Upgrade to Java 17 with dependency version bumps

[devin-ai-integration]

Summary

Upgrades the project from Java 11 to Java 17, bumping Spring Boot from 2.6.3 → 2.7.18 and all major dependencies to Java 17-compatible versions. Gradle wrapper upgraded from 7.4 → 8.5.

Dependency changes:

Dependency	Old	New
Spring Boot	2.6.3	2.7.18
Gradle wrapper	7.4	8.5
DGS codegen plugin	5.0.6	5.6.0
DGS starter	4.9.21	5.5.1 (via BOM)
Spotless plugin	6.2.1	6.12.0
mybatis-spring-boot-starter	2.2.2	2.3.0
jjwt	0.11.2	0.11.5
sqlite-jdbc	3.36.0.3	3.40.0.0
rest-assured	4.5.1	5.3.0

Notable: A dependencyManagement block importing the DGS platform-dependencies BOM (5.5.1) was added. Without it, the DGS codegen plugin's transitive dependency on graphql-dgs-platform:5.0.4 pins graphql-java to 18.5, while federation-graphql-java-support:2.1.0 (pulled by DGS 5.5.1) requires graphql-java:19.2, causing a NoSuchMethodError at runtime. The BOM import ensures consistent graphql-java resolution.

All 68 tests pass locally. App boots and spotless formatting succeeds.

Review & Testing Checklist for Human

• Verify the DGS BOM import (dependencyManagement block in build.gradle) — this is the most impactful structural change and affects transitive dependency resolution across the project. Run ./gradlew dependencies --configuration runtimeClasspath | grep graphql-java to confirm graphql-java:19.2 is resolved.
• Confirm Spring Boot 2.6 → 2.7 behavioral changes are acceptable — check for any security defaults or auto-configuration changes that may affect runtime behavior (e.g., SpringMVC path matching strategy changed in 2.6+).
• Run ./gradlew clean test on CI with Java 17 to verify all 68 tests pass in the CI environment, not just locally.
• Smoke-test the running app — ./gradlew bootRun then hit http://localhost:8080/tags and a GraphQL query at /graphql to verify both REST and GraphQL endpoints work.

Notes

• The gradlew / gradlew.bat / gradle-wrapper.jar diffs are auto-generated by ./gradlew wrapper --gradle-version 8.5.
• The test file change (DefaultJwtServiceTest.java) is purely a spotless reformatting (line wrap).
• Gradle 8.5 emits deprecation warnings about Gradle 9.0 incompatibility — these come from the plugins, not this PR's changes.

Link to Devin session: https://app.devin.ai/sessions/7a9bf3fc5cc044b1a3da0f985c61954f
Requested by: @josephgoret

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

[devin-ai-integration]

End-to-End Test Results

Ran app locally via ./gradlew bootRun on Java 17.0.13, tested REST and GraphQL endpoints.

Core Tests (3/3 passed)

• REST /tags endpoint — PASSED: Returns {"tags":[]} (200 OK)
• GraphQL { tags } query — PASSED: Returns {"data":{"tags":[]}} — DGS schema bean initializes correctly with graphql-java 19.2
• GraphQL createUser mutation — PASSED: Returns UserPayload with email, username, and JWT token — full stack (DGS → MyBatis → SQLite) works on Java 17

Additional Verification

• Unit tests (68/68) — PASSED via ./gradlew clean test
• Spotless formatting — PASSED via ./gradlew spotlessJavaApply
• GraphiQL UI — UNTESTED: Page rendered blank (likely pre-existing JS bundle issue, not a regression)

Escalations

• Snyk security check failed (non-required) — likely a pre-existing transitive dependency vulnerability, not introduced by this PR

REST /tags	GraphQL Results (curl)

Devin session