ISSUE: #49 - Update math libraries

[brendanarnold]

Addresses issue #49

docker scan polis-math:latest now results in 2 low severity issues in the Alpine Docker base image and 1 low in polis-math

• [x] Move metasaurus/oz to a developer dependency (removes vulnerable protobuf-java, netty-codec, jetty-http in ring, soup, snakeyaml from production code)
• [x] Remove AWS housekeeping code and vulnerable amazonica and other AWS libraries (removes vulnerable guava, nippy, httpclient)
• [x] Updated postgresql library to 42.5.1
• [x] Update semantic-csv already at latest (uses vulnerable gson and protobuf-java)
• [x] Update korma already at latest (uses vulnerable c3p0)
• [x] Update commons/collection to 3.2.2
• [x] Update cli-excel (uses vulnerable poi)
• [x] Update ring (uses vulnerable jetty-http)
• [x] Update clj-http to 3.12.3 (uses vulnerable commons-codec)
• [x] Update clojure/tools
• [x] Included MATH_ENV variable in template - necessary for data export
• [x] Update docs to reflect not needing to install all the dependencies before running math

[metasoarous]

@brendanarnold FYI: A similar update has been merged into the edge branch at #compdemocracy/polis. Will probably be doing some additional work soon to pull out some libraries that aren't being used anymore.

Thanks!

[brendanarnold]

@brendanarnold FYI: A similar update has been merged into the edge branch at #compdemocracy/polis. Will probably be doing some additional work soon to pull out some libraries that aren't being used anymore.

Thanks @metasoarous good to know - there are a couple of vulnerabilities that are from semantic-csv that would be good to squash - I've put an issue against that repo here https://github.com/metasoarous/semantic-csv/issues/75 it looks like a version bump on clojurescript should do it.