Fix raw types in UpdateUserConstraint and document Java 17 API review

[devin-ai-integration]

Summary

Reviewed all 30 Java files under src/main/java/io/spring/application/ for deprecated/removed Java 17 APIs. No issues were found for:

• javax.security.auth.Subject.doAs()
• SecurityManager usage
• Nashorn JavaScript engine usage
• Illegal reflection access
• java.util.Date behavioral changes

The only code fix is in UserService.java: the UpdateUserConstraint annotation used raw Class[] types for groups() and payload(), which should be Class<?>[] and Class<? extends Payload>[] per the Bean Validation contract. This eliminates raw type compiler warnings.

Note: An initial attempt to migrate javax.validation → jakarta.validation was reverted because Spring Boot 2.6.3 (the current version) only provides classes under the javax.validation.* Java package. That migration requires upgrading to Spring Boot 3.x first.

Review & Testing Checklist for Human

• Verify the raw type fix in UpdateUserConstraint compiles correctly (./gradlew compileJava)
• If a Spring Boot 3.x / Java 17 upgrade is planned, note that 11 files in the application layer will need javax.validation → jakarta.validation migration at that time (along with files in api/, graphql/, and other packages)

Notes

• Only src/main/java/io/spring/application/user/UserService.java was modified; no other application-layer files required changes.
• build.gradle and test files were not modified per task scoping.

Link to Devin session: https://app.devin.ai/sessions/00c601670ca44b6f9b6580706c90454e
Requested by: @shayanshafii

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring