Update all non-major dependencies

build.gradle

@@ -95,7 +95,7 @@ plugins {
     id 'com.github.hierynomus.license' version '0.16.1' apply false
     id 'com.github.jk1.dependency-license-report' version '2.9' apply false
     id 'org.zeroturnaround.gradle.jrebel' version '1.2.0' apply false
-    id 'org.springframework.boot' version '3.2.6' apply false
+    id 'org.springframework.boot' version '3.3.3' apply false
     id 'net.ltgt.errorprone' version '3.1.0' apply false
     id 'io.swagger.core.v3.swagger-gradle-plugin' version '2.2.23' apply false
     id 'com.gorylenko.gradle-git-properties' version '2.4.2' apply false

buildSrc/build.gradle

@@ -20,7 +20,7 @@
 import static org.slf4j.LoggerFactory.*
 
 plugins {
-    id 'io.spring.dependency-management' version '1.1.4'
+    id 'io.spring.dependency-management' version '1.1.6'
     id 'groovy'
     id 'java-gradle-plugin'
     id 'groovy-gradle-plugin'

buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle

@@ -23,19 +23,19 @@ apply plugin: 'io.spring.dependency-management'
 dependencyManagement {
     imports {
         mavenBom 'com.squareup.okhttp3:okhttp-bom:4.12.0'
-        mavenBom 'org.slf4j:slf4j-bom:2.0.12'
+        mavenBom 'org.slf4j:slf4j-bom:2.0.16'
         mavenBom 'io.micrometer:micrometer-bom:1.13.4'
-        mavenBom 'org.springframework:spring-framework-bom:6.1.3'
-        mavenBom 'org.springframework.boot:spring-boot-dependencies:3.2.6'
-        mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.1.0'
+        mavenBom 'org.springframework:spring-framework-bom:6.1.13'
+        mavenBom 'org.springframework.boot:spring-boot-dependencies:3.3.3'
+        mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.2.0'
         mavenBom 'io.opentelemetry:opentelemetry-bom:1.42.1'
         mavenBom 'org.jetbrains.kotlin:kotlin-bom:1.9.25'
         mavenBom 'org.junit:junit-bom:5.11.0'
         mavenBom 'com.fasterxml.jackson:jackson-bom:2.17.2'
         mavenBom 'io.cucumber:cucumber-bom:7.18.1'
         mavenBom 'io.netty:netty-bom:4.1.113.Final'
         mavenBom 'org.mockito:mockito-bom:5.13.0'
-        mavenBom 'software.amazon.awssdk:bom:2.27.23'
+        mavenBom 'software.amazon.awssdk:bom:2.28.2'
         mavenBom 'io.github.resilience4j:resilience4j-bom:2.2.0'
     }
 
@@ -44,11 +44,11 @@ dependencyManagement {
         // We do not use :+ to get the latest available version available on Maven Central, as that could suddenly break things.
         // We use the Renovate Bot to automatically propose Pull Requests (PRs) when upgrades for all of these versions are available.
 
-        dependency 'ch.qos.logback:logback-core:1.5.3'
-        dependency 'ch.qos.logback:logback-classic:1.5.3'
+        dependency 'ch.qos.logback:logback-core:1.5.8'
+        dependency 'ch.qos.logback:logback-classic:1.5.8'
         dependency 'ch.qos.logback.contrib:logback-json-classic:0.1.5'
         dependency 'ch.qos.logback.contrib:logback-jackson:0.1.5'
-        dependency 'org.codehaus.janino:janino:3.1.11'
+        dependency 'org.codehaus.janino:janino:3.1.12'
 
 
         dependency 'org.eclipse.persistence:org.eclipse.persistence.jpa:4.0.2'
@@ -117,10 +117,10 @@ dependencyManagement {
         dependency 'jakarta.management.j2ee:jakarta.management.j2ee-api:1.1.4'
         dependency 'jakarta.jms:jakarta.jms-api:3.1.0'
         dependency 'jakarta.ws.rs:jakarta.ws.rs-api:3.1.0'
-        dependency 'org.glassfish.jersey.media:jersey-media-multipart:3.1.5'
+        dependency 'org.glassfish.jersey.media:jersey-media-multipart:3.1.8'
         dependency 'org.glassfish.jaxb:jaxb-runtime:2.3.6' // Swagger needs exactly this version
         dependency 'org.apache.bval:org.apache.bval.bundle:3.0.1'
-        dependency 'joda-time:joda-time:2.12.7'
+        dependency 'joda-time:joda-time:2.13.0'
 
         dependency 'io.github.classgraph:classgraph:4.8.175'
         dependency 'org.awaitility:awaitility:4.2.2'
@@ -222,11 +222,11 @@ dependencyManagement {
             entry 'json-path'
             entry 'xml-path'
         }
-        dependency 'org.apache.groovy:groovy-xml:4.0.22'
-        dependency 'org.apache.groovy:groovy-json:4.0.22'
+        dependency 'org.apache.groovy:groovy-xml:4.0.23'
+        dependency 'org.apache.groovy:groovy-json:4.0.23'
 
-        dependency 'org.mapstruct:mapstruct:1.6.0'
-        dependency 'org.mapstruct:mapstruct-processor:1.6.0'
+        dependency 'org.mapstruct:mapstruct:1.6.2'
+        dependency 'org.mapstruct:mapstruct-processor:1.6.2'
 
         dependency "org.apache.avro:avro:1.12.0"
 

fineract-provider/dependencies.gradle

@@ -136,7 +136,7 @@ dependencies {
     implementation ('jakarta.xml.bind:jakarta.xml.bind-api') {
         exclude group: 'jakarta.activation'
     }
-    implementation ('org.apache.activemq:activemq-client-jakarta') {
+    implementation ('org.apache.activemq:activemq-client') {
         exclude group: 'org.apache.geronimo.specs'
         exclude group: 'javax.annotation', module: 'javax.annotation-api'
     }

fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/http/BodyCachingHttpServletRequestWrapper.java

@@ -35,16 +35,18 @@
 public class BodyCachingHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
     private final byte[] cachedBody;
+    private ByteArrayInputStream inputStream;
 
     @SuppressFBWarnings(value = "CT_CONSTRUCTOR_THROW")
     public BodyCachingHttpServletRequestWrapper(HttpServletRequest request) throws IOException {
         super(request);
         this.cachedBody = IOUtils.toByteArray(request.getInputStream());
+        this.inputStream = new ByteArrayInputStream(cachedBody);
     }
 
     @Override
     public ServletInputStream getInputStream() throws IOException {
-        return new CachedBodyServletInputStream(cachedBody);
+        return new CachedBodyServletInputStream(inputStream);
     }
 
     @Override
@@ -53,12 +55,16 @@ public BufferedReader getReader() throws IOException {
         return new BufferedReader(new InputStreamReader(byteArrayInputStream, UTF_8));
     }
 
+    public void resetStream() {
+        inputStream = new ByteArrayInputStream(cachedBody);
+    }
+
     public static class CachedBodyServletInputStream extends ServletInputStream {
 
         private final InputStream inputStream;
 
-        public CachedBodyServletInputStream(byte[] cachedBody) {
-            this.inputStream = new ByteArrayInputStream(cachedBody);
+        public CachedBodyServletInputStream(ByteArrayInputStream inputStream) {
+            this.inputStream = inputStream;
         }
 
         @Override

fineract-provider/src/main/java/org/apache/fineract/infrastructure/jobs/filter/LoanCOBApiFilter.java

@@ -65,7 +65,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             throws ServletException, IOException {
         request = new BodyCachingHttpServletRequestWrapper(request);
 
-        if (!helper.isOnApiList(request)) {
+        if (!helper.isOnApiList((BodyCachingHttpServletRequestWrapper) request)) {
             proceed(filterChain, request, response);
         } else {
             try {
@@ -74,7 +74,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                     proceed(filterChain, request, response);
                 } else {
                     try {
-                        List<Long> loanIds = helper.calculateRelevantLoanIds(request);
+                        List<Long> loanIds = helper.calculateRelevantLoanIds((BodyCachingHttpServletRequestWrapper) request);
                         if (!loanIds.isEmpty() && helper.isLoanBehind(loanIds)) {
                             helper.executeInlineCob(loanIds);
                         }

fineract-provider/src/main/java/org/apache/fineract/infrastructure/jobs/filter/LoanCOBFilterHelper.java

@@ -26,7 +26,6 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.collect.Lists;
-import jakarta.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.math.BigDecimal;
 import java.util.ArrayList;
@@ -47,6 +46,7 @@
 import org.apache.fineract.infrastructure.businessdate.domain.BusinessDateType;
 import org.apache.fineract.infrastructure.core.config.FineractProperties;
 import org.apache.fineract.infrastructure.core.domain.ExternalId;
+import org.apache.fineract.infrastructure.core.http.BodyCachingHttpServletRequestWrapper;
 import org.apache.fineract.infrastructure.core.service.ThreadLocalContextUtil;
 import org.apache.fineract.infrastructure.jobs.exception.LoanIdsHardLockedException;
 import org.apache.fineract.infrastructure.security.service.PlatformSecurityContext;
@@ -113,7 +113,7 @@ private boolean isRescheduleLoans(String pathInfo) {
         return LOAN_PATH_PATTERN.matcher(pathInfo).matches() && pathInfo.contains("/v1/rescheduleloans/");
     }
 
-    public boolean isOnApiList(HttpServletRequest request) throws IOException {
+    public boolean isOnApiList(BodyCachingHttpServletRequestWrapper request) throws IOException {
         String pathInfo = request.getPathInfo();
         String method = request.getMethod();
         if (StringUtils.isBlank(pathInfo)) {
@@ -126,7 +126,7 @@ public boolean isOnApiList(HttpServletRequest request) throws IOException {
         }
     }
 
-    private boolean isBatchApiMatching(HttpServletRequest request) throws IOException {
+    private boolean isBatchApiMatching(BodyCachingHttpServletRequestWrapper request) throws IOException {
         for (BatchRequest batchRequest : getBatchRequests(request)) {
             String method = batchRequest.getMethod();
             String pathInfo = batchRequest.getRelativeUrl();
@@ -137,8 +137,10 @@ private boolean isBatchApiMatching(HttpServletRequest request) throws IOExceptio
         return false;
     }
 
-    private List<BatchRequest> getBatchRequests(HttpServletRequest request) throws IOException {
+    private List<BatchRequest> getBatchRequests(BodyCachingHttpServletRequestWrapper request) throws IOException {
         List<BatchRequest> batchRequests = objectMapper.readValue(request.getInputStream(), new TypeReference<>() {});
+        // since we read body, we have to reset so the upcoming readings are successful
+        request.resetStream();
         for (BatchRequest batchRequest : batchRequests) {
             String pathInfo = "/" + batchRequest.getRelativeUrl();
             if (!isRelativeUrlVersioned(batchRequest.getRelativeUrl())) {
@@ -192,7 +194,7 @@ public boolean isLoanBehind(List<Long> loanIds) {
         return CollectionUtils.isNotEmpty(loanIdAndLastClosedBusinessDates);
     }
 
-    public List<Long> calculateRelevantLoanIds(HttpServletRequest request) throws IOException {
+    public List<Long> calculateRelevantLoanIds(BodyCachingHttpServletRequestWrapper request) throws IOException {
         String pathInfo = request.getPathInfo();
         if (isBatchApi(pathInfo)) {
             return getLoanIdsFromBatchApi(request);
@@ -201,7 +203,7 @@ public List<Long> calculateRelevantLoanIds(HttpServletRequest request) throws IO
         }
     }
 
-    private List<Long> getLoanIdsFromBatchApi(HttpServletRequest request) throws IOException {
+    private List<Long> getLoanIdsFromBatchApi(BodyCachingHttpServletRequestWrapper request) throws IOException {
         List<Long> loanIds = new ArrayList<>();
         for (BatchRequest batchRequest : getBatchRequests(request)) {
             // check the URL for Loan related ID