[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • VM-Core/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Information Exposure SNYK-JAVA-COMMONSCODEC-561518		Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEPDFBOX-1088011	org.apache.pdfbox:pdfbox-tools: 2.0.16 -> 2.0.24	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEPDFBOX-1088012	org.apache.pdfbox:pdfbox-tools: 2.0.16 -> 2.0.24	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEPDFBOX-1304912	org.apache.pdfbox:pdfbox-tools: 2.0.16 -> 2.0.24	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHEPDFBOX-1304913	org.apache.pdfbox:pdfbox-tools: 2.0.16 -> 2.0.24	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	XML External Entity (XXE) Injection SNYK-JAVA-ORGAPACHEXMLBEANS-1060048		Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGJSOUP-1567345		No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade com.vaadin:vaadin-server@7.7.23 to com.vaadin:vaadin-server@7.7.28; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location
  • Could not upgrade org.apache.poi:poi@3.17 to org.apache.poi:poi@4.1.1; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/apache/poi/poi-ooxml/3.17/poi-ooxml-3.17.pom
  • Could not upgrade org.apache.poi:poi-ooxml@3.17 to org.apache.poi:poi-ooxml@4.1.1; Reason could not apply upgrade, dependency is managed externally ; Location: provenance does not contain location

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[AppVeyorBot]

:white_check_mark: Build validation-manager VM master build 149 completed (commit https://github.com/javydreamercsw/validation-manager/commit/d88b40e525 by @snyk-bot)

[AppVeyorBot]

:white_check_mark: Build validation-manager VM master build 149 completed (commit https://github.com/javydreamercsw/validation-manager/commit/d88b40e525 by @snyk-bot)