fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-COMMONSIO-8161190
- https://snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGENEKOHTML-2621454
- https://snyk.io/vuln/SNYK-JAVA-XERCES-2359991
- https://snyk.io/vuln/SNYK-JAVA-COMMONSFILEUPLOAD-3326457
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-5950399
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-6227504
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-2774681
- https://snyk.io/vuln/SNYK-JAVA-ORGOWASPANTISAMY-2774682
- https://snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGENEKOHTML-2774754
- https://snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGENEKOHTML-2803036

Author: snyk-bot

pom.xml

@@ -209,7 +209,7 @@
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>
             <!-- Upgrading to 1.4 causes this test case failure: [ERROR] HTTPUtilitiesTest.testGetFileUploads:259. TODO: Figure out why, and fix. -->
-            <version>1.3.3</version>
+            <version>1.5</version>
             <exclusions>
                 <!-- excluded because we directly import newer version. -->
                 <exclusion>
@@ -237,7 +237,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.4</version>
+            <version>1.7.5</version>
             <exclusions>
                 <!-- excluded because we pick up much newer version -->
                 <exclusion>
@@ -270,7 +270,7 @@
             <artifactId>commons-io</artifactId>
             <!-- Note: commons-io:2.7 and later require Java 8, so can't upgrade past 2.6 -->
             <!-- This means still possible exposure to CVE-2021-29425. -->
-            <version>2.6</version>
+            <version>2.14.0</version>
         </dependency>