Dependency commons-configuration vulnerabilities

[ddugovic]

Despite #201 being closed, https://mvnrepository.com/artifact/com.intuit.quickbooks-online/ipp-v3-java-devkit/6.4.1 depends upon commons-configuration 1.x:

https://mvnrepository.com/artifact/commons-configuration/commons-configuration/1.10 indicates that "org.apache.commons » commons-configuration2"

commons-configuration 1.x also breaks my IDE, since my build stack requires commons-beanutils version 1.9.4 however commons-configuration requires commons-beanutils version 1.8.0.

[ManikaSaiKiran]

@ddugovic We will update the dependency and include in the next release. Thank you

[mnelken]

https://nvd.nist.gov/vuln/detail/CVE-2025-46392

Another CVE has been released relating to this.