optimize: Update commons-lang to 3.18.0(#7666)

[yougecn]

GHSA-j288-q9x7-2f5v
Apache Commons Lang中存在未控制的递归漏洞。此问题影响Apache Commons Lang：从commons-lang:commons-lang 2.0到2.6版本，以及org.apache.commons:commons-lang3的3.0版本之前至3.18.0版本。ClassUtils.getClass(...)方法在处理非常长的输入时可能会抛出StackOverflowError。由于应用程序和库通常不会处理Error，因此StackOverflowError可能会导致应用程序停止运行。建议用户升级到版本3.18.0，该版本已修复此问题。

受影响的版本

Apache Commons Lang (commons-lang:commons-lang) 2.0 through 2.6
Apache Commons Lang (org.apache.commons:commons-lang3) 3.0 before 3.18.0
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Affected versions:

Apache Commons Lang (commons-lang:commons-lang) 2.0 through 2.6
Apache Commons Lang (org.apache.commons:commons-lang3) 3.0 before 3.18.0
How it could be?
upgrade commons-lang 2.6 to commons-lang3 3.18.0

[codecov]

Codecov Report

❌ Patch coverage is 44.44444% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.27%. Comparing base (4d58308) to head (ca7e9b9).
⚠️ Report is 16 commits behind head on 2.x.

Files with missing lines	Patch %	Lines
...che/seata/common/loader/EnhancedServiceLoader.java	0.00%	2 Missing ⚠️
...urce/exec/postgresql/PostgresqlInsertExecutor.java	50.00%	2 Missing ⚠️
...pi/fence/store/db/CommonFenceStoreDataBaseDAO.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##                2.x    #7667      +/-   ##
============================================
+ Coverage     61.21%   61.27%   +0.05%     
  Complexity      666      666              
============================================
  Files          1314     1314              
  Lines         49817    49817              
  Branches       5858     5858              
============================================
+ Hits          30497    30523      +26     
+ Misses        16575    16549      -26     
  Partials       2745     2745              

Files with missing lines	Coverage Δ
...che/seata/common/exception/ResourceBundleUtil.java	81.17% <ø> (ø)
...ommon/loader/EnhancedServiceNotFoundException.java	27.27% <ø> (ø)
...ava/org/apache/seata/config/FileConfiguration.java	59.34% <ø> (ø)
.../apache/seata/core/protocol/RegisterTMRequest.java	90.00% <ø> (ø)
...n/java/org/apache/seata/core/protocol/Version.java	79.06% <ø> (ø)
...ata/core/rpc/DefaultServerMessageListenerImpl.java	0.00% <ø> (ø)
...g/apache/seata/core/rpc/netty/NettyBaseConfig.java	78.78% <ø> (ø)
...he/seata/core/rpc/netty/TmNettyRemotingClient.java	77.51% <ø> (ø)
.../apache/seata/core/rpc/netty/grpc/GrpcDecoder.java	50.00% <ø> (ø)
...eata/core/rpc/processor/server/RegRmProcessor.java	13.51% <ø> (ø)
... and 16 more

... and 7 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[funky-eyes]

Why not change it to commons‑lang3?

[yougecn]

spring-boot-dependencies里面已经对commons-lang3做了版本管理，但它里面是<commons-lang3.version>3.12.0</commons-lang3.version>，只需要在 dependencies/pom.xml中指定<commons-lang3.version>3.18.0</commons-lang3.version>即可

[slievrly]

The client side does not strongly depend on Spring. This dependency should be added.

[slievrly]

LGTM

[slievrly]

Because of long time no progress, close it.