HADOOP-16905. Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches. (#1876)

hadoop-client-modules/hadoop-client-runtime/pom.xml

@@ -339,6 +339,13 @@
                         <exclude>**/pom.xml</exclude>
                       </excludes>
                     </relocation>
+                    <relocation>
+                      <pattern>javax/xml/bind/</pattern>
+                      <shadedPattern>${shaded.dependency.prefix}.javax.xml.bind.</shadedPattern>
+                      <excludes>
+                        <exclude>**/pom.xml</exclude>
+                      </excludes>
+                    </relocation>
                     <relocation>
                       <pattern>net/</pattern>
                       <shadedPattern>${shaded.dependency.prefix}.net.</shadedPattern>

hadoop-project/pom.xml

@@ -71,8 +71,8 @@
 
     <!-- jackson versions -->
     <jackson.version>1.9.13</jackson.version>
-    <jackson2.version>2.9.10</jackson2.version>
+    <jackson2.version>2.10.3</jackson2.version>
-    <jackson2.databind.version>2.9.10.3</jackson2.databind.version>
+    <jackson2.databind.version>2.10.3</jackson2.databind.version>
 
     <!-- httpcomponents versions -->
     <httpclient.version>4.5.6</httpclient.version>