From 4378573a2923c4c7a0613fe98261a625de1c40a6 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Thu, 29 May 2025 07:16:13 +0000
Subject: [PATCH] celeborn-0.5/0.5.4-r1: fix GHSA-wxr5-93ph-8wr9

---
 celeborn-0.5.yaml              | 2 +-
 celeborn-0.5/pombump-deps.yaml | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 celeborn-0.5/pombump-deps.yaml

diff --git a/celeborn-0.5.yaml b/celeborn-0.5.yaml
index 0c7da6949b05..58c77a07a5fe 100644
--- a/celeborn-0.5.yaml
+++ b/celeborn-0.5.yaml
@@ -1,7 +1,7 @@
 package:
   name: celeborn-0.5
   version: 0.5.4
-  epoch: 1
+  epoch: 2
   description: "Apache Celeborn - A Remote Shuffle Service for Distributed Data Processing Engines"
   copyright:
     - license: Apache-2.0
diff --git a/celeborn-0.5/pombump-deps.yaml b/celeborn-0.5/pombump-deps.yaml
new file mode 100644
index 000000000000..307574cf1fdc
--- /dev/null
+++ b/celeborn-0.5/pombump-deps.yaml
@@ -0,0 +1,4 @@
+patches:
+    - groupId: commons-beanutils
+      artifactId: commons-beanutils
+      version: 1.11.0