Update zookeeper version to fix CVEs

[bibith4]

Description

Changes to upgrade zookeeper versions to 3.9.3 to remove vulnerabilities

Motivation and Context

The presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi have interdependencies with zookeeper version 3.4.14, which contain vulnerabilities. These vulnerabilities can be removed by upgrading the zookeeper dependency to 3.9.3

Impact

Test Plan

Contributor checklist

• Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
• PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• Documented new properties (with its default value), SQL syntax, functions, or other functionality.
• If release notes are required, they follow the release notes guidelines.
• Adequate tests were added if applicable.
• CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

Security Changes
* Upgrade zookeeper to 3.9.3 to fix security vulnerability in presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi  in response to `CVE-2023-44981 <https://nvd.nist.gov/vuln/detail/cve-2023-44981>`_.

[BryanCutler]

LGTM pending tests

[aaneja]

JFYI - We do have an upgrade to Kafka dependencies as a WIP too -#24382
It should not impact this PR (tests seem to pass) cc : @ZacBlanco

[bibith4]

@aaneja The test case failures in this PR will be resolved once the Kafka upgrade PR is merged. The failures occur because the ZooKeeper client used in our Kafka connector doesn’t support newer versions of ZooKeeper. However, since newer versions of Kafka have fully removed support for ZooKeeper, these failures will disappear after the Kafka upgrade
cc : @ZacBlanco @imjalpreet

[steveburnett]

Thanks for the release note! Suggest adding a little description of the work done in the PR ("Upgrade zookeeper to 3.9.3") that results in fixing the security vulnerabilities.

== RELEASE NOTES ==

Security Changes
* Upgrade zookeeper to 3.9.3 to fix security vulnerability in presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi  in response to `CVE-2023-44981 <https://nvd.nist.gov/vuln/detail/cve-2023-44981>`_. :pr:`24403`

[bibith4]

Thanks for the release note! Suggest adding a little description of the work done in the PR ("Upgrade zookeeper to 3.9.3") that results in fixing the security vulnerabilities.

== RELEASE NOTES ==

Security Changes
* Upgrade zookeeper to 3.9.3 to fix security vulnerability in presto-accumulo, presto-delta,presto-hive,presto-kafka and presto-hudi  in response to `CVE-2023-44981 <https://nvd.nist.gov/vuln/detail/cve-2023-44981>`_. :pr:`24403`

@steveburnett Corrected. Please check

[aaneja]

Please edit your commit message as per our guidelines https://github.com/prestodb/presto/wiki/Review-and-Commit-guidelines#example-commit-message. You can add the CVE id this addresses to the commit message

[bibith4]

Please edit your commit message as per our guidelines https://github.com/prestodb/presto/wiki/Review-and-Commit-guidelines#example-commit-message. You can add the CVE id this addresses to the commit message

@aaneja modified the commit message by adding CVE id

[BryanCutler]

Couple of small issues

[steveburnett]

New release note guidelines as of last week: PR #24354 automatically adds links to this PR to the release notes. Please remove the manual PR link in the following format from the release note entries for this PR.

:pr:`12345`

I have updated the Release Notes Guidelines to remove the examples of manually adding the PR link.

[bibith4]

New release note guidelines as of last week: PR #24354 automatically adds links to this PR to the release notes. Please remove the manual PR link in the following format from the release note entries for this PR.

:pr:`12345`

I have updated the Release Notes Guidelines to remove the examples of manually adding the PR link.

@steveburnett Corrected . Please check

[steveburnett]

@steveburnett Corrected . Please check

Looks good, thanks!

[BryanCutler]

LGTM, pending tests

[ethanyzhang]

Hi @bibith4, what's the plan for this PR?

[ZacBlanco]

Can you explain why we're going this route vs updating the MiniAccumuloCluster? This seems like a lot of change just to support zookeeper. Is there an advantage to using this over mini accumulo cluster?

[bibith4]

@ZacBlanco We tried to address the vulnerability by upgrading the ZooKeeper version to 3.9.3. However, after the upgrade, the Accumulo test cases were failing because the ZooKeeper instance couldn't start. During our investigation, we found this pull request from Trino:
trinodb/trino#5598,
which uses Accumulo in Docker for unit testing. With this changes we tried running the tests using the presto-accumulo JAR, and they completed successfully.