[security] Update 3rd party dependencies to get rid of all currently known CVE issues

[rover886]

Hijacking this issue as placeholder for security upgrade.

original text:

The smime-module has dependency on utils-mail-smime and it has dependency on bcjmail-jdk15to18 along with further transitive dependencies from Bouncy Castle.

From your this comment @bbottema I come to know that you are in process of updating 3rd party dependencies, hence consider a suggestion of using bcjmail-jdk18on instead of bcjmail-jdk15to18 as simple-java-mail is compatible from JDK8+.

Also, bc*-jdk15to18 JARs are designed to be compatible with JDK versions 1.5 through 1.8, where on other hand bc*-jdk18on are designed to be compatible with JDK 1.8 and later versions. So it makes sense, isn't it? even the https://bouncycastle.org/latest_releases.html also says the same.

Please ignore if you have already considered this :)

[bbottema]

Changes:

Dependencies:

• Spring 5.3.27 -> 5.3.34
• Spring Boot 2.5.15 -> 2.7.18
• commons-io 2.7 -> 2.11.0
• utils-mail-smime 2.3.1 -> 2.3.3
  • org.bouncycastle:bcjmail-jdk15to18 1.75 -> org.bouncycastle:bcjmail-jdk18on 1.78.1
• ical4j 2.2.4 -> ical4j-vcard 2.0.0-beta2

Other:

• Junit 4 -> Junit 5 (including Mockito, AssertJ and got rid of Powermock)
• maven-surefire-plugin 2.19.1 -> 3.2.5

[bbottema]

v8.9.0 was released to Maven Central!