Bump vulnerable core dependencies

- Shiro from `1.10.0` to `1.12.0`
- Apache Commons Compress from `1.20` to `1.23.0`
- Tika from `1.25` to `1.28.5`

Committed-by: Thomas Zerr <thomas.zerr@cloudogu.com>

gradle/changelog/vuln_deps.yaml

@@ -0,0 +1,6 @@
+- type: changed
+  description: Bump Shiro from 1.10.0 to 1.12.0
+- type: changed
+  description: Bump Apache Commons Compress from 1.20 to 1.23.0
+- type: changed
+  description: Bump Tika from 1.25 to 1.28.5

gradle/dependencies.gradle

@@ -9,7 +9,7 @@ ext {
 
   mapstructVersion = '1.3.1.Final'
   jaxbVersion = '2.3.3'
-  shiroVersion = '1.10.0'
+  shiroVersion = '1.12.0'
   sspVersion = '1.3.0'
   jjwtVersion = '0.11.5'
   bouncycastleVersion = '1.75'
@@ -93,7 +93,7 @@ ext {
     // utils
     guava: 'com.google.guava:guava:32.0.1-jre',
     commonsLang: 'commons-lang:commons-lang:2.6',
-    commonsCompress: 'org.apache.commons:commons-compress:1.20',
+    commonsCompress: 'org.apache.commons:commons-compress:1.23.0',
 
     // security
     shiroCore: "org.apache.shiro:shiro-core:${shiroVersion}",
@@ -130,7 +130,7 @@ ext {
 
     // content type detection
     spotter: 'com.cloudogu.spotter:spotter-core:4.0.0',
-    tika: 'org.apache.tika:tika-core:1.25',
+    tika: 'org.apache.tika:tika-core:1.28.5',
 
     // restart on unix
     akuma: 'org.kohsuke:akuma:1.10',

gradle/plugin-center.yaml

@@ -1,2 +0,0 @@
-- type: changed
-  description: Refactor plugin manager