Upgrade to Spring Boot 4

.github/dependabot.yml

@@ -4,9 +4,6 @@ updates:
     directory: '/'
     schedule:
       interval: 'weekly'
-    ignore:
-      - dependency-name: "*"
-        update-types: ["version-update:semver-major"]
 
   - package-ecosystem: 'github-actions'
     directory: '/'

build.gradle

@@ -1,6 +1,6 @@
 plugins {
     id 'java'
-    id 'org.springframework.boot' version '3.5.9'
+    id 'org.springframework.boot' version '4.0.1'
     id 'io.spring.dependency-management' version '1.1.7'
     id 'org.asciidoctor.jvm.convert' version '4.0.5'
 }
@@ -17,42 +17,48 @@ repositories {
 }
 
 ext {
-    set('snippetsDir', file("build/generated-snippets"))
+    set('snippetsDir', file('build/generated-snippets'))
 }
 
 configurations {
     asciidoctorExtensions
 }
 
+asciidoctorj {
+    version = '3.0.0'
+}
+
 dependencies {
     asciidoctorExtensions 'org.springframework.restdocs:spring-restdocs-asciidoctor'
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'org.springframework.boot:spring-boot-starter-web'
-    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.15'
+    implementation 'org.springframework.boot:spring-boot-starter-webmvc'
     implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
     implementation 'org.commonmark:commonmark:0.27.0'
+    implementation 'org.apache.commons:commons-lang3:3.20.0'
     runtimeOnly 'org.postgresql:postgresql'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
-    testImplementation 'org.springframework.restdocs:spring-restdocs-restassured'
-    testImplementation 'io.rest-assured:rest-assured:5.5.6'
-    testImplementation 'org.junit.jupiter:junit-jupiter:6.0.1'
+    testImplementation 'org.springframework.boot:spring-boot-starter-data-jpa-test'
+    testImplementation 'org.springframework.boot:spring-boot-starter-webmvc-test'
+    testImplementation 'org.springframework.restdocs:spring-restdocs-mockmvc'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
 
 tasks.named('test') {
-    outputs.dir snippetsDir
     useJUnitPlatform()
+    outputs.dir snippetsDir
 }
 
 tasks.named('asciidoctor') {
-    configurations "asciidoctorExtensions"
+    configurations 'asciidoctorExtensions'
     inputs.dir snippetsDir
     dependsOn test
 }
-bootJar {
+
+tasks.named('bootJar') {
     dependsOn asciidoctor
-    from("${asciidoctor.outputDir}/html5") {
+    from("${asciidoctor.outputDir}") {
         into 'static/docs'
     }
 }

src/main/java/io/gardenlinux/glvd/db/NvdCveDataAttributeConverter.java

@@ -1,20 +1,20 @@
 package io.gardenlinux.glvd.db;
 
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.persistence.AttributeConverter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import tools.jackson.core.JacksonException;
+import tools.jackson.databind.json.JsonMapper;
 
 public class NvdCveDataAttributeConverter implements AttributeConverter<NvdCve.Data, String> {
-    private static final ObjectMapper objectMapper = new ObjectMapper();
+    private static final JsonMapper objectMapper = new JsonMapper();
     Logger logger = LoggerFactory.getLogger(NvdCveDataAttributeConverter.class);
 
     @Override
     public String convertToDatabaseColumn(NvdCve.Data attribute) {
         try {
             return objectMapper.writeValueAsString(attribute);
-        } catch (JsonProcessingException jpe) {
+        } catch (JacksonException jpe) {
             logger.warn("Cannot convert CVE Data into JSON");
             return null;
         }
@@ -24,7 +24,7 @@ public String convertToDatabaseColumn(NvdCve.Data attribute) {
     public NvdCve.Data convertToEntityAttribute(String dbData) {
         try {
             return objectMapper.readValue(dbData, NvdCve.Data.class);
-        } catch (JsonProcessingException e) {
+        } catch (JacksonException e) {
             logger.warn("Cannot convert JSON into CVE Data {}", dbData);
             return null;
         }

src/main/resources/application.properties

@@ -1,9 +1,10 @@
 spring.application.name=glvd
 spring.datasource.url=jdbc:postgresql://localhost:5432/glvd
+spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
 spring.datasource.username=glvd
 spring.datasource.password=glvd
 spring.sql.init.mode=never
 jakarta.persistence.query.timeout=5000
 server.error.whitelabel.enabled=false
 management.endpoints.access.default=none
-management.endpoint.health.access=read-only
+management.endpoint.health.access=read-only

src/test/java/io/gardenlinux/glvd/ActuatorEndpointTests.java

@@ -1,53 +1,47 @@
 package io.gardenlinux.glvd;
 
-import io.restassured.RestAssured;
-import io.restassured.builder.RequestSpecBuilder;
-import io.restassured.specification.RequestSpecification;
-import org.apache.http.HttpStatus;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.web.server.LocalServerPort;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
 
-import static io.restassured.RestAssured.given;
 import static org.hamcrest.Matchers.is;
+import static org.springframework.restdocs.mockmvc.RestDocumentationRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
-@ExtendWith({SpringExtension.class})
-public class ActuatorEndpointTests {
+@SpringBootTest
+class ActuatorEndpointTests {
 
-    @LocalServerPort
-    private Integer port;
+	@Autowired
+	private WebApplicationContext context;
 
-    private RequestSpecification spec;
+	private MockMvc mockMvc;
 
-    @BeforeEach
-    void setUp() {
-        this.spec = new RequestSpecBuilder().build();
-
-        RestAssured.baseURI = "http://localhost:" + port;
-    }
+	@BeforeEach
+	public void setUp() {
+		this.mockMvc = MockMvcBuilders.webAppContextSetup(this.context).build();
+	}
 
     // We want to use actuator for k8s liveness and readiness probes
-    @Test
-    public void shouldReturnHealth() {
-        given(this.spec).accept("application/json")
-                .when().port(this.port).get("/actuator/health")
-                .then().statusCode(HttpStatus.SC_OK)
-                .body("status", is("UP"));
-    }
+	@Test
+	void shouldReturnHealth() throws Exception {
+		this.mockMvc.perform(get("/actuator/health"))
+			.andExpect(status().isOk())
+            .andExpect(jsonPath("status", is("UP")));
+	}
 
     @ParameterizedTest
     @ValueSource(strings = {"prometheus", "metrics", "env", "heapdump", "beans", "loggers", "mappings", "shutdown"})
-    public void shouldNotReturnSensitiveEndpoints(String endpoint) {
-        given(this.spec).accept("application/json")
-                .when().port(this.port).get("/actuator/" + endpoint)
-                .then().statusCode(HttpStatus.SC_NOT_FOUND)
-                .body("path", is("/actuator/" + endpoint));
+    public void shouldNotReturnSensitiveEndpoints(String endpoint) throws Exception {
+        this.mockMvc.perform(get("/actuator/" + endpoint))
+                .andExpect(status().isNotFound())
+                .andExpect(status().reason("No static resource actuator/" + endpoint + "."));
     }
 
 }