Upgrade commons-compress to 1.28.0 to fix CVE (Infinite Loop, Resource Allocation)

Fix high severity vulnerability SNYK-JAVA-ORGAPACHECOMMONS-6254296 (Infinite Loop)
Fix medium severity vulnerability SNYK-JAVA-ORGAPACHECOMMONS-6254297 (Resource Allocation)

Signed-off-by: Sandra Ahlgrimm <sandra.kriemann@gmail.com>

Author: SandraAhlgrimm

models/spring-ai-transformers/pom.xml

@@ -48,6 +48,12 @@
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
+			<!-- Override commons-compress to fix CVE (Infinite Loop, Resource Allocation) in 1.24.0 -->
+			<dependency>
+				<groupId>org.apache.commons</groupId>
+				<artifactId>commons-compress</artifactId>
+				<version>1.28.0</version>
+			</dependency>
 		</dependencies>
 	</dependencyManagement>
 

vector-stores/spring-ai-azure-cosmos-db-store/pom.xml

@@ -41,6 +41,17 @@
         <maven.compiler.source>17</maven.compiler.source>
 	</properties>
 
+	<dependencyManagement>
+		<dependencies>
+			<!-- Override commons-compress to fix CVE (Infinite Loop, Resource Allocation) in 1.24.0 -->
+			<dependency>
+				<groupId>org.apache.commons</groupId>
+				<artifactId>commons-compress</artifactId>
+				<version>1.28.0</version>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+
 	<dependencies>
 		<dependency>
 			<groupId>com.azure</groupId>