pgjdbc/pgjdbc GitHub issues and pull requests (mirror)
help / color / mirror / Atom feedFrom: renovate-bot (@renovate-bot) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: [pgjdbc/pgjdbc] PR #3916: chore(deps): update dependency com.typesafe.play:sbt-plugin to v2.9.10
Date: Mon, 19 Jan 2026 05:27:48 +0000
Message-ID: <[email protected]> (raw)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [com.typesafe.play:sbt-plugin](https://redirect.github.com/playframework/playframework) | plugin | patch | `2.9.9` → `2.9.10` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
---
### Release Notes
<details>
<summary>playframework/playframework (com.typesafe.play:sbt-plugin)</summary>
### [`v2.9.10`](https://redirect.github.com/playframework/playframework/releases/tag/2.9.10): Play 2.9.10
[Compare Source](https://redirect.github.com/playframework/playframework/compare/2.9.9...2.9.10)
We are pleased to announce the release of Play 2.9.10! :tada:
#### :green\_book: About this Release
This release fixes several bugs and addresses reported security vulnerabilities (CVEs) and - as always - updates dependencies. We strongly recommend upgrading at your earliest convenience.
If you're considering upgrading to Play 2.9, please check the [Play 2.9 release announcement](https://redirect.github.com/playframework/playframework/releases/tag/2.9.0) for highlights and further details on how to migrate. Many projects have already smoothly upgraded to Play 2.9.
##### Noteworthy Pull Request
- [playframework/play-json#1226](https://redirect.github.com/playframework/play-json/pull/1226) Avoid running out of memory when parsing heavily nested arrays or objects by [@​mkurz](https://redirect.github.com/mkurz)
We now limit the maximum allowed nesting depth of JSON structures (arrays, objects, or a mix of both) to 1000.
This limit can be adjusted using the system property `play.json.parser.maxNestingDepth`.
We assume a depth of 1000 should be more than sufficient for virtually all real-world use cases.
This change helps prevent both potential `OutOfMemoryError`s and `StackOverflowError`s.
The latter, however, is not a concern for Play JSON, since it already uses a [@​tailrec-optimized](https://redirect.github.com/tailrec-optimized) parsing method.
As a result, Play JSON is not affected by <https://github.com/advisories/GHSA-h46c-h94j-95f3;, which specifically addresses StackOverflowError risks.
This improvement is simply an additional safety measure.
- [#​13685](https://redirect.github.com/playframework/playframework/issues/13685) \[2.9.x] Bump to lz4-java 1.10.1 to fix CVE-2025-66566 and [CVE‐2025‐12183](https://redirect.github.com/advisories/GHSA-vqf4-7m7x-wgfc) by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13707](https://redirect.github.com/playframework/playframework/issues/13707) \[2.9.x] Netty 4.1.130.Final (backport [#​13706](https://redirect.github.com/playframework/playframework/issues/13706)) to fix CVE-2025-67735 by [@​mkurz](https://redirect.github.com/mkurz)
- Upgrade `ch.qos.logback:logback-core` to fix CVE-2025-11226 (see "Patch updates" below)
Following pull requests got merged for this release:
- [#​13715](https://redirect.github.com/playframework/playframework/issues/13715) \[2.9.x] Patch updates by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13711](https://redirect.github.com/playframework/playframework/issues/13711) \[2.9.x] Patch updates by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13707](https://redirect.github.com/playframework/playframework/issues/13707) \[2.9.x] Netty 4.1.130.Final (backport [#​13706](https://redirect.github.com/playframework/playframework/issues/13706)) by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13704](https://redirect.github.com/playframework/playframework/issues/13704) \[2.9.x] hibernate-core 6.6.39.Final (was 6.6.38.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13690](https://redirect.github.com/playframework/playframework/issues/13690) \[2.9.x] Patch updates by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13688](https://redirect.github.com/playframework/playframework/issues/13688) \[2.9.x] netty-codec-http, netty-handler, ... 4.1.129.Final (was 4.1.128.Final) by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13685](https://redirect.github.com/playframework/playframework/issues/13685) \[2.9.x] Bump to lz4-java 1.10.1 to fix CVE-2025-66566 by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13683](https://redirect.github.com/playframework/playframework/issues/13683) \[2.9.x] lz4-java 1.8.1 (backport [#​13682](https://redirect.github.com/playframework/playframework/issues/13682)) by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13678](https://redirect.github.com/playframework/playframework/issues/13678) \[2.9.x] hibernate-core 6.6.38.Final (was 6.6.37.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13673](https://redirect.github.com/playframework/playframework/issues/13673) \[2.9.x] Patch updates by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13669](https://redirect.github.com/playframework/playframework/issues/13669) \[2.9.x] Bump actions/checkout from 5 to 6 by @​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
- [#​13667](https://redirect.github.com/playframework/playframework/issues/13667) \[2.9.x] hibernate-core 6.6.37.Final (was 6.6.36.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13661](https://redirect.github.com/playframework/playframework/issues/13661) \[2.9.x] hibernate-core 6.6.36.Final (was 6.6.35.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13659](https://redirect.github.com/playframework/playframework/issues/13659) \[2.9.x] hibernate-core 6.6.35.Final (was 6.6.34.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13656](https://redirect.github.com/playframework/playframework/issues/13656) \[2.9.x] Patch updates by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13636](https://redirect.github.com/playframework/playframework/issues/13636) \[2.9.x] commons-io 2.21.0 (was 2.20.0) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13631](https://redirect.github.com/playframework/playframework/issues/13631) \[2.9.x] Patch updates by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13624](https://redirect.github.com/playframework/playframework/issues/13624) \[2.9.x] hibernate-core 6.6.34.Final (was 6.6.33.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13609](https://redirect.github.com/playframework/playframework/issues/13609) \[2.9.x] Patch updates by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13612](https://redirect.github.com/playframework/playframework/issues/13612) \[2.9.x] Pin ssl-config by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13604](https://redirect.github.com/playframework/playframework/issues/13604) \[2.9.x] scalafmt-core 3.10.0 (was 3.9.10) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13602](https://redirect.github.com/playframework/playframework/issues/13602) \[2.9.x] hibernate-core 6.6.33.Final (was 6.6.31.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13606](https://redirect.github.com/playframework/playframework/issues/13606) \[2.9.x] netty-codec-http, netty-handler, ... 4.1.128.Final (was 4.1.127.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13596](https://redirect.github.com/playframework/playframework/issues/13596) \[2.9.x] Patch updates by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13593](https://redirect.github.com/playframework/playframework/issues/13593) \[2.9.x] hibernate-core 6.6.31.Final (was 6.6.30.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13587](https://redirect.github.com/playframework/playframework/issues/13587) \[2.9.x] Patch updates by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13585](https://redirect.github.com/playframework/playframework/issues/13585) \[2.9.x] sbt-native-packager 1.11.4 (backport [#​13584](https://redirect.github.com/playframework/playframework/issues/13584)) by [@​mkurz](https://redirect.github.com/mkurz)
- [#​13568](https://redirect.github.com/playframework/playframework/issues/13568) \[2.9.x] sbt-jmh 0.4.8 (was 0.4.7) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13567](https://redirect.github.com/playframework/playframework/issues/13567) \[2.9.x] hibernate-core 6.6.30.Final (was 6.6.29.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13560](https://redirect.github.com/playframework/playframework/issues/13560) \[2.9.x] h2 2.4.240 (was 2.3.232) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13550](https://redirect.github.com/playframework/playframework/issues/13550) \[2.9.x] Patch updates by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13544](https://redirect.github.com/playframework/playframework/issues/13544) \[2.9.x] hibernate-core 6.6.29.Final (was 6.6.28.Final) by [@​scala-steward](https://redirect.github.com/scala-steward)
- [#​13540](https://redirect.github.com/playframework/playframework/issues/13540) \[2.9.x] sbt-header 5.11.0 (was 5.10.0) by [@​scala-steward](https://redirect.github.com/scala-steward)
For more details see the [full list of changes](https://redirect.github.com/playframework/playframework/compare/2.9.9...2.9.10/) and the [2.9.10 milestone](https://redirect.github.com/playframework/playframework/issues?page=1\&q=milestone%3A%222.9.10%22).
#### :heart: Thanks to our premium sponsors!
<div align="center">
<a href="https://theguardian.com/"><img src="https://www.playframework.com/assets/images/home/sponsors/b15eb0f249dbc45089872e268d8ea5ad-the_guard...; width="250"></a>
<br>
<a href="https://pronto.net/"><img src="https://www.playframework.com/assets/images/home/sponsors/c77b1d664f10a1c9cb19b97c6d8bd204-pronto-so...; width="250"></a>
<a href="https://depop.com/"><img src="https://www.playframework.com/assets/images/home/sponsors/483f7622215dc240d6e6fc52fe167bc0-depop.png...; width="250"></a>
<a href="https://cedarlakeventures.com/"><img src="https://www.playframework.com/assets/images/home/sponsors/bec2b526c9ce52c051f9089a10044867-cedar-lak...; width="250"></a>
<br>
<a href="https://informaticon.com/";
<picture>
<source width="250" media="(prefers-color-scheme: dark)" srcset="https://www.playframework.com/assets/images/home/sponsors/d180a3ad763aaf69b46bff18fb110d9e-informati...;
<source width="250" media="(prefers-color-scheme: light)" srcset="https://www.playframework.com/assets/images/home/sponsors/ad86c68a917e70a42440b4feb413c68d-informati...;
<img width="250" alt="informaticon logo fallback" src="https://www.playframework.com/assets/images/home/sponsors/ad86c68a917e70a42440b4feb413c68d-informati...;
</picture>
</a>
<a href="https://nulab.com/"><img src="https://www.playframework.com/assets/images/home/sponsors/6152e584aa8625eedca1c4accf8f8b63-nulab_log...; width="250"></a>
<a href="https://sprypoint.com/"><img src="https://www.playframework.com/assets/images/home/sponsors/3fdf14f6369cf9d69f4a2a29ce26c2f8-sprypoint...; width="250"></a>
</div>
If you find this OSS project useful for work, please consider asking your company to support it by <a href="https://www.playframework.com/sponsors">becoming a sponsor</a>.
You can also individually sponsor the project by <a href="https://www.playframework.com/sponsors">becoming a backer</a>.
<div align="center">
<a href="https://opencollective.com/playframework"; target="_blank">
<img src="https://opencollective.com/playframework/donate/[email protected]?color=blue"; width="250" />
</a>
</div>
#### :bow: Thanks to our contributors
Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "every 3 weeks on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/pgjdbc/pgjdbc).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: github://pgjdbc/pgjdbc
Cc: [email protected], [email protected]
Subject: Re: [pgjdbc/pgjdbc] PR #3916: chore(deps): update dependency com.typesafe.play:sbt-plugin to v2.9.10
In-Reply-To: <<[email protected]>>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox