[Snyk] Fix for 6 vulnerabilities

snyk-bot commented 2 years ago

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- Validation-Manager-Web/pom.xml

Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
599/1000 Why? Has a fix available, CVSS 7.7	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLECODEGSON-1730327	`org.jodconverter:jodconverter-local:` `4.1.0 -> 4.2.3`	No	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Information Exposure SNYK-JAVA-COMMONSCODEC-561518		Yes	No Known Exploit
651/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	`org.jodconverter:jodconverter-local:` `4.1.0 -> 4.2.3`	No	Mature
424/1000 Why? Has a fix available, CVSS 4.2	Timing Attack SNYK-JAVA-COMVAADIN-1069817		Yes	No Known Exploit
414/1000 Why? Has a fix available, CVSS 4	Timing Attack SNYK-JAVA-COMVAADIN-1252747		No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGJSOUP-1567345		No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Upgrade:
- Could not upgrade com.vaadin:vaadin-client@7.7.23 to com.vaadin:vaadin-client@8.12.3; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
- Could not upgrade com.vaadin:vaadin-server@7.7.23 to com.vaadin:vaadin-server@7.7.28; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
- Could not upgrade org.apache.poi:poi-scratchpad@3.17 to org.apache.poi:poi-scratchpad@4.1.1; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location