chore(deps): Update database drivers

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.postgresql:postgresql (source)	42.7.10 → 42.7.11
org.xerial:sqlite-jdbc	3.53.0.0 → 3.53.1.0

---

Release Notes

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.11

Security

• fix: Limit SCRAM PBKDF2 iterations accepted from the server.
  pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins.
  See the Security Advisory for more detail.
  The following CVE-2026-42198 has been issued.

Added

• feat: implement require_auth connection property, aligning with libpq behavior PR #​3895

Changed

• chore: replace Appveyor CI with ikalnytskyi/action-setup-postgres PR #​3966
• chore: upgrade Gradle to v9 PR #​3978

Fixed

• fix: ensure extended protocol messages end with Sync message PR #​3728
• fix: enable cursor-based fetching in extended protocol when transaction started via SQL command PR #​3996
• fix: retry with SSL on IOException when sslMode=ALLOW PR #​3973
• fix: make sure the driver honours connectTimeout when retrying the connection PR #​3968
• fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in PR #​3968
• fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers PR #​3962
• fix: use compareTo for LogSequenceNumber comparison to handle unsigned values correctly PR #​3961
• fix: release COPY lock on IOException to prevent connection hang PR #​3957
• fix: return jsonb as PGObject instead of String PR #​3956
• fix: align SSL key file permission check with libpq PR #​3952
• fix: guard connection closed flag with a reentrant lock to protect against concurrent close PR #​3905

xerial/sqlite-jdbc (org.xerial:sqlite-jdbc)

v3.53.1.0

Compare Source

Changelog

🚀 Features

sqlite

• upgrade to sqlite 3.53.1 (8263322)

🔄️ Changes

• rewrite amalgamation_version.sh for POSIX shell (52522d0)
• fix android usage (7ef8e0f)

🛠 Build

deps

• bump gummy-bears-api-24 to 0.14.0 (a28d6ce)
• bump gummy-bears-api-24 to 0.13.0 (248e1e9)

deps-dev

• bump org.jreleaser:jreleaser-maven-plugin (396fdf3)
• bump com.tngtech.archunit:archunit-junit5 (458abe1)

unscoped

• conditionally bootstrap SLF4J API JAR (bc7d223)
• make JAVA_CLASSPATH configurable (5aa7426)

Contributors

We'd like to thank the following people for their contributions:
Gauthier, Gauthier Roebroeck, Michael Osipov

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.