[Snyk] Fix for 1 vulnerabilities

[ayusuf-mq]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/server/petstore/jaxrs-jersey/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	External Initialization of Trusted Variables or Data Stores SNYK-JAVA-CHQOSLOGBACK-15062482	290	ch.qos.logback:logback-classic: 1.2.0 -> 1.5.25 ch.qos.logback:logback-core: 1.2.0 -> 1.5.25 No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[ayusuf-mq]

This is a major upgrade from an end-of-life version that introduces significant breaking changes, including new runtime and dependency requirements. The upgrade requires a mandatory update to Java 11+ and SLF4J 2.0.x. Failure to update dependencies correctly can lead to logging failures.

Highlights:

• Java & SLF4J Upgrade Required: Logback 1.5.x requires Java 11 (or newer) and SLF4J 2.0.x. The previous version (1.2.0) used Java 5+ and SLF4J 1.7.x. Ensure the SLF4J dependency is updated across the project to avoid compatibility issues.
• Jakarta EE Namespace: Optional components like SMTPAppender now use the jakarta.* namespace instead of javax.*. This will break applications using these appenders in a Java EE environment.
• Configuration File Changes: The JaninoEventEvaluator has been removed for security reasons. Conditional configurations using the <if> element's condition attribute are deprecated and have new restrictions.

Source: Logback documentation
Recommendation: Thoroughly validate the application's JDK version, update the SLF4J dependency to the 2.0.x series, and audit logback configuration files for removed or deprecated features before merging.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.