upgrade guava to 27.0.1

[mattnworb]

closes #1120

[davidxia]

Looks like findbugs errors.

[mattnworb]

Yeah I am confused on why those suddenly started to fail, but have not looked into it yet at all.

[tony--]

@mattnworb - is it necessary to bump findbugs in order to bump guava? I'm not challenging the change, I need to do this in my fork and am wondering why you did it here...

[mattnworb]

@tony— it isn’t findbugs itself but a jar containing jsr305 annotations that Guava depends on. The bump here is to avoid maven-enforcer-plugin complaining about a dependency wanting a higher version of a transitive dependency than the final build will use.

[tony--]

@mattnworb thanks for explaining. I sorta figured it out when I cloned the repo, bumped the version and tried it myself. I'm starting from 8.15.0 instead of master and got some other strange results from maven-enforcer-plugin:

+-com.spotify:docker-client:8.15.0
+-com.fasterxml.jackson.core:jackson-databind:2.9.8
+-com.fasterxml.jackson.core:jackson-annotations:2.9.0
and
+-com.spotify:docker-client:8.15.0
+-org.glassfish.jersey.media:jersey-media-json-jackson:2.28
+-com.fasterxml.jackson.core:jackson-annotations:2.9.8
and
+-com.spotify:docker-client:8.15.0
+-com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:2.9.8
+-com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.9.8
+-com.fasterxml.jackson.core:jackson-annotations:2.9.0

In addition to your changes, I bumped jersey to 2.28 (because, I believe, 2.22.2 pulls in jersey-repackaged-guava which includes a vulnerable version of guava) and added org.glassfish.hk2:hk2-api 2.5.0 which is needed for jersey 2.28.

All just FYI

[tony--]

Also fixes #1167 (which was opened to replace #1120 which was closed as stale)