Dependency updates to eliminate vulnerabilities discovered by dependency-check

Eliminated all CRITICAL and HIGH except for CVE-2016-1000027 (which more or less forbids the use of Spring since 2016 -- it's moderately controversial.

@road

.gitlab-ci.yml

+include:
+  # Security scanning
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/SAST-IaC.latest.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml
+  - template: Security/Dependency-Scanning.gitlab-ci.yml
+
 image: maven:3-amazoncorretto-8
 
 variables:
@@ -20,15 +27,49 @@ default:
     - aws
     - docker
 
-test:
-  stage: test
+stages:
+  - build
+  - test
+  - deploy
+
+build_jar:
+  stage: build
+  cache:
+    paths:
+      - .m2/repository
   script:
-    - mvn clean $MAVEN_CLI_OPTS verify
+    - mvn $MAVEN_CLI_OPTS clean verify
+  artifacts:
+    paths:
+      - .m2/
+      - "*/target"
+    expire_in: 1 week
+
+secret_detection:
+  needs: []
+
+semgrep-sast:
+  needs: []
+
+gemnasium-maven-dependency_scanning:
+  variables:
+    DS_JAVA_VERSION: 8
+  needs:
+    - build_jar
+
+spotbugs-sast:
+  tags:
+  needs:
+    - build_jar
+  variables:
+    SAST_JAVA_VERSION: 8
+    MAVEN_REPO_PATH: $CI_PROJECT_DIR/.m2/repository
+    COMPILE: "false"
 
 deploy:
   stage: deploy
   only:
-    - main
+    - trunk
   script:
     - env
     - mvn $MAVEN_CLI_OPTS deploy -Pdeploy -X