SWI-3723 [Snyk] Security upgrade com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.17.1 to 2.21.2

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/java/microprofile-rest-client-outer-enum/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551	125	com.fasterxml.jackson.datatype:jackson-datatype-jsr310: 2.17.1 -> 2.21.2 No Path Found No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[bwappsec]

This is a minor version upgrade for jackson-datatype-jsr310 from 2.17.1 to 2.21.2. The updates consist primarily of bug fixes and feature enhancements.

Behavioral Change:

• A key change in version 2.21 is a bug fix for deserializing negative fractional timestamps. For example, a value like -1.000000001 is now deserialized correctly to 1969-12-31T23:59:58.999999999Z instead of the previous incorrect value. While this corrects a bug, it is a behavioral change that could impact systems relying on the old, incorrect behavior.

Other Changes:

• Version 2.19 included fixes for deserialization, round-tripping, and performance optimizations.
• Version 2.21 introduced the ability to specify a custom DateTimeFormatter for OffsetDateTime serialization and deserialization.

Recommendation:
Verify that your application's handling of negative fractional timestamps is not adversely affected by the bug fix. No other breaking API changes are documented in this range.

Source: Jackson 2.19 Release Notes, Jackson 2.21 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.