Update dependency org.glassfish.jersey.media:jersey-media-json-jackson to v2.30.1 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
org.glassfish.jersey.media:jersey-media-json-jackson (source)	minor	2.27 -> 2.30.1

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	9.8	CVE-2019-10202	#41
High	9.8	CVE-2019-14379	#61
High	9.8	CVE-2019-14540	#2
High	9.8	CVE-2019-14892	#58
High	9.8	CVE-2019-14893	#55
High	9.8	CVE-2019-16335	#18
High	9.8	CVE-2019-16942	#36
High	9.8	CVE-2019-16943	#38
High	9.8	CVE-2019-17267	#21
High	9.8	CVE-2019-17531	#4
High	9.8	CVE-2019-20330	#66
High	9.8	CVE-2020-8840	#37
High	9.8	CVE-2020-9546	#60
High	9.8	CVE-2020-9547	#62
High	9.8	CVE-2020-9548	#63
High	8.8	CVE-2020-10672	#71
High	8.8	CVE-2020-10673	#72
High	8.8	CVE-2020-10968	#25
High	8.8	CVE-2020-10969	#26
High	8.8	CVE-2020-11111	#43
High	8.8	CVE-2020-11112	#46
High	8.8	CVE-2020-11113	#45
High	8.1	CVE-2020-11619	#20
High	8.1	CVE-2020-11620	#30
High	8.1	CVE-2020-14060	#50
High	8.1	CVE-2020-14061	#52
High	8.1	CVE-2020-14062	#54
High	8.1	CVE-2020-14195	#73
High	8.1	CVE-2020-24616	#48
High	8.1	CVE-2020-24750	#56
High	8.1	CVE-2020-35490	#89
High	8.1	CVE-2020-35491	#93
High	8.1	CVE-2020-35728	#84
High	8.1	CVE-2020-36179	#98
High	8.1	CVE-2020-36180	#88
High	8.1	CVE-2020-36181	#87
High	8.1	CVE-2020-36182	#91
High	8.1	CVE-2020-36183	#90
High	8.1	CVE-2020-36184	#94
High	8.1	CVE-2020-36185	#92
High	8.1	CVE-2020-36186	#96
High	8.1	CVE-2020-36187	#95
High	8.1	CVE-2020-36188	#86
High	8.1	CVE-2020-36189	#85
High	8.1	CVE-2021-20190	#97
High	7.5	CVE-2019-12086	#3
High	7.5	CVE-2019-14439	#22
High	7.5	CVE-2020-25649	#83
Medium	5.9	CVE-2019-12384	#32
Medium	5.9	CVE-2019-12814	#24

---

Release Notes

eclipse-ee4j/jersey

v2.30.1

Compare Source

[Issue 4369] - NettyConnectorProvider (jersey-netty-connector) doesn't send query parameters in the Get Request

[Issue 4380] - Jersey 2.30 does not work on JDK 11

[Issue 4388] - Jerey 2.30 breaks HK2 AbstractBinder injection in Features

[Pull 4339] - Adopt Jackson 2.10.1

[Pull 4364] - Updated checkstyle plugin to latest 3.1.0

[Pull 4366] - Multi release sources

[Pull 4371] - Jersey Configuration documentation

[Pull 4373] - Fixed stacktraces caused by incorrect JNDI lookup

[Pull 4376] - [#​3651] Broken links in examples README files

[Pull 4377] - [#​3726] Typo in preface

[Pull 4378] - [#​3720] Incorrect method in the documentation

[Pull 4386] - Fix #​4380 - Jersey 2.30 does not work on JDK 11

[Pull 4387] - netty connector/container modifications

[Pull 4390] - Fix #​3433 - Multiple cookies with same name are not supported

[Pull 4393] - Query parameters were not included in netty URI

[Pull 4394] - Allow HK2 AbstractBinder class to bind before the Feature is called

[Pull 4396] - Preparation for GF 6

v2.30

Compare Source

[Issue 4245] - Java 11 java.desktop module dependency

[Issue 4256] - HK2 AbstractBinders are configured twice

[Issue 4266] - Fix HeaderDelageProvider functionality

[Issue 4294] - Inefficient access of LinkedList in Resource$Builder.mergeResources

[Issue 4302] - Jetty 9.4.22 QueuedThreadPool compatibility

[Issue 4304] - ResourceConfig not properly using specified ClassLoader

[Issue 4325] - Build Jersey on JDK13

[Issue 4336] - Allow to use a connector with RESTClient

[Issue 4344] - Jersey 2.29 AbstractBinder.configure() called twice

[Pull 4254] - Wiremock does not run now when skipTests property is set as true

[Pull 4258] - Loading keystore resource if location starts with /

[Pull 4260] - Jersey documentation scripts

[Pull 4268] - Use locale insensitive case changes to ensure user code doesn't break…

[Pull 4271] - Do not handle already handled requests on Jetty

[Pull 4272] - AsyncInvocationinverceptors not properly created for each request

[Pull 4273] - DocBook fixes

[Pull 4274] - JsonBindingProvider provides JSON-B (not Jackson)

[Pull 4275] - Throwing NoContentException when InputStream is empty

[Pull 4276] - Allow for using HeaderDelegateProvider service

[Pull 4277] - HK2 to skip fields injected by CDI in non bean-defining-annotated beans

[Pull 4279] - Update ASM to 7.2

[Pull 4280] - Move CDI integration tests to a common CDI-Integration module

[Pull 4283] - Enable to use AsyncInvoker in Rx client

[Pull 4290] - release notes maven plugin (for Jersey)

[Pull 4291] - Ignore tests of container-runner-maven-plugin on Windows

[Pull 4292] - Assure that exception in async interceptor doesn't prevent completion

[Pull 4296] - exclude javax.validation-api from bean validation dependency

[Pull 4298] - Take Hk2CustomBoundTypesProvider into an account

[Pull 4300] - Performance improvement in Resource.Builder#mergeResources

[Pull 4301] - New client PreInvocationInterceptor and PostInvocationInterceptor SPI

[Pull 4303] - Make JettyConnectorThreadPool#newThread public to comply with latest Jetty

[Pull 4306] - Fixes #​4304: ResourceConfig not properly using specified ClassLoader

[Pull 4307] - Use Spring Context 4 in the Spring integration test

[Pull 4309] - Spring 5 integration tests

[Pull 4312] - Rewritten Netty Jersey implementation using direct ByteBuf consumption

[Pull 4313] - new InvocationBuilderListener SPI

[Pull 4314] - Override HK2 dependency versions with versions used in Jersey

[Pull 4317] - Added deprecated methods back to retain backwards compatibility

[Pull 4318] - Close SseEventSink at the end of the example

[Pull 4327] - Allow to use additional properties with security manager/4323

[Pull 4338] - Fix issues with ChunkedInputStream when using Apache Connector

[Pull 4341] - Build Jersey on JDK13

[Pull 4342] - Allow to disable certain default providers

[Pull 4347] - ConnectorProvider support added to mp rest client

[Pull 4349] - Prevent HK2 AbstractBinder from being configured twice.

[Pull 4350] - Updated versions of 3rd party content

[Pull 4352] - Replace an Exception thrown with BAD_REQUEST

[Pull 4353] - OSGI groupId fix

[Pull 4358] - initialize legal.source.folder property by plugin

[Pull 4359] - Fix check style

[Pull 4360] - Legal files for common

[Pull 4361] - Properties and plugin change of examples module for legal files

v2.29.1

Compare Source

Issues and Pull Requests

• [Pull 4243] - Fixes #​4239 MediaType in method parameter not overridden by annotation
• [Pull 4240] - Jakarta api integration
• [Pull 4238] - Provide an Apache HttpClientBuilder configuration callback
• [Pull 4236] - Issue 4208 - Fails to inject SecurityContext into Helloworld-CDI2-SE example
• [Pull 4235] - Fix issue with OSGi when having package name starting with "class"
• [Pull 4234] - Updated HK2 version
• [Pull 4233] - Enable Spring4 integration test again
• [Pull 4227] - Using configured executor service for client.
• [Pull 4225] - Add an option to not register the Jackson's ExceptionMappers by JacksonFeature
• [Pull 4224] - Upgrade of MP Rest client to 1.3.3.
• [Pull 4222] - Fix NettyInputStream ByteBuf leak
• [Pull 4221] - Better specify HK2 and Spring dependencies
• [Issue 4214] - Jersey with Jackson exposes that fact to a potential attacker sending misformed JSON data
• [Pull 4212] - Update Apache HTTP Client to 4.5.9
• [Pull 4206] - Fixed: Various bugs in Helloworld CDI SE Example
• [Pull 4204] - Prevent race condition in entity filtering
• [Pull 4203] - Removed invalid email addresses
• [Pull 4202] - Added support for Apache HTTP Client ConnectionKeepAliveStrategy and ConnectionReuseStrategy
• [Pull 4201] - Upgrade jetty to version 9.4.17.v20190418
• [Issue 4200] - JacksonFeature ExceptionMappers leaks implementation details
• [Issue 4189] - Jersey Entity Filter Threads Racing issue leads to Corrupted Entity Graph and Object Graph
• [Issue 4187] - Race condition in EntityFiltering
• [Issue 4184] - Spring5 missing in BOM
• [Pull 4178] - Fixes #​3997 : Make SupplierFactoryBridge thread-safe.
• [Issue 4177] - OsgiRegistry classToBundleMapping does not store classes for packages containing .class correctly

v2.29

Compare Source

Issues and Pull Requests

• [Issue 4158] - Tests in jdk-http fail on windows/jdk8
• [Pull 4144] - Update Jackson to 2.9.9
• [Pull 4143] - fix for JAX-RS SPI resource finder
• [Issue 4134] - Fix ValidationErrorMessageBodyWriter
• [Issue 4119] - Path annotation of different methods are interfering
• [Pull 4112] - Filter synthetic methods from the resource - bug #​4005 fix
• [Issue 4111] - Return a possibility to use HK2 AbstractBinder in Jersey
• [Issue 4110] - Create a way to better configure Jersey
• [Issue 4109] - Separate tests depending on jMockit into separate test submodule
• [Issue 4099] - @​Priority is not always picked up correctly for JAX-RS providers
• [Issue 4092] - Provider registered to Hk2InjectionManager cannot be process because of incompatible type
• [Pull 4086] - MP rest client 1.2.1 implementation
• [Issue 4082] - JerseyClientBuilder modifies Map content during provider registration
• [Pull 4079] - Update hk2 osgi-resource-locator to latest 1.0.3 version
• [Issue 4068] - EncodingFilter handles 'Accept-Encoding' header with empty String awkwardly
• [Pull 4067] - Build core-common on JDK 11
• [Pull 4055] - Enable @​ConstrainedTo on Features
• [Issue 3992] - CDI Bean created (but fails) when interface has @​Path annotation
• [Pull 3983] - Upgrade Netty and expose Netty Context
• [Pull 3979] - Cleanup old JDK collection compatibility classes
• [Pull 3844] - MicroProfile REST Client v1.1 support
• [Issue 3796] - Jersey creates multiple provider instances if a class implements more than one provider interface
• [Issue 3670] - Broken ParamConverterProvider ordering in 2.26

---

• If you want to rebase/retry this PR, click this checkbox.