[Snyk] Fix for 1 vulnerabilities#10
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551
|
This upgrade includes a major version increase for Spring Boot from 2.x to 3.x, which introduces significant and mandatory breaking changes. The Jackson library upgrades, while minor versions, also contain notable behavioral changes and require attention. 1. org.springframework.boot:spring-boot-starter-web (2.7.18 → 3.5.13)Risk: HIGH This is a major upgrade that requires significant developer action. The migration from Spring Boot 2.x to 3.x is a substantial undertaking. Key Breaking Changes:
Recommendation: This upgrade cannot be handled as a simple dependency bump. A dedicated migration effort is required. Developers must:
Source: Spring Boot 3.0 Migration Guide, Spring Framework 6.0 Release Notes 2. Jackson Libraries (databind, dataformat-xml, dataformat-yaml) (2.9.9 → 2.21.2)Risk: MEDIUM While these are minor version upgrades, the wide version span introduces several behavioral changes and new defaults that could impact applications at runtime. Key Changes:
|
Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551
2.9.9->2.21.2com.fasterxml.jackson.dataformat:jackson-dataformat-xml:
2.9.9->2.21.2com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:
2.9.9->2.21.2Major version upgradeNo Path FoundNo Known ExploitBreaking Change Risk
Vulnerabilities that could not be fixed
org.springframework.boot:spring-boot-starter-web@2.7.18toorg.springframework.boot:spring-boot-starter-web@3.5.13; Reasoncould not apply upgrade, dependency is managed externally; Location:https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.7.18/spring-boot-dependencies-2.7.18.pomImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling