chore(deps): Bump org.codehaus.plexus:plexus-utils from 3.6.0 to 3.6.1 (#27471)

imsayari404 · web-flow · commit 94a11f78597d · 2026-04-16T10:14:58.000-04:00
## Description This change upgrades plexus-utils to version 3.6.1 to address a recently disclosed Directory Traversal vulnerability in the extractFile method (CVE-2025-67030). ## Motivation and Context Our current dependency version falls within the vulnerable range. Upgrading to 3.6.1 ensures we are aligned with the patched version and removes the security risk flagged by Dependabot and the GitHub Advisory Database. ## Impact Mitigates a high-severity directory traversal vulnerability that could allow arbitrary code execution during archive extraction. ## Test Plan <img width="1223" height="425" alt="image" src="https://github.com/user-attachments/assets/3fcf2489-8958-44a9-a48b-518629af4e26" /> <img width="1223" height="425" alt="image" src="https://github.com/user-attachments/assets/930b1c47-e4dc-48e2-913a-9ca3c72c3d3a" /> ## Contributor checklist - [ ] Please make sure your submission complies with our [contributing guide](https://github.com/prestodb/presto/blob/master/CONTRIBUTING.md), in particular [code style](https://github.com/prestodb/presto/blob/master/CONTRIBUTING.md#code-style) and [commit standards](https://github.com/prestodb/presto/blob/master/CONTRIBUTING.md#commit-standards). - [ ] PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced. - [ ] Documented new properties (with its default value), SQL syntax, functions, or other functionality. - [ ] If release notes are required, they follow the [release notes guidelines](https://github.com/prestodb/presto/wiki/Release-Notes-Guidelines). - [ ] Adequate tests were added if applicable. - [ ] CI passed. - [ ] If adding new dependencies, verified they have an [OpenSSF Scorecard](https://securityscorecards.dev/#the-checks) score of 5.0 or higher (or obtained explicit TSC approval for lower scores). ## Release Notes Please follow [release notes guidelines](https://github.com/prestodb/presto/wiki/Release-Notes-Guidelines) and fill in the release notes below. ``` == NO RELEASE NOTE == ```
diff --git a/pom.xml b/pom.xml
@@ -264,7 +264,7 @@
             <dependency>
                 <groupId>org.codehaus.plexus</groupId>
                 <artifactId>plexus-utils</artifactId>
-                <version>3.6.0</version>
+                <version>3.6.1</version>
             </dependency>
 
             <dependency>
