[BEAM-8701] bump commons-io to 2.7

[masahitojp]

https://issues.apache.org/jira/browse/BEAM-8701

I think its better to upgrade to at least 2.7 or higher
ex: https://mvnrepository.com/artifact/commons-io/commons-io

Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

• Choose reviewer(s) and mention them in a comment (R: @username).
• Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
• Update CHANGES.md with noteworthy changes.
• If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

See CI.md for more information about GitHub Actions CI.

[codecov]

Codecov Report

Merging #22433 (8616e6a) into master (67cb87e) will decrease coverage by 0.00%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #22433      +/-   ##
==========================================
- Coverage   74.20%   74.20%   -0.01%     
==========================================
  Files         710      710              
  Lines       93547    93547              
==========================================
- Hits        69415    69412       -3     
- Misses      22855    22858       +3     
  Partials     1277     1277              

Flag	Coverage Δ
python	83.59% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
sdks/python/apache_beam/runners/direct/executor.py	96.46% <0.00%> (-0.55%)	⬇️
...hon/apache_beam/runners/worker/bundle_processor.py	93.54% <0.00%> (-0.13%)	⬇️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[masahitojp]

Run SQL PreCommit

[masahitojp]

Run Java_Examples_Dataflow PreCommit

[github-actions]

Assigning reviewers. If you would like to opt out of this review, comment assign to next reviewer:

R: @kileys for label java.
R: @Abacn for label build.
R: @pabloem for label io.

Available commands:

• stop reviewer notifications - opt out of the automated review tooling
• remind me after tests pass - tag the comment author after tests pass
• waiting on author - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)

The PR bot will only process comments in the main thread (not review comments).

[Abacn]

Tests passed. LGTM.
May find the reviewer of the previous upgrade: R: @aromanenko-dev to get it in

[github-actions]

Stopping reviewer notifications for this pull request: review requested by someone other than the bot, ceding control

[aromanenko-dev]

Thanks, LGTM
Also, this version bump is needed because of CVE in v2.6