[HUDI-8402] Fix for CVE-2023-39410 and CVE-2020-13956

[mehradpk]

Upgrade httpclient version to 4.5.13
Upgrade avro version to 1.11.3

Reference PR - #11964

Change Logs

This issue will address the below CVE from hudi-presto-bundle:0.14.0 jar
https://nvd.nist.gov/vuln/detail/CVE-2023-39410
https://nvd.nist.gov/vuln/detail/CVE-2020-13956

Impact

No user facing impacts

Risk level (write none, low medium or high below)

Included the new changes in presto and we haven't seen any regression issues

Documentation Update

None

Contributor's checklist

• Read through contributor's guide
• Change Logs and Impact were stated clearly
• Adequate tests were added if applicable
• CI passed

[danny0405]

Not sure whether spark-avro work with this, since 1.9, avro introduces many breaking change in their API.

[mehradpk]

@danny0405 any specific workaround to verify if spark-avro is compatible and works fine with avro 1.11.3.

[yihua]

We have deprecated Spark 2, 3.0 - 3.2 support, and the minimum Avro version used in Spark is 1.11.2. So I think this should be fine.

[danny0405]

then we are fine, Flink also uses avro 1.11+

[yihua]

Only change the version in root POM.

[yihua]

We have deprecated Spark 2, 3.0 - 3.2 support, and the minimum Avro version used in Spark is 1.11.2. So I think this should be fine.

[hudi-bot]

CI report:

• 1fd33ed Azure: SUCCESS

Bot commands

@hudi-bot supports the following commands:

• @hudi-bot run azure re-run the last Azure build