TEZ-4403: Upgrade SLF4J Version To 1.7.36

[shameersss1]

Currently we are on slf4j 1.7.30, As per https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.30 , There are four CVE's against this version.

1. CVE-2022-23305
2. CVE-2022-23302
3. CVE-2021-4104
4. CVE-2019-17571

Upgrading to 1.7.36 https://mvnrepository.com/artifact/org.slf4j/slf4j-log4j12/1.7.36 should solve the security concerns.

Reference

1. https://github.com/apache/tez/blob/master/pom.xml#L256
2. https://github.com/apache/tez/blob/master/pom.xml#L240

[shameersss1]

@abstractdog Could you please review the changes?

[shameersss1]

@abstractdog Can you please review the changes?

[abstractdog]

thanks for taking care of this @shameersss1!
as far as I can see, there is already 1.7.36, would you consider upgrading to that? it's told to fix log4j issues by pulling in reload4j
https://www.slf4j.org/news.html
let me know if it makes sense

[shameersss1]

@abstractdog - i have upgraded the version to 1.7.36 and re-triggered the pre-commit

[tez-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	0m 59s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
+1 💚	mvninstall	15m 48s	master passed
+1 💚	compile	2m 33s	master passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04
+1 💚	compile	2m 18s	master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javadoc	2m 36s	master passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04
+1 💚	javadoc	1m 50s	master passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
		_ Patch Compile Tests _
+1 💚	mvninstall	4m 49s	the patch passed
+1 💚	compile	3m 2s	the patch passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04
+1 💚	javac	3m 2s	the patch passed
+1 💚	compile	2m 48s	the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
+1 💚	javac	2m 48s	the patch passed
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 2s	The patch has no ill-formed XML file.
+1 💚	javadoc	2m 46s	the patch passed with JDK Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04
+1 💚	javadoc	2m 4s	the patch passed with JDK Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
		_ Other Tests _
+1 💚	unit	66m 25s	root in the patch passed.
+1 💚	asflicense	0m 46s	The patch does not generate ASF License warnings.
		109m 52s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/3/artifact/out/Dockerfile
GITHUB PR	#198
Optional Tests	dupname asflicense javac javadoc unit xml compile
uname	Linux 2320942233e3 4.15.0-175-generic #184-Ubuntu SMP Thu Mar 24 17:48:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/tez.sh
git revision	master / 2a9495a
Default Java	Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.14.1+1-Ubuntu-0ubuntu1.20.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_312-8u312-b07-0ubuntu1~20.04-b07
Test Results	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/3/testReport/
Max. process+thread count	1373 (vs. ulimit of 5500)
modules	C: . U: .
Console output	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-198/3/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.