SWI-3723 [Snyk] Fix for 2 vulnerabilities

[bwappsec]

Snyk has created this PR to fix 2 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/server/petstore/java-undertow/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Improper Validation of Syntactic Correctness of Input SNYK-JAVA-IOUNDERTOW-14908846	161	com.networknt:audit: 0.1.1 -> 1.5.26 com.networknt:info: 0.1.1 -> 1.5.26 com.networknt:security: 0.1.1 -> 1.5.26 com.networknt:server: 0.1.1 -> 1.5.26 Major version upgrade No Path Found No Known Exploit
	Memory Leak SNYK-JAVA-IOUNDERTOW-7433721	40	com.networknt:audit: 0.1.1 -> 1.5.26 com.networknt:info: 0.1.1 -> 1.5.26 com.networknt:security: 0.1.1 -> 1.5.26 com.networknt:server: 0.1.1 -> 1.5.26 io.undertow:undertow-core: 2.3.17.Final -> 2.3.18.Final Major version upgrade No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Memory Leak

[bwappsec]

The upgrade of com.networknt packages from version 0.1.1 to 1.5.26 is a major version jump that introduces significant breaking changes. Upgrades from a pre-1.0 version typically involve substantial API and configuration restructuring.

Highlights:

• Configuration Overhaul: Expect fundamental changes to configuration files like service.yml and handler.yml. The structure for defining middleware handlers and server startup is likely incompatible. [8, 14]
• API Changes: Core classes and interfaces for handlers, startup/shutdown hooks, and service-to-service communication have likely been refactored or replaced. [8, 11]

Recommendation: This is a major migration effort. A direct upgrade is not recommended. Developers must consult the light-4j documentation for version 1.x and rewrite application configuration and custom code accordingly.

The io.undertow:undertow-core upgrade is a low-risk patch release containing bug fixes. [1]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.