Hello,
Please check your other posts about similar issues, the answer is the same.
You cannot upgrade individual dependencies, you need to upgrade the entire Logstash, if the latest version still does not have this fixed you need to report to elastic using the e-mail security@elastic.co.