[1.8.x] Build: Bump Parquet from 1.15.0 to 1.15.1 (#12749)

[akhilyendluri]

Parquet version older than 1.15.1 have a security issue. CVE: https://nvd.nist.gov/vuln/detail/CVE-2025-30065

[pvary]

Sorry, I merged this with the wrong commit message (somehow the PR name was not changed the merged commit message automatically), but at least it is in the 1.8.x branch now.
Thanks @akhilyendluri for the PR, and @nastra for the review!

[manuzhang]

Do we need to update LICENSE and NOTICE as well?

[pvary]

Do we need to update LICENSE and NOTICE as well?

@manuzhang: You are right. Would you mind creating the PR, so I can merge it?

Thanks,
Peter

[rdblue]

Do we need to update LICENSE and NOTICE as well?

If we do, please remove the version numbers from the LICENSE and NOTICE. We should not need to update them for every patch release!

[manuzhang]

If we do, please remove the version numbers from the LICENSE and NOTICE.

@jbonofre WDYT?

[jbonofre]

Yeah, I proposed to remove version in the past to avoid any LICENSE/NOTICE issue, even I think it's better to document version (as LICENSE/NOTICE can change from a version to another). So I'm fine removing it.
For context, it's important to keep the version for BSD/MIT dependency as licenses sometimes change as product version change.
For Apache dependencies, assuming that the bundled dependency itself contains no bundled sub-components under other licenses, so the ALv2 applies uniformly to all files, there is no need to modify LICENSE. However, for completeness it is useful to list the products and their versions, as is done for products under other licenses.
So, I think for this update, it's important information to keep.

[manuzhang]

@jbonofre Thanks for your thoughts. Maybe we can do a one time change when a dependency's license change. I've opened a PR to remove the versions in LICENSE on 1.8.x branch. Please help review.