HIVE-28693: Upgrade Atlas to 2.4.0 & spring-ldap-core to 2.4.4

[basapuram-kumar]

What changes were proposed in this pull request?

Upgrading the Atlas to 2.4.0, details are in-detailed at HIVE-28693

Why are the changes needed?

This change will fix the CVE-2023-20863.
And
Upgrading to Apache Atlas 2.4.0 will not only resolve the vulnerability but also ensure alignment of spriongframework with Apache Hive, which uses Spring Framework 5.3.39. This version of Spring Framework is included transitively by Hive.

Does this PR introduce any user-facing change?

No

Is the change a dependency upgrade?

Yes

How was this patch tested?

Adding the image for packaged jars and the dependency tree for Spring

And complete dependency tree
hive_28693_dependency_tree.log

[Aggarwal-Raghav]

@basapuram-kumar, thanks for PR

1. please attach dependency tree in the PR temaplate and set Is the change a dependency upgrade? to 'Yes'
2. During packaging spring-beans 5.3.21 is still coming from spring-ldap-core dependency. Hence, based on your explanation on the JIRA ticket CVE still exists!! If possible, can you check if we can upgrade that as well.

[Aggarwal-Raghav]

I just checked why spring-bean 5.3.21 didn't appear during #5435. Looks like HIVE-28540 was merged during the same time and due to it, screenshot of lib dir and dependency tree attached in #5435 became stale.

[basapuram-kumar]

Thanks for the review @Aggarwal-Raghav. Sure , will take it up and let you know with requested changes.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[basapuram-kumar]

Hello @Aggarwal-Raghav ,

Added the suggested one's. Could you please review.

[Aggarwal-Raghav]

I would suggest to change the title of JIRA and commit message to include upgrade spring ldap core as well. Otherwise,

LGTM +1 (non-binding).