CVE-2025-48924: upgrade commons-lang3 to 3.18.0 (#3895)

LantaoJin · web-flow · commit 96d0d1434f77 · 2025-07-21T11:43:52.000-07:00
* CVE-2025-48924: upgrade commons-lang3 to 3.18.0 Signed-off-by: Lantao Jin <ltjin@amazon.com> * Exclude the dependency commons-lang Signed-off-by: Lantao Jin <ltjin@amazon.com> --------- Signed-off-by: Lantao Jin <ltjin@amazon.com>
diff --git a/build.gradle b/build.gradle
@@ -58,7 +58,7 @@ buildscript {
         mockito_version = "5.7.0"
         commons_io_version = "2.14.0"
         commons_text_version = "1.10.0"
-        commons_lang3_version = "3.12.0"
+        commons_lang3_version = "3.18.0"
         // enforce 1.13, https://www.whitesourcesoftware.com/vulnerability-database/WS-2019-0379
         commons_codec_version = "1.13"
         commons_logging_version = "1.2"
@@ -145,7 +145,7 @@ allprojects {
         resolutionStrategy.force 'org.locationtech.jts:jts-core:1.19.0'
         resolutionStrategy.force 'com.google.errorprone:error_prone_annotations:2.28.0'
         resolutionStrategy.force 'org.checkerframework:checker-qual:3.43.0'
-        resolutionStrategy.force 'org.apache.commons:commons-lang3:3.13.0'
+        resolutionStrategy.force 'org.apache.commons:commons-lang3:3.18.0'
         resolutionStrategy.force 'org.apache.commons:commons-text:1.11.0'
         resolutionStrategy.force 'commons-io:commons-io:2.15.0'
         resolutionStrategy.force 'org.yaml:snakeyaml:2.2'
diff --git a/core/build.gradle b/core/build.gradle
@@ -59,6 +59,7 @@ dependencies {
     api "net.minidev:json-smart:${versions.json_smart}"
     api('org.apache.calcite:calcite-core:1.38.0') {
         exclude group: 'net.minidev', module: 'json-smart'
+        exclude group: 'commons-lang', module: 'commons-lang'
     }
     api 'org.apache.calcite:calcite-linq4j:1.38.0'
     api project(':common')

Original file line number	Diff line number	Diff line change
`@@ -59,6 +59,7 @@ dependencies {`
`59`	`59`	`api "net.minidev:json-smart:${versions.json_smart}"`
`60`	`60`	`api('org.apache.calcite:calcite-core:1.38.0') {`
`61`	`61`	`exclude group: 'net.minidev', module: 'json-smart'`
	`62`	`+ exclude group: 'commons-lang', module: 'commons-lang'`
`62`	`63`	`}`
`63`	`64`	`api 'org.apache.calcite:calcite-linq4j:1.38.0'`
`64`	`65`	`api project(':common')`