fix(deps): security update — 1 package(s) [risk: LOW]

[aniket-shikhare-cstk]

Security Fix — SnykrAI

Verification

• Dependencies resolve
• Build passes (mvn compile -q)
• Tests pass (mvn test -q)

Risk: LOW

Patch-level upgrade. Bug/security fixes only, safe to merge.

Vulnerabilities Addressed

HIGH: Allocation of Resources Without Limits or Throttling

Detail	Value
Package	com.fasterxml.jackson.core:jackson-core@2.21.1
Dependency type	Transitive
CWE	CWE-770
CVSS	8.7
Vulnerable range	[2.8.0,2.21.2)
Fixed in	2.21.2
Snyk ID	SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551
Published	2026-04-05

Dependency Upgrades

Package	From	To	Risk	Reasoning
com.fasterxml.jackson.core:jackson-databind	2.21.1	2.21.2	patch	Upgrading jackson-databind to 2.21.2 as specified in Snyk's fixed_in field; jackson-core is part of the same Jackson ...

Changelog & Impact Analysis

com.fasterxml.jackson.core:jackson-databind (2.21.1 → 2.21.2)

Registry: https://central.sonatype.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.21.2

No changelog available from registry. Manual review recommended.

Not Fixed — Remediation Guidance

• com.fasterxml.jackson.core:jackson-core@2.21.1 — Wait for upstream fix: Since jackson-core is a transitive dependency of jackson-databind, the practical path is to upgrade jackson-databind to 2.21.2, which will pull in the corrected jackson-core version transitively. Monitor the jackson-databind 2.21.2 release to confirm the aligned jackson-core dependency, then update your pom.xml accordingly.

Metadata

LLM Provider	anthropic
Strategy	conservative
Total issues	2
Fixable	1
Ecosystem	maven
Generated	2026-04-21 05:34 UTC

---

Automated by SnykrAI — draft PR, needs human review before merging.

[github-actions]

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type	Count (with fixes)	Without fixes	Threshold	Result
🔴 Critical Severity	0	0	10	✅ Passed
🟠 High Severity	0	0	25	✅ Passed
🟡 Medium Severity	0	0	500	✅ Passed
🔵 Low Severity	1	0	1000	✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity	Breaches (with fixes)	Breaches (no fixes)	SLA Threshold (with/no fixes)	Status
🔴 Critical	0	0	15 / 30 days	✅ Passed
🟠 High	0	0	30 / 120 days	✅ Passed
🟡 Medium	0	0	90 / 365 days	✅ Passed
🔵 Low	0	0	180 / 365 days	✅ Passed

✅ BUILD PASSED - All security checks passed

[github-actions]

Coverage Summary

• 📘 Instruction Coverage: 93%
• 🌿 Branch Coverage: 80%

[sunil-lakshman]

LGTM

[netrajpatel]

LGTM // approved in Slack with WorkerB

[github-actions]

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type	Count (with fixes)	Without fixes	Threshold	Result
🔴 Critical Severity	0	0	10	✅ Passed
🟠 High Severity	0	0	25	✅ Passed
🟡 Medium Severity	0	0	500	✅ Passed
🔵 Low Severity	1	0	1000	✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity	Breaches (with fixes)	Breaches (no fixes)	SLA Threshold (with/no fixes)	Status
🔴 Critical	0	0	15 / 30 days	✅ Passed
🟠 High	0	0	30 / 120 days	✅ Passed
🟡 Medium	0	0	90 / 365 days	✅ Passed
🔵 Low	0	0	180 / 365 days	✅ Passed

✅ BUILD PASSED - All security checks passed

[github-actions]

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type	Count (with fixes)	Without fixes	Threshold	Result
🔴 Critical Severity	0	0	10	✅ Passed
🟠 High Severity	0	0	25	✅ Passed
🟡 Medium Severity	0	0	500	✅ Passed
🔵 Low Severity	1	0	1000	✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity	Breaches (with fixes)	Breaches (no fixes)	SLA Threshold (with/no fixes)	Status
🔴 Critical	0	0	15 / 30 days	✅ Passed
🟠 High	0	0	30 / 120 days	✅ Passed
🟡 Medium	0	0	90 / 365 days	✅ Passed
🔵 Low	0	0	180 / 365 days	✅ Passed

✅ BUILD PASSED - All security checks passed