Upgrade kafka-clients from 3.5.0 to 3.7.0 fixing snappy vulnerabilities

[julianladisch]

The kafka-clients upgrade indirectly upgrades snappy-java from 1.1.10.0 to 1.1.10.5 fixing these snappy-java vulnerablities:

• https://nvd.nist.gov/vuln/detail/CVE-2023-34453
• https://nvd.nist.gov/vuln/detail/CVE-2023-34454
• https://nvd.nist.gov/vuln/detail/CVE-2023-34455
• https://nvd.nist.gov/vuln/detail/CVE-2023-43642

kafka-clients 3.7.0 requires to bump the test dependency debezium from 2.1.4.Final to 2.6.1.Final.

[tsegismont]

@ppatierno is this ok to merge? Should we consider backporting?

[tsegismont]

Thanks for taking a look @ppatierno . What about backporting to 4.x?

[ppatierno]

Thanks for taking a look @ppatierno . What about backporting to 4.x?

I would say yes if 4.x will be still around for long. Do you want me to open a PR against the 4.x branch?

[vietj]

@ppatierno go ahead, we are planning a 4.5.x release next week

[ppatierno]

@vietj here the PR https://github.com/vert-x3/vertx-kafka-client/pull/266