Skip to content

Align dependencies, fix H2 driver, and clear security alerts #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
technologic-technologic merged 1 commit into from
Oct 17, 2025
Merged

Align dependencies, fix H2 driver, and clear security alerts #26

technologic-technologic merged 1 commit into from
Oct 17, 2025

Conversation

@technologic-technologic
Copy link
Owner

@technologic-technologic technologic-technologic commented Oct 17, 2025

Updated the pom to comply with security, avoiding current vulnerabilities

  • Align dependencies, fix H2 driver, and clear security alerts

Summary

Align the build to a clean, runnable baseline:

  • Fix missing org.h2.Driver at runtime.
  • Clear transitive CVEs (commons-lang3, logback).
  • Keep Boot-managed versions consistent.

Impact

  • App starts with in-memory H2 for local/dev.
  • Tests continue to run (test classpath includes runtime).
  • No API changes.

More info below

@technologic-technologic
Upgraded pom to avoid vulnerabilities
42ee9bb 
- Updated the pom to comply with security, avoiding current vulnerabilities

Signed-off-by: Leonardo Trevizo <leonardo.trevizo@encora.com>
@github-actions
Copy link

github-actions bot commented Oct 17, 2025

PR Summary

WHAT Changed

  • Updated the Spring Boot version from 3.5.0 to 3.5.6 in pom.xml.
  • Updated the springdoc.version from 2.3.0 to 2.8.13.
  • Added logback.version set to 1.5.19.
  • Added commons-lang3.version set to 3.18.0.
  • Removed the H2 database dependency from the test scope.
  • Added configuration for the maven-surefire-plugin to enable dynamic agent loading.

WHY It Matters

  • Spring Boot Update: Upgrading to the latest version ensures that the application benefits from security patches, bug fixes, and new features.
  • Dependency Updates: Keeping dependencies like springdoc and logback up-to-date improves performance and compatibility with other libraries.
  • Removed H2 Dependency: This may reduce the application's footprint if H2 is no longer needed for testing.
  • Maven Surefire Plugin Configuration: Enhances the testing capabilities by allowing dynamic agent loading, which can improve test execution.

RISKS

  • Potential compatibility issues with the new versions of Spring Boot and other libraries.
  • Removing the H2 dependency may affect tests that rely on an in-memory database.

TESTS to Add

  • Verify that existing tests pass with the updated Spring Boot and library versions.
  • Add integration tests to ensure that the application behaves correctly without the H2 database.

BREAKING CHANGES

  • The removal of the H2 database dependency could break tests that depend on it for in-memory database functionality.

Changed File Paths

  • pom.xml

@technologic-technologic technologic-technologic added the enhancement New feature or request label Oct 17, 2025
This was linked to issues Oct 17, 2025
Open ticket to enhance overall quality #23
Closed
Fix dependencies vulnerabilites #27
Closed
@technologic-technologic technologic-technologic merged commit 48e0cf1 into gen-ai Oct 17, 2025
1 check passed
@technologic-technologic technologic-technologic deleted the 23-open-ticket-to-enhance-overall-quality branch October 17, 2025 04:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@technologic-technologic technologic-technologic

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix dependencies vulnerabilites Open ticket to enhance overall quality

2 participants

@technologic-technologic