[Java] Upgrade some deps to fix CVEs (#16650)

java/BUILD.bazel

@@ -85,6 +85,7 @@ define_java_module(
         "@maven//:org_slf4j_slf4j_api",
         "@maven//:org_slf4j_slf4j_log4j12",
         "@maven//:org_testng_testng",
+        "@maven//:org_yaml_snakeyaml",
         "@maven//:redis_clients_jedis",
     ],
 )

java/dependencies.bzl

@@ -1,25 +1,34 @@
 load("@rules_jvm_external//:defs.bzl", "maven_install")
+load("@rules_jvm_external//:specs.bzl", "maven")
 
 def gen_java_deps():
     maven_install(
         artifacts = [
             "com.google.code.gson:gson:2.8.5",
-            "com.google.guava:guava:27.0.1-jre",
+            "com.google.guava:guava:30.0-jre",
             "com.google.protobuf:protobuf-java:3.16.0",
             "com.puppycrawl.tools:checkstyle:8.15",
             "com.sun.xml.bind:jaxb-core:2.3.0",
             "com.sun.xml.bind:jaxb-impl:2.3.0",
             "com.typesafe:config:1.3.2",
-            "commons-io:commons-io:2.5",
+            "commons-io:commons-io:2.7",
             "de.ruedigermoeller:fst:2.57",
             "javax.xml.bind:jaxb-api:2.3.0",
             "org.apache.commons:commons-lang3:3.4",
             "org.msgpack:msgpack-core:0.8.20",
             "org.ow2.asm:asm:6.0",
             "org.slf4j:slf4j-log4j12:1.7.25",
-            "org.testng:testng:7.3.0",
+            "org.yaml:snakeyaml:1.26",
             "redis.clients:jedis:2.8.0",
             "net.java.dev.jna:jna:5.5.0",
+            maven.artifact(
+                group = "org.testng",
+                artifact = "testng",
+                version = "7.3.0",
+                exclusions = [
+                    "org.yaml:snakeyaml",
+                ]
+            ),
         ],
         repositories = [
             "https://repo1.maven.org/maven2/",

java/performance_test/pom.xml

@@ -35,12 +35,12 @@
 <dependency>
   <groupId>com.google.guava</groupId>
   <artifactId>guava</artifactId>
-  <version>27.0.1-jre</version>
+  <version>30.0-jre</version>
 </dependency>
 <dependency>
   <groupId>commons-io</groupId>
   <artifactId>commons-io</artifactId>
-  <version>2.5</version>
+  <version>2.7</version>
 </dependency>
 <dependency>
   <groupId>org.apache.commons</groupId>

java/runtime/pom.xml

@@ -47,7 +47,7 @@
 <dependency>
   <groupId>com.google.guava</groupId>
   <artifactId>guava</artifactId>
-  <version>27.0.1-jre</version>
+  <version>30.0-jre</version>
 </dependency>
 <dependency>
   <groupId>com.google.protobuf</groupId>
@@ -62,7 +62,7 @@
 <dependency>
   <groupId>commons-io</groupId>
   <artifactId>commons-io</artifactId>
-  <version>2.5</version>
+  <version>2.7</version>
 </dependency>
 <dependency>
   <groupId>de.ruedigermoeller</groupId>
@@ -114,6 +114,11 @@
   <artifactId>testng</artifactId>
   <version>7.3.0</version>
 </dependency>
+<dependency>
+  <groupId>org.yaml</groupId>
+  <artifactId>snakeyaml</artifactId>
+  <version>1.26</version>
+</dependency>
 <dependency>
   <groupId>redis.clients</groupId>
   <artifactId>jedis</artifactId>

java/test/pom.xml

@@ -39,7 +39,7 @@
 <dependency>
   <groupId>com.google.guava</groupId>
   <artifactId>guava</artifactId>
-  <version>27.0.1-jre</version>
+  <version>30.0-jre</version>
 </dependency>
 <dependency>
   <groupId>com.google.protobuf</groupId>
@@ -59,7 +59,7 @@
 <dependency>
   <groupId>commons-io</groupId>
   <artifactId>commons-io</artifactId>
-  <version>2.5</version>
+  <version>2.7</version>
 </dependency>
 <dependency>
   <groupId>javax.xml.bind</groupId>

streaming/java/streaming-runtime/pom.xml

@@ -77,7 +77,7 @@
 <dependency>
   <groupId>commons-io</groupId>
   <artifactId>commons-io</artifactId>
-  <version>2.5</version>
+  <version>2.7</version>
 </dependency>
 <dependency>
   <groupId>de.ruedigermoeller</groupId>