Security Fix -: Commons compress upgrade

[KarthikaPKumar]

Description

Identified security vulnerabilities from commons-compress and updated the fix for the same.

Group id: org.apache.commons
Artifact : commons-compress
Issue for version : 1.19

Upgraded commons-compress to 1.26 and made supporting changes required for the build.

Motivation and Context

CVE-2024-25710 CVE-2021-36090 CVE-2021-35517 CVE-2021-35516 CVE-2021-35515

Impact

Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially crafted Pack200 file, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Test Plan

Contributor checklist

• [ ] Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
• [ ] PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• [ ] Documented new properties (with its default value), SQL syntax, functions, or other functionality.
• [ ] If release notes are required, they follow the release notes guidelines.
• [ ] Adequate tests were added if applicable.
• [ ] CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== NO RELEASE NOTE ==

[steveburnett]

Thanks for the fix! Please add a release note entry following the example in Phrasing in the Release Note Guidelines. Something like the following example:

== RELEASE NOTES ==

Security Changes
* * Upgrade okio to 3.6.0 in response to `CVE-2023-3635 <https://github.com/advisories/GHSA-w33c-445m-f8w7>`_. :pr:`24122`