TEZ-4462: update common-codec to 1.13 to fix vulnerability SNYK-JAVA-…

[difin]

This PR proposes to upgrade commons-codec to 1.13.

The commons-codec:commons-codec version contains a vunerability detected by Snyk:

commons-codec:commons-codec is a package that contains simple encoder and decoders for various formats such as Base64 and Hexadecimal.

Affected versions of this package are vulnerable to Information Exposure.
https://security.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518

[tez-yetus]

💔 -1 overall

Vote	Subsystem	Runtime	Comment
+0 🆗	reexec	31m 50s	Docker mode activated.
		_ Prechecks _
+1 💚	dupname	0m 0s	No case conflicting files found.
+1 💚	@author	0m 0s	The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s	The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
		_ master Compile Tests _
+1 💚	mvninstall	15m 28s	master passed
+1 💚	compile	2m 14s	master passed with JDK Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04
+1 💚	compile	2m 4s	master passed with JDK Private Build-1.8.0_352-8u352-ga-1~20.04-b08
+1 💚	javadoc	2m 26s	master passed with JDK Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04
+1 💚	javadoc	1m 46s	master passed with JDK Private Build-1.8.0_352-8u352-ga-1~20.04-b08
		_ Patch Compile Tests _
+1 💚	mvninstall	3m 55s	the patch passed
+1 💚	compile	2m 16s	the patch passed with JDK Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04
+1 💚	javac	2m 16s	the patch passed
+1 💚	compile	2m 7s	the patch passed with JDK Private Build-1.8.0_352-8u352-ga-1~20.04-b08
+1 💚	javac	2m 6s	the patch passed
+1 💚	whitespace	0m 0s	The patch has no whitespace issues.
+1 💚	xml	0m 1s	The patch has no ill-formed XML file.
+1 💚	javadoc	2m 7s	the patch passed with JDK Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04
+1 💚	javadoc	1m 46s	the patch passed with JDK Private Build-1.8.0_352-8u352-ga-1~20.04-b08
		_ Other Tests _
+1 💚	unit	74m 5s	root in the patch passed.
+1 💚	asflicense	0m 39s	The patch does not generate ASF License warnings.
		143m 47s

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-258/1/artifact/out/Dockerfile
GITHUB PR	#258
JIRA Issue	TEZ-4462
Optional Tests	dupname asflicense javac javadoc unit xml compile
uname	Linux 9e4698cec273 4.15.0-200-generic #211-Ubuntu SMP Thu Nov 24 18:16:04 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	personality/tez.sh
git revision	master / 34d6810
Default Java	Private Build-1.8.0_352-8u352-ga-1~20.04-b08
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_352-8u352-ga-1~20.04-b08
Test Results	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-258/1/testReport/
Max. process+thread count	2100 (vs. ulimit of 5500)
modules	C: . U: .
Console output	https://ci-hadoop.apache.org/job/tez-multibranch/job/PR-258/1/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.12.0 https://yetus.apache.org

This message was automatically generated.

[rbalamohan]

LGTM. +1

[difin]

Hi @rbalamohan, thanks a lot for the review!
Could you please merge it?