Skip to content

fix(deps): integrate all pending DevHire branches#113

Merged
JasonTM17 merged 49 commits into
masterfrom
codex/devhire-all-branches-integration
Jul 16, 2026
Merged

fix(deps): integrate all pending DevHire branches#113
JasonTM17 merged 49 commits into
masterfrom
codex/devhire-all-branches-integration

Conversation

@JasonTM17

@JasonTM17 JasonTM17 commented Jul 15, 2026

Copy link
Copy Markdown
Owner

Summary

  • consolidates all 23 pre-existing remote branches into one protected integration PR
  • applies compatibility fixes for Spring Boot 4 / Spring Cloud 2025.1, Testcontainers 2, Next.js 16, Node 26, and AWS provider 6
  • preserves the README learning-project positioning and updates current Spring Boot references
  • keeps TypeScript on 6.0.3 because the current Next.js compiler integration does not load TypeScript 7 correctly
  • upgrades Jackson 2/3, Netty, Tomcat, Spring Kafka, and Commons FileUpload to patched releases after PR image scans exposed fixed HIGH/CRITICAL CVEs

Supersedes

#84, #88, #89, #90, #92, #93, #94, #95, #96, #97, #98, #99, #100, #101, #102, #103, #104, #105, #107, #109, #110, #111, #112

Local validation

  • Maven reactor: 12/12 modules, mvn -B -T1 verify (re-run after security overrides)
  • Frontend: typecheck, production build, 417 tests
  • Property tests: 22 tests at 500 runs each
  • Playwright: 31 desktop + 21 Pixel 7 scenarios
  • npm audit: 0 known vulnerabilities
  • Terraform: dev/staging/prod init + validate, TFLint, Trivy IaC
  • Cloud: 72 policy assertions, Helm lint/template, Kustomize, Kubeconform
  • Docs/API/security/repository hygiene audits: passed
  • YAML and Docker Compose configuration validation: passed

Merge policy

This PR must pass the protected master required checks and the complete Docker/image-scan matrix before squash merge. Superseded PRs and their remote branches will be closed/deleted only after the merged tree is verified byte-for-byte against this integration head.

dependabot Bot and others added 30 commits May 17, 2026 23:08
Bumps the spring-platform group with 2 updates: [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) and [org.springframework.cloud:spring-cloud-dependencies](https://github.com/spring-cloud/spring-cloud-release).


Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.14 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.14...v4.0.6)

Updates `org.springframework.cloud:spring-cloud-dependencies` from 2025.0.2 to 2025.1.1
- [Release notes](https://github.com/spring-cloud/spring-cloud-release/releases)
- [Commits](spring-cloud/spring-cloud-release@v2025.0.2...v2025.1.1)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 4.0.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring-platform
- dependency-name: org.springframework.cloud:spring-cloud-dependencies
  dependency-version: 2025.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: spring-platform
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the playwright group in /frontend with 1 update: [@playwright/test](https://github.com/microsoft/playwright).


Updates `@playwright/test` from 1.57.0 to 1.60.0
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.57.0...v1.60.0)

---
updated-dependencies:
- dependency-name: "@playwright/test"
  dependency-version: 1.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: playwright
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [jsdom](https://github.com/jsdom/jsdom) from 25.0.1 to 29.1.1.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Commits](jsdom/jsdom@v25.0.1...v29.1.1)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-version: 29.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [fast-check](https://github.com/dubzzz/fast-check/tree/HEAD/packages/fast-check) from 3.23.2 to 4.8.0.
- [Release notes](https://github.com/dubzzz/fast-check/releases)
- [Changelog](https://github.com/dubzzz/fast-check/blob/main/packages/fast-check/CHANGELOG.md)
- [Commits](https://github.com/dubzzz/fast-check/commits/v4.8.0/packages/fast-check)

---
updated-dependencies:
- dependency-name: fast-check
  dependency-version: 4.8.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws) to permit the latest version.

Updates `hashicorp/aws` to 6.45.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v5.84.0...v6.45.0)

---
updated-dependencies:
- dependency-name: hashicorp/aws
  dependency-version: 6.45.0
  dependency-type: direct:production
  dependency-group: terraform-aws-providers
...

Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws) to permit the latest version.

Updates `hashicorp/aws` to 6.45.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v5.84.0...v6.45.0)

---
updated-dependencies:
- dependency-name: hashicorp/aws
  dependency-version: 6.45.0
  dependency-type: direct:production
  dependency-group: terraform-aws-providers
...

Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [hashicorp/aws](https://github.com/hashicorp/terraform-provider-aws) to permit the latest version.

Updates `hashicorp/aws` to 6.45.0
- [Release notes](https://github.com/hashicorp/terraform-provider-aws/releases)
- [Changelog](https://github.com/hashicorp/terraform-provider-aws/blob/main/CHANGELOG.md)
- [Commits](hashicorp/terraform-provider-aws@v5.84.0...v6.45.0)

---
updated-dependencies:
- dependency-name: hashicorp/aws
  dependency-version: 6.45.0
  dependency-type: direct:production
  dependency-group: terraform-aws-providers
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /api-gateway with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /auth-service with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /user-service with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /company-service with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /job-service with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /application-service with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /notification-service with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /audit-service with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the frontend-base-images group in /frontend with 1 update: node.


Updates `node` from 24-alpine to 26-alpine

---
updated-dependencies:
- dependency-name: node
  dependency-version: 26-alpine
  dependency-type: direct:production
  dependency-group: frontend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the backend-base-images group in /ai-service with 2 updates: maven and eclipse-temurin.


Updates `maven` from 3.9.12-eclipse-temurin-21 to 3.9.14-eclipse-temurin-25

Updates `eclipse-temurin` from 21-jre-alpine to 25-jre-alpine

---
updated-dependencies:
- dependency-name: maven
  dependency-version: 3.9.14-eclipse-temurin-25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: backend-base-images
- dependency-name: eclipse-temurin
  dependency-version: 25-jre-alpine
  dependency-type: direct:production
  dependency-group: backend-base-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [net.jqwik:jqwik](https://github.com/jqwik-team/jqwik) from 1.9.2 to 1.10.1.
- [Release notes](https://github.com/jqwik-team/jqwik/releases)
- [Commits](jqwik-team/jqwik@1.9.2...1.10.1)

---
updated-dependencies:
- dependency-name: net.jqwik:jqwik
  dependency-version: 1.10.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…dates

Bumps the test-tooling group with 2 updates in the / directory: [org.testcontainers:testcontainers-bom](https://github.com/testcontainers/testcontainers-java) and [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco).


Updates `org.testcontainers:testcontainers-bom` from 1.20.6 to 2.0.5
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases)
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md)
- [Commits](testcontainers/testcontainers-java@1.20.6...2.0.5)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.14 to 0.8.15
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.14...v0.8.15)

---
updated-dependencies:
- dependency-name: org.testcontainers:testcontainers-bom
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: test-tooling
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-tooling
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact), [ossf/scorecard-action](https://github.com/ossf/scorecard-action) and [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action).


Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

Updates `actions/upload-artifact` from 6 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v6...v7)

Updates `ossf/scorecard-action` from 2.4.0 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@v2.4.0...v2.4.3)

Updates `gitleaks/gitleaks-action` from 2 to 3
- [Release notes](https://github.com/gitleaks/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: gitleaks/gitleaks-action
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) from 1.84 to 1.85.
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcprov-jdk18on
  dependency-version: '1.85'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
… 4 updates

Bumps the frontend-platform group with 4 updates in the /frontend directory: [next](https://github.com/vercel/next.js), [react](https://github.com/facebook/react/tree/HEAD/packages/react), [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) and [typescript](https://github.com/microsoft/TypeScript).


Updates `next` from 16.2.6 to 16.2.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Commits](vercel/next.js@v16.2.6...v16.2.10)

Updates `react` from 19.2.5 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.5 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `typescript` from 6.0.3 to 7.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-platform
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-platform
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontend-platform
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: frontend-platform
...

Signed-off-by: dependabot[bot] <support@github.com>
…s-86fe6ef9d5' into codex/devhire-all-branches-integration
…aform/aws/environments/dev/terraform-aws-providers-8837e742ec' into codex/devhire-all-branches-integration
…aform/aws/environments/staging/terraform-aws-providers-8837e742ec' into codex/devhire-all-branches-integration
…aform/aws/environments/prod/terraform-aws-providers-8837e742ec' into codex/devhire-all-branches-integration
…ckend-base-images-6d905b9744' into codex/devhire-all-branches-integration
…ackend-base-images-6d905b9744' into codex/devhire-all-branches-integration
…/playwright-54da592f60' into codex/devhire-all-branches-integration

# Conflicts:
#	frontend/package-lock.json
…/jsdom-29.1.1' into codex/devhire-all-branches-integration

# Conflicts:
#	frontend/package-lock.json
#	frontend/package.json
…/fast-check-4.8.0' into codex/devhire-all-branches-integration

# Conflicts:
#	frontend/package-lock.json
#	frontend/package.json
@JasonTM17 JasonTM17 added portfolio-maintenance Repository hygiene and portfolio maintenance work. needs-runtime-smoke Requires Docker/runtime smoke before merge. labels Jul 15, 2026
@JasonTM17
JasonTM17 merged commit 1af5202 into master Jul 16, 2026
35 checks passed
@JasonTM17
JasonTM17 deleted the codex/devhire-all-branches-integration branch July 16, 2026 04:36
JasonTM17 added a commit that referenced this pull request Jul 16, 2026
Consolidates all 11 post-#113 dependency branches, validates Maven 3.9.15/JDK 26 build stages, and aligns Node 26 across Docker, CI, local tooling, and type definitions. All protected checks and the complete Docker/Trivy matrix passed.
This was referenced Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-runtime-smoke Requires Docker/runtime smoke before merge. portfolio-maintenance Repository hygiene and portfolio maintenance work.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant