You can easily upgrade the driver version in your build.gradle script. The framework itself does not depend on it and does not have a transitive dependency on PostgreSQL driver.
I am aware I can change it myself (I did it already ), it is just that I do not know if there is an auto update from the IDE and/or if it wouldn’t make sense to update the version in the IDE.
batik dom 1.9 also has a few CVE (Apache Batik : List of security vulnerabilities) and is pulled indirectly from com.haulmont.yarg:yarg:2.0.17 and org.apache.xmlgraphics:fop:2.1 → 2.2 which pulls org.apache.xmlgraphics:batik-svg-dom:1.9