CVE-2025-67030 Plexus-Utils has a Directory Traversal vulnerability in its extractFile method (#81)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Valery Kharseko <vharseko@3a-systems.ru>

Author: dependabot[bot]

OpenICF-maven-plugin/pom.xml

@@ -21,6 +21,7 @@
  with the fields enclosed by brackets [] replaced by
  your own identifying information:
  "Portions Copyrighted [year] [name of copyright owner]"
+  Portions Copyrighted 2018-2026 3A Systems, LLC 
 -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -84,7 +85,11 @@
             <artifactId>maven-settings</artifactId>
             <version>${mavenVersion}</version>
         </dependency>
-
+        <dependency>
+           <groupId>org.codehaus.plexus</groupId>
+           <artifactId>plexus-xml</artifactId>
+           <version>3.0.1</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.maven.plugin-tools</groupId>
             <artifactId>maven-plugin-annotations</artifactId>
@@ -128,7 +133,7 @@
         <dependency>
             <groupId>org.codehaus.plexus</groupId>
             <artifactId>plexus-utils</artifactId>
-            <version>3.5.1</version>
+            <version>4.0.3</version>
         </dependency>
         <dependency>
             <groupId>org.codehaus.plexus</groupId>