[Snyk] Fix for 1 vulnerabilities

[d4v1de]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551	721	com.fasterxml.jackson.dataformat:jackson-dataformat-csv: 2.10.0 -> 2.21.2 org.apache.kafka:connect-runtime: 2.6.2 -> 4.0.0 Major version upgrade No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[d4v1de]

This upgrade contains a major version update for Apache Kafka from 2.6.2 to 4.0.0, which introduces significant breaking changes. The update for jackson-dataformat-csv is considered low risk.

org.apache.kafka:connect-runtime@2.6.2 → 4.0.0 (HIGH RISK)

This is a major version upgrade that spans two major releases (3.0 and 4.0) and requires significant architectural and code changes. Direct upgrade is not recommended without careful planning.

Key Breaking Changes:

• ZooKeeper Removal: Kafka 4.0.0 has completely removed support for ZooKeeper. All clusters must be migrated to the KRaft (Kafka Raft) consensus protocol before upgrading to version 4.0. This is a substantial operational change requiring a multi-step migration process, typically by first upgrading to a 3.x version.
• Java Version Requirement: connect-runtime 4.0.0 requires Java 17. This is an increase from Java 8 being deprecated in version 3.0.
• API and Protocol Removals: Many APIs deprecated in previous versions have been removed. Additionally, support for older client protocols and message formats (v0, v1) has been dropped.
• Default Behavior Changes: Starting in version 3.0, producer configurations were changed to enable stronger delivery guarantees by default (acks=all). This could impact application performance and behavior if the previous defaults were assumed.

Recommendation: A direct upgrade from 2.6.2 to 4.0.0 is not feasible. A staged migration plan must be developed, which includes upgrading to an intermediate 3.x release to perform the KRaft migration before moving to 4.0. Review your Java runtime version and all client-side code for compatibility with removed APIs.

Source: Apache Kafka Upgrade Documentation

com.fasterxml.jackson.dataformat:jackson-dataformat-csv@2.10.0 → 2.21.2 (LOW RISK)

This is a minor version upgrade within the same major series. The changes consist primarily of bug fixes and feature enhancements while maintaining backward compatibility. No significant breaking changes have been identified.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.