maven-compat versions and vulnerabilities

[bryanwongsz]

resolver used maven-compat have vulnerabilitie CVE-2013-0253

https://nvd.nist.gov/vuln/detail/CVE-2013-0253

[findepi]

This probably does not matter from production perspective (@electrum please correct me if i am wrong)
but we should update anyway. The resolver's repo is over here: https://github.com/airlift/resolver