[fix][sec] Upgrade Guava to 32.1.1 to address CVE-2023-2976

[poorbarcode]

Motivation

The OWASP dependency check failed. Link: https://github.com/apache/pulsar/actions/runs/5424405010/jobs/9865506786?pr=20698

Error:  Failed to execute goal org.owasp:dependency-check-maven:8.2.1:aggregate (default) on project pulsar: 
Error:  
Error:  One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 
Error:  
Error:  canal.client-1.1.5.jar/META-INF/maven/com.google.guava/guava/pom.xml: CVE-2023-2976(7.1)
Error:  clickhouse-jdbc-0.4.6-all.jar/META-INF/maven/com.google.guava/guava/pom.xml: CVE-2023-2976(7.1)
Error:  
Error:  See the dependency-check report for more details.
Error:  -> [Help 1]
Error:  
Error:  To see the full stack trace of the errors, re-run Maven with the -e switch.
Error:  Re-run Maven using the -X switch to enable full debug logging.
Error:  
Error:  For more information about the errors and possible solutions, please read the following articles:
Error:  [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
Error:  
Error:  After correcting the problems, you can resume the build with the command
Error:    mvn <args> -rf :pulsar
Error: Process completed with exit code 1.

The PR #20459 has addressed CVE-2023-2976 3 weeks ago

In the doc of CVE-2023-2976, the version 32.0.1 is suggested now

Modifications

Upgrade Guava to 32.0.1

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

Matching PR in forked repository

PR in forked repository: x

[lhotari]

Please use version 32.1.1-jre since 32.0.1-jre has broken Gradle metadata. See https://github.com/google/guava/releases

[poorbarcode]

@lhotari

Please use version 32.1.1-jre since 32.0.1-jre has broken Gradle metadata. See https://github.com/google/guava/releases

FIxed, please take a look again, thanks

[lhotari]

LGTM

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.14%. Comparing base (e360379) to head (e41a819).
⚠️ Report is 2346 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #20699      +/-   ##
============================================
+ Coverage     72.69%   73.14%   +0.44%     
- Complexity    31878    32126     +248     
============================================
  Files          1871     1868       -3     
  Lines        138982   139002      +20     
  Branches      15283    15292       +9     
============================================
+ Hits         101037   101676     +639     
+ Misses        29873    29273     -600     
+ Partials       8072     8053      -19     

Flag	Coverage Δ
inttests	24.25% <ø> (+0.12%)	⬆️
systests	25.09% <ø> (+0.04%)	⬆️
unittests	72.42% <ø> (+0.49%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 155 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.