Address CVE in Apache Commons Lang3 #15
Description
Apache Commons Lang3 v3.14.0 is triggering CVE-2025-48924
This is addressed in Commons Lang v3.18.0.
This dep is brought in by Apache Commons Compress.
If we bump Apache Commons Compress from v1.26.0 to v1.28.0, we'll have addressed the CVE.
I'll follow up with a PR.