CVE-2025-48976 Apache Commons FileUpload: FileUpload DoS via part headers (#148)

* Bump commons-fileupload:commons-fileupload

Bumps commons-fileupload:commons-fileupload from 1.5 to 1.6.0.

---
updated-dependencies:
- dependency-name: commons-fileupload:commons-fileupload
  dependency-version: 1.6.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

* Move commons-fileupload dependency to the parent pom

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: maximthomas <[email protected]>

Author: dependabot[bot]

commons/launcher/launcher-zip/pom.xml

@@ -107,7 +107,6 @@
                 <dependency>
                     <groupId>commons-fileupload</groupId>
                     <artifactId>commons-fileupload</artifactId>
-                    <version>1.5</version>
                 </dependency>
                 <dependency>
                     <groupId>commons-io</groupId>

pom.xml

@@ -843,6 +843,11 @@
 			   <artifactId>commons-io</artifactId>
 			   <version>2.16.1</version>
 			 </dependency>
+            <dependency>
+                <groupId>commons-fileupload</groupId>
+                <artifactId>commons-fileupload</artifactId>
+                <version>1.6.0</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.commons</groupId>
                 <artifactId>commons-text</artifactId>