From d66ce00fc3431b46e4245dcd01f4366f4e8e3942 Mon Sep 17 00:00:00 2001
From: Shahim Sharafudeen <shahim.ayathil@gmail.com>
Date: Wed, 1 Apr 2026 13:13:50 +0530
Subject: [PATCH] fix(security): upgrade plexus-utils version to 4.0.3 to
 address CVE-2025-67030

Co-authored-by: Sayari Mukherjee <sayarimukherjee2000@gmail.com>
---
 pom.xml          |  2 +-
 resolver/pom.xml | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 893f9f5..b44c7ca 100644
--- a/pom.xml
+++ b/pom.xml
@@ -126,7 +126,7 @@
             <dependency>
                 <groupId>org.codehaus.plexus</groupId>
                 <artifactId>plexus-utils</artifactId>
-                <version>3.5.1</version>
+                <version>4.0.3</version>
             </dependency>
 
             <!-- DI: Sisu -->
diff --git a/resolver/pom.xml b/resolver/pom.xml
index a81416d..d3edb8e 100644
--- a/resolver/pom.xml
+++ b/resolver/pom.xml
@@ -80,6 +80,19 @@
             <artifactId>maven-compat</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-utils</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.codehaus.plexus</groupId>
+            <artifactId>plexus-xml</artifactId>
+            <version>4.0.4</version>
+            <scope>runtime</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.codehaus.plexus</groupId>
             <artifactId>plexus-classworlds</artifactId>