[Snyk] Fix for 1 vulnerabilities

[officialmofabs]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/server/petstore/java-undertow/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Information Exposure SNYK-JAVA-IOUNDERTOW-8501333	721	com.networknt:audit: 0.1.1 -> 1.5.26 com.networknt:info: 0.1.1 -> 1.5.26 com.networknt:security: 0.1.1 -> 1.5.26 com.networknt:server: 0.1.1 -> 1.5.26 Major version upgrade No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Summary by Sourcery

Bug Fixes:

• Upgrade Maven dependencies to address a high severity information exposure vulnerability.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR addresses a high-severity security vulnerability by upgrading multiple com.networknt dependencies from version 0.1.1 to 1.5.26. The change is implemented through a version update in the pom.xml file, which affects several framework components including audit, info, security, and server modules.

Class diagram for updated Maven dependencies

classDiagram
    class PomXml {
        <<Maven Dependency>>
        +String java.version
        +String project.build.sourceEncoding
        +String version.framework
        +String version.jackson
        +String version.jackson.databind
        +String version.slf4j
    }
    note for PomXml "Updated version.framework from 0.1.1 to 1.5.26"
    PomXml : version.framework = "1.5.26"

Loading

File-Level Changes

Change	Details	Files
Update framework version to address security vulnerability	Upgrade version.framework property from 0.1.1 to 1.5.26 Update com.networknt:audit dependency to version 1.5.26 Update com.networknt:info dependency to version 1.5.26 Update com.networknt:security dependency to version 1.5.26 Update com.networknt:server dependency to version 1.5.26	samples/server/petstore/java-undertow/pom.xml
Code formatting improvement in Maven Shade plugin configuration	Reformat transformer implementation declaration to single line	samples/server/petstore/java-undertow/pom.xml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
maven/com.networknt/[email protected]	eval	0	12.4 kB
maven/com.networknt/[email protected]	eval, unsafe	0	129 kB
maven/com.networknt/[email protected]	eval, filesystem	0	21.7 kB
maven/com.networknt/[email protected]	eval	0	12.7 kB
maven/com.networknt/[email protected]	eval	0	31.2 kB
maven/com.networknt/[email protected]	environment, eval, filesystem, unsafe	0	38.8 kB
maven/com.networknt/[email protected]	environment, eval, filesystem, network, unsafe	0	75.9 kB

🚮 Removed packages: maven/com.networknt/[email protected], maven/com.networknt/[email protected], maven/com.networknt/[email protected], maven/com.networknt/[email protected], maven/com.networknt/[email protected], maven/com.networknt/[email protected], maven/com.networknt/[email protected], maven/com.networknt/[email protected], maven/org.testng/[email protected], maven/org.threeten/[email protected], maven/org.tomitribe/[email protected], maven/org.webjars/[email protected], maven/org.wiremock/[email protected], maven/org.wso2.msf4j/[email protected], maven/software.amazon.awssdk/[email protected]

View full report↗︎