TA-3622: Downgrade AdmZip version

[promeris]

Description

Downgrade AdmZip library to a version where zip descriptors are not checked. The nested zips we are generating during config export/import commands create zips that don't contain descriptors, and the library we are using doesn't provide with any way to force zip descriptors to be written during exports. Issues were introduced with this PR

Downgrade will offer a temporary solution until either a fix is provided in the library itself, or otherwise we will need to switch libraries.

Ticket: https://celonis.atlassian.net/browse/TA-3622

Checklist

• I have self-reviewed this PR
• I have tested the change and proved that it works in different scenarios
  • Tested config export and config import
• I have updated docs if needed

[qmucolli]

I'm curious to understand how the extraction/import of zip happens in the team to team copy as I've also tested this flow locally and it seemed to be working fine.

On a side-note, there was a vulnerability reported with versions older than the latest version of adm-zip, can we make sure to run the SAST scan once this PR is merged to verify that we're not introducing new vulnerabilities?

[promeris]

I'm curious to understand how the extraction/import of zip happens in the team to team copy as I've also tested this flow locally and it seemed to be working fine.

On a side-note, there was a vulnerability reported with versions older than the latest version of adm-zip, can we make sure to run the SAST scan once this PR is merged to verify that we're not introducing new vulnerabilities?

Team to team copy is using the content-cli config export/import commands, and when testing through UI it's using a fixed version now and not auto-updating, so not a breaking change immediately, however when testing through only content-cli, you can bump into the issue with no present descriptor.

I can check the SAST scan after merging, since the actions currently don't provide with option to run a branch.