Update to Spring Boot 3 and JDK 17 (#304)

* Update to Spring Boot 3 and JDK 17
Update other Dependencies

* Fix CI

* Fix CI

* Update OWASP Dependency Check

.github/workflows/ci-master.yml

@@ -18,9 +18,10 @@ jobs:
         path: ~/.m2/repository
         key: ${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ env.cache-name }}-
-    - uses: actions/setup-java@v1
+    - uses: actions/setup-java@v2
       with:
-        java-version: 11
+        java-version: 17
+        distribution: adopt
     - name: environment
       run: |
         sudo apt-get install --yes --no-install-recommends libxml-xpath-perl

.github/workflows/ci-pull-request.yml

@@ -19,8 +19,9 @@ jobs:
         path: ~/.m2/repository
         key: ${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ env.cache-name }}-
-    - uses: actions/setup-java@v1
+    - uses: actions/setup-java@v2
       with:
-        java-version: 11
+        java-version: 17
+        distribution: adopt
     - name: mvn package
       run: mvn --batch-mode package

.github/workflows/manual-package.yml

@@ -19,9 +19,10 @@ jobs:
         path: ~/.m2/repository
         key: ${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ env.cache-name }}-
-    - uses: actions/setup-java@v1
+    - uses: actions/setup-java@v2
       with:
-        java-version: 11
+        java-version: 17
+        distribution: adopt
     - name: environment
       run: |
         sudo apt-get install --yes --no-install-recommends libxml-xpath-perl

codestyle/checkstyle.xml

@@ -282,7 +282,7 @@
                 value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF, METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
     </module>
     <module name="JavadocMethod">
-      <property name="scope" value="public"/>
+      <property name="accessModifiers" value="public"/>
       <property name="allowMissingParamTags" value="true"/>
       <property name="allowMissingReturnTag" value="true"/>
       <property name="allowedAnnotations" value="Override, Test"/>

lombok.config

@@ -0,0 +1 @@
+lombok.copyableAnnotations += org.springframework.beans.factory.annotation.Qualifier

owasp/suppressions.xml

@@ -1,25 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
   <suppress>
-    <notes>see https://github.com/jeremylong/DependencyCheck/issues/1827></notes>
-    <cve>CVE-2018-1258</cve>
+    <notes>H2 is only used for testing, not production</notes>
+    <cve>CVE-2022-45868</cve>
   </suppress>
   <suppress>
-    <notes>see https://github.com/jeremylong/DependencyCheck/issues/2952</notes>
-    <cve>CVE-2011-2732</cve>
-    <cve>CVE-2011-2731</cve>
-    <cve>CVE-2012-5055</cve>
-  </suppress>
-  <suppress>
-    <notes>see https://tomcat.apache.org/security-9.html#Apache_Tomcat_9.x_vulnerabilities vulnerability is fixed in tomcat 9.0.38</notes>
-    <cve>CVE-2020-13943</cve>
-  </suppress>
-  <suppress>
-    <notes>H2 Vulnerability suppressed</notes>
-    <cve>CVE-2021-23463</cve>
-  </suppress>
-  <suppress>
-    <notes>netty-transport-4.1.70 Vulnerability</notes>
-    <cve>CVE-2021-43797</cve> 
+    <notes>no YAML content from users is parsed within this service</notes>
+    <cve>CVE-2022-1471</cve>
   </suppress>
 </suppressions>