Description
The outdated bcprov-jdk16 (which is full of vulnerabilities) triggers blackduck alerts, however, it's used only in test scope since TEZ-1832. The currently maintained artifact is bcprov-jdk15on, which covers current JDK versions up to JDK11.
So if tests (TestSecureShuffle) still pass, let's upgrade test scoped bouncy castle.