chore: Migrate Java 11 to 17

[devin-ai-integration]

chore: Migrate Java 11 to 17 with Joda Time removal

Summary

Modernizes the project from Java 11 to Java 17. The main changes are:

• Java 17 target: sourceCompatibility/targetCompatibility set to 17, CI updated to JDK 17
• Joda Time → java.time.Instant: All org.joda.time.DateTime usages replaced with java.time.Instant; joda-time dependency removed entirely
• WebSecurityConfigurerAdapter removal: Migrated to component-based SecurityFilterChain bean (deprecated in Spring Security 5.7+)
• Dependency bumps: Spring Boot 2.6.3→2.7.18, Gradle 7.4→7.6, mybatis 2.2.2→2.3.2, jjwt 0.11.2→0.11.5, sqlite-jdbc 3.36→3.42
• CI modernization: GitHub Actions updated to actions/checkout@v4, actions/setup-java@v4, actions/cache@v4

All 68 existing tests pass locally.

Review & Testing Checklist for Human

• Date/time formatting consistency: Verify that API responses still produce the expected ISO 8601 format (yyyy-MM-dd'T'HH:mm:ss.SSS'Z'). The format pattern is duplicated in ArticleDatafetcher.java:375,382 and CommentDatafetcher.java:119,120 — check that timestamps in GraphQL responses match the REST API format from JacksonCustomizations.java:19.
• Security configuration: Confirm that authentication/authorization still works correctly after the WebSecurityConfigurerAdapter → SecurityFilterChain migration. Test login, JWT token validation, and protected endpoints (/articles/feed, /user, etc.).
• Database timestamp handling: Verify that DateTimeHandler (MyBatis type handler) correctly reads/writes timestamps to SQLite. Check that article/comment createdAt/updatedAt fields are persisted and retrieved correctly.
• CI verification: Wait for GitHub Actions to pass on this PR. The workflow now uses JDK 17 and Gradle 7.6.

Test Plan

1. Run the app locally with Java 17
2. Create an article via REST API and verify the createdAt/updatedAt timestamps in the response
3. Query articles via GraphQL and verify timestamp formatting matches REST
4. Test authentication flows (login, protected endpoints)
5. Verify database persistence by restarting the app and checking that timestamps are preserved

Notes

• The rest-assured test library was kept at 4.5.1 (upgrading to 5.3.2 caused NoSuchMethodError in tests)
• Some explanatory comments were removed from WebSecurityConfig.java during the refactor
• The ISO formatter pattern is duplicated across multiple files rather than centralized — consider extracting to a shared constant in a follow-up
• Instant.now().minusSeconds(3600) replaces new DateTime().minusHours(1) in tests (functionally equivalent)

---

Link to Devin run: https://app.devin.ai/sessions/80d1cbc7bfa64750b48c2c29fc6652ea
Requested by: @joao-cognition

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring