[Snyk] Fix for 2 vulnerabilities

[ayusuf-mq]

Snyk has created this PR to fix 2 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/server/petstore/java-undertow/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-IOUNDERTOW-15053841	635	com.networknt:audit: 0.1.1 -> 1.5.26 com.networknt:info: 0.1.1 -> 1.5.26 com.networknt:security: 0.1.1 -> 1.5.26 com.networknt:server: 0.1.1 -> 1.5.26 io.undertow:undertow-core: 1.4.0.Final -> 2.3.21.Final Major version upgrade No Path Found No Known Exploit
	Improper Validation of Syntactic Correctness of Input SNYK-JAVA-IOUNDERTOW-14908846	520	io.undertow:undertow-core: 1.4.0.Final -> 2.3.21.Final Major version upgrade No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[ayusuf-mq]

This upgrade contains major breaking changes in foundational web server and microservice framework dependencies, requiring significant code and configuration updates.

io.undertow:undertow-core (1.4.0.Final → 2.3.21.Final): High Risk
This major version upgrade introduces support for Jakarta EE 10. Applications must be migrated from the javax.servlet.* and javax.websocket.* namespaces to the new jakarta.* namespaces. Additionally, Undertow 2.x requires Java 8 or later.

com.networknt packages (0.1.1 → 1.5.26): High Risk
This is a massive version leap from a pre-release to a mature version, introducing numerous architectural and API changes. A key breaking change is the consolidation of security configurations; framework-specific prefixes (e.g., openapi-security) must be removed and standardized under a single security.yml file.

Recommendation: A full migration and testing cycle is required. Prioritize the javax to jakarta namespace migration for Undertow compatibility, then address the configuration and API changes within the light-4j framework.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.