fix: Update zookeeper version to avoid CVE (kserve#128)

Signed-off-by: Nick Hill <[email protected]>

pom.xml

@@ -77,6 +77,9 @@
     <bouncycastle-version>1.70</bouncycastle-version>
     <junit-version>5.9.3</junit-version>
 
+    <zookeeper-version>3.7.2</zookeeper-version>
+    <curator-version>5.3.0</curator-version>
+
     <dockerhome>${project.build.directory}/dockerhome</dockerhome>
     <skipTests>false</skipTests>
   </properties>
@@ -459,7 +462,7 @@
     <dependency>
       <groupId>org.apache.curator</groupId>
       <artifactId>curator-test</artifactId>
-      <version>2.13.0</version>
+      <version>${curator-version}</version>
       <scope>test</scope>
     </dependency>
     <dependency>
@@ -524,6 +527,17 @@
         <artifactId>libthrift</artifactId>
         <version>${thrift-version}</version>
       </dependency>
+      <dependency>
+        <!-- override litelinks' versions with newer to avoid CVE -->
+        <groupId>org.apache.zookeeper</groupId>
+        <artifactId>zookeeper</artifactId>
+        <version>${zookeeper-version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.curator</groupId>
+        <artifactId>curator-recipes</artifactId>
+        <version>${curator-version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 </project>