PR for v1.3.7

[ThomasJejkal]

Summary by CodeRabbit

• Chores
  • Updated core libraries to recent patch releases for security and stability.
  • Upgraded build tooling and wrapper; added publishing, signing and release plugins to improve release workflows.
  • Updated CI workflows and action versions used in builds and publishing.
  • No functional changes or public API modifications.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Bumped multiple build and dependency versions, added Gradle publishing/signing plugins, upgraded the Gradle wrapper and added wrapper zipStorePath, and updated GitHub Actions workflows to use actions/checkout@v6 and setup-java@v5.1.0. No application code or public API signatures changed.

Changes

Cohort / File(s)	Summary
Build script: plugin & dependency version bumps / additions build.gradle	Updated plugin versions (e.g., io.freefair.lombok, io.freefair.maven-publish-java 9.0.0→9.1.0). Bumped dependencies: Spring Boot 3.5.6→3.5.8, SpringDoc 2.8.13→2.8.14, Jackson artifacts to 2.20.1, nimbus-jose-jwt 10.5→10.6, commons-lang3 3.19.0→3.20.0, commons-validator 1.10.0→1.10.1, commons-io 2.20.0→2.21.0, org.owasp.dependencycheck 12.1.8→12.1.9. Added Gradle plugins: signing, net.researchgate.release, io.github.gradle-nexus.publish-plugin (kept maven-publish).
Gradle wrapper properties gradle/wrapper/gradle-wrapper.properties	Upgraded distribution from gradle-9.1.0-bin.zip → gradle-9.2.1-bin.zip and added zipStorePath=wrapper/dists.
CI workflows: checkout & setup-java action updates .github/workflows/codeql-analysis.yml, .github/workflows/gradle.yml, .github/workflows/publishRelease.yml	Replaced actions/checkout@v5 with actions/checkout@v6 and actions/setup-java@v5.0.0 with actions/setup-java@v5.1.0 across workflows; no other workflow logic changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10–15 minutes

• Pay attention to:
  • build.gradle dependency matrix (Spring / Jackson / Nimbus compatibility and potential transitive changes).
  • New publishing plugins (signing, net.researchgate.release, nexus) and their configuration presence/credentials.
  • Gradle wrapper bump and the added zipStorePath entry for CI agents.

Possibly related PRs

• PR for v1.3.5 #400 — overlapping build.gradle and gradle-wrapper.properties version bumps and plugin updates.
• PR for v1.3.3 #327 — prior related upgrades to build.gradle and Gradle wrapper distribution.
• PR for v1.3.6 #454 — related CI workflow action version updates (checkout/setup-java).

Poem

🐇 I hopped through lines of build and code,
I nudged the versions down the road.
A wrapper zipped, workflows stepped in stride,
Plugins signed and ready to glide.
✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'PR for v1.3.7' is vague and generic, using non-descriptive phrasing that does not convey meaningful information about the actual changes in the PR (dependency updates, Gradle upgrades, GitHub Actions updates).	Revise the title to be more specific and descriptive, such as 'Bump Gradle and dependencies for v1.3.7' or 'Update dependencies and GitHub Actions workflows'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch development

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f06dcde and a2b2722.

📒 Files selected for processing (3)

• .github/workflows/codeql-analysis.yml (1 hunks)
• .github/workflows/gradle.yml (2 hunks)
• .github/workflows/publishRelease.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/codeql-analysis.yml
• .github/workflows/publishRelease.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: Analyze (java)
• GitHub Check: build (windows-latest, 17)
• GitHub Check: build (ubuntu-latest, 19)
• GitHub Check: build (windows-latest, 19)
• GitHub Check: build (ubuntu-latest, 17)
• GitHub Check: build (windows-latest, 17)
• GitHub Check: build (windows-latest, 19)
• GitHub Check: build (ubuntu-latest, 17)

🔇 Additional comments (2)

.github/workflows/gradle.yml (2)

27-27: Patch version bump for setup-java is low-risk.

The upgrade from v5.0.0 to v5.1.0 is a patch version bump and is generally backward-compatible. This change looks good.

Also applies to: 53-53

---

25-25: No action required — actions/checkout@v6 upgrade is safe for this workflow.

The major version bump from v5 to v6 includes a breaking change in credential storage (persisted to $RUNNER_TEMP instead of .git/config), but this only affects workflows that directly manipulate .git/config or run containerized actions with authenticated git commands. This gradle workflow simply checks out code and runs a build, so the upgrade poses no compatibility issues. The typical git operations (fetch/push) work without changes, and the required GitHub Actions Runner version is met by default.

Also applies to: 51-51

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}