Force org.apache.commons:commons-compress version to 1.26.0 or gr…

…eater (#510)

* Force `org.apache.commons:commons-compress` version to `1.26.0` or greater

build.gradle.kts

@@ -107,6 +107,12 @@ subprojects {
     val mockitoVersion: String by extra
 
     dependencies {
+        constraints {
+            implementation("org.apache.commons:commons-compress:1.26.2") {
+                because("earlier versions have a security vulnerabilities")
+            }
+        }
+
         implementation(platform("com.fasterxml.jackson:jackson-bom:$jacksonVersion"))
 
         testImplementation("org.creekservice:creek-test-util:$creekVersion")

json-serde/build.gradle.kts

@@ -55,7 +55,6 @@ dependencies {
     testImplementation("org.testcontainers:junit-jupiter:$testContainersVersion")
     testImplementation("org.testcontainers:kafka:$testContainersVersion")
     testImplementation("org.creekservice:creek-observability-logging-fixtures:$creekVersion")
-    testImplementation("commons-codec:commons-codec:1.17.0")
 }
 
 // Patch Kafka Testcontainers jar into main test containers module to avoid split packages: