Veracode SCA: fixes for vulnerable libraries

[wasptree]

This pull request was generated by Veracode SCA to upgrade the following vulnerable libraries:

Type	Library	From	To	Breaking
MAVEN	org.springframework:spring-web	4.3.10.RELEASE	5.3.26	Yes
MAVEN	org.springframework:spring-core	4.3.10.RELEASE	5.2.18.RELEASE	No
MAVEN	commons-fileupload:commons-fileupload	1.3.2	1.5	Yes
MAVEN	org.springframework:spring-webmvc	4.3.10.RELEASE	4.3.20.RELEASE	No
MAVEN	org.springframework:spring-context	4.3.10.RELEASE	5.2.21.RELEASE	Yes
MAVEN	org.keycloak:keycloak-saml-core	1.8.1.Final	2.5.5.Final	No
MAVEN	org.apache.commons:commons-collections4	4.0	4.1	No
MAVEN	org.mindrot:jbcrypt	0.3m	0.4-atlassian-1	Yes
MAVEN	mysql:mysql-connector-java	5.1.35	8.0.28	Yes

Note that we only upgrade libraries which have versions without any known vulnerabilities. For more information, please see the corresponding Veracode SCA report.

The Breaking column states the likelihood that updating to the recommended library version will cause breaking changes in your code. Please verify that the changes here won't cause issues with your project before merging.

To learn more about this feature, please visit our Help Center for documentation.

Note: this pull request was generated because you or someone else with access to this repository granted Veracode SCA access to submit pull requests.