From 46b162932171bd9a57273ca919a348abc200c8a1 Mon Sep 17 00:00:00 2001
From: Hongchol Sinn <hongchol.sinn@broadcom.com>
Date: Wed, 28 Feb 2024 17:33:30 -0800
Subject: [PATCH] Add a comment explaining why postgresql version is pinned

- Per PR review.
---
 dependencies.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependencies.gradle b/dependencies.gradle
index 9e1eaa8e997..0c4922ed331 100644
--- a/dependencies.gradle
+++ b/dependencies.gradle
@@ -71,7 +71,7 @@ libraries.mockito = "org.mockito:mockito-core"
 libraries.mockitoJunit5 = "org.mockito:mockito-junit-jupiter"
 libraries.passay = "org.passay:passay:1.6.4"
 libraries.beanutils = "commons-beanutils:commons-beanutils:1.9.4"
-libraries.postgresql = "org.postgresql:postgresql:42.3.9"
+libraries.postgresql = "org.postgresql:postgresql:42.3.9" // 42.3.8 has CVE-2024-1597
 libraries.selenium = "org.seleniumhq.selenium:selenium-java:${versions.seleniumVersion}"
 libraries.seleniumHttp = "org.seleniumhq.selenium:selenium-http-jdk-client:${versions.seleniumVersion}"
 libraries.slf4jApi = "org.slf4j:slf4j-api"