Fix vulnerable dependencies

[vinokurig]

What does this PR do?

• Update vulnerable dependencies in order to fix the security issues according to the trivy report
• Update other dependencies according by merging dependabot pull requests.

List of the updated dependencies:

Library	current version	updated version	dependabot PR
org.javassist	3.28.0-GA	3.29.2-GA	#417
maven.resources.plugin	3.2.0	3.3.1	#423
maven.clean.plugin	3.1.0	3.2.0	#426
maven assembly.plugin	3.3.0	3.5.0	#454
io.prometheus.simpleclient	0.7.0	0.16.0	#212
io.opentracing.api.extensions	0.5.0	0.6.0	#129
io.micrometer	1.3.1	1.10.5	#424
io.jaegertracing	1.0.0	1.8.1	#105
io.jaegertracing.micrometer	1.0.0	1.8.1	#322
com.google.guava	30.1.1-jre	31.1-jre	#268
ch.qos.logback	1.2.9	1.2.11	#234
org.jgroups	4.1.9	5.2.13.Final	#427
com.h2database	1.4.196	2.1.210
commons-fileupload	1.3.3	1.5
apache.tomcat	10.0.14	10.1.6
postgresql	42.2.24	42.5.1

Dependencies that was NOT updated due to the build failure:

Library	current version	dependabot PR
jgroups.kubernetes	1.0.13.Final	#306
org.slf4j	1.7.36	#420
org.mockito	0.4.13	#464

Screenshot/screencast of this PR

What issues does this PR fix or reference?

fixes eclipse-che/che#22062

How to test this PR?

1. Git checkout to the PR branch.
2. Run mvn clean install && cd dockerfiles && ./build.sh && cd .. && docker run aquasec/trivy image quay.io/eclipse/che-server:next
3. See the report:

Library	Vulnerability	Severity	InstalledVersion	FixedVersion	Title
com.h2database:h2 (api.war)	CVE-2022-45868	HIGH	2.1.210
org.yaml:snakeyaml (api.war)	CVE-2022-1471	CRITICAL	1.33	2.0

The snakeyaml item is extracted to a separate issue: eclipse-che/che#22106
The h2database item is extracted to a separate issue:eclipse-che/che#22107

PR Checklist

As the author of this Pull Request I made sure that:

• The Eclipse Contributor Agreement is valid
• Code produced is complete
• Code builds without errors
• Tests are covering the bugfix
• The repository devfile is up to date and works
• Sections What issues does this PR fix or reference and How to test this PR completed
• Relevant user documentation updated
• Relevant contributing documentation updated
• CI/CD changes implemented, documented and communicated

Reviewers

Reviewers, please comment how you tested the PR when approving it.

[tolusha]

@vinokurig
Pls ensure that updates from the current che-server to a new one works

[nickboldt]

if it builds, I'm happy.

+1 to merge.

[dmytro-ndp]

Test workspace imported from git repo https://github.com/che-incubator/quarkus-api-example.git has been started successfully in Dev Spaces 3.6.0.ER with server image quay.io/ivinokur/che-server@sha256:45070bff756c879973c29f48e8310c4e045d3f91fe1e1b2a8d46e3aeecf14ef9 built by @vinokurig from this PR:

[amisevsk]

Looks fine to me but I haven't had a chance to test that there aren't subtle issues/changes.

[devstudio-release]

Build 3.6 :: server_3.x/142: Console, Changes, Git Data

[ibuziuk]

@vinokurig thank you, merged to main \o/
could you please close dependabot PRs that are not needed anymore - https://github.com/eclipse-che/che-server/pulls

[devstudio-release]

Build 3.6 :: sync-to-downstream_3.x/2807: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: get-sources-rhpkg-container-build_3.x/2629: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: push-latest-container-to-quay_3.x/2007: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: get-sources-rhpkg-container-build_3.x/2629:

server : 3.x :: Build 51672921 : quay.io/devspaces/server-rhel8:3.6-29
SUCCESS; copied to quay; /DS_CI/push-latest-container-to-quay_3.x/2007 triggered

[devstudio-release]

Build 3.6 :: update-digests_3.x/2614: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: server_3.x/142:

Upstream sync done; /DS_CI/sync-to-downstream_3.x/2807 triggered

[devstudio-release]

Build 3.6 :: operator-bundle_3.x/1034: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: sync-to-downstream_3.x/2808: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: get-sources-rhpkg-container-build_3.x/2630: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: push-latest-container-to-quay_3.x/2008: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: copyIIBsToQuay/1178: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: get-sources-rhpkg-container-build_3.x/2630:

devspaces-operator-bundle : 3.x :: Build 51673157 : quay.io/devspaces/devspaces-operator-bundle:3.6-132
SUCCESS; copied to quay; /DS_CI/push-latest-container-to-quay_3.x/2008 triggered;

Bundle CSV related images:
- quay.io/devspaces/code-rhel8:
- quay.io/devspaces/configbump-rhel8:3.6-11
- quay.io/devspaces/dashboard-rhel8:3.6-26
- quay.io/devspaces/devfileregistry-rhel8:3.6-65
- quay.io/devspaces/devspaces-rhel8-operator:3.6-22
- quay.io/devspaces/idea-rhel8:3.6-22
- quay.io/devspaces/machineexec-rhel8:3.6-14
- quay.io/devspaces/pluginregistry-rhel8:3.6-16
- quay.io/devspaces/server-rhel8:3.6-29
- quay.io/devspaces/traefik-rhel8:3.6-7
- quay.io/devspaces/udi-rhel8:3.6-16
= registry.redhat.io/devworkspace/devworkspace-rhel8-operator:0.19-4.1679485262
= registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.11.0-202303081241.p0.ga805ba5.assembly.stream
= registry.redhat.io/openshift4/ose-oauth-proxy:v4.11.0-202303081241.p0.gaad1b28.assembly.stream
= registry.redhat.io/rhel8/postgresql-13:1-109.1679484501
= registry.redhat.io/rhel8/postgresql-96:1-159
= registry.redhat.io/rhscl/mongodb-36-rhel7:1-50
= registry.redhat.io/ubi8/ubi-minimal:8.6-994

[devstudio-release]

Build 3.6 :: sync-to-downstream_3.x/2808:

Build container: devspaces-operator-bundle synced; /DS_CI/get-sources-rhpkg-container-build_3.x/2630 triggered; /job/DS_CI/job/dsc_3.x triggered;

[devstudio-release]

Build 3.6 :: operator-bundle_3.x/1034:

Upstream sync done; /DS_CI/sync-to-downstream_3.x/2808 triggered

[devstudio-release]

Build 3.6 :: dsc_3.x/746: Console, Changes, Git Data

[devstudio-release]

Build 3.6 :: update-digests_3.x/2614:

Detected new images: rebuild operator-bundle
* server; /DS_CI/operator-bundle_3.x/1034 triggered

[devstudio-release]

Build 3.6 :: dsc_3.x/746:

3.6.0 CI

[devstudio-release]

Build 3.6 :: copyIIBsToQuay/1178:

3.6
arches = x86_64, s390x, ppc64le;
  * LATEST DS OPERATOR BUNDLE = <a href=https://quay.io/repository/devspaces/devspaces-operator-bundle?tab=tags>registry-proxy.engineering.redhat.com/rh-osbs/devspaces-operator-bundle:3.6-132
  * LATEST DWO OPERATOR BUNDLE = <a href=https://quay.io/repository/devworkspace/devworkspace-operator-bundle?tab=tags>registry-proxy.engineering.redhat.com/rh-osbs/devworkspace-operator-bundle:0.19-4
+ ppc64le-rhel8 IIB(s) copied:
  + quay.io/devspaces/iib:3.6-v4.13-464573-440885-ppc64le
  + quay.io/devspaces/iib:3.6-v4.13-ppc64le
  + quay.io/devspaces/iib:next-v4.13-ppc64le
  + quay.io/devspaces/iib:3.6-v4.12-464565-440880-ppc64le
  + quay.io/devspaces/iib:3.6-v4.12-ppc64le
  + quay.io/devspaces/iib:next-v4.12-ppc64le
  + quay.io/devspaces/iib:3.6-v4.11-464557-440871-ppc64le
  + quay.io/devspaces/iib:3.6-v4.11-ppc64le
  + quay.io/devspaces/iib:next-v4.11-ppc64le
  + quay.io/devspaces/iib:3.6-v4.10-465477-440866-ppc64le
  + quay.io/devspaces/iib:3.6-v4.10-ppc64le
  + quay.io/devspaces/iib:next-v4.10-ppc64le
+ s390x-rhel8 IIB(s) copied:
  + quay.io/devspaces/iib:3.6-v4.13-464573-440885-s390x
  + quay.io/devspaces/iib:3.6-v4.13-s390x
  + quay.io/devspaces/iib:next-v4.13-s390x
  + quay.io/devspaces/iib:3.6-v4.12-464565-440880-s390x
  + quay.io/devspaces/iib:3.6-v4.12-s390x
  + quay.io/devspaces/iib:next-v4.12-s390x
  + quay.io/devspaces/iib:3.6-v4.11-464557-440871-s390x
  + quay.io/devspaces/iib:3.6-v4.11-s390x
  + quay.io/devspaces/iib:next-v4.11-s390x
  + quay.io/devspaces/iib:3.6-v4.10-465477-440866-s390x
  + quay.io/devspaces/iib:3.6-v4.10-s390x
  + quay.io/devspaces/iib:next-v4.10-s390x
+ x86_64-rhel8 IIB(s) copied:
  + quay.io/devspaces/iib:3.6-v4.13-464573-440885-x86_64
  + quay.io/devspaces/iib:3.6-v4.13-x86_64
  + quay.io/devspaces/iib:next-v4.13-x86_64
  + quay.io/devspaces/iib:3.6-v4.12-464565-440880-x86_64
  + quay.io/devspaces/iib:3.6-v4.12-x86_64
  + quay.io/devspaces/iib:next-v4.12-x86_64
  + quay.io/devspaces/iib:3.6-v4.11-464557-440871-x86_64
  + quay.io/devspaces/iib:3.6-v4.10-465477-440866-x86_64
  + quay.io/devspaces/iib:3.6-v4.10-x86_64
  + quay.io/devspaces/iib:next-v4.10-x86_64