Update maven-gpg-plugin to avoid CVE-2017-1000487

[lbenedetto]

org.apache.maven.plugins:maven-gpg-plugin should be updated because 1.5 depends on a vulnerable version of org.codehaus.plexus:plexus-utils https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

Plexus utils makes it into your output jar which means when people depend on Sendinblue it will trigger any automated security monitoring such as AWS Inspector.

It doesn't really make sense to me that a maven plugin you seem to be using to sign your artifacts is also shipped out inside those artifacts, but I'm not familiar with Maven so maybe that's normal.

[amitsendinblue]

The new version of Brevo Java SDK is released, and this plugin has been updated, please use the new version. https://central.sonatype.com/artifact/com.brevo/brevo Thanks