palantir · bulldozer-bot · Aug 31, 2022 · Aug 30, 2022 · Aug 31, 2022 · schlosna
diff --git a/changelog/@unreleased/pr-6205.v2.yml b/changelog/@unreleased/pr-6205.v2.yml
@@ -0,0 +1,5 @@
+type: improvement
+improvement:
+  description: Bump PostgreSQL driver from 42.3.3 -> 42.4.1 to remediate CVE
+  links:
+  - https://github.com/palantir/atlasdb/pull/6205
diff --git a/versions.lock b/versions.lock
@@ -304,7 +304,7 @@ org.ow2.asm:asm-analysis:5.0.3 (1 constraints: ee09d4b2)
 org.ow2.asm:asm-commons:5.0.3 (1 constraints: ee09d4b2)
 org.ow2.asm:asm-tree:5.0.3 (4 constraints: d8272223)
 org.ow2.asm:asm-util:5.0.3 (1 constraints: ee09d4b2)
-org.postgresql:postgresql:42.3.3 (1 constraints: 3e054f3b)
+org.postgresql:postgresql:42.4.1 (1 constraints: 3d05503b)
 org.reflections:reflections:0.10.2 (1 constraints: 3505253b)
 org.rocksdb:rocksdbjni:7.4.4 (1 constraints: 11051e36)
 org.slf4j:jcl-over-slf4j:1.7.36 (3 constraints: 432fe5ed)

diff --git a/versions.props b/versions.props
@@ -88,7 +88,7 @@ uk.org.lidalia:slf4j-test = 1.1.0
 com.datastax.cassandra:cassandra-driver-core = 3.8.0
 com.oracle.database.jdbc:ojdbc11 = 21.5.0.0
 com.palantir.cassandra:* = 2.2.13-1.6.0
-org.postgresql:postgresql = 42.3.3
+org.postgresql:postgresql = 42.4.1
 
 # transitive dep with API breaks in 0.14.0
 org.apache.thrift:libthrift = 0.12.0