Upgrade from Java 11 to Java 17 with Spring Boot 3.2.5#367
Open
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
Open
Upgrade from Java 11 to Java 17 with Spring Boot 3.2.5#367devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
Conversation
- Update Java sourceCompatibility/targetCompatibility from 11 to 17 - Upgrade Spring Boot from 2.6.3 to 3.2.5 - Upgrade Gradle wrapper from 7.4 to 8.7 - Upgrade Spring dependency management plugin to 1.1.5 - Migrate all javax.* imports to jakarta.* (validation, servlet) - Rewrite WebSecurityConfig: remove WebSecurityConfigurerAdapter, use SecurityFilterChain bean with lambda DSL - Update Spring Security: antMatchers -> requestMatchers, authorizeRequests -> authorizeHttpRequests - Update CustomizeExceptionHandler for Spring Boot 3 (HttpStatusCode parameter) - Upgrade JJWT from 0.11.2 to 0.12.5 with new API (subject/expiration/parseSignedClaims) - Fix JWT key generation to use SHA-512 digest for JJWT 0.12.x key size requirements - Upgrade DGS GraphQL from 4.9.21 to 8.5.5 with API changes (handleException, CompletableFuture) - Fix PageInfo type: use generated io.spring.graphql.types.PageInfo instead of graphql.relay.PageInfo - Upgrade MyBatis starter from 2.2.2 to 3.0.3 - Upgrade Rest-Assured from 4.5.1 to 5.4.0 - Upgrade SQLite JDBC from 3.36.0.3 to 3.45.3.0 - Upgrade DGS codegen plugin from 5.0.6 to 6.2.1 - Upgrade Spotless plugin from 6.2.1 to 6.25.0 - Update CI workflow to use JDK 17 - All 69 existing tests pass Co-Authored-By: Lukas Burger <lukas.burger@cognition.ai>
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upgrade Java 11 → 17 with Spring Boot 3.2.5
Summary
Complete migration from Java 11 / Spring Boot 2.6.3 to Java 17 / Spring Boot 3.2.5, including all dependency upgrades and breaking API changes. All 69 existing tests pass.
Key version changes:
Code changes:
javax.*→jakarta.*namespace migration across all source filesWebSecurityConfig: removedWebSecurityConfigurerAdapter, now usesSecurityFilterChainbean with lambda DSL;antMatchers→requestMatchersDefaultJwtService: migrated to JJWT 0.12.x API (subject()/expiration()/parseSignedClaims()); key derivation now hashes secret via SHA-512 to meet JJWT 0.12's minimum key size requirementsGraphQLCustomizeExceptionHandler:onException→handleExceptionreturningCompletableFutureArticleDatafetcher/CommentDatafetcher:graphql.relay.DefaultPageInfo→ generatedio.spring.graphql.types.PageInfoCustomizeExceptionHandler:HttpStatus→HttpStatusCodeparameter in overridden methodReview & Testing Checklist for Human
DefaultJwtServicenow SHA-512 hashes the secret before creating the HMAC key. This means any existing JWT tokens from a running deployment will be invalidated after this upgrade. Verify this is acceptable for your deployment strategy, or plan a coordinated token rotation.requestMatchersordering inWebSecurityConfigpreserves the intended auth behavior, especially thatGET /articles/feed(authenticated) is evaluated beforeGET /articles/**(permitAll).PageInfofields:hasNextPage,hasPreviousPage,startCursor,endCursor) works correctly end-to-end../gradlew clean testNotes
DefaultConnectionCursor,DefaultPageInfo) remain inArticleDatafetcherandCommentDatafetcherbut don't affect functionality