Dependency updates to eliminate vulnerabilities discovered by dependency-check

Eliminated all CRITICAL and HIGH except for CVE-2016-1000027 (which more or less forbids the use of Spring since 2016 -- it's moderately controversial.

@road

uw-spring-security-config/pom.xml

@@ -46,8 +46,8 @@
 			<scope>test</scope>
 		</dependency>
 		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-log4j12</artifactId>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-classic</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>