[Snyk] Fix for 37 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • thunder-core/pom.xml
  • pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	599/1000 Why? Has a fix available, CVSS 7.7	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLECODEGSON-1730327	com.google.code.gson:gson: 2.5 -> 2.8.9	No	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Information Disclosure SNYK-JAVA-COMGOOGLEGUAVA-1015415	org.bitcoinj:bitcoinj-core: 0.13.1 -> 0.16	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Deserialization of Untrusted Data SNYK-JAVA-COMGOOGLEGUAVA-32236	org.bitcoinj:bitcoinj-core: 0.13.1 -> 0.16	No	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Integer Overflow SNYK-JAVA-COMGOOGLEPROTOBUF-173761	org.bitcoinj:bitcoinj-core: 0.13.1 -> 0.16	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	XML External Entity (XXE) Injection SNYK-JAVA-COMH2DATABASE-1769238	com.h2database:h2: 1.3.176 -> 2.0.202	Yes	Proof of Concept
	826/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Remote Code Execution (RCE) SNYK-JAVA-COMH2DATABASE-31685	com.h2database:h2: 1.3.176 -> 2.0.202	No	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	SSL Certificate Bypass SNYK-JAVA-COMSQUAREUPOKHTTP-30380	org.bitcoinj:bitcoinj-core: 0.13.1 -> 0.16 com.squareup.okhttp:okhttp: 2.6.0 -> 2.7.4	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-473214	io.netty:netty-all: 4.0.33.Final -> 4.1.44.Final	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-559515	io.netty:netty-all: 4.0.33.Final -> 4.1.44.Final	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	HTTP Request Smuggling SNYK-JAVA-IONETTY-559516	io.netty:netty-all: 4.0.33.Final -> 4.1.44.Final	No	Proof of Concept
	466/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.9	Information Exposure SNYK-JAVA-JUNIT-1017047	junit:junit: 4.12 -> 4.13.1	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Privilege Escalation SNYK-JAVA-MYSQL-174574	mysql:mysql-connector-java: 5.1.36 -> 8.0.27	Yes	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	XML External Entity (XXE) Injection SNYK-JAVA-MYSQL-1766958	mysql:mysql-connector-java: 5.1.36 -> 8.0.27	Yes	Proof of Concept
	639/1000 Why? Has a fix available, CVSS 8.5	Improper Access Control SNYK-JAVA-MYSQL-31399	mysql:mysql-connector-java: 5.1.36 -> 8.0.27	No	No Known Exploit
	379/1000 Why? Has a fix available, CVSS 3.3	Improper Access Control SNYK-JAVA-MYSQL-31449	mysql:mysql-connector-java: 5.1.36 -> 8.0.27	No	No Known Exploit
	534/1000 Why? Has a fix available, CVSS 6.4	Arbitrary Code Execution SNYK-JAVA-MYSQL-31580	mysql:mysql-connector-java: 5.1.36 -> 8.0.27	No	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	Access Control Bypass SNYK-JAVA-MYSQL-451464	mysql:mysql-connector-java: 5.1.36 -> 8.0.27	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058	org.apache.httpcomponents:httpclient: 4.5 -> 4.5.13	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Directory Traversal SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517	org.apache.httpcomponents:httpclient: 4.5 -> 4.5.13	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-JAVA-ORGBOUNCYCASTLE-1035561	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Timing Attack SNYK-JAVA-ORGBOUNCYCASTLE-1296075	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Information Exposure SNYK-JAVA-ORGBOUNCYCASTLE-173771	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Insufficient Validation SNYK-JAVA-ORGBOUNCYCASTLE-32340	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32361	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32362	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JAVA-ORGBOUNCYCASTLE-32363	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Signature Validation Bypass SNYK-JAVA-ORGBOUNCYCASTLE-32364	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Insufficient Validation SNYK-JAVA-ORGBOUNCYCASTLE-32365	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32366	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Cryptographic Issues SNYK-JAVA-ORGBOUNCYCASTLE-32367	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32368	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Insecure Encryption SNYK-JAVA-ORGBOUNCYCASTLE-32369	org.bouncycastle:bcprov-jdk15on: 1.54 -> 1.66	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JAVA-ORGECLIPSEJETTY-1090340	org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325	No	Proof of Concept
	621/1000 Why? Mature exploit, Has a fix available, CVSS 4.7	Cross-site Scripting (XSS) SNYK-JAVA-ORGECLIPSEJETTY-174479	org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325	No	Mature
	704/1000 Why? Has a fix available, CVSS 9.8	Information Exposure SNYK-JAVA-ORGECLIPSEJETTY-31117	org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Timing Attack SNYK-JAVA-ORGECLIPSEJETTY-32151	org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JAVA-ORGECLIPSEJETTY-461008	org.eclipse.jetty.websocket:websocket-client: 9.3.2.v20150730 -> 9.4.39.v20210325	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic