Motivation

The current dependency versions are a bit out-of-date, some have CVEs:

• https://curl.se/docs/vuln-8.13.0.html
• https://www.cvedetails.com/version/2031779/Openssl-Openssl-3.5.0.html

Some are not maintained, e.g. protobuf 3.x reached the end of support since Mar 2024: https://protobuf.dev/support/version-support/#cpp

Modifications

• Bump all dependencies to latest versions of vcpkg.
• Remove the patch on libcurl specially for macOS. Accordingly, fix the curl_global_init failure due to the static variable initialization might happen before the Apple framework is loaded.
• Fix the issue that vcpkg cache never works (because there is a newline in key)
• Add vcpkg cache for non-Windows workflows
• Fix the fat static library build scripts for latest dependencies

Breaking Change

Now the libpulsarwithdeps.a on macOS requires linking to the CoreFoundation and SystemConfiguration Apple frameworks. Before this change, this extra dependencies were excluded by applying a patch to disable IPv6 when building libcurl. However, the latest protobuf introduces the abseil dependency, which requires the Apple framework again.

It's common for low level libraries to depend on Apple frameworks, which cannot be packaged together with static libraries. For downstream applications like pulsar-client-node, we should add these links to the link options.