Skip to content

Comments

Migrate to Java 17 + Spring Boot 3.4.2#355

Open
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1771352555-spring-boot-3-migration
Open

Migrate to Java 17 + Spring Boot 3.4.2#355
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1771352555-spring-boot-3-migration

Conversation

@devin-ai-integration
Copy link

@devin-ai-integration devin-ai-integration bot commented Feb 17, 2026

Migrate to Java 17 + Spring Boot 3.4.2

Summary

Comprehensive migration from Java 11 + Spring Boot 2.6.3 to Java 17 + Spring Boot 3.4.2, touching 42 files across build config, source, and tests. Key changes:

  • Java 11 → 17 in build.gradle, CI workflow, and README
  • Gradle 7.4 → 8.5 (wrapper properties updated)
  • Spring Boot 2.6.3 → 3.4.2 with dependency-management plugin 1.1.4
  • javax.* → jakarta.* namespace migration (servlet, validation); javax.crypto.* preserved
  • Joda Time → java.time.Instant across all domain models, handlers, serializers, GraphQL datafetchers, and tests
  • Spring Security 6: WebSecurityConfigurerAdapter removed, replaced with SecurityFilterChain bean using lambda DSL and requestMatchers
  • JJWT 0.11.2 → 0.12.5: Migrated to new builder API (subject(), expiration(), parser().verifyWith(), parseSignedClaims(), getPayload()) and Keys.hmacShaKeyFor()
  • DGS 4.9.21 → 8.2.0, codegen 5.0.6 → 6.2.1: Updated PageInfo to use generated types, exception handler to CompletableFuture<DataFetcherExceptionHandlerResult>
  • Other deps: MyBatis 3.0.3, SQLite JDBC 3.45.1.0, REST Assured 5.4.0, Spotless 6.25.0

All 68 tests pass locally.

Review & Testing Checklist for Human

  • JJWT signing key algorithm changeDefaultJwtService switched from explicit HS512 via SecretKeySpec to Keys.hmacShaKeyFor(), which selects algorithm by key length. Verify the jwt.secret property is ≥64 bytes for HS512 parity, otherwise this silently downgrades. Existing tokens will be invalidated if the algorithm changes.
  • GraphQL exception handler fallbackGraphQLCustomizeExceptionHandler no longer delegates to DefaultDataFetcherExceptionHandler for unhandled exceptions; it now returns TypedGraphQLError.newInternalErrorBuilder() which may expose exception messages differently to clients.
  • Pinned java-dataloader:3.2.2 — Explicit dependency added to resolve DGS 8.2.0 vs codegen 6.2.1 conflict. Verify no runtime issues from pinning the older dataloader version.
  • Gradle wrapper jar not regenerated — Only gradle-wrapper.properties was edited; the wrapper jar itself is still from 7.4. CI may fail if it doesn't have Gradle 8.5 cached. Consider running ./gradlew wrapper --gradle-version=8.5 to regenerate the jar.
  • End-to-end smoke test — Unit tests pass, but verify the app actually starts (./gradlew bootRun), serves REST/GraphQL requests, and JWT auth works correctly with the new JJWT API.

Test Plan

  1. Start the app: ./gradlew bootRun
  2. Verify REST endpoints: curl http://localhost:8080/tags
  3. Test JWT auth flow: create user, login, use token to access protected endpoints
  4. Test GraphQL: query articles/comments via /graphql
  5. Verify CI passes on GitHub Actions with Java 17

Notes


Open with Devin

- Update Java from 11 to 17 (build.gradle + CI)
- Update Gradle wrapper to 8.5
- Update Spring Boot from 2.6.3 to 3.4.2
- Update dependency-management plugin to 1.1.4
- Migrate javax.* to jakarta.* (except javax.crypto.*)
- Migrate Joda Time to java.time.Instant
- Refactor WebSecurityConfig for Spring Security 6
- Update JJWT from 0.11.2 to 0.12.5 (new builder API)
- Update DGS from 4.9.21 to 8.2.0, codegen to 6.2.1
- Update MyBatis from 2.2.2 to 3.0.3
- Update SQLite JDBC to 3.45.1.0
- Update REST Assured to 5.4.0
- Update Spotless to 6.25.0
- Update README for Java 17

Co-Authored-By: bobby.nobakht@codeium.com <bnobakht35@gmail.com>
@devin-ai-integration
Copy link
Author

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Copy link
Author

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 7 additional findings.

Open in Devin Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants