SWI-3723 [Snyk] Fix for 1 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/server/petstore/kotlin/vertx/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	io.vertx:vertx-core: 3.9.12 -> 4.0.0 io.vertx:vertx-web-api-contract: 3.9.12 -> 4.4.1 Major version upgrade No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This upgrade to Vert.x 4.x involves two major version updates with significant breaking changes that require mandatory code modifications. Both vertx-core and vertx-web-api-contract have undergone fundamental API changes.

io.vertx:vertx-core (3.9.12 → 4.0.0)

This is a major upgrade with several breaking changes to core components:

• Asynchronous Operations: Vert.x 4 introduces a Future-based model for asynchronous operations alongside the classic callback approach. The Future.completer() method has been removed, as Future now directly implements the Handler interface. [1]
• HTTP Client: The HttpClientRequest.connectionHandler() method has been removed. You must now use HttpClient.connectionHandler() to set a connection handler for client requests. [1]
• WebSockets: The synchronous HttpServerRequest.upgrade() method is removed. The new asynchronous HttpServerRequest.toWebSocket() method should be used instead. [1]
• Stream API: The write() and end() methods on WriteStream are no longer fluent and now return void, which breaks method chaining. [1]
• Event Bus: MessageProducer no longer extends WriteStream, and its send() methods have been removed in favor of write(). [1]

io.vertx:vertx-web-api-contract (3.9.12 → 4.4.1)

This module has been largely replaced, requiring a migration to new modules:

• Module Replacement: Functionality from vertx-web-api-contract has been split. For OpenAPI-based development, you must migrate to vertx-web-openapi. For general HTTP request validation, use the new vertx-web-validation module. [1, 8]
• Migration Path: The official migration guide explicitly states that applications using vertx-web-api-service must migrate to the vertx-web-openapi module, as it does not support the old vertx-web-api-contract. [1]

Recommendation: These upgrades will require significant refactoring. Developers must carefully follow the official Vert.x 3 to 4 migration guide to adapt their applications to the new APIs and modules. A simple version bump will result in compilation and runtime errors.

Source: Vert.x 3 to 4 Migration Guide [1, 3, 5]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

⛔ Snyk checks have failed. 1 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (1)
⛔	Open Source Security	0	1	0	0	1 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.