Snyk 629 (ESAPI#637)

* Antisamy & SLF4J version updates

Updating versions of libraries as recommended by snyk in PRs 636 and
628.

* Adding SNYK ignore file

Adding configuration file for the snyk service to allow certain
dependency updates to be ignored. Currently, the only listed dependency
cannot be updated in ESAPI without also updating the library to Java 8,
which will require a 6 month notification to the community before
implementing.

Author: jeremiahjstacey

.snyk

@@ -0,0 +1,7 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.0
+ignore:
+   SNYK-JAVA-COMMONSIO-1277109:
+     - commons-io:commons-io:
+       reason: ESAPI cannot upgrade past the current commons-io version and still maintain Java 7 compatibility
+       expires: '2025-12-30T00:00:00.000Z'

pom.xml

@@ -237,7 +237,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.3</version>
+            <version>1.6.4</version>
             <exclusions>
                 <!-- excluded because we pick up much newer version -->
                 <exclusion>
@@ -249,7 +249,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.30</version>
+            <version>1.7.31</version>
         </dependency>
         <dependency>
             <groupId>xml-apis</groupId>