Bump org.springframework.boot:spring-boot-starter-parent from 3.1.4 to 4.1.0-RC1

[dependabot]

Bumps org.springframework.boot:spring-boot-starter-parent from 3.1.4 to 4.0.0.

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.0

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095
• Clarify how warnings about soon-to-expire SSL certificates are reported #48063
• Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #48053

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.springframework.boot:spring-boot-starter-parent	[>= 3.a, < 4]

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Note: Dependabot was ignoring updates to this dependency, but since you've updated it yourself we've started tracking it for you again. 🤖

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[kinow]

Oh, a major release. 👀

[kinow]

Started working on updating it. Got a really broken Java workspace in IntelliJ, but I think it should pass the build in a couple of days, I hope :)

[kinow]

• Updated to latest jar of spring-boot available
• Fixed removed functions and imports from JUnit4 & SpringBoot3
• Fixed build
• Fixed tests
• Test locally

Only pending to sort out the tests now, I think.

[kinow]

CodeQL identified a regex that could be used to create some sort of DDOS attack, I think. A good catch. Tried to fix it. It's the last part of the build process that's still failing. Nearly there!

[kinow]

The build is finally green! After being read since Nov 2025 😆 Now time to perform some tests, maybe using the workflow from CERN with a comma in the name too 🤓

[kinow]

One test should fail now. CodeQL build didn't pass due to the regexes used. I removed them and parsed the URL instead. I just need to understand how the generic git URL works now (@mr-c gave me a hint with his comment #782 (comment)). Once that's fixed, I think the work in this branch should be done.

Commits can be squashed or reorganized if we would like to keep any for rolling back.

Most of our changes in CWL Viewer are rather simple to test. But as with every Spring Boot update, I had to adjust the database layer. We ditched the library that did the translation between Hibernate and Postgres data (we added that during the migration from Mongo to Postgres). Hibernate and Spring Data are able to work directly with JSON and convert to objects.

But in order for that to work, I had to update pom.xml, application.properties (after a lot of experimenting to see what was really needed), add Serializable to some classes, replace String by UUID in the ID's, but keep the serialization as String (so that our existing DB schema works), and more.

We had a lot of warnings due to deprecation, old Java style, code smells, static analysis errors. So it was hard to see what was new and old in the IDE. The same happened with the Mongo -> Postgres migration, and then Spring Boot 2 -> 3. So this time I bit the bullet and fixed most of these warnings.

Some would be good to fix, like ignoring risks when converting Object to custom types like Strings, lists. But these require more testing, and are riskier to implement, so I left them out.

[kinow]

Spring Boot 4 requires 17, but it wasn't compiling for me. I moved to 25, new LTS version of Java. That brings getFirst(), Java records, and hopefully a bit of performance improvement? I can try again with JVM 17 if it's a blocker.

[kinow]

hypersistence-utils-hibernate library was handling the transformation from CWLElement and others like CWLStep into JSON. Now Jackson + Hibernate can handle this, but we need to make it Serializable or write a converter.

[kinow]

isEmpty is new in... Java 21 I think.

[kinow]

Faster than concatenating strings.

[kinow]

Added missing license headers.

[kinow]

Lambdas, no need to use new objects (I guess micro-optimization too, but easier to read/write)

[kinow]

We had JUnit 4 mixed, and also old-style Mockito. Had to spend some time rewriting everything to JUnit 5+ and new Spring Test + Mockito.

[kinow]

New syntax in JUnit 5 always skips the method visibility (more to make it easier for future Java devs to read this code 🤷 , functionally there's no difference)... more Javonic ? 😆

[kinow]

The tests were not running with just create 🤷 This doesn't involve production, only tests, so I didn't spend too long investigating why.

[kinow]

These were causing conflicts with new dependencies in Spring Boot & Spring Data.

[kinow]

In Spring Boot 2 -> 3, we had to do some fiddling with the queries and JSON objects. After a long time (it took really long), we found a stable recipe where we did the mapping with the help of an extra library that mapped JSON & Hibernate objects, but we had to re-write the repository queries to use native SQL, but calling internal objects of Spring Boot & Hibernate/JPA to fetch the data.

With Spring Boot 4 and new Hibernate/JPA, it magically does the serialization correctly! So we can move the queries back here, using JSON (before it wasn't necessary when we had Mongo), and delete the "custom" and "impl" repository classes. ! 🎉 Less code to maintain.

[kinow]

Here we know part.isPresent is try. Because we tested part.isEmpty before. We didn't have to test null as that's an optional that will be provided (although its content may not be there... because it's optional 😅 )

[kinow]

It looks like I moved the line, and removed spaces, but looking at the Java file everything looks ok. GitHub UI bug/glitch, I guess.

[kinow]

Ok. Build is green. Code now has a lot less warnings, so the next upgrade to Spring Boot 5 or so should be a lot simpler 🙏 Also managed to ditch the extra library to do serialization, so I'm hoping Spring 5 might be a one-day job.

@mr-c , @GlassOfWhiskey ready for review. Sorry for the amount of changes. I left comments explaining the changes. There are also a few commits so I might be able to revert some changes without much effort, if needed.

It needs JVM 25 now. And would be good to do a test before replacing the current viewer as this is changing the Spring Boot version.

---

I tested with docker compose up postgres sparql, followed by mvn clean spring-boot:run (after all tests passed locally). I used the sample workflows from the landing page.

If you want to test with Docker, create docker-compose.override.yml with something like this

services:
  postgres:
    ports:
      - "5432:5432"
  sparql:
    restart: always
## For debugging, expose the Fuseki port by enabling:
#    ports:
#     - "3030:3030"
## To find the admin password, try:
##   docker compose exec sparql grep admin /fuseki/shiro.ini
    ports:
    - "3030:3030"
  spring:
    build: .

That last part is to build the code inside a new container, instead of using cwlviewer:latest. That may take some seconds/minutes depending on your memory/cpu.

Cheers
Bruno

[kinow]

Nothing to see here, just making the code easier to change for the issues related to SPARQL, and for the #782 (I toyed with this code, trying to get the workflow to render, and it's harder with the concatenated strings).