update dependencies to address CVEs (apache#16374)

update dependencies to address new batch of CVEs:
- Azure POM from 1.2.19 to 1.2.23 to update transitive dependency nimbus-jose-jwt to address:  CVE-2023-52428
- commons-configuration2 from 2.8.0 to 2.10.1 to address: CVE-2024-29131 CVE-2024-29133
- bcpkix-jdk18on from 1.76 to 1.78.1 to address: CVE-2024-30172 CVE-2024-30171 CVE-2024-29857

extensions-core/azure-extensions/pom.xml

@@ -38,7 +38,7 @@
             <dependency>
                 <groupId>com.azure</groupId>
                 <artifactId>azure-sdk-bom</artifactId>
-                <version>1.2.19</version>
+                <version>1.2.23</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

extensions-core/azure-extensions/src/main/java/org/apache/druid/data/input/azure/AzureInputSource.java

@@ -27,7 +27,6 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.google.common.base.Preconditions;
 import com.google.common.collect.Iterators;
-import org.apache.druid.data.input.InputEntity;
 import org.apache.druid.data.input.InputSplit;
 import org.apache.druid.data.input.impl.CloudObjectInputSource;
 import org.apache.druid.data.input.impl.CloudObjectLocation;

licenses.yaml

@@ -652,7 +652,7 @@ name: Apache Commons Configuration
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.8.0
+version: 2.10.1
 libraries:
   - org.apache.commons: commons-configuration2
 
@@ -1054,7 +1054,7 @@ name: org.bouncycastle bcprov-jdk18on
 license_category: binary
 module: extensions/druid-kubernetes-extensions
 license_name: MIT License
-version: "1.76"
+version: "1.78.1"
 libraries:
   - org.bouncycastle: bcprov-jdk18on
   - org.bouncycastle: bcprov-ext-jdk18on
@@ -4017,7 +4017,7 @@ license_category: binary
 module: extensions/druid-azure-extensions
 license_name: MIT License
 copyright: Microsoft
-version: 1.11.1
+version: 1.12.0
 libraries:
   - com.azure: azure-identity
 
@@ -4028,18 +4028,29 @@ license_category: binary
 module: extensions/druid-azure-extensions
 license_name: MIT License
 copyright: Microsoft
-version: 12.21.1
+version: 12.21.4
 libraries:
   - com.azure: azure-storage-blob-batch
 
 ---
 
+name: Microsoft Azure  Blob Storage SDK
+license_category: binary
+module: extensions/druid-azure-extensions
+license_name: MIT License
+copyright: Microsoft
+version: 12.25.4
+libraries:
+  - com.azure: azure-storage-blob
+
+---
+
 name: Microsoft Azure Storage Common
 license_category: binary
 module: extensions/druid-azure-extensions
 license_name: MIT License
 copyright: Microsoft
-version: 12.24.1
+version: 12.24.4
 libraries:
   - com.azure: azure-storage-common
 
@@ -4050,7 +4061,7 @@ license_category: binary
 module: extensions/druid-azure-extensions
 license_name: MIT License
 copyright: Microsoft
-version: 12.10.1
+version: 12.10.4
 libraries:
   - com.azure: azure-storage-internal-avro
 
@@ -4065,13 +4076,24 @@ version: 1.1.0
 libraries:
   - com.azure: azure-json
 
+---
+
+name: Microsoft Azure XML
+license_category: binary
+module: extensions/druid-azure-extensions
+license_name: MIT License
+copyright: Microsoft
+version: 1.0.0
+libraries:
+  - com.azure: azure-xml
+
 ---
 name: Microsoft Azure Netty Http
 license_category: binary
 module: extensions/druid-azure-extensions
 license_name: MIT License
 copyright: Microsoft
-version: 1.13.11
+version: 1.14.2
 libraries:
   - com.azure: azure-core-http-netty
 
@@ -4082,7 +4104,7 @@ license_category: binary
 module: extensions/druid-azure-extensions
 license_name: MIT License
 copyright: Microsoft
-version: 1.45.1
+version: 1.48.0
 libraries:
   - com.azure: azure-core
 
@@ -4093,7 +4115,7 @@ license_category: binary
 module: extensions/druid-azure-extensions
 license_name: MIT License
 copyright: Microsoft
-version: 1.14.0
+version: 1.15.0
 libraries:
   - com.microsoft.azure: msal4j
 
@@ -4104,7 +4126,7 @@ license_category: binary
 module: extensions/druid-azure-extensions
 license_name: MIT License
 copyright: Microsoft
-version: 1.2.0
+version: 1.3.0
 libraries:
   - com.microsoft.azure: msal4j-persistence-extension
 
@@ -4114,7 +4136,7 @@ name: NimbusDS Content Type
 license_category: binary
 module: extensions/druid-azure-extensions
 license_name: Apache License version 2.0
-version: 2.2
+version: 2.3
 libraries:
   - com.nimbusds: content-type
 
@@ -4124,7 +4146,7 @@ name: NimbusDS Jose
 license_category: binary
 module: extensions/druid-azure-extensions
 license_name: Apache License version 2.0
-version: 9.30.2
+version: 9.37.3
 libraries:
   - com.nimbusds: nimbus-jose-jwt
 
@@ -4134,7 +4156,7 @@ name: NimbusDS Oauth
 license_category: binary
 module: extensions/druid-azure-extensions
 license_name: Apache License version 2.0
-version: 10.7.1
+version: 11.9.1
 libraries:
   - com.nimbusds: oauth2-oidc-sdk
 
@@ -4144,7 +4166,7 @@ name: Reactor Netty
 license_category: binary
 module: extensions/druid-azure-extensions
 license_name: Apache License version 2.0
-version: 1.0.39
+version: 1.0.43
 libraries:
   - io.projectreactor.netty: reactor-netty-core
   - io.projectreactor.netty: reactor-netty-http
@@ -4155,7 +4177,7 @@ name: Reactor Core
 license_category: binary
 module: extensions/druid-azure-extensions
 license_name: Apache License version 2.0
-version: 3.4.34
+version: 3.4.36
 libraries:
   - io.projectreactor: reactor-core
 ---

pom.xml

@@ -400,6 +400,20 @@
                 <artifactId>gson</artifactId>
                 <version>${gson.version}</version>
             </dependency>
+            <!-- Transitive dependency of kubernetes-client java and docker-java-core
+            in kubernetes-extensions and it-integration tests -->
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcpkix-jdk18on</artifactId>
+                <version>1.78.1</version>
+            </dependency>
+            <!-- Transitive dependency of hive-common in druid-kerberos, druid-ranger-security and
+            druid-iceberg-extension  -->
+            <dependency>
+                <groupId>org.apache.commons</groupId>
+                <artifactId>commons-configuration2</artifactId>
+                <version>2.10.1</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.zookeeper</groupId>
                 <artifactId>zookeeper</artifactId>