HBASE-27423 Upgrade hbase-thirdparty to 4.1.3 and upgrade Jackson for CVE-2022-42003/42004 (#4878)

Signed-off-by: Xin Sun <ddupgs@gmail.com>
(cherry picked from commit 07a3ffd)

Author: Apache9

hbase-protocol-shaded/pom.xml

@@ -34,7 +34,7 @@
     <!--Version of protobuf that hbase uses internally (we shade our pb)
          Must match what is out in hbase-thirdparty include.
     -->
-    <internal.protobuf.version>3.21.7</internal.protobuf.version>
+    <internal.protobuf.version>3.21.9</internal.protobuf.version>
   </properties>
   <dependencies>
     <!--BE CAREFUL! Any dependency added here needs to be

pom.xml

@@ -574,8 +574,8 @@
     <httpclient.version>4.5.13</httpclient.version>
     <httpcore.version>4.4.13</httpcore.version>
     <metrics-core.version>3.2.6</metrics-core.version>
-    <jackson.version>2.13.4</jackson.version>
-    <jackson.databind.version>2.13.4</jackson.databind.version>
+    <jackson.version>2.14.0</jackson.version>
+    <jackson.databind.version>2.14.0</jackson.databind.version>
     <jaxb-api.version>2.3.1</jaxb-api.version>
     <servlet.api.version>3.1.0</servlet.api.version>
     <wx.rs.api.version>2.1.1</wx.rs.api.version>
@@ -644,7 +644,7 @@
     <snappy.version>1.1.8.4</snappy.version>
     <xz.version>1.9</xz.version>
     <zstd-jni.version>1.5.0-4</zstd-jni.version>
-    <hbase-thirdparty.version>4.1.2</hbase-thirdparty.version>
+    <hbase-thirdparty.version>4.1.3</hbase-thirdparty.version>
     <!-- Intraproject jar naming properties -->
     <!-- TODO this is pretty ugly, but works for the moment.
       Modules are pretty heavy-weight things, so doing this work isn't too bad. -->