Upgrade Spring Boot from 3.3.3 to 3.5.3

[devin-ai-integration]

Summary

This PR upgrades Spring Boot incrementally from 3.3.3 to 3.5.3 (via 3.4.7), following the Spring Boot upgrade playbook. The upgrade includes dependency updates and fixes for deprecated APIs.

Changes:

• Spring Boot: 3.3.3 → 3.5.3
• MySQL Connector: mysql:mysql-connector-java:8.0.33 → com.mysql:mysql-connector-j:9.3.0 (pinned to fix Snyk security vulnerability)
• Maven Compiler Plugin: 3.8.0 → 3.13.0, fixed to use ${java.version} instead of hardcoded 1.8
• Hibernate dialect: MySQL8Dialect → MySQLDialect (deprecated in Hibernate 6.x)
• Spring Security: Replaced deprecated AntPathRequestMatcher with logoutUrl()

Updates since last revision

• Pinned MySQL Connector to version 9.3.0 to address Snyk security vulnerability (SNYK-JAVA-COMMYSQL-9725315 - Incorrect Default Permissions in 9.2.0)

Review & Testing Checklist for Human

• Test logout functionality - The security config changed from logoutRequestMatcher(new AntPathRequestMatcher("/logout")) to logoutUrl("/logout"). This may affect HTTP method handling - verify logout works correctly with both GET and POST requests.
• Verify application startup - Start the application with a MySQL database and confirm it connects and initializes correctly with the new Hibernate dialect.
• Test authentication flows - Verify login, session management, and protected routes work as expected.
• Check database operations - Confirm CRUD operations work correctly with the updated MySQL connector (major version jump from 8.x to 9.x).

Recommended test plan: Deploy to a test environment with MySQL, perform a full login/logout cycle, and verify core banking operations (account creation, transactions) work correctly.

Notes

• The existing test (BankappApplicationTests) requires a MySQL database connection and could not be run locally. Build compilation was verified to pass without errors or deprecation warnings.
• Snyk checks are failing due to vulnerabilities in transitive dependencies (Tomcat, Spring Core, Logback) that require Spring Boot versions not yet released (3.5.6+). These checks are marked as non-required. License issues flagged are standard open-source licenses (LGPL, GPL) inherent to Hibernate and MySQL Connector.

Link to Devin run: https://app.devin.ai/sessions/730eb71485c3455f990b5f7b1dd50c64
Requested by: Samir Chaudhry (@schaudhry123)

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring