fix(sec): upgrade org.bouncycastle:bcprov-ext-jdk15on to 1.69

[zhoumengyks]

What happened？

There are 1 security vulnerabilities found in org.bouncycastle:bcprov-ext-jdk15on 1.68

• MPS-2022-54308

What did I do？

Upgrade org.bouncycastle:bcprov-ext-jdk15on from 1.68 to 1.69 for vulnerability fix

What did you expect to happen？

Ideally, no insecure libs should be used.

The specification of the pull request

PR Specification from OSCS

[FrankChen021]

The version is not updated in the licenses.yaml file, I'm curious that why doesn't the license check report error? Is it because the scope of this dependency is declared as 'runtime'? Do you know that @xvrl

[xvrl]

why are we only updating bcprov-ext-jdk15on and not bcprov-jdk15on ?
We should also move to 1.70 since that is out already

[xvrl]

@FrankChen021 good question, we'd have to remove the runtime scope to see if that makes a difference. I also wonder if the fact that we still have 1.68 for bcprov-jdk15on somehow causes the license check to be confused?

[github-actions]

This pull request has been marked as stale due to 60 days of inactivity.
It will be closed in 4 weeks if no further activity occurs. If you think
that's incorrect or this pull request should instead be reviewed, please simply
write any comment. Even if closed, you can still revive the PR at any time or
discuss it on the dev@druid.apache.org list.
Thank you for your contributions.

[github-actions]

This pull request/issue has been closed due to lack of activity. If you think that
is incorrect, or the pull request requires review, you can revive the PR at any time.