Skip to content

Migrate from Java 11 to Java 17 with Spring Boot 2.7.18#561

Open
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1776674804-java17-migration
Open

Migrate from Java 11 to Java 17 with Spring Boot 2.7.18#561
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1776674804-java17-migration

Conversation

@devin-ai-integration
Copy link
Copy Markdown

@devin-ai-integration devin-ai-integration Bot commented Apr 20, 2026
edited
Loading

Summary

Upgrades the project from Java 11 to Java 17, with Spring Boot 2.6.3 → 2.7.18 and all associated dependency bumps. Key changes:

  • Java 17: sourceCompatibility/targetCompatibility set to '17', --release 17 compiler arg added
  • Spring Boot 2.7.18: Latest 2.7.x patch release
  • Gradle wrapper: 7.4 → 7.6.4 (required for Java 17 support)
  • WebSecurityConfig: Removed deprecated WebSecurityConfigurerAdapter; replaced with a @Bean SecurityFilterChain method (standard Spring Security 5.7+ pattern)
  • DGS 4.9.21 → 5.5.1: Required migrating PageInfo from graphql.relay.DefaultPageInfo to the DGS-generated io.spring.graphql.types.PageInfo in both ArticleDatafetcher and CommentDatafetcher
  • Spotless 6.25.0 with googleJavaFormat('1.17.0') pinned for Java 17 module access compatibility
  • Dependency version overrides: Added dependencyManagement block to force graphql-java:19.2 and rest-assured:5.3.2 — Spring Boot's BOM was downgrading these transitive dependencies, causing NoSuchMethodError at runtime

All 68 tests pass locally with ./gradlew clean build.

Review & Testing Checklist for Human

  • Verify dependencyManagement overrides are safe: The graphql-java:19.2 and rest-assured:5.3.2 forced versions override Spring Boot's managed versions. Confirm these don't introduce transitive conflicts in production (not just tests). Consider whether the DGS platform BOM (graphql-dgs-platform-dependencies:5.5.1) on line 52 is redundant with the dependencyManagement block override on line 33.
  • Validate PageInfo serialization: ArticleDatafetcher and CommentDatafetcher now use io.spring.graphql.types.PageInfo (DGS-generated) instead of graphql.relay.DefaultPageInfo. Verify the generated type's field names (startCursor, endCursor, hasPreviousPage, hasNextPage) match the GraphQL schema and produce correct responses for clients.
  • Verify SecurityFilterChain behavior: The WebSecurityConfig refactor preserves all existing rules (CSRF disabled, stateless sessions, URL auth patterns, CORS, JWT filter). Confirm authorization behavior is identical — especially the ordering of antMatchers and that /articles/feed (GET, authenticated) still takes precedence over /articles/** (GET, permitAll).
  • Run the app end-to-end: Boot the app with ./gradlew bootRun and exercise the REST and GraphQL APIs to confirm runtime behavior beyond unit tests (e.g., JWT auth flow, article CRUD, GraphQL pagination with pageInfo).

Notes

  • The gradlew script diff is large but entirely auto-generated by ./gradlew wrapper --gradle-version 7.6.4 — no manual edits.
  • javax.* imports are unchanged; those only need to migrate to jakarta.* for Spring Boot 3.x.
  • Joda-Time usage across the codebase is not addressed here (noted as separate tech debt).

Link to Devin session: https://app.devin.ai/sessions/b302e00daffe497f95431a39cb827fc4
Requested by: @choikh0423

Open in Devin Review

@devin-ai-integration @choikh0423
Migrate from Java 11 to Java 17 with Spring Boot 2.7.18
2bc422f 
- Update sourceCompatibility/targetCompatibility to Java 17
- Upgrade Spring Boot 2.6.3 -> 2.7.18
- Upgrade Spring dependency-management 1.0.11 -> 1.0.15
- Upgrade DGS codegen 5.0.6 -> 5.12.4
- Upgrade DGS starter 4.9.21 -> 5.5.1 with platform BOM
- Upgrade Spotless 6.2.1 -> 6.25.0 with googleJavaFormat 1.17.0
- Upgrade Gradle wrapper 7.4 -> 7.6.4
- Upgrade mybatis-spring-boot-starter 2.2.2 -> 2.3.2
- Upgrade sqlite-jdbc 3.36.0.3 -> 3.42.0.1
- Upgrade jjwt 0.11.2 -> 0.11.5
- Upgrade joda-time 2.10.13 -> 2.12.5
- Upgrade rest-assured 4.5.1 -> 5.3.2
- Refactor WebSecurityConfig: replace deprecated WebSecurityConfigurerAdapter with SecurityFilterChain bean
- Migrate PageInfo from graphql-relay to DGS-generated types
- Add dependencyManagement overrides for graphql-java and rest-assured

Co-Authored-By: Kyu Choi <kyuhwanchoi0423@gmail.com>
@devin-ai-integration
Copy link
Copy Markdown
Author

devin-ai-integration Bot commented Apr 20, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

devin-ai-integration[bot]
devin-ai-integration Bot commented Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Author

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

Open in Devin Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@choikh0423 choikh0423

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@choikh0423