fix(deps): upgrade com.fasterxml.jackson.core:jackson-core to 2.21.2

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551	721	com.fasterxml.jackson.core:jackson-core: 2.21.1 -> 2.21.2 com.fasterxml.jackson.core:jackson-databind: 2.21.1 -> 2.21.2 com.fasterxml.jackson.dataformat:jackson-dataformat-avro: 2.21.1 -> 2.21.2 com.fasterxml.jackson.datatype:jackson-datatype-jsr310: 2.21.1 -> 2.21.2 io.debezium:debezium-core: 3.0.8.Final -> 3.5.0.Final No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[snyk-io]

This set of upgrades includes patch updates for Jackson components and a minor version upgrade for Debezium.

io.debezium:debezium-core@3.0.8.Final → 3.5.0.Final (Medium Risk)

This is a minor version upgrade for Debezium. While no specific breaking API changes were documented in the available release notes for this range, version 3.5.0 introduces a significant architectural change to decouple the core internals from Kafka. The announcement states the goal is to keep existing functionality intact, but the scale of this internal refactoring introduces a risk of unintended behavioral changes. Given the lack of detailed release notes covering the full range from 3.0.8 to 3.5.0, a medium risk assessment is appropriate due to uncertainty.

Recommendation: Developers should perform integration testing to verify that the connector's behavior remains consistent after the upgrade.

Jackson Upgrades (Low Risk)

The upgrades for jackson-core, jackson-databind, jackson-dataformat-avro, and jackson-datatype-jsr310 from version 2.21.1 to 2.21.2 are patch releases. These updates contain bug fixes and do not introduce any breaking changes.

Source: Jackson 2.21.2 Release Notes, Debezium 3.5.0 Announcement

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.