TEZ-4713: Sync 3rd party dependency with Hadoop-3.5.0

[Aggarwal-Raghav]

• Update BouncyCastle to 1.82
• Update Guava to 33.4.8-jre
• Update RoaringBitmap to 1.3.0
• Add Jackson 2.18.6 and jackson-bom
• Add Reload4j 1.2.22
• Remove jsr305 dependency version

[Aggarwal-Raghav]

to be in sync with hadoop-3.5.0

[Aggarwal-Raghav]

to be in sync with hadoop-3.5.0

[Aggarwal-Raghav]

can't find any usage

[Aggarwal-Raghav]

two version of reload4j was coming 1.2.22 and 1.2.19. Better to define our own version than relying on hadoop.
1.2.19 was coming from slf4j-reload4j dependency

[Aggarwal-Raghav]

proactively done for iceberg-1.10.x

[Aggarwal-Raghav]

import.*jackson explicitly used in tez java file but it is relying on hadoop for jackson jars. IMO, this is not correct.

Also 2 version of jackson-core are coming in tez-dist/.../lib 2.14.3 and 2.12.7

 +- org.apache.avro:avro:jar:1.11.4:compile
[INFO]    |  \- com.fasterxml.jackson.core:jackson-core:jar:2.14.3:compile

INFO] |  +- org.apache.hadoop:hadoop-yarn-common:jar:3.4.2:compile
[INFO] |  |  +- com.sun.jersey:jersey-core:jar:1.19.4:compile
[INFO] |  |  |  \- javax.ws.rs:jsr311-api:jar:1.1.1:compile
[INFO] |  |  +- com.google.inject.extensions:guice-servlet:jar:4.2.3:compile
[INFO] |  |  +- com.google.inject:guice:jar:4.2.3:compile
[INFO] |  |  |  +- javax.inject:javax.inject:jar:1:compile
[INFO] |  |  |  \- aopalliance:aopalliance:jar:1.0:compile
[INFO] |  |  +- com.sun.jersey.contribs:jersey-guice:jar:1.19.4:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-core:jar:2.12.7:compile

[tez-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	0m 0s		Docker mode activated.
-1 ❌	docker	3m 20s		Docker failed to build run-specific yetus/tez:tp-7858}.

Subsystem	Report/Notes
GITHUB PR	#490
Console output	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-490/1/console
versions	git=2.34.1
Powered by	Apache Yetus 0.15.1 https://yetus.apache.org

This message was automatically generated.

[Aggarwal-Raghav]

CC @abstractdog , can you please help with CI privilege issue?

15:01:41  
15:01:41  #2 [internal] load metadata for docker.io/yetus/tez:240665345
15:01:41  #2 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

[abstractdog]

CC @abstractdog , can you please help with CI privilege issue?

15:01:41  
15:01:41  #2 [internal] load metadata for docker.io/yetus/tez:240665345
15:01:41  #2 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

sorry, I forgot about this: so considering the currently ongoing hadoop upgrade and your decent improvements in the precommit area, we can get back to this after those are resolved, if you're okay with it

[Aggarwal-Raghav]

CC @abstractdog , can you please help with CI privilege issue?

15:01:41  
15:01:41  #2 [internal] load metadata for docker.io/yetus/tez:240665345
15:01:41  #2 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

sorry, I forgot about this: so considering the currently ongoing hadoop upgrade and your decent improvements in the precommit area, we can get back to this after those are resolved, if you're okay with it

yes, that's the plan. I'll rebase one hadoop3.5.0 is in. The CI failure is because of rebase.

[tez-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	2m 0s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 1s		No case conflicting files found.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ master Compile Tests _
+1 💚	mvninstall	3m 2s		master passed
+1 💚	compile	2m 28s		master passed
+1 💚	javadoc	0m 58s		master passed
			_ Patch Compile Tests _
+1 💚	mvninstall	2m 14s		the patch passed
+1 💚	codespell	0m 47s		No new issues.
+1 💚	compile	2m 30s		the patch passed
-1 ❌	javac	2m 30s	/results-compile-javac-root.txt	root generated 12 new + 742 unchanged - 0 fixed = 754 total (was 742)
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	javadoc	0m 56s		the patch passed
			_ Other Tests _
+1 💚	unit	57m 12s		root in the patch passed.
+1 💚	asflicense	0m 35s		The patch does not generate ASF License warnings.
		73m 36s

Subsystem	Report/Notes
Docker	ClientAPI=1.54 ServerAPI=1.54 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-490/2/artifact/out/Dockerfile
Optional Tests	dupname compile unit asflicense javac javadoc codespell detsecrets xmllint
uname	Linux 5eb7580a8c38 5.15.0-173-generic #183-Ubuntu SMP Fri Mar 6 13:29:34 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	tez-personality.sh
git revision	master / 330fdc8
Default Java	Eclipse Adoptium-21.0.11+10-LTS
Test Results	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-490/2/testReport/
Max. process+thread count	1448 (vs. ulimit of 5500)
modules	C: . U: .
Console output	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-490/2/console
versions	git=2.43.0 maven=3.9.15 codespell=2.4.1
Powered by	Apache Yetus 0.15.1 https://yetus.apache.org

This message was automatically generated.