Update maven plugins to fix Zip Slip vulnerability

Update maven plugins to fix Zip Slip vulnerability

Zip Slip [1] is an arbitrary file write generic vulnerability, that can
be achieved using a specially crafted zip (or bzip2, gzip, tar, xz, war)
archive, that holds path traversal filenames.

According to Maven's announcement [2] several plugins use plexus-archiver to
unpack dependencies to disk and have been identified as potential triggers
for exposing the vulnerability.

Of those, JGit uses the maven-dependency-plugin and the maven-javadoc-plugin.

Update them to the fixed versions reported in [2].

See the corresponding issues for the maven-dependency-plugin [3] and the
maven-javadoc-plugin [4] for details.

[1] https://snyk.io/research/zip-slip-vulnerability
[2] https://maven.apache.org/security-plexus-archiver.html
[3] https://issues.apache.org/jira/browse/MDEP-611
[4] https://issues.apache.org/jira/browse/MJAVADOC-520

Change-Id: Id3ab2d6161db240f2ab8f82298fa3ecd7a930a43
Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>