SWI-3723 [Snyk] Fix for 1 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/client/echo_api/java/resttemplate/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	com.fasterxml.jackson.core:jackson-core: 2.19.2 -> 2.21.1 com.fasterxml.jackson.core:jackson-databind: 2.19.2 -> 2.21.1 com.fasterxml.jackson.datatype:jackson-datatype-jsr310: 2.19.2 -> 2.21.1 com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider: 2.19.2 -> 2.21.1 No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This is a minor version upgrade for the Jackson library suite from 2.19.2 to 2.21.1. The risk is assessed as medium due to an increase in the minimum required Java version and a change in artifact versioning that may require build configuration updates.

Key Changes:

• Java Version Requirement: As of version 2.20.0, Jackson requires Java 8 or later, dropping support for Java 6. [2] Environments still using Java 7 or older will need to be upgraded.
• Artifact Versioning Change: Starting with version 2.20, the jackson-annotations artifact no longer uses a patch version (e.g., the version is 2.20, not 2.20.0). [1, 2, 3] This may impact dependency management configurations that do not use a Bill of Materials (BOM) and have hardcoded versions.
• Kotlin Module Breaking Change: For users of the jackson-module-kotlin, version 2.21.0 removes the deprecated MissingKotlinParameterException and the old StrictNullChecks backend. [5] This is a breaking change for code that specifically relied on that exception.
• New Features: The upgrade introduces several new features, including a new MapperFeature for handling fields with uppercase prefixes (disabled by default) and new annotations like @JsonDeserializeAs and @JsonSerializeAs. [1, 4, 5]

Recommendation:

• Verify that your project is running on Java 8 or a newer version.
• Check your build files to ensure the version change for jackson-annotations is handled correctly. Using the jackson-bom is the recommended approach to manage compatible versions across all Jackson modules.
• If using the Kotlin module, review any code that may be affected by the removal of deprecated classes.

Source: Jackson 2.20 Release Notes, Jackson 2.21 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.