Dependency updates to eliminate vulnerabilities discovered by dependency-check

Eliminated all CRITICAL and HIGH except for CVE-2016-1000027 (which more or less forbids the use of Spring since 2016 -- it's moderately controversial.

@road

pom.xml

@@ -103,6 +103,17 @@
 				<groupId>org.opensaml</groupId>
 				<artifactId>opensaml</artifactId>
 				<version>2.6.4</version>
+				<exclusions>
+					<exclusion>
+						<groupId>org.owasp.esapi</groupId>
+						<artifactId>esapi</artifactId>
+					</exclusion>
+				</exclusions>
+			</dependency>
+			<dependency>
+				<groupId>org.owasp.esapi</groupId>
+				<artifactId>esapi</artifactId>
+				<version>2.5.0.0</version>
 			</dependency>
 			<dependency>
 				<groupId>edu.wisc.uwss</groupId>
@@ -259,6 +270,18 @@
 				<artifactId>maven-install-plugin</artifactId>
 				<version>3.0.0-M1</version>
 			</plugin>
+			<plugin>
+				<groupId>org.owasp</groupId>
+				<artifactId>dependency-check-maven</artifactId>
+				<version>7.0.4</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>check</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 
 		</plugins>
 	</build>