Monthly maintenance 2026-02-14

Note: This was an AI-assisted maintenance that has been reviewed

Author: fwaibel

.github/workflows/gradle-nightly-build-actions.yml

@@ -21,11 +21,12 @@ jobs:
           distribution: temurin
           java-version: 21
 
-      # https://github.com/gradle/gradle-build-action
+      # https://github.com/gradle/actions
+      - name: 🔧 Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
       - name: ⚙️ Build with Gradle
-        uses: gradle/gradle-build-action@v3
-        with:
-          arguments: build
+        run: ./gradlew build
 
       # https://github.com/actions/upload-artifact
       - name: 📦 Upload artifact

.github/workflows/gradle-on-push-build-actions.yml

@@ -25,22 +25,12 @@ jobs:
           distribution: temurin
           java-version: 21
 
-      # https://github.com/actions/cache
-      - name: Cache Gradle packages
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
-
-      # https://github.com/gradle/gradle-build-action
+      # https://github.com/gradle/actions
+      - name: 🔧 Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
       - name: ⚙️ Build with Gradle
-        uses: gradle/gradle-build-action@v3
-        with:
-          arguments: build
+        run: ./gradlew build
 
       # https://github.com/actions/upload-artifact
       - uses: actions/upload-artifact@v4

README.md

@@ -4,7 +4,7 @@
 
 > Update: The project has been migrated to Spring Boot 3.5.x, Java 21, and Angular 20.
 
-> Note: Parts of this project were developed with the assistance of AI tools.
+> Note: Parts of this project were developed and maintained with the assistance of AI tools.
 > All generated code has been reviewed and curated by the maintainer.
 
 ## Technology Stack

build.gradle

@@ -6,10 +6,10 @@ plugins {
     id "com.github.node-gradle.node" version "7.1.0"
 
     // https://plugins.gradle.org/plugin/com.google.cloud.tools.jib
-    id "com.google.cloud.tools.jib" version "3.5.2"
+    id "com.google.cloud.tools.jib" version "3.5.3"
 
     // https://plugins.gradle.org/plugin/org.owasp.dependencycheck
-    id "org.owasp.dependencycheck" version "12.1.1"
+    id "org.owasp.dependencycheck" version "12.2.0"
 }
 
 apply plugin: 'java'
@@ -114,6 +114,7 @@ jib {
 }
 
 dependencyCheck {
+    suppressionFile = 'owasp-suppressions.xml'
     // npm audit already covers JavaScript — scan Java dependencies only
     analyzers {
         nodeAudit { enabled = false }

gradle/wrapper/gradle-wrapper.jar

@@ -1,6 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.14-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.4-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <!--
+    CVE-2025-68161 affects the Socket Appender in log4j-core.
+    This project only uses log4j-api (via log4j-to-slf4j from Spring Boot).
+    The Socket Appender is not in the dependency tree — false positive.
+    -->
+    <suppress>
+        <notes>False positive: CVE affects log4j-core Socket Appender, not log4j-api</notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j\-api@.*$</packageUrl>
+        <cve>CVE-2025-68161</cve>
+    </suppress>
+</suppressions>