[Snyk] Fix for 72 vulnerabilities

[jdelamar]

Snyk has created this PR to fix 72 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Command Injection SNYK-JAVA-ORGAPACHESPARK-2774680	869	Mature
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-572732	811	Proof of Concept
	Arbitrary Code Execution SNYK-JAVA-ORGAPACHECOMMONS-3043138	791	Mature
	Command Injection SNYK-JAVA-ORGAPACHESPARK-5496635	761	Proof of Concept
	SQL Injection SNYK-JAVA-LOG4J-2342645	726	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JAVA-ORGAPACHEHADOOP-174573	704	No Known Exploit
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JAVA-ORGAPACHEHADOOP-2443177	704	No Known Exploit
	Arbitrary Code Execution SNYK-JAVA-ORGAPACHEHADOOP-2975400	704	No Known Exploit
	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-32047	704	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGCODEHAUSJACKSON-3326362	704	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGXERIALSNAPPY-5710960	696	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGXERIALSNAPPY-5918282	696	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEAVRO-8161188	679	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JAVA-ORGAPACHESPARK-13553868	664	No Known Exploit
	Incorrect Implementation of Authentication Algorithm SNYK-JAVA-ORGAPACHEKAFKA-8528112	659	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade No Known Exploit
	Integer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-173761	654	No Known Exploit
	Uncontrolled Recursion SNYK-JAVA-COMMONSLANG-10734077	654	No Known Exploit
	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	651	Mature
	Arbitrary Code Execution SNYK-JAVA-LOG4J-2316893	651	Proof of Concept
	Stack-based Buffer Overflow SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754	649	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538	649	No Known Exploit
	Stack-based Buffer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-8055227	649	No Known Exploit
	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') SNYK-JAVA-COMMONSBEANUTILS-10259368	649	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEKAFKA-10350513	644	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEKAFKA-10350567	639	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302	624	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342646	619	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342647	619	No Known Exploit
	Infinite loop SNYK-JAVA-ORGAPACHECOMMONS-6254296	619	No Known Exploit
	Authorization Bypass Through User-Controlled Key SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102	619	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	616	Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	616	Proof of Concept
	Integer Overflow or Wraparound SNYK-JAVA-ORGXERIALSNAPPY-5710959	616	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade Proof of Concept
	Integer Overflow or Wraparound SNYK-JAVA-ORGXERIALSNAPPY-5710961	616	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEKAFKA-3317161	601	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-2331703	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3167772	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641	589	No Known Exploit
	Directory Traversal SNYK-JAVA-ORGAPACHEIVY-3106929	589	No Known Exploit
	Arbitrary Command Execution SNYK-JAVA-ORGAPACHESPARK-2432301	589	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-ORGCODEHAUSJACKSON-534878	589	No Known Exploit
	XML Entity Expansion SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-XERCES-2359991	589	No Known Exploit
	Improper Privilege Management SNYK-JAVA-ORGAPACHESPARK-5425123	584	No Known Exploit
	Information Exposure SNYK-JAVA-COMFASTERXMLJACKSONCORE-10332631	576	Proof of Concept
	Directory Traversal SNYK-JAVA-ORGAPACHEIVY-3106014	569	No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMMONSCONFIGURATION-10116124	559	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JAVA-COMMONSIO-8161190	559	No Known Exploit
	Creation of Temporary File in Directory with Insecure Permissions SNYK-JAVA-ORGAPACHEHADOOP-8089372	554	No Known Exploit
	Timing Attack SNYK-JAVA-ORGAPACHEKAFKA-1540737	554	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 No Known Exploit
	Cryptographic Issues SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040	550	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLECODEGSON-1730327	539	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316638	539	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316639	539	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640	539	No Known Exploit
	XML External Entity Injection (XXE) SNYK-JAVA-ORGAPACHEHADOOP-2329722	539	No Known Exploit
	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-461004	539	No Known Exploit
	Information Disclosure SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637	524	No Known Exploit
	Files or Directories Accessible to External Parties SNYK-JAVA-ORGAPACHEKAFKA-8384362	514	org.apache.kafka:kafka-clients: 2.4.1 -> 3.9.1 Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-LOG4J-3358774	509	No Known Exploit
	Information Exposure SNYK-JAVA-ORGAPACHESPARK-2420837	509	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3040284	499	No Known Exploit
	Improper Certificate Validation SNYK-JAVA-COMMONSHTTPCLIENT-30083	484	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESPARK-3097693	484	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058	479	No Known Exploit
	Improper Input Validation SNYK-JAVA-XERCES-608891	479	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JAVA-COMMONSHTTPCLIENT-31660	429	No Known Exploit
	Information Exposure SNYK-JAVA-COMMONSCODEC-561518	399	No Known Exploit
	Information Exposure SNYK-JAVA-COMMONSNET-3153503	399	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JAVA-LOG4J-1300176	399	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGAPACHEAVRO-5926693	399	No Known Exploit

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.apache.spark:spark-core_2.12@3.0.2-SNAPSHOT to org.apache.spark:spark-core_2.12@3.5.5; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Information Exposure
🦉 Denial of Service (DoS)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Kafka 3.9.1 no longer resolves for Scala 2.12 build

The new <kafka.version>3.9.1</kafka.version> is incompatible with the rest of this build: the root POM still targets scala.binary.version 2.12 (pom.xml:169) and modules such as external/kafka-0-10/pom.xml depend on org.apache.kafka:kafka_${scala.binary.version}. Kafka 3.x artifacts are only published for Scala 2.13+, so Maven will try to pull kafka_2.12:3.9.1 and fail dependency resolution, breaking the Kafka streaming modules. Please keep the Kafka version in a series that still ships 2.12 artifacts or upgrade Scala/Java stack accordingly.

Useful? React with 👍 / 👎.