SWI-3723 [Snyk] Fix for 1 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/java/feign-no-nullable/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	com.fasterxml.jackson.core:jackson-core: 2.17.1 -> 2.18.6 com.fasterxml.jackson.core:jackson-databind: 2.17.1 -> 2.18.6 com.fasterxml.jackson.datatype:jackson-datatype-jsr310: 2.17.1 -> 2.18.6 No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This is a minor version upgrade for the Jackson suite of libraries from 2.17.1 to 2.18.6. While there are no major, explicitly documented API breaking changes, this release contains significant internal modifications and a few behavioral changes that warrant a medium risk assessment.

Key Changes:

• Property Introspection Rewrite: The jackson-databind module underwent a major internal rewrite of its property introspection logic. [4] This was done to resolve long-standing bugs, but such a significant change carries a risk of subtle, unintended behavioral shifts. Several regressions were found and fixed in the patch versions leading up to 2.18.6. [2, 3, 7]
• Kotlin Support: Support for Kotlin version 1.7.x has been dropped. Projects using Kotlin must be on version 1.8, 1.9, or 2.0. [1, 10]
• Behavioral Change (UTF-8 Encoding): A bug was fixed in jackson-core where supplementary Unicode characters were incorrectly written as a surrogate pair. They are now correctly written using a 4-byte UTF-8 encoding. [1] This could affect systems that were inadvertently relying on the previous incorrect behavior.

Recommendation:
Due to the significant internal changes in jackson-databind and the specific behavioral change in character encoding, thorough regression testing of serialization and deserialization logic is strongly recommended to ensure compatibility.

Source: Jackson 2.18 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.