Security Fix -: Commons compress upgrade

[KarthikaPKumar]

Description

Identified security vulnerabilities from commons-compress and updated the fix for the same.

Group id: org.apache.commons
Artifact : commons-compress
Issue for version : 1.19

Upgraded commons-compress to 1.26 and made supporting changes required for the build.

Motivation and Context

CVE-2024-25710
CVE-2021-36090
CVE-2021-35517
CVE-2021-35516
CVE-2021-35515

Impact

Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially crafted Pack200 file, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Test Plan

Contributor checklist

• Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
• PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• Documented new properties (with its default value), SQL syntax, functions, or other functionality.
• If release notes are required, they follow the release notes guidelines.
• Adequate tests were added if applicable.
• CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== NO RELEASE NOTE ==

[steveburnett]

Thanks for the fix! Please add a release note entry following the example in Phrasing in the Release Note Guidelines. Something like the following example:

== RELEASE NOTES ==

Security Changes
* * Upgrade okio to 3.6.0 in response to `CVE-2023-3635 <https://github.com/advisories/GHSA-w33c-445m-f8w7>`_. :pr:`24122`

[agrawalreetika]

I see, we already have commons-compres with an updated version added in root pom. We can use the same here instead of adding a version again in this module.

https://github.com/prestodb/presto/blob/master/pom.xml#L2212
https://github.com/prestodb/presto/blob/master/pom.xml#L83