Merge pull request #42 from spt-development/feature/spring-boot-3.4.1-upgrade

Updated dependencies to align with Spring Boot 3.4.1

Author: SimonTaylor

README.md

@@ -58,10 +58,10 @@ Alternatively, and more akin to how you would run the application in production,
 through the use of environment variables to point at a postgres database running in Docker.
 
 ```shell
-$ SPRING_DATASOURCE_URL=jdbc:postgresql://127.0.0.1:59314/spt-recruitment-demo \
+$ SPRING_DATASOURCE_URL=jdbc:postgresql://127.0.0.1:5432/spt-development-demo \
   SPRING_DATASOURCE_USERNAME=postgres \
   SPRING_DATASOURCE_PASSWORD=p@ssw0rd \
-  SPRING_ACTIVEMQ_BROKER_URL=tcp://localhost:59313 \
+  SPRING_ACTIVEMQ_BROKER_URL=tcp://localhost:61616 \
   java -jar target/spt-development-demo-0.0.1-SNAPSHOT.jar 
 ```
 
@@ -88,11 +88,15 @@ $ curl -v -u bob:password123! http://localhost:8080/api/v1.0/books/4
 ```shell
 $ curl -v -u bob:password123! -X DELETE http://localhost:8080/api/v1.0/books/4
 ```
-Additionally, the Actuator web endpoints have been enabled on port 8081 and can be access unauthorized. For example:
+Additionally, the Actuator web endpoints have been enabled on port 8081 and can be accessed unauthorized. For example:
 
 ```shell
 $ curl -v http://localhost:8081/actuator/health
 ```
+or
+```shell
+$ curl -v http://localhost:8081/actuator/info
+```
 
 Running the demo in docker
 ==========================

config/owasp/suppress.xml

@@ -8,4 +8,18 @@
         <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
         <cve>CVE-2023-35116</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: logback-core-1.5.12.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-12798</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: logback-core-1.5.12.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-12801</vulnerabilityName>
+    </suppress>
 </suppressions>

docker-compose.service.yml

@@ -1,10 +1,8 @@
-version: '3.7'
-
 services:
   api:
     image: docker.io/library/spt-development-demo:0.0.1-SNAPSHOT
     environment:
-      SPRING_DATASOURCE_URL: jdbc:postgresql://spt-development-demo-db-1:5432/spt-recruitment-demo
+      SPRING_DATASOURCE_URL: jdbc:postgresql://spt-development-demo-db-1:5432/spt-development-demo
       SPRING_DATASOURCE_USERNAME: postgres
       SPRING_DATASOURCE_PASSWORD: p@ssw0rd
       SPRING_ACTIVEMQ_BROKER_URL: tcp://spt-development-demo-activemq-1:61616

docker-compose.yml

@@ -1,16 +1,14 @@
-version: '3.7'
-
 services:
   db:
     image: postgres:17.2-alpine3.20
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: p@ssw0rd
-      POSTGRES_DB: spt-recruitment-demo
+      POSTGRES_DB: spt-development-demo
     ports:
-      - "5432"
+      - "5432:5432"
 
   activemq:
     image: apache/activemq-classic:6.1.2
     ports:
-      - "61616"
+      - "61616:61616"

pom.xml

@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.4.0</version>
+		<version>3.4.1</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -32,36 +32,36 @@
 		<!-- Dependency versions -->
 		<commons-collections.version>4.4</commons-collections.version>
 		<findbugs-jsr305.version>3.0.2</findbugs-jsr305.version>
-		<spt-development-audit-spring-boot.version>3.4.0</spt-development-audit-spring-boot.version>
-		<spt-development-cid-jms-spring-boot.version>3.4.0</spt-development-cid-jms-spring-boot.version>
-		<spt-development-cid-web-spring-boot.version>3.4.0</spt-development-cid-web-spring-boot.version>
-		<spt-development-logging-spring-boot.version>3.4.0</spt-development-logging-spring-boot.version>
+		<spt-development-audit-spring-boot.version>3.4.1</spt-development-audit-spring-boot.version>
+		<spt-development-cid-jms-spring-boot.version>3.4.1</spt-development-cid-jms-spring-boot.version>
+		<spt-development-cid-web-spring-boot.version>3.4.1</spt-development-cid-web-spring-boot.version>
+		<spt-development-logging-spring-boot.version>3.4.1</spt-development-logging-spring-boot.version>
 
 		<!-- Test dependency versions -->
 		<archunit.version>1.3.0</archunit.version>
 		<awaitility.version>4.2.2</awaitility.version>
 		<cucumber.version>7.20.1</cucumber.version>
-		<junit-platform.version>1.11.3</junit-platform.version>
-		<spt-development-test.version>3.1.13</spt-development-test.version>
+		<junit-platform.version>1.11.4</junit-platform.version>
+		<spt-development-test.version>3.1.14</spt-development-test.version>
 		<testcontainers.version>1.20.4</testcontainers.version>
 
 		<!-- Plugin versions -->
 		<checkstyle-maven-plugin.version>3.6.0</checkstyle-maven-plugin.version>
-		<dependency-check-maven.version>11.1.0</dependency-check-maven.version>
+		<dependency-check-maven.version>11.1.1</dependency-check-maven.version>
 		<jacoco-maven-plugin.version>0.8.12</jacoco-maven-plugin.version>
-		<license-maven-plugin.version>2.4.0</license-maven-plugin.version>
+		<license-maven-plugin.version>2.5.0</license-maven-plugin.version>
 		<maven-jxr-plugin.version>3.6.0</maven-jxr-plugin.version>
 		<maven-pmd-plugin.version>3.26.0</maven-pmd-plugin.version>
 		<maven-scm-plugin.version>2.1.0</maven-scm-plugin.version>
-		<pitest-maven.version>1.17.1</pitest-maven.version>
+		<pitest-maven.version>1.17.3</pitest-maven.version>
 		<spotbugs-plugin.version>4.8.6.6</spotbugs-plugin.version>
 
 		<!-- Plugin dependencies -->
-		<checkstyle.version>10.20.1</checkstyle.version>
+		<checkstyle.version>10.21.0</checkstyle.version>
 		<findbugs-slf4j-bug-pattern.version>1.5.0</findbugs-slf4j-bug-pattern.version>
 		<findbugs-sec-bug-pattern.version>1.13.0</findbugs-sec-bug-pattern.version>
 		<pitest-junit5-plugin.version>1.2.1</pitest-junit5-plugin.version>
-		<pmd.version>7.7.0</pmd.version>
+		<pmd.version>7.8.0</pmd.version>
 	</properties>
 
 	<dependencyManagement>
@@ -466,15 +466,6 @@
 				<artifactId>maven-failsafe-plugin</artifactId>
 				<configuration>
 					<!--
-						Prevents the following warning introduced in JDK 21, caused by Mockito or more specifically byte-buddy-agent:
-
-						WARNING: A Java agent has been loaded dynamically (/Users/khm/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.5/byte-buddy-agent-1.14.5.jar)
-						WARNING: If a serviceability tool is in use, please run with -XX:+EnableDynamicAgentLoading to hide this warning
-						WARNING: If a serviceability tool is not in use, please run with -Djdk.instrument.traceUsage for more information
-						WARNING: Dynamic loading of agents will be disallowed by default in a future release
-
-						NOTE. argLine property is set by JaCoCo in prepare-agent stage.
-
                         Starting from Java 21, the JDK restricts the ability of libraries to attach a Java agent to their own JVM. As a result, the inline-mock-maker might not be
                         able to function without an explicit setup to enable instrumentation, and the JVM will always display a warning.
 
@@ -483,8 +474,10 @@
                         @{argLine} -javaagent:${org.mockito:mockito-core:jar}
 
                         Additionally, the `properties` goal of the `maven-dependency-plugin` must be executed.
+
+						NOTE. argLine property is set by JaCoCo in prepare-agent stage.
                      -->
-					<argLine>-XX:+EnableDynamicAgentLoading @{argLine} -javaagent:${org.mockito:mockito-core:jar}</argLine>
+					<argLine>@{argLine} -javaagent:${org.mockito:mockito-core:jar}</argLine>
 					<!--
                          classesDirectory is required to work around a bug that is discussed at
                          https://github.com/spring-projects/spring-boot/issues/6254. There are a number of different
@@ -514,15 +507,6 @@
 				<artifactId>maven-surefire-plugin</artifactId>
 				<configuration>
 					<!--
-                        Prevents the following warning introduced in JDK 21, caused by Mockito or more specifically byte-buddy-agent:
-
-                        WARNING: A Java agent has been loaded dynamically (/Users/khm/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.5/byte-buddy-agent-1.14.5.jar)
-                        WARNING: If a serviceability tool is in use, please run with -XX:+EnableDynamicAgentLoading to hide this warning
-                        WARNING: If a serviceability tool is not in use, please run with -Djdk.instrument.traceUsage for more information
-                        WARNING: Dynamic loading of agents will be disallowed by default in a future release
-
-                        NOTE. argLine property is set by JaCoCo in prepare-agent stage.
-
                         Starting from Java 21, the JDK restricts the ability of libraries to attach a Java agent to their own JVM. As a result, the inline-mock-maker might not be
                         able to function without an explicit setup to enable instrumentation, and the JVM will always display a warning.
 
@@ -531,8 +515,10 @@
                         @{argLine} -javaagent:${org.mockito:mockito-core:jar}
 
                         Additionally, the `properties` goal of the `maven-dependency-plugin` must be executed.
+
+                        NOTE. argLine property is set by JaCoCo in prepare-agent stage.
                      -->
-					<argLine>-XX:+EnableDynamicAgentLoading @{argLine} -javaagent:${org.mockito:mockito-core:jar}</argLine>
+					<argLine>@{argLine} -javaagent:${org.mockito:mockito-core:jar}</argLine>
 					<trimStackTrace>false</trimStackTrace>
 					<includes>
 						<include>**/*Test.java</include>