Environment:

• OS: yocto linux dunfell
• Java version 1.8
• usb4java version 1.3.0

Bug description
We are using usb4java version 1.3.0 in our project and noticed that it includes dependencies with known vulnerabilities:

• CVE-2025-48924: Uncontrolled recursion in Apache Commons Lang (fixed in commons-lang3 3.18.0)
• CVE-2020-15250: Information disclosure in JUnit TemporaryFolder (fixed in JUnit 4.13.1)

Could you please confirm:

• Whether these vulnerabilities impact usb4java usage directly?
• Any recommended mitigation steps?
• If there is a plan for a new release that updates these dependencies?

Reproduction
Vulnerabilities from dependencies: CVE-2025-48924CVE-2020-15250
Reference link: https://mvnrepository.com/artifact/org.usb4java/usb4java/1.3.0

Expected behavior
Reported Vulnerabilities to be solved.