apache-pulsar/4.1.2-r0: cve remediation (#76087)

apache-pulsar/4.1.2-r0: fix GHSA-84h7-rjj3-6jx4
<!--ci-cve-scan:must-fix: GHSA-84h7-rjj3-6jx4-->


Advisory data:
https://github.com/wolfi-dev/advisories/blob/main/apache-pulsar.advisories.yaml

---

### "Breadcrumbs" for this automated service

- **Source Code:** https://go/cve-remedy-automation-source
- **Logs:** https://go/cve-remedy-automation-logs
- **Docs:** _(not provided yet)_


Inspected git repositories: https://github.com/apache/pulsar@v4.1.2

---------

Signed-off-by: Ankush Pathak <ankush.pathak@chainguard.dev>
Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
Co-authored-by: Ankush Pathak <ankush.pathak@chainguard.dev>

Author: octo-sts[bot]

apache-pulsar.yaml

@@ -1,7 +1,7 @@
 package:
   name: apache-pulsar
   version: "4.1.2"
-  epoch: 0 # GHSA-h5fg-jpgr-rv9c
+  epoch: 1 # GHSA-84h7-rjj3-6jx4
   description: Pulsar is a distributed pub-sub messaging platform with a very flexible messaging model and an intuitive client API.
   copyright:
     - license: Apache-2.0

apache-pulsar/pombump-properties.yaml

@@ -1,3 +1,5 @@
 properties:
   - property: jersey.version
     value: "2.46"
+  - property: netty.version
+    value: "4.1.129.Final"