Bump JENA to deal with CVE-2021-29349 (#3063)

hapi-fhir-base/src/main/java/ca/uhn/fhir/parser/RDFParser.java

@@ -27,6 +27,8 @@ import ca.uhn.fhir.rest.api.EncodingEnum;
 import ca.uhn.fhir.util.rdf.RDFUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.jena.datatypes.xsd.XSDDatatype;
+import org.apache.jena.irix.IRIs;
+import org.apache.jena.irix.SetupJenaIRI;
 import org.apache.jena.rdf.model.*;
 import org.apache.jena.riot.Lang;
 import org.apache.jena.riot.system.IRIResolver;
@@ -175,7 +177,8 @@ public class RDFParser extends BaseParser {
 			if (!resource.getIdElement().toUnqualified().hasIdPart()) {
 				parentResource = rdfModel.getResource(null);
 			} else {
-				String resourceUri = IRIResolver.resolve(resource.getIdElement().toUnqualified().toString(), uriBase).toString();
+
+				String resourceUri = IRIs.resolve(uriBase, resource.getIdElement().toUnqualified().toString()).toString();
 				parentResource = rdfModel.getResource(resourceUri);
 			}
 			// If the resource already exists and has statements, return that existing resource.

pom.xml

@@ -791,7 +791,7 @@
         <jaxb_api_version>2.3.1</jaxb_api_version>
         <jaxb_core_version>2.3.0.1</jaxb_core_version>
         <jaxb_runtime_version>3.0.0</jaxb_runtime_version>
-        <jena_version>3.17.0</jena_version>
+        <jena_version>4.2.0</jena_version>
         <jersey_version>3.0.0</jersey_version>
         <jetty_version>9.4.43.v20210629</jetty_version>
         <jsr305_version>3.0.2</jsr305_version>