SWI-3723 [Snyk] Fix for 1 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/server/petstore/jaxrs-resteasy/eap-java8/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	com.fasterxml.jackson.datatype:jackson-datatype-jsr310: 2.9.9 -> 2.18.6 org.jboss.resteasy:resteasy-jackson2-provider: 3.0.11.Final -> 6.2.0.Final Major version upgrade No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This upgrade contains a major version jump for org.jboss.resteasy:resteasy-jackson2-provider from 3.x to 6.x, which introduces significant breaking changes. The com.fasterxml.jackson.datatype:jackson-datatype-jsr310 upgrade is considered low-risk.

org.jboss.resteasy:resteasy-jackson2-provider (3.0.11.Final → 6.2.0.Final)

Risk: HIGH

This is a substantial multi-version upgrade that requires significant developer action. The most critical change is the migration from Java EE to Jakarta EE, which happened in RESTEasy 6.0.

Key Breaking Changes:

• Jakarta Namespace Migration: RESTEasy 6.x is built on Jakarta RESTful Web Services 3.0, which means all package imports must be changed from javax.ws.rs.* to jakarta.ws.rs.*. [5, 8, 11] This is a mandatory, project-wide code change.
• Module Reorganization: Starting in RESTEasy 4.x, the core artifacts were restructured. [6] For example, resteasy-jaxrs was split into smaller modules like resteasy-core, resteasy-client, etc. This will require updates to your build dependencies.
• API and Provider Removals: Several RESTEasy-specific APIs (like @Suspend and AsynchronousResponse) and providers (resteasy-jettison-provider, resteasy-yaml-provider) were removed in version 4.x in favor of standard JAX-RS implementations. [6]

Recommendation: This upgrade cannot be completed without significant code and dependency modifications. Developers must perform a full migration of javax.* to jakarta.* imports and audit their build configuration to include the new RESTEasy 6.x module artifacts.

com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (2.9.9 → 2.18.6)

Risk: LOW

This is a minor version upgrade that spans several releases. Analysis of the changes between versions 2.9.9 and 2.18.6 indicates no major breaking API changes. The updates primarily consist of bug fixes, performance improvements, and new features. The module for supporting Java 8 java.time types is stable, and no code changes are expected for this upgrade. [16, 24]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.