[Snyk] Security upgrade com.amazonaws:aws-java-sdk-core from 1.11.505 to 1.12.735

[rahulroycontractor]

User description

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix 31 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• localstack/ext/java/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917	670	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Mature
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111	394	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32043	271	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	243	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 Reachable Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1054588	239	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056416	238	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056418	238	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056420	238	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056421	238	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056426	238	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056427	238	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-32044	187	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-471943	167	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-472980	166	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1061931	165	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617	165	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-540500	165	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052449	164	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1052450	164	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056414	164	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056417	164	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056419	164	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056424	164	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-1056425	164	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-6056407	164	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	146	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Deserialization of Untrusted Data SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207	146	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found Proof of Concept
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	114	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329	114	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-31519	76	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 Reachable No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-31520	46	com.amazonaws:aws-java-sdk-core: 1.11.505 -> 1.12.735 No Path Found No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Deserialization of Untrusted Data
🦉 Denial of Service (DoS)

---

PR Type

Bug fix, Enhancement

---

Description

• Upgraded aws-java-sdk-core dependency version from 1.11.505 to 1.12.735 in localstack/ext/java/pom.xml.
• This upgrade addresses multiple vulnerabilities, including:
  • Deserialization of Untrusted Data (SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917)
  • Deserialization of Untrusted Data (SNYK-JAVA-COMFASTERXMLJACKSONCORE-32111)
  • And several others as listed in the commit messages.

---

Changes walkthrough 📝

	Relevant files
Dependencies	pom.xml Upgrade `aws-java-sdk-core` dependency to fix vulnerabilities localstack/ext/java/pom.xml Upgraded aws-java-sdk-core dependency version from 1.11.505 to 1.12.735. +1/-1

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-pro]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because the PR involves a simple version upgrade in a Maven dependency. The change is straightforward and limited to a single line in the pom.xml file.
🧪 Relevant tests	No
⚡ Possible issues	No
🔒 Security concerns	No

[codiumai-pr-agent-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Compatibility	Ensure compatibility of the new library version with other project dependencies Verify that the new version 1.12.735 of aws-java-sdk-core is compatible with other dependencies in your project. Sometimes, upgrading a library can introduce breaking changes or incompatibilities with other libraries. localstack/ext/java/pom.xml [108] +<version>1.12.735</version> - Suggestion importance[1-10]: 7 Why: The suggestion is relevant as it addresses potential compatibility issues with the updated library version, which is crucial for maintaining project stability.	7
Best practice	Review release notes and migration guide for the new library version Check the release notes and migration guide for aws-java-sdk-core version 1.12.735 to understand any new features, deprecations, or breaking changes that might affect your project. localstack/ext/java/pom.xml [108] +<version>1.12.735</version> - Suggestion importance[1-10]: 7 Why: This suggestion is important for understanding the impact of the new library version on the project, including new features and possible breaking changes.	7