[Snyk] Fix for 6 vulnerabilities

[Exnadella]

User description

Snyk has created this PR to fix 6 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• public/transactions-remoting/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Path Traversal SNYK-JAVA-ORGSPRINGFRAMEWORK-8230373	585	org.springframework.hateoas:spring-hateoas: 0.23.0.RELEASE -> 2.4.0 Major version upgrade No Path Found No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-ORGSPRINGFRAMEWORK-8384234	545	org.springframework.hateoas:spring-hateoas: 0.23.0.RELEASE -> 2.4.0 Major version upgrade No Path Found No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230364	265	org.apache.dubbo:dubbo: 2.7.6 -> 3.3.0 org.springframework.hateoas:spring-hateoas: 0.23.0.RELEASE -> 2.4.0 Major version upgrade No Path Found No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230365	265	org.apache.dubbo:dubbo: 2.7.6 -> 3.3.0 org.springframework.hateoas:spring-hateoas: 0.23.0.RELEASE -> 2.4.0 Major version upgrade No Path Found No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230366	265	org.springframework.hateoas:spring-hateoas: 0.23.0.RELEASE -> 2.4.0 Major version upgrade No Path Found No Known Exploit
	Improper Handling of Case Sensitivity SNYK-JAVA-ORGSPRINGFRAMEWORK-8230368	265	org.springframework.hateoas:spring-hateoas: 0.23.0.RELEASE -> 2.4.0 Major version upgrade No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Path Traversal
🦉 Denial of Service (DoS)

---

PR Type

bug_fix, dependencies

---

Description

• Upgraded org.apache.dubbo:dubbo dependency to version 3.3.0 to address security vulnerabilities.
• Upgraded org.springframework.hateoas:spring-hateoas dependency to version 2.4.0 to mitigate vulnerabilities.
• These upgrades are aimed at reducing vulnerabilities as identified by Snyk.

---

Changes walkthrough 📝

	Relevant files
Dependencies	pom.xml Upgrade dependencies to fix vulnerabilities                            public/transactions-remoting/pom.xml Upgraded org.apache.dubbo:dubbo from version 2.7.6 to 3.3.0. Upgraded org.springframework.hateoas:spring-hateoas from version 0.23.0.RELEASE to 2.4.0. +2/-2

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Breaking Changes Major version upgrade of Apache Dubbo from 2.7.6 to 3.3.0 may introduce breaking changes that need to be validated across the codebase Compatibility Risk Spring HATEOAS upgrade from 0.23.0.RELEASE to 2.4.0 is a major version jump that could affect API responses and HATEOAS functionality

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Security	Update outdated dependency with known security vulnerabilities to latest stable version The jackson-jaxrs-json-provider version 2.9.4 has known security vulnerabilities. Update it to a more recent version (2.15.0 or later) to address these security issues. public/transactions-remoting/pom.xml [60-64] <dependency> <groupId>com.fasterxml.jackson.jaxrs</groupId> <artifactId>jackson-jaxrs-json-provider</artifactId> - <version>2.9.4</version> + <version>2.15.2</version> <scope>provided</scope> </dependency> Apply this suggestion Suggestion importance[1-10]: 9 Why: Updating jackson-jaxrs-json-provider from 2.9.4 to 2.15.2 is critical as the older version has known security vulnerabilities. This change would significantly improve the application's security posture.	9
General	Migrate from deprecated javax namespace to modern Jakarta namespace for better compatibility The javax.ws.rs-api version 2.0.1 is outdated and has been superseded by jakarta.ws.rs-api. Consider migrating to the Jakarta namespace to ensure future compatibility. public/transactions-remoting/pom.xml [78-82] <dependency> - <groupId>javax.ws.rs</groupId> - <artifactId>javax.ws.rs-api</artifactId> - <version>2.0.1</version> + <groupId>jakarta.ws.rs</groupId> + <artifactId>jakarta.ws.rs-api</artifactId> + <version>3.1.0</version> <scope>provided</scope> </dependency> Apply this suggestion Suggestion importance[1-10]: 7 Why: Moving from javax.ws.rs-api to jakarta.ws.rs-api is important for future compatibility as Jakarta is the new standard. However, this migration might require additional code changes and testing.	7

💡 Need additional feedback ? start a PR chat