exclude vulnerable dependencies, replace with new ones

VERSION.md

@@ -122,7 +122,9 @@
   `jakarta.xml.bind`. Global search/replace across the project will do it.
 * Add: `ResizableImageExtension` documentation that it does not play with the rest of the
   library renderers and is an unsupported extension.
-* Fix: update log4j1 to log4j2 to 2.20.0
+* Fix: update `log4j:log4j:1.2.17` to `org.apache.logging.log4j:log4j-xxx:2.20.0`
+* Fix: exclude `com.ibm.icu:icu4j:59.1` dependency, replace with `com.ibm.icu:icu4j:72.1`
+* Fix: exclude `commons-io:commons-io:1.3.1` dependency, replace with `commons-io:commons-io:2.11.0`
 
 ## 0.64.2
 

flexmark-docx-converter/flexmark-docx-converter.iml

@@ -63,6 +63,7 @@
     <orderEntry type="library" name="apache.logging.log4j.core" level="project" />
     <orderEntry type="library" name="apache.logging.log4j.api" level="project" />
     <orderEntry type="library" name="apache.logging.log4j.1.2.api" level="project" />
+    <orderEntry type="library" name="commons.io" level="project" />
     <orderEntry type="library" name="apache.xmlgraphics.commons" level="project" />
   </component>
 </module>

flexmark-docx-converter/pom.xml

@@ -100,6 +100,17 @@
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>xmlgraphics-commons</artifactId>
             <version>2.7</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.11.0</version>
         </dependency>
         <dependency>
             <groupId>org.docx4j</groupId>

flexmark-pdf-converter/flexmark-pdf-converter.iml

@@ -38,9 +38,10 @@
     <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-core:1.3" level="project" />
     <orderEntry type="library" name="com.openhtmltopdf:openhtmltopdf-core" level="project" />
     <orderEntry type="library" name="com.openhtmltopdf:openhtmltopdf-pdfbox" level="project" />
+    <orderEntry type="library" name="ibm.icu.icu4j" level="project" />
     <orderEntry type="library" name="com.openhtmltopdf:openhtmltopdf-rtl-support" level="project" />
     <orderEntry type="library" name="org.jetbrains:annotations" level="project" />
     <orderEntry type="library" name="org.jsoup:jsoup:1.15.4" level="project" />
     <orderEntry type="module" module-name="flexmark-core-test" scope="TEST" />
   </component>
-</module>
+</module>

flexmark-pdf-converter/pom.xml

@@ -35,6 +35,11 @@
             <artifactId>jsoup</artifactId>
             <version>1.15.4</version>
         </dependency>
+        <dependency>
+            <groupId>com.ibm.icu</groupId>
+            <artifactId>icu4j</artifactId>
+            <version>72.1</version>
+        </dependency>
         <dependency>
             <!-- ALWAYS required. -->
             <groupId>com.openhtmltopdf</groupId>
@@ -52,6 +57,12 @@
             <groupId>com.openhtmltopdf</groupId>
             <artifactId>openhtmltopdf-rtl-support</artifactId>
             <version>${openhtml.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.ibm.icu</groupId>
+                    <artifactId>icu4j</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
     </dependencies>
 </project>