[Snyk] Security upgrade com.fasterxml.jackson.module:jackson-module-scala_2.12 from 2.15.2 to 2.18.6

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	170	com.fasterxml.jackson.module:jackson-module-scala_2.12: 2.15.2 -> 2.18.6 No Path Found Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[snyk-io]

This upgrade spans several minor versions of the Jackson Scala module, from 2.15.2 to 2.18.6. While there are no major documented API-breaking changes, a behavioral change in version 2.16 requires attention.

Key Changes:

• Behavioral Change (2.16): A fix was implemented for an issue where registering the Scala module could incorrectly affect the property name resolution of non-Scala classes. If your application uses the same ObjectMapper for both Scala and non-Scala objects, you should verify that the JSON output for your non-Scala objects has not changed unexpectedly.
• Internal Module Change (2.16): ScalaObjectDeserializerModule was integrated into DefaultScalaModule. This is unlikely to impact most users unless you were manually assembling modules.
• Dependency Updates: The intermediate versions track updates and bug fixes in the core Jackson libraries (core, databind), which are inherited by this module.

Recommendation:
Verify the JSON serialization and deserialization of non-Scala classes to ensure that the fix for property name resolution does not introduce unintended changes in your application's output.

Source: Jackson 2.16 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.