SWI-3723 [Snyk] Fix for 1 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/server/petstore/jaxrs-resteasy/default/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	com.fasterxml.jackson.datatype:jackson-datatype-jsr310: 2.17.1 -> 2.18.6 org.jboss.resteasy:resteasy-jackson2-provider: 3.13.0.Final -> 6.2.0.Final Major version upgrade No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This upgrade contains a significant major version jump for org.jboss.resteasy:resteasy-jackson2-provider from 3.13.0.Final to 6.2.0.Final, which introduces major breaking changes. The upgrade for jackson-datatype-jsr310 is minor and considered low-risk.

org.jboss.resteasy:resteasy-jackson2-provider (3.13.0.Final → 6.2.0.Final)

Risk: HIGH

This is a major version upgrade that requires significant code and dependency modifications. The primary breaking change is the migration from Java EE to Jakarta EE.

• Jakarta EE Namespace Migration: RESTEasy 6.x is compliant with Jakarta REST 3.1 (part of Jakarta EE 10), which uses the jakarta.* package namespace. Your application code must be updated from the old javax.ws.rs.* packages to the new jakarta.ws.rs.* packages. This is a source-level breaking change and will require a thorough migration.
• Java Version: RESTEasy 6.x is built for modern Java versions. While it may target Java 8 at compile time, it is designed for Jakarta EE 10 which typically requires Java 11 or newer.
• Module Separation: Support for Spring and MicroProfile have been moved out of the core RESTEasy project into their own dedicated modules (org.jboss.resteasy.spring:resteasy-spring, org.jboss.resteasy.microprofile:microprofile-rest-client). If you use these integrations, you will need to add these new dependencies.

Recommendation: This upgrade cannot be merged without a planned migration effort. Developers must update all JAX-RS imports to the new jakarta.* namespace and verify dependency changes related to Spring or MicroProfile integrations.

Source: RESTEasy 6.2 Upgrade Guide, RESTEasy Migration Documentation

com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (2.17.1 → 2.18.6)

Risk: LOW

This is a minor version upgrade. The release notes for Jackson 2.18 indicate no breaking changes for the jackson-datatype-jsr310 module. The changes consist of bug fixes, performance improvements, and updates to other non-core modules. No action is required for this dependency.

Source: Jackson 2.18 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.