[SPARK-39540][BUILD] Upgrade mysql-connector-java to 8.0.29

[bjornjorgensen]

What changes were proposed in this pull request?

Upgrade mysql-connector-java from 8.0.27 to 8.0.29

Why are the changes needed?

Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java.

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2022-21363

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Pass GA

[bjornjorgensen]

There are a newer realase out 8.0.29

[dongjoon-hyun]

May I ask why you did choose 8.0.28 over 8.0.29, @bjornjorgensen ?

There are a newer realase out 8.0.29

[bjornjorgensen]

@dongjoon-hyun Yes, this PR is made to get rid of the CVE, but if you will have .29 I can change this PR, or let those that need version .29 upgrade to it.

[dongjoon-hyun]

If JDBC integration tests pass with 8.0.29 too, yes, please upgrade to 8.0.29. Otherwise, someone else will make another PR for that very soon.

[bjornjorgensen]

@dongjoon-hyun Ok, now we have a test run with .29.
Thank you.

[dongjoon-hyun]

+1, LGTM (Pending CIs)

[srowen]

Seems fine, though as a test-only dependency this would not affect Spark users.
I wonder if we can upgrade further? but a minor bump is OK.

[dongjoon-hyun]

Yes, this PR aims to use the latest one, 8.0.29.

• https://mvnrepository.com/artifact/mysql/mysql-connector-java

Merged to master.