[Snyk] Fix for 47 vulnerabilities

[Joel De Lamarre (jdelamar)]

Snyk has created this PR to fix 47 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-572732	811	Proof of Concept
	SQL Injection SNYK-JAVA-LOG4J-2342645	726	Proof of Concept
	Improper Input Validation SNYK-JAVA-ORGCODEHAUSJACKSON-3326362	704	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGXERIALSNAPPY-5710960	696	Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGXERIALSNAPPY-5918282	696	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEAVRO-8161188	679	No Known Exploit
	Incorrect Implementation of Authentication Algorithm SNYK-JAVA-ORGAPACHEKAFKA-8528112	659	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade No Known Exploit
	Integer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-173761	654	No Known Exploit
	Uncontrolled Recursion SNYK-JAVA-COMMONSLANG-10734077	654	No Known Exploit
	Arbitrary Code Execution SNYK-JAVA-LOG4J-2316893	651	Proof of Concept
	Stack-based Buffer Overflow SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754	649	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538	649	No Known Exploit
	Stack-based Buffer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-8055227	649	No Known Exploit
	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') SNYK-JAVA-COMMONSBEANUTILS-10259368	649	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEKAFKA-10350513	644	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEKAFKA-10350567	639	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302	624	No Known Exploit
	Out-of-bounds Read SNYK-JAVA-IOAIRLIFT-7164637	624	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGECLIPSEJETTY-8186142	624	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342646	619	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342647	619	No Known Exploit
	Infinite loop SNYK-JAVA-ORGAPACHECOMMONS-6254296	619	No Known Exploit
	Authorization Bypass Through User-Controlled Key SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102	619	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	616	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	616	Proof of Concept
	Integer Overflow or Wraparound SNYK-JAVA-ORGXERIALSNAPPY-5710959	616	Proof of Concept
	Integer Overflow or Wraparound SNYK-JAVA-ORGXERIALSNAPPY-5710961	616	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-2331703	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3167772	589	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-ORGCODEHAUSJACKSON-534878	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGECLIPSEJETTY-5958847	589	No Known Exploit
	XML Entity Expansion SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972	589	No Known Exploit
	Information Exposure SNYK-JAVA-COMFASTERXMLJACKSONCORE-10332631	576	Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMMONSCONFIGURATION-10116124	559	No Known Exploit
	Uncontrolled Resource Consumption SNYK-JAVA-COMMONSIO-8161190	559	No Known Exploit
	Creation of Temporary File in Directory with Insecure Permissions SNYK-JAVA-ORGAPACHEHADOOP-8089372	554	No Known Exploit
	Cryptographic Issues SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040	550	No Known Exploit
	Information Disclosure SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637	524	No Known Exploit
	Files or Directories Accessible to External Parties SNYK-JAVA-ORGAPACHEKAFKA-8384362	514	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-LOG4J-3358774	509	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3040284	499	No Known Exploit
	Improper Certificate Validation SNYK-JAVA-COMMONSHTTPCLIENT-30083	484	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JAVA-COMMONSHTTPCLIENT-31660	429	No Known Exploit
	Information Exposure SNYK-JAVA-COMMONSCODEC-561518	399	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JAVA-LOG4J-1300176	399	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGAPACHEAVRO-5926693	399	No Known Exploit

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.apache.spark:spark-sql_2.12@3.0.2-SNAPSHOT to org.apache.spark:spark-sql_2.12@3.5.5; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Information Exposure
🦉 Denial of Service (DoS)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn