#127 commons-beanutils update to 1.10.1

[Sergei Chernov]

Please update commons-beanutils:commons-beanutils from 1.10.0 to 1.10.1.
Reason: https://commons.apache.org/proper/commons-beanutils/changes.html#a1.10.1 has a concurrency issue hotfix.
Most probably this project is not affected directly as it's not using org.apache.commons.beanutils.FluentPropertyBeanIntrospector, but this dependency has compile scope and can be transitively used by the project depending on opencsv.

[Jim Sellers]

Please update to 1.11.0 at least. The transitive dependency is being flagged for CVE-2025-48734

[Scott Conway]

I will try and look at that this weekend.

[Silviu Burcea]

A better move would be to consider commons-beanutils2, as commons-beanutils 1.x contains commons-collections 3.x, which has sonatype-2024-3350

[Scott Conway]

Updated to 1.11.0 so closing down this ticket.

I am not going to upgrade to commons-beanutils2 because the latest release is still a milestone release (M2). I do not use milestone, beta, or release candidate versions because I have been burned by that in the past so I treat it like a SNAPSHOT version - good to learn from but not for a production release.