Apache Commons-codec module with vulnerability is being pulled in latest Keycloak admin client

The latest version of the Keycloak admin client pulls version 1.13 of the Apache commons-codec instead of 1.15 that contains the vulnerability fix. Is there a work around?

pom.xml:
dependency>
org.keycloak
keycloak-admin-client
13.0.0

org.keycloak:keycloak-admin-client:jar:13.0.0:compile
[INFO] | ± org.keycloak:keycloak-core:jar:13.0.0:compile
[INFO] | ± org.keycloak:keycloak-common:jar:13.0.0:compile
[INFO] | ± org.jboss.resteasy:resteasy-client:jar:3.13.2.Final:compile
[INFO] | | ± org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.1_spec:jar:2.0.1.Final:compile
[INFO] | | ± org.jboss.resteasy:resteasy-jaxrs:jar:3.13.2.Final:compile
[INFO] | | | ± org.reactivestreams:reactive-streams:jar:1.0.3:compile
[INFO] | | | ± org.jboss.spec.javax.annotation:jboss-annotations-api_1.3_spec:jar:2.0.1.Final:compile
[INFO] | | | - com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] | | ± org.apache.httpcomponents:httpclient:jar:4.5.12:compile
[INFO] | | | - commons-logging:commons-logging:jar:1.2:compile
[INFO] | | ± commons-codec:commons-codec:jar:1.13:compile
[INFO] | | - commons-io:commons-io:jar:2.5:compile