[Snyk] Fix for 1 vulnerabilities

[philvarner-snyk]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• todolist-goof/todolist-web-common/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	com.fasterxml.jackson.core:jackson-core: 2.6.5 -> 2.18.6 com.fasterxml.jackson.core:jackson-databind: 2.6.5 -> 2.18.6 No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[philvarner-snyk]

This is a major upgrade for jackson-core and jackson-databind from version 2.6.5 to 2.18.6, spanning numerous minor releases. This update introduces significant breaking changes, requires a Java runtime update, and changes default behaviors that could impact applications.

Key Breaking Changes:

• Java Version Requirement: The minimum Java version is increased. Version 2.8 requires Java 7, and version 2.13 raises the baseline to Java 8 for jackson-databind. Version 2.14 raises the baseline to Java 8 for jackson-core as well.
• Source Incompatible TypeReference Change (v2.10): Generic type assignment for mapper.readValue() using a TypeReference is now stricter. Code that previously compiled may now fail with a compilation error if the generic types do not align perfectly. While binary-compatible, this is a source-incompatible change that requires code modification.
• Safe Default Typing (v2.10): To address security vulnerabilities (CVEs), the enableDefaultTyping() method has been deprecated and replaced with safer alternatives (activateDefaultTyping()). Usages of the old method must be updated.
• Jakarta Namespace (v2.13): To support the transition from javax.* to jakarta.* namespaces, Jackson introduced new modules with a jakarta classifier (e.g., for JAXB and JAX-RS). If you use these integrations, you will need to update your dependencies to the correct artifact.
• **`

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[philvarner-snyk]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.