SWI-3723 [Snyk] Fix for 1 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/client/echo_api/java/resteasy/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	com.fasterxml.jackson.core:jackson-core: 2.19.2 -> 2.21.1 com.fasterxml.jackson.core:jackson-databind: 2.19.2 -> 2.21.1 com.fasterxml.jackson.datatype:jackson-datatype-jsr310: 2.19.2 -> 2.21.1 org.jboss.resteasy:resteasy-jackson2-provider: 4.7.6.Final -> 6.2.0.Final Major version upgrade No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This upgrade includes a major version increase for org.jboss.resteasy:resteasy-jackson2-provider from 4.x to 6.x, which introduces significant breaking changes. The Jackson library upgrades are minor and considered low-risk.

High-Risk: org.jboss.resteasy:resteasy-jackson2-provider (4.7.6.Final → 6.2.0.Final)

The upgrade from RESTEasy 4.x to 6.x involves a major architectural shift to support Jakarta EE. This is a high-risk change that requires mandatory code and dependency modifications.

Key Breaking Changes:

• Jakarta EE Namespace Migration: RESTEasy 6.x implements Jakarta RESTful Web Services 3.1, which uses the jakarta.* package namespace instead of javax.*. All imports for JAX-RS APIs (e.g., javax.ws.rs.*) must be updated to jakarta.ws.rs.*.
• Moved Components: Several modules have been moved to separate projects with new Maven coordinates. If you use these, you must update your dependencies:
  • MicroProfile: Moved to org.jboss.resteasy.microprofile (e.g., microprofile-rest-client).
  • Spring: Moved to org.jboss.resteasy.spring:resteasy-spring.
  • RESTEasy Cache: Moved to org.jboss.resteasy.cache:cache-core.

Recommendation:
This upgrade requires a significant migration effort due to the javax to jakarta namespace change. Code must be refactored to use the new jakarta.* packages. Review your project's dependencies to identify and update any of the moved RESTEasy components.

Low-Risk: Jackson Libraries (2.19.2 → 2.21.1)

The upgrades for jackson-core, jackson-databind, and jackson-datatype-jsr310 are minor version changes. The release notes for version 2.21 indicate it is a small release containing mostly bug fixes and no major breaking changes. This is considered a safe and low-risk upgrade.

Source: RESTEasy 5.0 Release Notes, RESTEasy 6.2 Upgrade Guide, Jackson 2.21 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.