From f00c512cc34e8dc91182acf78cf0caa8af6af0c5 Mon Sep 17 00:00:00 2001
From: Pawel Szkamruk <pszkamruk@splunk.com>
Date: Thu, 11 Sep 2025 10:30:02 +0200
Subject: [PATCH 1/5] update avro and kafka dependencies

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 43487915..319cabde 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
         <junit.vintage.version>5.9.2</junit.vintage.version>
         <junit.platform.version>1.9.2</junit.platform.version>
         <jackson.version>2.14.2</jackson.version>
-        <kafka.version>3.4.0</kafka.version>
+        <kafka.version>3.9.1</kafka.version>
         <slf4j.version>2.0.7</slf4j.version>
         <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
     </properties>
@@ -199,7 +199,7 @@
         <dependency>
             <groupId>org.apache.avro</groupId>
             <artifactId>avro</artifactId>
-            <version>1.11.3</version>
+            <version>1.11.4</version>
         </dependency>
         <dependency>
             <groupId>org.jacoco</groupId> 

From 046ce61e1420e07c0200f459bebaf9253072f853 Mon Sep 17 00:00:00 2001
From: Pawel Szkamruk <pszkamruk@splunk.com>
Date: Thu, 11 Sep 2025 11:51:21 +0200
Subject: [PATCH 2/5] fixing fossa CVE-2025-52999, CVE-2024-7254,
 CVE-2025-48924

---
 dependency-reduced-pom.xml | 16 ++++++++--------
 pom.xml                    |  6 +++---
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/dependency-reduced-pom.xml b/dependency-reduced-pom.xml
index 4528684d..df04554a 100644
--- a/dependency-reduced-pom.xml
+++ b/dependency-reduced-pom.xml
@@ -205,17 +205,17 @@
     </plugins>
   </reporting>
   <properties>
-    <junit.jupiter.version>5.9.2</junit.jupiter.version>
-    <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
-    <slf4j.version>2.0.7</slf4j.version>
-    <junit.version>4.13.2</junit.version>
     <java.version>1.8</java.version>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <junit.jupiter.version>5.9.2</junit.jupiter.version>
+    <jackson.version>2.15.0</jackson.version>
+    <kafka.version>3.9.1</kafka.version>
+    <junit.platform.version>1.9.2</junit.platform.version>
     <maven.compiler.target>1.8</maven.compiler.target>
-    <kafka.version>3.4.0</kafka.version>
+    <slf4j.version>2.0.7</slf4j.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <jackson.version>2.14.2</jackson.version>
+    <junit.version>4.13.2</junit.version>
     <junit.vintage.version>5.9.2</junit.vintage.version>
-    <maven.compiler.source>1.8</maven.compiler.source>
-    <junit.platform.version>1.9.2</junit.platform.version>
+    <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
   </properties>
 </project>
diff --git a/pom.xml b/pom.xml
index 319cabde..83f0bab5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
         <junit.jupiter.version>5.9.2</junit.jupiter.version>
         <junit.vintage.version>5.9.2</junit.vintage.version>
         <junit.platform.version>1.9.2</junit.platform.version>
-        <jackson.version>2.14.2</jackson.version>
+        <jackson.version>2.15.0</jackson.version>
         <kafka.version>3.9.1</kafka.version>
         <slf4j.version>2.0.7</slf4j.version>
         <sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
@@ -154,7 +154,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.12.0</version>
+            <version>3.18.0</version>
             <scope>compile</scope>
         </dependency>
         <!-- https://mvnrepository.com/artifact/io.confluent/kafka-connect-protobuf-converter -->
@@ -167,7 +167,7 @@
         <dependency>
             <groupId>com.google.protobuf</groupId>
             <artifactId>protobuf-java</artifactId>
-            <version>3.22.2</version>
+            <version>3.22.5</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
         <dependency>

From 8c871c433c2701142bf49ad61bdb9116b8283afd Mon Sep 17 00:00:00 2001
From: Pawel Szkamruk <pszkamruk@splunk.com>
Date: Thu, 11 Sep 2025 13:05:35 +0200
Subject: [PATCH 3/5] correct version of protobuf

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 83f0bab5..b084c70e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -167,7 +167,7 @@
         <dependency>
             <groupId>com.google.protobuf</groupId>
             <artifactId>protobuf-java</artifactId>
-            <version>3.22.5</version>
+            <version>3.25.5</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
         <dependency>

From e0a3b9d28605ad4aea0f4938bb316fb3f0549595 Mon Sep 17 00:00:00 2001
From: Pawel Szkamruk <pszkamruk@splunk.com>
Date: Thu, 11 Sep 2025 14:49:36 +0200
Subject: [PATCH 4/5] update kafka-connect-protobuf-converter to check if it
 will solve license issue

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b084c70e..d90a33b4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -161,7 +161,7 @@
         <dependency>
             <groupId>io.confluent</groupId>
             <artifactId>kafka-connect-protobuf-converter</artifactId>
-            <version>7.1.1</version>
+            <version>8.0.0</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java -->
         <dependency>

From c2d63834fd06525dc8e1291c7a945ed43ebbee6c Mon Sep 17 00:00:00 2001
From: Pawel Szkamruk <pszkamruk@splunk.com>
Date: Thu, 11 Sep 2025 15:31:59 +0200
Subject: [PATCH 5/5] revert last change

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index d90a33b4..b084c70e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -161,7 +161,7 @@
         <dependency>
             <groupId>io.confluent</groupId>
             <artifactId>kafka-connect-protobuf-converter</artifactId>
-            <version>8.0.0</version>
+            <version>7.1.1</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java -->
         <dependency>