NIFI-10347 Upgrade Metrics-graphite to 4.2.10

[UcanInfosec]

Summary

NIFI-10347

Tracking

Please complete the following tracking steps prior to pull request creation.

Issue Tracking

• [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI-10347] issue created

Pull Request Tracking

• Pull Request title starts with Apache NiFi Jira issue number, such as NIFI-00000
• Pull Request commit message starts with Apache NiFi Jira issue number, as such NIFI-00000

Pull Request Formatting

• Pull Request based on current revision of the main branch
• Pull Request refers to a feature branch with one commit containing changes

Verification

Please indicate the verification steps performed prior to pull request creation.

Build

• Build completed using mvn clean install -P contrib-check
  • JDK 8
  • JDK 11
  • JDK 17

Licensing

• New dependencies are compatible with the Apache License 2.0 according to the License Policy
• New dependencies are documented in applicable LICENSE and NOTICE files

Documentation

• Documentation formatting appears as expected in rendered files

[mr1716]

This does resolve CVE CVE-2016-4000

[exceptionfactory]

Thanks for the vulnerability reference @mr1716. CVE-2016-4000 applies to Jython, which is a test dependency of metrics-graphite, but is not included at runtime in any distributions of Apache NiFi. Upgrading to the latest version should be provide other improvements.

[exceptionfactory]

@UcanInfosec The Dropwizard Metrics project maintains both the 4.1 and 4.2 releases. Although this may be a compatible upgrade, several other modules depend on metrics-core from the 4.1 series, so it seems better to use the latest 4.1 version instead of upgrading to 4.2 in this particular module.

[UcanInfosec]

@exceptionfactory thanks. It was changed to 4.1.33.

[exceptionfactory]

Thanks for making the adjustment to stay with the 4.1 series @UcanInfosec, this looks good. +1 merging