[Security] Upgrade junit version to 4.13.1 to resolve CVE-2020-15250 …

…and fix test dependency leak (apache#10147)

buildtools/pom.xml

@@ -64,6 +64,11 @@
       <artifactId>testng</artifactId>
       <version>${testng.version}</version>
     </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.13.1</version>
+    </dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-api</artifactId>

distribution/server/src/assemble/LICENSE.bin.txt

@@ -465,14 +465,13 @@ The Apache Software License, Version 2.0
     - io.grpc-grpc-protobuf-1.33.0.jar
     - io.grpc-grpc-protobuf-lite-1.33.0.jar
     - io.grpc-grpc-stub-1.33.0.jar
-    - io.grpc-grpc-testing-1.33.0.jar
     - io.grpc-grpc-alts-1.33.0.jar
     - io.grpc-grpc-api-1.33.0.jar
     - io.grpc-grpc-grpclb-1.33.0.jar
     - io.grpc-grpc-netty-shaded-1.33.0.jar
     - io.grpc-grpc-services-1.33.0.jar
     - io.grpc-grpc-xds-1.33.0.jar
-  * Perfmark 
+  * Perfmark
     - io.perfmark-perfmark-api-0.19.0.jar
   * OpenCensus
     - io.opencensus-opencensus-api-0.18.0.jar
@@ -517,7 +516,7 @@ The Apache Software License, Version 2.0
     - io.vertx-vertx-web-3.5.3.jar
   * Apache ZooKeeper
     - org.apache.zookeeper-zookeeper-jute-3.6.2.jar
-  * Snappy Java  
+  * Snappy Java
     - org.xerial.snappy-snappy-java-1.1.7.jar
   * Google HTTP Client
     - com.google.http-client-google-http-client-jackson2-1.34.0.jar
@@ -531,7 +530,6 @@ BSD 3-clause "New" or "Revised" License
     - com.google.auth-google-auth-library-oauth2-http-0.20.0.jar -- licenses/LICENSE-google-auth-library.txt
  * LevelDB -- (included in org.rocksdb.*.jar) -- licenses/LICENSE-LevelDB.txt
  * JSR305 -- com.google.code.findbugs-jsr305-3.0.2.jar -- licenses/LICENSE-JSR305.txt
- * JavaHamcrest -- org.hamcrest-hamcrest-core-1.3.jar -- licenses/LICENSE-Hamcrest.txt
 
 BSD 2-Clause License
  * HdrHistogram -- org.hdrhistogram-HdrHistogram-2.1.9.jar -- licenses/LICENSE-HdrHistogram.txt
@@ -578,7 +576,7 @@ CDDL-1.1 -- licenses/LICENSE-CDDL-1.1.txt
  * Mimepull -- org.jvnet.mimepull-mimepull-1.9.13.jar
 
 Eclipse Distribution License 1.0 -- licenses/LICENSE-EDL-1.0.txt
- * Jakarta Activation 
+ * Jakarta Activation
    - jakarta.activation-jakarta.activation-api-1.2.1.jar
  * Jakarta XML Binding -- jakarta.xml.bind-jakarta.xml.bind-api-2.3.2.jar
 

managed-ledger/pom.xml

@@ -101,7 +101,6 @@
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>4.12</version>
       <scope>test</scope>
     </dependency>
 

pom.xml

@@ -199,6 +199,7 @@ flexible messaging model and an intuitive client API.</description>
     <testcontainers.version>1.15.1</testcontainers.version>
     <kerby.version>1.1.1</kerby.version>
     <testng.version>7.3.0</testng.version>
+    <junit4.version>4.13.1</junit4.version>
     <mockito.version>3.8.0</mockito.version>
     <powermock.version>2.0.9</powermock.version>
     <javassist.version>3.25.0-GA</javassist.version>
@@ -267,6 +268,12 @@ flexible messaging model and an intuitive client API.</description>
         </exclusions>
       </dependency>
 
+      <dependency>
+        <groupId>junit</groupId>
+        <artifactId>junit</artifactId>
+        <version>${junit4.version}</version>
+      </dependency>
+
       <dependency>
         <groupId>org.awaitility</groupId>
         <artifactId>awaitility</artifactId>
@@ -419,6 +426,10 @@ flexible messaging model and an intuitive client API.</description>
             <groupId>io.grpc</groupId>
             <artifactId>grpc-all</artifactId>
           </exclusion>
+          <exclusion>
+            <groupId>io.grpc</groupId>
+            <artifactId>grpc-testing</artifactId>
+          </exclusion>
         </exclusions>
       </dependency>
 

pulsar-package-management/bookkeeper-storage/pom.xml

@@ -87,7 +87,6 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
             <scope>test</scope>
         </dependency>
     </dependencies>