Update commons-io dependency version to 2.14.0 to fix CVE

DEVSIX-8673

Author: nanouh

pdfocr-tesseract4/pom.xml

@@ -13,6 +13,10 @@
   <name>pdfOCR-Tesseract4</name>
   <description>pdfOCR-Tesseract4 is an iText add-on for Java to recognize and extract text in scanned documents and images. It can also convert them into fully ISO-compliant PDF or PDF/A-3u files that are accessible, searchable, and suitable for archiving</description>
 
+  <properties>
+    <sonar.exclusions>src/main/java/com/itextpdf/pdfocr/tesseract4/LeptonicaWrapper.java</sonar.exclusions>
+  </properties>
+
   <dependencies>
     <dependency>
       <groupId>com.itextpdf</groupId>
@@ -59,16 +63,18 @@
         </exclusion>
       </exclusions>
     </dependency>
+    <!--Direct dependency added for commons-IO because of CVE-2024-47554 for lower versions.
+    This dependency originally comes from tess4j.-->
+    <dependency>
+      <groupId>commons-io</groupId>
+      <artifactId>commons-io</artifactId>
+      <version>2.14.0</version>
+    </dependency>
     <dependency>
       <groupId>com.itextpdf</groupId>
       <artifactId>pdftest</artifactId>
       <version>${itext.version}</version>
       <scope>test</scope>
     </dependency>
   </dependencies>
-
-  <properties>
-    <sonar.exclusions>src/main/java/com/itextpdf/pdfocr/tesseract4/LeptonicaWrapper.java</sonar.exclusions>
-  </properties>
-
-</project>
+</project>