SWI-3723 [Snyk] Fix for 1 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/java/jersey2-java8-localdatetime/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	com.fasterxml.jackson.core:jackson-core: 2.19.2 -> 2.21.1 com.fasterxml.jackson.core:jackson-databind: 2.19.2 -> 2.21.1 com.fasterxml.jackson.datatype:jackson-datatype-jsr310: 2.19.2 -> 2.21.1 org.glassfish.jersey.media:jersey-media-json-jackson: 2.37 -> 3.0.4 Major version upgrade No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This set of upgrades includes a major version increase for org.glassfish.jersey.media:jersey-media-json-jackson which introduces significant breaking changes. The Jackson library upgrades are minor and considered low risk.

High Risk

org.glassfish.jersey.media:jersey-media-json-jackson from 2.37 to 3.0.4

This is a major version upgrade that aligns with the transition from Java EE to Jakarta EE 9. This is a source-breaking change that requires developer action.

Breaking Changes:

• javax to jakarta Namespace Migration: The most critical change is the package namespace migration from javax.* to jakarta.*. All import statements in your code that reference Jersey or JAX-RS APIs must be updated. For example, javax.ws.rs.core.Application becomes jakarta.ws.rs.core.Application.
• Application Server Requirements: Jersey 3.x requires a servlet container that supports Jakarta EE 9. Compatible servers include Tomcat 10, Jetty 11, GlassFish 6, and others. Your deployment environment must be updated accordingly.
• Removed Jackson 1 Support: Support for the older Jackson 1.x has been completely removed.

Recommendation:
Before merging, you must update your application's source code to use the new jakarta.* package names. You must also ensure your deployment environment uses a compatible Jakarta EE 9 application server.

Source: Jersey 3.0 Migration Guide, Jersey 3.0.0 Release Notes

Low Risk

com.fasterxml.jackson.* from 2.19.2 to 2.21.1

These are minor version upgrades for the Jackson libraries.

• The updates consist primarily of bug fixes, performance improvements, and new non-breaking features.
• The Java baseline was raised from Java 6 to Java 8 in version 2.20.
• Version 2.21 is a Long-Term Support (LTS) release.
• There are no documented breaking API or behavioral changes in this range.

Source: Jackson 2.20 Release Notes, Jackson 2.21 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.