[Snyk] Fix for 1 vulnerabilities

[ayusuf-mq]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/jaxrs-cxf-client/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	External Initialization of Trusted Variables or Data Stores SNYK-JAVA-CHQOSLOGBACK-15062482	290	ch.qos.logback:logback-classic: 1.2.0 -> 1.5.25 ch.qos.logback:logback-core: 1.2.0 -> 1.5.25 No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[ayusuf-mq]

This upgrade from Logback 1.2.0 to 1.5.25 is a major update with significant breaking changes. It requires updates to the runtime environment and dependencies, and may require code changes for specific features.

Highlights:

• Java Runtime Requirement: Version 1.5.x requires Java 11 or later at runtime, a jump from the Java 8 requirement for version 1.3.x. [1, 2]
• SLF4J Dependency: Logback 1.3.x and newer require SLF4J version 2.0.x. [1, 2] Upgrading from version 1.2, which uses SLF4J 1.7.x, can cause class loading errors if the SLF4J dependency is not updated correctly across the project. [4]
• Java EE to Jakarta EE Namespace: Optional components like SMTPAppender have migrated from the javax.* namespace (in 1.3.x) to the jakarta.* namespace (in 1.4.x and newer). [2]

Source: Logback documentation
Recommendation: Before merging, ensure the project is running on Java 11+, update the SLF4J dependency to the 2.0.x series, and verify any code using optional components for the new Jakarta EE namespace.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.