[Snyk] Fix for 15 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	500/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415	org.apache.hadoop:hadoop-hdfs: 2.4.1 -> 3.3.1	Yes	Proof of Concept	No Path Found
	445/1000 Why? Has a fix available, CVSS 5.9	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLEGUAVA-32236	org.apache.hadoop:hadoop-common: 2.4.1 -> 3.3.1 org.apache.hadoop:hadoop-hdfs: 2.4.1 -> 3.3.1	Yes	No Known Exploit	No Path Found
	520/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Directory Traversal SNYK-JAVA-COMJCRAFT-30302	org.apache.hadoop:hadoop-common: 2.4.1 -> 3.3.1	No	Proof of Concept	No Path Found
	535/1000 Why? Mature exploit, Has a fix available, CVSS 5.3	Directory Traversal SNYK-JAVA-COMMONSIO-1277109	org.apache.hadoop:hadoop-common: 2.4.1 -> 3.3.1 org.apache.hadoop:hadoop-hdfs: 2.4.1 -> 3.3.1	Yes	Mature	No Path Found
	475/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316638		No	No Known Exploit	No Path Found
	475/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316639		No	No Known Exploit	No Path Found
	475/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316640		No	No Known Exploit	No Path Found
	475/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JAVA-ORGAPACHECOMMONS-1316641		No	No Known Exploit	No Path Found
	640/1000 Why? Has a fix available, CVSS 9.8	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-30627	org.apache.hadoop:hadoop-common: 2.4.1 -> 3.3.1	No	No Known Exploit	No Path Found
	515/1000 Why? Has a fix available, CVSS 7.3	Cryptographic Issues SNYK-JAVA-ORGAPACHEHADOOP-30630	org.apache.hadoop:hadoop-hdfs: 2.4.1 -> 3.3.1	No	No Known Exploit	No Path Found
	425/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-30631	org.apache.hadoop:hadoop-hdfs: 2.4.1 -> 3.3.1	No	No Known Exploit	No Path Found
	515/1000 Why? Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JAVA-ORGAPACHEHADOOP-31400	org.apache.hadoop:hadoop-hdfs: 2.4.1 -> 3.3.1	No	No Known Exploit	No Path Found
	455/1000 Why? Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHEHADOOP-31414	org.apache.hadoop:hadoop-hdfs: 2.4.1 -> 3.3.1	No	No Known Exploit	No Path Found
	525/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-32124	org.apache.hadoop:hadoop-hdfs: 2.4.1 -> 3.3.1	No	No Known Exploit	No Path Found
	475/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JAVA-ORGAPACHEHADOOP-461004	org.apache.hadoop:hadoop-common: 2.4.1 -> 3.3.1	No	No Known Exploit	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade org.apache.flink:flink-core@1.12-SNAPSHOT to org.apache.flink:flink-core@1.13.3; Reason failed to apply upgrade ; Location: file://flink-formats/flink-compress/pom.xml

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic