[Snyk] Fix for 52 vulnerabilities

[jdelamar]

Snyk has created this PR to fix 52 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-572732	811	Proof of Concept
	SQL Injection SNYK-JAVA-LOG4J-2342645	726	Proof of Concept
	Improper Input Validation SNYK-JAVA-ORGCODEHAUSJACKSON-3326362	704	org.apache.avro:avro: 1.8.2 -> 1.11.4 org.apache.avro:avro-mapred: 1.8.2 -> 1.11.4 No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGXERIALSNAPPY-5918282	696	org.apache.avro:avro: 1.8.2 -> 1.11.4 Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-ORGAPACHEAVRO-8161188	679	org.apache.avro:avro: 1.8.2 -> 1.11.4 org.apache.avro:avro-mapred: 1.8.2 -> 1.11.4 No Known Exploit
	Integer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-173761	654	No Known Exploit
	Uncontrolled Recursion SNYK-JAVA-COMMONSLANG-10734077	654	org.apache.hive:hive-common: 2.3.7 -> 4.1.0 org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 org.apache.hive:hive-metastore: 2.3.7 -> 3.0.0 org.apache.hive:hive-serde: 2.3.7 -> 2.3.10 org.apache.hive:hive-shims: 2.3.7 -> 2.3.10 Major version upgrade No Known Exploit
	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	651	org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade Mature
	Arbitrary Code Execution SNYK-JAVA-LOG4J-2316893	651	Proof of Concept
	Stack-based Buffer Overflow SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754	649	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538	649	No Known Exploit
	Stack-based Buffer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-8055227	649	org.apache.hive:hive-metastore: 2.3.7 -> 3.0.0 Major version upgrade No Known Exploit
	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') SNYK-JAVA-COMMONSBEANUTILS-10259368	649	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302	624	No Known Exploit
	Out-of-bounds Read SNYK-JAVA-IOAIRLIFT-7164637	624	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-ORGAPACHEIVY-5847858	624	org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342646	619	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-LOG4J-2342647	619	No Known Exploit
	Infinite loop SNYK-JAVA-ORGAPACHECOMMONS-6254296	619	org.apache.avro:avro: 1.8.2 -> 1.11.4 org.apache.hive:hive-common: 2.3.7 -> 4.1.0 org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Arbitrary Code Execution SNYK-JAVA-ORGAPACHEVELOCITY-3116414	619	org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Authorization Bypass Through User-Controlled Key SNYK-JAVA-ORGAPACHEZOOKEEPER-5961102	619	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	616	org.apache.hive:hive-common: 2.3.7 -> 4.1.0 Major version upgrade Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	616	org.apache.hive:hive-common: 2.3.7 -> 4.1.0 Major version upgrade Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	589	org.apache.hive:hive-common: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-2331703	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3167772	589	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641	589	org.apache.hive:hive-common: 2.3.7 -> 4.1.0 org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Directory Traversal SNYK-JAVA-ORGAPACHEIVY-3106929	589	org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	XML External Entity (XXE) Injection SNYK-JAVA-ORGCODEHAUSJACKSON-534878	589	org.apache.avro:avro: 1.8.2 -> 1.11.4 org.apache.avro:avro-mapred: 1.8.2 -> 1.11.4 No Known Exploit
	XML Entity Expansion SNYK-JAVA-ORGGLASSFISHJERSEYMEDIA-595972	589	No Known Exploit
	Information Exposure SNYK-JAVA-COMFASTERXMLJACKSONCORE-10332631	576	Proof of Concept
	Timing Attack SNYK-JAVA-ORGAPACHEHIVE-8663471	569	org.apache.hive:hive-llap-common: 2.3.7 -> 4.0.0 Major version upgrade No Known Exploit
	Directory Traversal SNYK-JAVA-ORGAPACHEIVY-3106014	569	org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMMONSCONFIGURATION-10116124	559	No Known Exploit
	Uncontrolled Resource Consumption SNYK-JAVA-COMMONSIO-8161190	559	org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Creation of Temporary File in Directory with Insecure Permissions SNYK-JAVA-ORGAPACHEHADOOP-8089372	554	No Known Exploit
	Incorrect Permission Assignment for Critical Resource SNYK-JAVA-ORGAPACHEHIVE-8664881	554	org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Cryptographic Issues SNYK-JAVA-ORGAPACHEDIRECTORYSERVER-1063040	550	No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLECODEGSON-1730327	539	org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316638	539	org.apache.hive:hive-common: 2.3.7 -> 4.1.0 org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316639	539	org.apache.hive:hive-common: 2.3.7 -> 4.1.0 org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640	539	org.apache.hive:hive-common: 2.3.7 -> 4.1.0 org.apache.hive:hive-exec: 2.3.7 -> 4.1.0 Major version upgrade No Known Exploit
	Information Disclosure SNYK-JAVA-ORGGLASSFISHJERSEYCORE-1255637	524	No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-LOG4J-3358774	509	No Known Exploit
	LDAP Injection SNYK-JAVA-ORGAPACHEDERBY-6069877	509	org.apache.derby:derby: 10.12.1.1 -> 10.17.1.0 No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMGOOGLEPROTOBUF-3040284	499	No Known Exploit
	Improper Certificate Validation SNYK-JAVA-COMMONSHTTPCLIENT-30083	484	No Known Exploit
	Security Bypass SNYK-JAVA-ORGAPACHEDERBY-32274	479	org.apache.hive:hive-metastore: 2.3.7 -> 3.0.0 No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JAVA-COMMONSHTTPCLIENT-31660	429	No Known Exploit
	Information Exposure SNYK-JAVA-COMMONSCODEC-561518	399	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JAVA-LOG4J-1300176	399	No Known Exploit
	Improper Input Validation SNYK-JAVA-ORGAPACHEAVRO-5926693	399	org.apache.avro:avro: 1.8.2 -> 1.11.4 org.apache.avro:avro-mapred: 1.8.2 -> 1.11.4 No Known Exploit

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.apache.spark:spark-core_2.12@3.0.2-SNAPSHOT to org.apache.spark:spark-core_2.12@3.5.5; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
• Could not upgrade org.apache.spark:spark-sql_2.12@3.0.2-SNAPSHOT to org.apache.spark:spark-sql_2.12@3.5.2; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Information Exposure
🦉 Denial of Service (DoS)
🦉 XML External Entity (XXE) Injection
🦉 More lessons are available in Snyk Learn