[Snyk] Security upgrade com.okta.spring:okta-spring-boot-starter from 1.4.0 to 3.0.9#5253
[Snyk] Security upgrade com.okta.spring:okta-spring-boot-starter from 1.4.0 to 3.0.9#5253bogarin wants to merge 1 commit into
Conversation
…ulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-COMNIMBUSDS-10691768
There was a problem hiding this comment.
Pull request overview
This PR upgrades the Okta Spring Boot Starter dependency from version 1.4.0 to 3.0.9 to address security vulnerability SNYK-JAVA-COMNIMBUSDS-10691768 (Uncontrolled Recursion with a priority score of 666).
Changes:
- Updated
okta.spring.versionproperty from 1.4.0 to 3.0.9 in pom.xml
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| <properties> | ||
| <okta.spring.version>1.4.0</okta.spring.version> | ||
| <okta.spring.version>3.0.9</okta.spring.version> |
There was a problem hiding this comment.
This is a major version upgrade from 1.4.0 to 3.0.9, skipping version 2.x entirely. Okta Spring Boot Starter 2.0 and 3.0 introduced significant breaking changes including:
- Package restructuring and API changes in the Okta SDK
- Changes to configuration property names and structure
- Spring Boot and Spring Security version compatibility requirements
The code in AdminController uses Okta SDK classes (Client, User, UserBuilder, UserList) and the application.properties file uses configuration properties that may have changed between versions. Without automated tests to verify compatibility, this upgrade poses significant risk of breaking the application at runtime.
Consider:
- Adding integration tests before upgrading to verify the existing functionality
- Reviewing the Okta Spring Boot Starter migration guides for versions 2.x and 3.x
- Testing that the AdminController endpoints still work correctly
- Verifying the configuration properties in application.properties are still valid
Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
spring-security-modules/spring-security-okta/pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-COMNIMBUSDS-10691768
1.4.0->3.0.9Major version upgradeProof of ConceptImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.