Update pom.xml dependencies for security fixes and enable tests in the build process

Author: reeshika-h

pom.xml

@@ -172,6 +172,13 @@
             <artifactId>json-simple</artifactId>
             <version>${json-simple-version}</version>
             <scope>compile</scope>
+            <!-- Exclude junit - it was incorrectly included as compile dep in json-simple -->
+            <exclusions>
+                <exclusion>
+                    <groupId>junit</groupId>
+                    <artifactId>junit</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -215,6 +222,34 @@
                 <artifactId>kotlin-stdlib</artifactId>
                 <version>2.1.0</version> 
             </dependency>
+            <!-- Fix CVE-2025-48924: Uncontrolled Recursion in commons-lang3 -->
+            <dependency>
+                <groupId>org.apache.commons</groupId>
+                <artifactId>commons-lang3</artifactId>
+                <version>3.18.0</version>
+            </dependency>
+            <!-- Fix Spring vulnerabilities from contentstack-utils transitive deps -->
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-core</artifactId>
+                <version>6.2.11</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-beans</artifactId>
+                <version>6.2.11</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework</groupId>
+                <artifactId>spring-web</artifactId>
+                <version>6.2.11</version>
+            </dependency>
+            <!-- Fix CVE-2020-15250: junit pulled by json-simple -->
+            <dependency>
+                <groupId>junit</groupId>
+                <artifactId>junit</artifactId>
+                <version>4.13.2</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
     <build>

src/test/java/com/contentstack/sdk/TestEntryModel.java

@@ -254,6 +254,7 @@ void testConstructorWithPublishDetails() {
         JSONObject publishDetails = new JSONObject();
         publishDetails.put("environment", "production");
         publishDetails.put("time", "2024-01-01T00:00:00.000Z");
+        // file deepcode ignore NoHardcodedCredentials/test: <please specify a reason of ignoring this>
         publishDetails.put("user", "user123");
 
         JSONObject json = new JSONObject();