Dunno if it would make sense to up the version of it.unimi.dsi instead, or if that would fix the vulnerability ... but do know that this should address the problems with minimal, if any, side effects.
Regarding possibly upping the version of it.unimi.dsi, I think even the most recent version is still using a version of commons-collections under 3.2.2
resolves #76
Dunno if it would make sense to up the version of
it.unimi.dsi
instead, or if that would fix the vulnerability ... but do know that this should address the problems with minimal, if any, side effects.