SWI-3723 [Snyk] Fix for 1 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/openapi3/client/petstore/spring-cloud-oas3-fakeapi/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	org.springdoc:springdoc-openapi-ui: 1.6.14 -> 1.7.0 No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

Vulnerabilities that could not be fixed

• Upgrade:
  • Could not upgrade com.fasterxml.jackson.datatype:jackson-datatype-jsr310@2.13.4 to com.fasterxml.jackson.datatype:jackson-datatype-jsr310@2.18.6; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/com/fasterxml/jackson/jackson-bom/2.13.4.20221013/jackson-bom-2.13.4.20221013.pom

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This update includes a minor version bump for springdoc-openapi-ui which introduces a potential breaking change for specific configurations, and a minor update for jackson-datatype-jsr310.

springdoc-openapi-ui 1.6.14 → 1.7.0

Risk: Medium

This upgrade to version 1.7.0 is the last feature release that supports Spring Boot 2.x before version 2.x of the library moves to require Spring Boot 3. [11, 17]

Potential Breaking Change:
A bug was introduced in version 1.7.0 that can cause the Swagger UI to become unavailable (404 Not Found) if you are using a statically provided OpenAPI specification and have set the property springdoc.api-docs.enabled=false. [12] This is a behavioral change that could impact environments with this specific setup.

Recommendation:
If you rely on a static OpenAPI file for the Swagger UI, you should verify its functionality after this upgrade. If you encounter a 404 error, you may need to wait for a patch release or adjust your configuration.

com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.13.4 → 2.18.6

Risk: Low

This is a minor version upgrade within the same major series. The release notes for Jackson 2.18 do not indicate any breaking API changes for the jackson-datatype-jsr310 module itself. [16] The changes primarily consist of bug fixes, performance improvements, and features for other Jackson modules.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.