[Snyk] Fix for 41 vulnerabilities

[jdelamar]

Snyk has created this PR to fix 41 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-572732	811	Proof of Concept
	SQL Injection SNYK-JAVA-LOG4J-2342645	726	Proof of Concept
	Improper Input Validation SNYK-JAVA-ORGCODEHAUSJACKSON-3326362	704	org.apache.parquet:parquet-hadoop: 1.10.1 -> 1.14.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGXERIALSNAPPY-5710960	696	org.apache.parquet:parquet-hadoop: 1.10.1 -> 1.14.0 Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGXERIALSNAPPY-5918282	696	org.apache.parquet:parquet-hadoop: 1.10.1 -> 1.14.0 Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEAVRO-8161188	679	No Known Exploit
	Integer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-173761	654	No Known Exploit
	Uncontrolled Recursion SNYK-JAVA-COMMONSLANG-10734077	654	org.apache.orc:orc-core: 1.5.10 -> 1.9.4 org.apache.orc:orc-mapreduce: 1.5.10 -> 1.6.7 No Known Exploit
	Arbitrary Code Execution SNYK-JAVA-LOG4J-2316893	651	Proof of Concept
	Stack-based Buffer Overflow SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754	649	com.fasterxml.jackson.core:jackson-databind: 2.10.0 -> 2.15.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538	649	com.fasterxml.jackson.core:jackson-databind: 2.10.0 -> 2.15.0 No Known Exploit
	Stack-based Buffer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-8055227	649	org.apache.orc:orc-core: 1.5.10 -> 1.9.4 No Known Exploit
	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') SNYK-JAVA-COMMONSBEANUTILS-10259368	649	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302	624	No Known Exploit
	Out-of-bounds Read SNYK-JAVA-IOAIRLIFT-7164637	624	org.apache.orc:orc-core: 1.5.10 -> 1.9.4 No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342646	619	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342647	619	No Known Exploit
	Infinite loop SNYK-JAVA-ORGAPACHECOMMONS-6254296	619	No Known Exploit
	Authorization Bypass Through User-Controlled Key SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102	619	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	616	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	616	Proof of Concept
	Integer Overflow or Wraparound SNYK-JAVA-ORGXERIALSNAPPY-5710959	616	org.apache.parquet:parquet-hadoop: 1.10.1 -> 1.14.0 Proof of Concept
	Integer Overflow or Wraparound SNYK-JAVA-ORGXERIALSNAPPY-5710961	616	org.apache.parquet:parquet-hadoop: 1.10.1 -> 1.14.0 Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-2331703	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3167772	589	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-ORGCODEHAUSJACKSON-534878	589	org.apache.parquet:parquet-hadoop: 1.10.1 -> 1.14.0 No Known Exploit
	XML Entity Expansion SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972	589	No Known Exploit
	Information Exposure SNYK-JAVA-COMFASTERXMLJACKSONCORE-10332631	576	com.fasterxml.jackson.core:jackson-databind: 2.10.0 -> 2.15.0 Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMMONSCONFIGURATION-10116124	559	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JAVA-COMMONSIO-8161190	559	No Known Exploit
	Creation of Temporary File in Directory with Insecure Permissions SNYK-JAVA-ORGAPACHEHADOOP-8089372	554	No Known Exploit
	Cryptographic Issues SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040	550	No Known Exploit
	Information Disclosure SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637	524	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-LOG4J-3358774	509	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3040284	499	No Known Exploit
	Improper Certificate Validation SNYK-JAVA-COMMONSHTTPCLIENT-30083	484	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JAVA-COMMONSHTTPCLIENT-31660	429	No Known Exploit
	Information Exposure SNYK-JAVA-COMMONSCODEC-561518	399	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JAVA-LOG4J-1300176	399	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGAPACHEAVRO-5926693	399	No Known Exploit

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.apache.spark:spark-catalyst_2.12@3.0.2-SNAPSHOT to org.apache.spark:spark-catalyst_2.12@3.5.0; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.apache.spark:spark-core_2.12@3.0.2-SNAPSHOT to org.apache.spark:spark-core_2.12@3.5.5; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Information Exposure
🦉 Denial of Service (DoS)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn