From ba058ee3972b4909baccb92fd0ebc2cf923ded85 Mon Sep 17 00:00:00 2001
From: Michael Osipov <michaelo@apache.org>
Date: Mon, 18 Jul 2022 15:09:01 +0200
Subject: [PATCH] [MNG-7513] Address commons-io_commons-io vulnerability found
 in maven latest version

We can safely remove Commons IO altogether because it is not used in any direct or
transitive usecase at compile time or runtime.

This closes #771
---
 pom.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pom.xml b/pom.xml
index 4817232a248c..0503501b6607 100644
--- a/pom.xml
+++ b/pom.xml
@@ -295,6 +295,13 @@ under the License.
         <groupId>org.apache.maven.shared</groupId>
         <artifactId>maven-shared-utils</artifactId>
         <version>3.3.4</version>
+        <exclusions>
+          <!-- We use org.apache.maven.shared.utils.logging only in Maven Core -->
+          <exclusion>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
       <dependency>
         <groupId>org.fusesource.jansi</groupId>