pac4j · leleuj · Aug 27, 2021 · Aug 26, 2021
diff --git a/pac4j-saml/pom.xml b/pac4j-saml/pom.xml
@@ -15,12 +15,9 @@
     <properties>
         <opensaml.version>4.0.1</opensaml.version>
         <joda-time.version>2.10.6</joda-time.version>
-        <velocity.version>2.2</velocity.version>
+        <velocity.version>2.3</velocity.version>
         <xmlsectool.version>2.0.0</xmlsectool.version>
         <xmlsec.version>2.2.0</xmlsec.version>
-        <!-- The dependency to commons-collections 3.2.2 is explicitly made to replace 3.2.1 (vulnerable) used by
-        velocity 1.7. It can be removed as soon as velocity 1.7 is not used anymore-->
-        <commons-collections.version>3.2.2</commons-collections.version>
         <cryptacular.version>1.2.4</cryptacular.version>
         <!-- This version is used to override the version xmlsectool depends on. it should be compatible -->
         <httpcore.version>4.4.13</httpcore.version>
@@ -147,11 +144,6 @@
             <artifactId>velocity-engine-core</artifactId>
             <version>${velocity.version}</version>
         </dependency>
-        <dependency>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
-            <version>${commons-collections.version}</version>
-        </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>jcl-over-slf4j</artifactId>