Pacthes CVE-2025-48924 and CVE-2025-22227 (#311)

Author: petruki

pom.xml

@@ -58,15 +58,12 @@
         <maven.compiler.source>${java.version}</maven.compiler.source>
         <maven.compiler.target>${java.version}</maven.compiler.target>
 
-        <switcher-client.version>2.3.1</switcher-client.version>
+        <switcher-client.version>2.3.2</switcher-client.version>
         <jsonwebtoken.version>0.12.6</jsonwebtoken.version>
         <joda-time.version>2.14.0</joda-time.version>
         <gson.version>2.13.1</gson.version>
         <springdoc.version>2.8.9</springdoc.version>
 
-        <!-- Patch -->
-        <commons-lang3.version>3.18.0</commons-lang3.version>
-
         <!-- Test-->
         <flapdoodle.embed.mongo.version>4.20.0</flapdoodle.embed.mongo.version>
         <okhttp.version>5.1.0</okhttp.version>
@@ -291,10 +288,24 @@
 
     <dependencyManagement>
         <dependencies>
+            <!-- Patches Uncontrolled Recursion [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-10734078]-->
             <dependency>
                 <groupId>org.apache.commons</groupId>
                 <artifactId>commons-lang3</artifactId>
-                <version>${commons-lang3.version}</version>
+                <version>3.18.0</version>
+            </dependency>
+
+            <!-- Patches [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-IOPROJECTREACTORNETTY-10770514]-->
+            <dependency>
+                <groupId>io.projectreactor.netty</groupId>
+                <artifactId>reactor-netty-http</artifactId>
+                <version>1.2.8</version>
+            </dependency>
+
+            <dependency>
+                <groupId>io.projectreactor.netty</groupId>
+                <artifactId>reactor-netty-core</artifactId>
+                <version>1.2.8</version>
             </dependency>
         </dependencies>
     </dependencyManagement>