[Snyk] Fix for 12 vulnerabilities

[kenjitm]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - marlo-parent/pom.xml - marlo-web/pom.xml #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity | Reachability :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------|:-------------------------  | **240/1000**
**Why?** CVSS 4.8 | Cryptographic Issues
[SNYK-JAVA-BOUNCYCASTLE-30193](https://snyk.io/vuln/SNYK-JAVA-BOUNCYCASTLE-30193) | `com.lowagie:itext:`
`2.1.7 -> 4.2.0`
| Yes | No Known Exploit | No Path Found  | **520/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424) | `net.sf.jasperreports:jasperreports:`
`6.2.2 -> 6.20.1`
| No | Proof of Concept | No Path Found  | **520/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
[SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426](https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426) | `net.sf.jasperreports:jasperreports:`
`6.2.2 -> 6.20.1`
| No | Proof of Concept | No Path Found  | **/1000**
**Why?** | Creation of Temporary File in Directory with Insecure Permissions
[SNYK-JAVA-COMGOOGLEGUAVA-5710356](https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356) | `io.springfox:springfox-swagger2:`
`2.9.2 -> 2.10.0`
`org.glassfish.jersey.core:jersey-client:`
`2.5.1 -> 2.6`
`io.springfox:springfox-bean-validators:`
`2.9.2 -> 2.10.0`
| No | No Known Exploit |  | **/1000**
**Why?** | Denial of Service (DoS)
[SNYK-JAVA-COMMONSFILEUPLOAD-3326457](https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-3326457) | | Yes | No Known Exploit |  | **535/1000**
**Why?** Mature exploit, Has a fix available, CVSS 5.3 | Directory Traversal
[SNYK-JAVA-COMMONSIO-1277109](https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-1277109) | | Yes | Mature | No Path Found  | **/1000**
**Why?** | Denial of Service (DoS)
[SNYK-JAVA-ORGAPACHETOMCAT-5953330](https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCAT-5953330) | `org.apache.tomcat:tomcat-catalina:`
`8.0.53 -> 8.5.94`
| No | Mature |  | **/1000**
**Why?** | Denial of Service (DoS)
[SNYK-JAVA-ORGJSON-5488379](https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379) | `org.json:json:`
`20160212 -> 20231013`
| Yes | Proof of Concept |  | **/1000**
**Why?** | Allocation of Resources Without Limits or Throttling
[SNYK-JAVA-ORGJSON-5962464](https://snyk.io/vuln/SNYK-JAVA-ORGJSON-5962464) | `org.json:json:`
`20160212 -> 20231013`
| Yes | Proof of Concept |  | **410/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Improper Handling of Case Sensitivity
[SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634) | `net.sf.jasperreports:jasperreports:`
`6.2.2 -> 6.20.1`
| No | Proof of Concept | No Path Found  | **/1000**
**Why?** | Allocation of Resources Without Limits or Throttling
[SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749) | `org.springframework:spring-context:`
`4.3.24.RELEASE -> 5.2.24.RELEASE`
`org.springframework:spring-webmvc:`
`4.3.24.RELEASE -> 5.2.24.RELEASE`
| Yes | No Known Exploit |  | **/1000**
**Why?** | Allocation of Resources Without Limits or Throttling
[SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217](https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217) | `org.springframework:spring-context:`
`4.3.24.RELEASE -> 5.2.24.RELEASE`
`org.springframework:spring-webmvc:`
`4.3.24.RELEASE -> 5.2.24.RELEASE`
| Yes | No Known Exploit | (*) Note that the real score may have changed since the PR was raised. #### Vulnerabilities that could not be fixed - Upgrade: - Could not upgrade `org.apache.struts:struts2-config-browser-plugin@2.5.33` to `org.apache.struts:struts2-config-browser-plugin@6.1.2`; Reason `could not apply upgrade, dependency is managed externally` ; Location: `provenance does not contain location` Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/kenjitm/project/37330423-256c-4df6-8a32-a36c5385658d?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/kenjitm/project/37330423-256c-4df6-8a32-a36c5385658d?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"cb738341-ef49-403e-890c-9ec42d544fc5","prPublicId":"cb738341-ef49-403e-890c-9ec42d544fc5","dependencies":[{"name":"com.lowagie:itext","from":"2.1.7","to":"4.2.0"},{"name":"io.springfox:springfox-bean-validators","from":"2.9.2","to":"2.10.0"},{"name":"io.springfox:springfox-swagger2","from":"2.9.2","to":"2.10.0"},{"name":"net.sf.jasperreports:jasperreports","from":"6.2.2","to":"6.20.1"},{"name":"org.apache.struts:struts2-config-browser-plugin","from":"2.5.33","to":"6.1.2"},{"name":"org.apache.tomcat:tomcat-catalina","from":"8.0.53","to":"8.5.94"},{"name":"org.glassfish.jersey.core:jersey-client","from":"2.5.1","to":"2.6"},{"name":"org.json:json","from":"20160212","to":"20231013"},{"name":"org.springframework:spring-context","from":"4.3.24.RELEASE","to":"5.2.24.RELEASE"},{"name":"org.springframework:spring-webmvc","from":"4.3.24.RELEASE","to":"5.2.24.RELEASE"}],"packageManager":"maven","projectPublicId":"37330423-256c-4df6-8a32-a36c5385658d","projectUrl":"https://app.snyk.io/org/kenjitm/project/37330423-256c-4df6-8a32-a36c5385658d?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JAVA-BOUNCYCASTLE-30193","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMGOOGLEGUAVA-5710356","SNYK-JAVA-COMMONSFILEUPLOAD-3326457","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-ORGAPACHETOMCAT-5953330","SNYK-JAVA-ORGJSON-5488379","SNYK-JAVA-ORGJSON-5962464","SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749","SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217","SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634"],"upgrade":["SNYK-JAVA-BOUNCYCASTLE-30193","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424","SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426","SNYK-JAVA-COMGOOGLEGUAVA-5710356","SNYK-JAVA-COMMONSFILEUPLOAD-3326457","SNYK-JAVA-COMMONSIO-1277109","SNYK-JAVA-ORGAPACHETOMCAT-5953330","SNYK-JAVA-ORGJSON-5488379","SNYK-JAVA-ORGJSON-5962464","SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634","SNYK-JAVA-ORGSPRINGFRAMEWORK-3369749","SNYK-JAVA-ORGSPRINGFRAMEWORK-5422217"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[240,520,520,null,null,535,null,null,null,null,null,410],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Cryptographic Issues](https://learn.snyk.io/lesson/insecure-hash/?loc=fix-pr) 🦉 [Denial of Service (DoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [Creation of Temporary File in Directory with Insecure Permissions](https://learn.snyk.io/lesson/insecure-temporary-file/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)