[FLINK-36449] Bump apache-rat-plugin

[r-sidd]

What is the purpose of the change

Bump apache-rat-plugin

Brief change log

Bump apache-rat-plugin from 0.12 to 0.16.1 to remediate the underlying vulnerabilities in the dependencies.

Vulnerabilities from dependencies:
CVE-2022-4245
CVE-2022-4244
CVE-2020-15250

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

• Dependencies (does it add or upgrade a dependency): yes
• The public API, i.e., is any changes to the CustomResourceDescriptors: no
• Core observer or reconciler logic that is regularly executed: no

Documentation

• Does this pull request introduce a new feature? no
• If yes, how is the feature documented? not applicable

[gyfora]

@r-sidd you have about 5 PRs open with one-liner changes, please put them together so we don't need to run the e2es again and again.

[r-sidd]

@r-sidd you have about 5 PRs open with one-liner changes, please put them together so we don't need to run the e2es again and again.

@gyfora I have two PRs open, each addressing a different scope of changes. Given that they are distinct, should I still consider merging them?

[gyfora]

Yes , simple dependency bumps can be done in one PR , open one jira with a list of changes and one PR.

[r-sidd]

Yes , simple dependency bumps can be done in one PR , open one jira with a list of changes and one PR.

Sure, that makes sense. Right now, one PR includes the version bump, and the other has the exclusion in the POM. I’ll attach for your reference.

#889

[r-sidd]

@gyfora thanks for merging 😃, I’ll make sure to include the dependency bumps in the same Jira moving forward.