Migrate to Java 25 (LTS) and Spring Boot 4.0.6

[devin-ai-integration]

Summary

Migrates the project from Java 17 / Spring Boot 3.3.3 to Java 25 (latest LTS) / Spring Boot 4.0.6 (latest stable release, built on Spring Framework 7.0).

Changes

pom.xml:

• Spring Boot parent: 3.3.3 → 4.0.6
• java.version: 17 → 25
• Maven compiler plugin: removed hardcoded source/target of 1.8 (was inconsistent), now uses <release>${java.version}</release>
• MySQL connector: mysql:mysql-connector-java:8.0.33 → com.mysql:mysql-connector-j (old artifact deprecated; version managed by Spring Boot BOM)
• Added H2 test dependency for in-memory test database

SecurityConfig.java (Spring Security 7.0 compatibility):

• Removed AntPathRequestMatcher (class removed in Spring Security 7); replaced with logoutUrl("/logout")
• Removed configureGlobal(AuthenticationManagerBuilder) method — Spring Security auto-discovers the UserDetailsService and PasswordEncoder beans

application.properties:

• Removed deprecated org.hibernate.dialect.MySQL8Dialect — Hibernate 7.x auto-detects the dialect

Dockerfile:

• Build stage: maven:3.8.3-openjdk-17 → maven:3.9-eclipse-temurin-25
• Runtime stage: openjdk:17-alpine → eclipse-temurin:25-jre-alpine
• Replaced deprecated MAINTAINER directive with LABEL maintainer=...
• Updated as → AS for multi-stage build best practices

Maven wrapper: Updated from 3.9.7 to 3.9.9

Test infrastructure: Added src/test/resources/application.properties with H2 in-memory database config for tests

Review & Testing Checklist for Human

• Verify the application starts successfully against a MySQL 8+ database
• Test login, registration, deposit, withdraw, and transfer flows end-to-end
• Verify Docker build succeeds with the updated Dockerfile (docker build -t bankapp .)
• Confirm Kubernetes/Jenkins pipeline compatibility with the updated Docker base images

Notes

• The maven-compiler-plugin previously had source/target set to 1.8 which was inconsistent with the java.version property of 17 — this has been corrected
• thymeleaf-extras-springsecurity6 artifact name is retained as no springsecurity7 artifact has been published; the existing version is compatible with Spring Security 7.0
• The Spring Boot 4.0 upgrade path recommends going through 3.5 first, but this app is simple enough that a direct upgrade works cleanly

Link to Devin session: https://app.devin.ai/sessions/652dbc1c843345eba40d0980eb4e0110
Requested by: @joao-cognition

---

Devin Review

Status	Commit
⚪ Not started	—

💡 Connect your GitHub account to enable automatic code reviews.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring