chore: Switch from Spring 2.7 to 3.2 (#400)

Signed-off-by: rnd4you <rnd4u.org@gmail.com>

.github/workflows/build.yml

@@ -24,10 +24,10 @@ jobs:
         egress-policy: audit
 
     - uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28
-    - name: Set up JDK 11
+    - name: Set up JDK 17
       uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93
       with:
-        java-version: '11'
+        java-version: '17'
         distribution: 'temurin'
         cache: maven
     - name: Build with Maven

.github/workflows/codeql.yml

@@ -25,16 +25,25 @@ jobs:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4
+      uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
       with:
-          languages: ${{ matrix.language }}
+        languages: ${{ matrix.language }}
 
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4
+    - name: Set up JDK 17
+      uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+        cache: maven
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 
+      uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
+      with:
+        category: "/language:${{matrix.language}}"
+

.github/workflows/findbugs.yml

@@ -21,10 +21,10 @@ jobs:
         egress-policy: audit
 
     - uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28
-    - name: Set up JDK 11
+    - name: Set up JDK 17
       uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93
       with:
-        java-version: '11'
+        java-version: '17'
         distribution: 'temurin'
         cache: maven
     - name: Build with Maven

.github/workflows/publish-release.yml

@@ -135,7 +135,7 @@ jobs:
       - name: Set up JDK
         uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93
         with:
-          java-version: '11'
+          java-version: '17'
           distribution: 'temurin'
           cache: maven
 
@@ -167,7 +167,7 @@ jobs:
       - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
         with:
-          java-version: '11'
+          java-version: '17'
           distribution: 'temurin'
       - name: Publish package
         run: mvn --batch-mode deploy

.github/workflows/test-suite.yml

@@ -21,10 +21,10 @@ jobs:
         egress-policy: audit
 
     - uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28
-    - name: Set up JDK 11
+    - name: Set up JDK 17
       uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93
       with:
-        java-version: '11'
+        java-version: '17'
         distribution: 'temurin'
         cache: maven
     - name: Build with Maven

README.md

@@ -11,39 +11,39 @@
 [![Project Map](https://sourcespy.com/shield.svg)](https://sourcespy.com/github/samsunglpvs/)
 
 ## Introduction
-Open-source code [refers](https://en.wikipedia.org/wiki/Open-source_software) to software that is freely available for use, study, modification, and distribution, subject to meeting the conditions of the corresponding license. Failure to comply with the license conditions can lead to legal disputes, financial liabilities, the requirement to disclose intellectual property, and reputational damage.
+[Open-source code](https://en.wikipedia.org/wiki/Open-source_software) (that is a software that is freely available for use, study, modification, and distribution) must meet conditions of the respective license(s) of all of its dependencies. Miscompliance may lead to legal disputes, fines, obligation to disclose intellectual property, as well as reputational damage.
 
-In projects with numerous external dependencies, it can be challenging to track license obligations accurately. Additionally, when multiple collaborators are involved, the risk of unintentional license violations, such as through copy-pasting code snippets, increases. Furthermore, there are nuanced situations like dependencies with dual licensing or licenses that may change due to ownership, purpose, or legislative alterations. These factors can potentially turn previously safe dependencies into unsafe ones over time.
+In projects with numerous external dependencies, it becomes challenging to track license obligations accurately. Also, when many collaborators are involved, the risk of unintentional license violations, such as through copy-pasting code snippets, increases. Furthermore, there are nuanced situations like dependencies with dual licensing or licenses that may change due to ownership, purpose, or legislative alterations. These factors can potentially turn previously safe dependencies into unsafe ones over time.
 
-To address these license-related risks for open-source code, we have developed the _License Pre-Validation Service (LPVS)_. This tool provides a solution to mitigate potential license issues. By analyzing the project, LPVS identifies its components and their respective licenses at every commit. It then generates a list of potential issue cases, which are communicated as comments on GitHub. LPVS offers a comprehensive description of possible license violations, including details on the location of risky code and an overview of the specific license-related issues.
+To address these license-related risks for open-source code, we have developed the _License Pre-Validation Service (LPVS)_. This tool provides a solution to mitigate potential license issues. By analyzing the project, LPVS identifies its components and their respective licenses at every commit. Then it generates a list of potential issue cases, and communicates them to the developers as comments on GitHub. LPVS offers a comprehensive description of possible license violations, including the details on the location of risky code and an overview of the specific license-related issues.
 
-With LPVS, we aim to assist developers and project teams in ensuring license compliance for their open-source code. By providing insights into potential license violations and their implications, LPVS enables proactive management of license-related risks throughout the development process.
+With LPVS, we aim at assisting developers and project teams with ensuring license compliance for their open-source code. By providing insights into the potential license violations and their implications, LPVS enables proactive management of license-related risks throughout the development process.
 
 We believe that LPVS will be an invaluable tool for maintaining the integrity of open-source projects and safeguarding against license infringements.
 
 ## Features
 
 - License Scanners:
 
-    LPVS integrates with the [SCANOSS](https://www.scanoss.com) license scanner, allowing for comprehensive license analysis of the project's components. SCANOSS helps identify the licenses associated with the codebase, ensuring compliance with open-source license requirements. By leveraging SCANOSS, LPVS provides accurate and up-to-date information on the licenses used in the project.
+    LPVS integrates with the [SCANOSS](https://www.scanoss.com) license scanner, allowing for comprehensive license analysis of the project's components. SCANOSS helps to identify the licenses associated with the codebase, ensuring the compliance with open-source license requirements. By leveraging SCANOSS, LPVS provides accurate and up-to-date information on the licenses used in the project.
 
 - GitHub Review System Integration:
 
-    LPVS seamlessly integrates with the GitHub review system, enhancing the collaboration and code review process. LPVS automatically generates comments on GitHub, highlighting potential license violations or issues within the codebase. This integration streamlines the review process, making it easier for developers and collaborators to identify and address license-related concerns directly within the GitHub environment.
+    LPVS seamlessly integrates with the GitHub review system, enhancing the collaboration and code review process. LPVS automatically generates comments on GitHub, highlighting potential license violations or issues within the codebase. This integration streamlines the review process, making it easier for the developers and collaborators to identify and address license-related concerns directly within the GitHub environment.
 
 - Comprehensive Issue Description:
 
-    LPVS provides a detailed and comprehensive description of possible license violations within the project. This includes specific information on the location of potentially risky code and an overview of the license-related issues at hand. By offering this comprehensive insight, LPVS enables developers to have a clear understanding of the license-related risks within their codebase and take appropriate action to mitigate them.
+    LPVS provides a detailed and comprehensive description of possible license violations within the project. This includes specific information on the location of potentially risky code and an overview of the license-related issues at hand. By offering this comprehensive insight, LPVS enables the developers to have a clear understanding of license-related risks within their codebase and to take appropriate steps to mitigate them.
 
 - Continuous Monitoring:
 
     LPVS facilitates continuous monitoring of license-related risks throughout the development process. By analyzing each commit, LPVS ensures that any changes or additions to the codebase are assessed for potential license violations. This ongoing monitoring allows developers to proactively manage license compliance and address any issues that arise in a timely manner.
 
 - Risk Mitigation:
 
-    LPVS aims to mitigate license-related risks by providing early detection and identification of potential violations. By alerting developers to potential issues and providing the necessary information to understand and address them, LPVS empowers teams to take proactive steps to ensure compliance with open-source licenses. This helps mitigate the risk of legal disputes, financial liabilities, and reputational damage associated with license violations.
+    LPVS aims at mitigating license-related risks by providing early detection and identification of potential violations. By alerting developers about potential issues and by providing the necessary information to understand and address them, LPVS empowers teams to take proactive steps to ensure compliance with open-source licenses. This helps mitigate the risk of legal disputes, financial liabilities, and reputational damage associated with license violations.
 
-With these features, LPVS assists developers in effectively managing license compliance for their open-source projects. By integrating with license scanning tools, supporting the GitHub review system, and providing comprehensive issue descriptions, LPVS offers a robust solution for identifying and addressing license-related risks in the software development lifecycle.
+With these features, LPVS assists developers to manage license compliance for their open-source projects effectively. By integration with license scanning tools, supporting the GitHub review system, and providing comprehensive issue descriptions, LPVS offers a robust solution for identifying and addressing license-related risks in the software development lifecycle.
 
 ---
 

pom.xml

@@ -26,23 +26,17 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.7.15</version>
+        <version>3.2.1</version>
     </parent>
 
-
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.source>11</maven.compiler.source>
-        <maven.compiler.target>11</maven.compiler.target>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
         <project.build.outputTimestamp>2023-11-18T00:00:00Z</project.build.outputTimestamp>
     </properties>
 
     <dependencies>
-        <dependency>
-            <groupId>org.springframework.boot.experimental</groupId>
-            <artifactId>spring-boot-thin-layout</artifactId>
-            <version>1.0.31.RELEASE</version>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
@@ -62,7 +56,6 @@
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-core</artifactId>
-            <version>5.3.27</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
@@ -75,15 +68,9 @@
             <version>1.318</version>
         </dependency>
         <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter</artifactId>
-            <version>5.9.1</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.junit-pioneer</groupId>
-            <artifactId>junit-pioneer</artifactId>
-            <version>2.0.0</version>
+            <groupId>uk.org.webcompere</groupId>
+            <artifactId>system-stubs-jupiter</artifactId>
+            <version>2.1.5</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -97,14 +84,6 @@
             <artifactId>commons-codec</artifactId>
             <version>1.15</version>
         </dependency>
-
-        <!-- Support of static mocks present only in mockito-inline, not mockito-core -->
-        <dependency>
-            <groupId>org.mockito</groupId>
-            <artifactId>mockito-inline</artifactId>
-            <version>5.2.0</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>com.google.code.findbugs</groupId>
             <artifactId>annotations</artifactId>
@@ -148,7 +127,6 @@
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
-                <version>2.7.9</version>
                 <dependencies>
                     <!-- The following enables the "thin jar" deployment option. -->
                     <dependency>
@@ -158,11 +136,6 @@
                     </dependency>
                 </dependencies>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.2.1</version>
-            </plugin>
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
@@ -188,7 +161,7 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.12.1</version>
                 <configuration>
-                    <release>11</release>
+                    <release>17</release>
                     <showWarnings>true</showWarnings>
                     <showDeprecation>true</showDeprecation>
                     <compilerArgs>

src/main/java/com/lpvs/config/SecurityConfig.java

@@ -12,9 +12,9 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;

src/main/java/com/lpvs/controller/GitHubController.java

@@ -17,9 +17,9 @@
 import com.lpvs.entity.LPVSResponseWrapper;
 import lombok.extern.slf4j.Slf4j;
 
-import javax.validation.Valid;
-import javax.validation.constraints.Min;
-import javax.validation.constraints.NotEmpty;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotEmpty;
 import org.apache.commons.codec.binary.Hex;
 import org.kohsuke.github.GHPullRequest;
 import org.kohsuke.github.GHRepository;
@@ -35,9 +35,9 @@
 import java.io.IOException;
 import java.util.Date;
 import java.util.Optional;
-import javax.annotation.PostConstruct;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
+import jakarta.annotation.PostConstruct;
 
 /**
  * Controller class for handling GitHub webhook events and single scan requests.

src/main/java/com/lpvs/entity/LPVSDetectedLicense.java

@@ -9,7 +9,7 @@
 import lombok.Getter;
 import lombok.Setter;
 
-import javax.persistence.*;
+import jakarta.persistence.*;
 import java.io.Serializable;
 
 /**

src/main/java/com/lpvs/entity/LPVSLicense.java

@@ -11,7 +11,7 @@
 import lombok.NoArgsConstructor;
 import lombok.Setter;
 
-import javax.persistence.*;
+import jakarta.persistence.*;
 import java.io.Serializable;
 
 /**

src/main/java/com/lpvs/entity/LPVSLicenseConflict.java

@@ -10,7 +10,7 @@
 import lombok.NoArgsConstructor;
 import lombok.Setter;
 
-import javax.persistence.*;
+import jakarta.persistence.*;
 import java.io.Serializable;
 
 /**

src/main/java/com/lpvs/entity/LPVSPullRequest.java

@@ -11,7 +11,7 @@
 import lombok.NoArgsConstructor;
 import lombok.Setter;
 
-import javax.persistence.*;
+import jakarta.persistence.*;
 import java.io.Serializable;
 import java.util.Date;
 import java.util.Objects;

src/main/java/com/lpvs/entity/LPVSQueue.java

@@ -10,7 +10,7 @@
 import lombok.Getter;
 import lombok.Setter;
 
-import javax.persistence.*;
+import jakarta.persistence.*;
 import java.io.Serializable;
 import java.util.Date;
 import java.util.Objects;

src/main/java/com/lpvs/entity/auth/LPVSMember.java

@@ -10,8 +10,7 @@
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import org.hibernate.annotations.DynamicUpdate;
-
-import javax.persistence.*;
+import jakarta.persistence.*;
 
 /**
  * Represents a member in the LPVS system.

src/main/java/com/lpvs/service/LPVSDetectService.java

@@ -22,9 +22,7 @@
 import org.springframework.context.event.EventListener;
 import org.springframework.stereotype.Service;
 import org.springframework.web.util.HtmlUtils;
-
-import javax.annotation.PostConstruct;
-
+import jakarta.annotation.PostConstruct;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -94,7 +92,6 @@ public class LPVSDetectService {
      * @param licenseService          Service for license conflict analysis.
      * @param gitHubService           Service for GitHub connection and operation.
      */
-    @Autowired
     public LPVSDetectService(
             @Value("${scanner:scanoss}") String scannerType,
             LPVSGitHubConnectionService gitHubConnectionService,

src/main/java/com/lpvs/service/LPVSGitHubConnectionService.java

@@ -12,8 +12,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
-
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
 import java.io.IOException;
 import java.util.Optional;
 

src/main/java/com/lpvs/service/LPVSLicenseService.java

@@ -18,7 +18,8 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
-import javax.annotation.PostConstruct;
+import jakarta.annotation.PostConstruct;
+
 import java.util.*;
 
 /**