout action to v6
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dev-dependencies group with 3 updates
7d114ab 
Bumps the dev-dependencies group with 3 updates: [io.freefair.aspectj.post-compile-weaving](https://github.com/freefair/gradle-plugins), [gradle-wrapper](https://github.com/gradle/gradle) and [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc).


Updates `io.freefair.aspectj.post-compile-weaving` from 9.4.0 to 9.5.0
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](freefair/gradle-plugins@9.4.0...9.5.0)

Updates `gradle-wrapper` from 9.4.1 to 9.5.0
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.4.1...v9.5.0)

Updates `org.postgresql:postgresql` from 42.7.10 to 42.7.11
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.10...REL42.7.11)

---
updated-dependencies:
- dependency-name: io.freefair.aspectj.post-compile-weaving
  dependency-version: 9.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: gradle-wrapper
  dependency-version: 9.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Apr 29, 2026
@github-actions github-actions Bot enabled auto-merge (squash) April 29, 2026 08:55
@github-actions github-actions Bot merged commit 569c5d1 into main Apr 29, 2026
6 checks passed
@github-actions github-actions Bot deleted the dependabot/gradle/dev-dependencies-0d9c240e19 branch April 29, 2026 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants