From f7f75b840bdda1c4d3a003ca8dca2ef41ebbbea4 Mon Sep 17 00:00:00 2001
From: Thomas Leung <thomas.leung@ibm.com>
Date: Wed, 23 Jul 2025 12:21:25 -0400
Subject: [PATCH] update commons-lang to 3.18

Signed-off-by: Thomas Leung <thomas.leung@ibm.com>
---
 fabric-chaincode-shim/build.gradle | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fabric-chaincode-shim/build.gradle b/fabric-chaincode-shim/build.gradle
index 8cff266f..bbd136fe 100644
--- a/fabric-chaincode-shim/build.gradle
+++ b/fabric-chaincode-shim/build.gradle
@@ -32,6 +32,11 @@ tasks.withType(org.gradle.api.tasks.testing.Test) {
 }
 
 dependencies {
+    constraints {
+        pmd('org.apache.commons:commons-lang3:3.18.0') {
+            because('CVE-2025-48924')
+        }
+    }
     implementation platform('com.google.protobuf:protobuf-bom:4.31.1')
     implementation platform('io.grpc:grpc-bom:1.73.0')
     implementation platform('io.opentelemetry:opentelemetry-bom:1.51.0')