SpringBoot Update Jersey to 2.34

Address CVE-2021-28168

Comment From: snicoll

Thanks for the PR but the template states the following for dependency upgrades:

Please do not open a pull request for a straightforward dependency upgrade (one that only updates the version property). We have a semi-automated process for such upgrades that we prefer to use. However, if the upgrade is more involved (such as requiring changes for removed or deprecated API) your pull request is most welcome.

We'll upgrade to Jersey 2.34 in due course.

Comment From: DieBauer

Thanks for the pointer. I created this PR because of the listed CVE, and the fact that jersey 2.34 is out since more than 5 weeks. https://github.com/eclipse-ee4j/jersey/releases/tag/2.34

At what interval is the project updating 3rd party dependencies?

Comment From: philwebb

@DieBauer We cover a bit of this on the wiki https://github.com/spring-projects/spring-boot/wiki/Supported-Versions#third-party-dependencies. We'd usually expect patch releases of third-party dependencies to be made available to solve CVEs, but it seems like Jersey aren't planning a 2.33.1 version.