[SPARK-56318][BUILD][4.1] Upgrade jackson to 2.21.2

[manuzhang]

What changes were proposed in this pull request?

Fixes vulnerability GHSA-72hv-8253-57qq

Why are the changes needed?

jackson-core 2.20.0 is affected.

Does this PR introduce any user-facing change?

No.

How was this patch tested?

Existing tests.

Was this patch authored or co-authored using generative AI tooling?

No.

[manuzhang]

@dongjoon-hyun @pan3793 Please help take a look, thanks!

[pan3793]

We generally don't upgrade minor versions of dependencies in the release branches. Is it possible to have a patched Jackson 2.20.x? Or is Jackson 2.21 fully compatible(e.g., no default behavior change, no removal of deprecated API) with 2.20?

cc @pjfanning, could you provide some info?

[manuzhang]

@pan3793 Looking at the release notes, there is only one patch between 2.20.0 and 2.21. Also, 2.21.1 is the patched version for affected versions >= 2.19.0, < 2.21.1.

[pan3793]

@manuzhang Jackson has a dozen code repos ... the CI failure is likely caused by jackson-module-scala pulling a new Scala version.

[pjfanning]

Jackson 2.21 is LTS while 2.20 is not. 2.21.3 has been released.

[pan3793]

Jackson 2.21 is LTS while 2.20 is not.

Alright, I used to think that Jackson's minor versions have the same support policy ...

cc @holdenk @dongjoon-hyun, do we want to accept such an upgrade for branch-4.1