[fix][sec] Upgrade async-http-client to 2.12.4 to address CVE-2024-53990

[lhotari]

Motivation

Upgrade to async-http-client 2.12.4 which contains a fix for CVE-2024-53990. See https://lists.apache.org/thread/fpg465pxytqkxbs57h7p3mckn9dwh3zq for more details.

Modifications

• Upgrade async-http-client from 2.12.1 to 2.12.4
  • Changes since 2.12.1
• Adapt to AsyncHttpClient/async-http-client@ac2d4bd change
  • Replace com.sun.activation:javax.activation with com.sun.activation:jakarta.activation

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.40%. Comparing base (bbc6224) to head (3d87803).
Report is 794 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #23732      +/-   ##
============================================
+ Coverage     73.57%   74.40%   +0.83%     
- Complexity    32624    35097    +2473     
============================================
  Files          1877     1945      +68     
  Lines        139502   147510    +8008     
  Branches      15299    16280     +981     
============================================
+ Hits         102638   109761    +7123     
- Misses        28908    29273     +365     
- Partials       7956     8476     +520     

Flag	Coverage Δ
inttests	27.27% <ø> (+2.68%)	⬆️
systests	24.35% <ø> (+0.02%)	⬆️
unittests	73.80% <ø> (+0.95%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 675 files with indirect coverage changes

[lhotari]

The releases are in-progress to include this fix. Ongoing vote threads:
Release Apache Pulsar 3.0.9 based on 3.0.9-candidate-2
Release Apache Pulsar 3.3.4 based on 3.3.4-candidate-2
Release Apache Pulsar 4.0.2 based on 4.0.2-candidate-3