From 513ecf8fe12d236e984067f5a29b0268432d31ab Mon Sep 17 00:00:00 2001
From: eschcam <cameron.scholes@est.tech>
Date: Fri, 3 Oct 2025 16:04:10 +0100
Subject: [PATCH 1/3] Upgrade commons-lang3 to 3.18.0

Commons-lang3 3.12.0 contains CVE-2025-48924
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2cad20594c712..025090d570bd5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -195,7 +195,7 @@
     <!-- org.apache.commons/commons-lang/-->
     <commons-lang2.version>2.6</commons-lang2.version>
     <!-- org.apache.commons/commons-lang3/-->
-    <commons-lang3.version>3.12.0</commons-lang3.version>
+    <commons-lang3.version>3.18.0</commons-lang3.version>
     <!-- org.apache.commons/commons-pool2/-->
     <commons-pool2.version>2.11.1</commons-pool2.version>
     <datanucleus-core.version>4.1.17</datanucleus-core.version>

From 703b35e51c4ea899463cc0eca94ab743396c899d Mon Sep 17 00:00:00 2001
From: eschcam <cameron.scholes@est.tech>
Date: Mon, 6 Oct 2025 15:13:38 +0100
Subject: [PATCH 2/3] Update manifest

---
 dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3
index f110a1988fbf5..9f257f8285f1f 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -45,7 +45,7 @@ commons-crypto/1.1.0//commons-crypto-1.1.0.jar
 commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-io/2.16.1//commons-io-2.16.1.jar
 commons-lang/2.6//commons-lang-2.6.jar
-commons-lang3/3.12.0//commons-lang3-3.12.0.jar
+commons-lang3/3.18.0//commons-lang3-3.18.0.jar
 commons-logging/1.1.3//commons-logging-1.1.3.jar
 commons-math3/3.6.1//commons-math3-3.6.1.jar
 commons-pool/1.5.4//commons-pool-1.5.4.jar

From 70b8f7fe74242a6463746efb5c1a66e6da46121f Mon Sep 17 00:00:00 2001
From: eschcam <cameron.scholes@est.tech>
Date: Mon, 6 Oct 2025 16:02:58 +0100
Subject: [PATCH 3/3] Update commons-lang3 to 3.19.0

---
 dev/deps/spark-deps-hadoop-3-hive-2.3 | 2 +-
 pom.xml                               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/deps/spark-deps-hadoop-3-hive-2.3 b/dev/deps/spark-deps-hadoop-3-hive-2.3
index 9f257f8285f1f..95b28c4a72d78 100644
--- a/dev/deps/spark-deps-hadoop-3-hive-2.3
+++ b/dev/deps/spark-deps-hadoop-3-hive-2.3
@@ -45,7 +45,7 @@ commons-crypto/1.1.0//commons-crypto-1.1.0.jar
 commons-dbcp/1.4//commons-dbcp-1.4.jar
 commons-io/2.16.1//commons-io-2.16.1.jar
 commons-lang/2.6//commons-lang-2.6.jar
-commons-lang3/3.18.0//commons-lang3-3.18.0.jar
+commons-lang3/3.19.0//commons-lang3-3.19.0.jar
 commons-logging/1.1.3//commons-logging-1.1.3.jar
 commons-math3/3.6.1//commons-math3-3.6.1.jar
 commons-pool/1.5.4//commons-pool-1.5.4.jar
diff --git a/pom.xml b/pom.xml
index 025090d570bd5..6a3b00585a399 100644
--- a/pom.xml
+++ b/pom.xml
@@ -195,7 +195,7 @@
     <!-- org.apache.commons/commons-lang/-->
     <commons-lang2.version>2.6</commons-lang2.version>
     <!-- org.apache.commons/commons-lang3/-->
-    <commons-lang3.version>3.18.0</commons-lang3.version>
+    <commons-lang3.version>3.19.0</commons-lang3.version>
     <!-- org.apache.commons/commons-pool2/-->
     <commons-pool2.version>2.11.1</commons-pool2.version>
     <datanucleus-core.version>4.1.17</datanucleus-core.version>