Update major test dependencies

[devondragon]

Summary

• Update hibernate-validator: 8.0.2.Final → 9.1.0.Final
• Update testcontainers: 1.21.3 → 2.0.2 (artifact mariadb renamed to testcontainers-mariadb)
• Update rest-assured: 5.5.6 → 6.0.0

Deferred

Milestone versions skipped for now:

• jakarta.validation-api 4.0.0-M1
• assertj-core 4.0.0-M1

Test plan

• All existing tests pass with updated dependencies

Closes #235

🤖 Generated with Claude Code

[Copilot]

Copilot wasn't able to review any files in this pull request.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[claude]

Code Review - PR #238: Update major test dependencies

Overview

This PR updates three major test dependencies to their latest versions. The changes are minimal, focused, and well-documented.

✅ Positive Aspects

1. Code Quality

• Clean, focused changes affecting only test dependencies
• Proper artifact name update for testcontainers (mariadb → testcontainers-mariadb)
• Follows semantic versioning for major updates
• Good separation of concerns by deferring milestone versions

2. Documentation

• Excellent PR description with clear summary of changes
• Well-documented rationale for deferring milestone versions
• Links to closing issue Update major dependencies (rest-assured 6.0, hibernate-validator 9.1, testcontainers 2.0) #235 with detailed tracking table

3. Testing

• PR states all tests pass with updated dependencies
• Includes updates to multiple testing frameworks ensuring comprehensive coverage
• Dependencies are test-scoped only, minimizing production impact

🔍 Review Findings

Compatibility Analysis

1. hibernate-validator: 8.0.2.Final → 9.1.0.Final

   • ✅ Used in PasswordMatchesValidatorTest.java and related validation code
   • ✅ Tests are straightforward and use standard Jakarta validation APIs
   • ⚠️ Major version jump - verify no breaking API changes affect your custom validators
   • 💡 Recommendation: Ensure ConstraintValidator implementation remains compatible

2. testcontainers: 1.21.3 → 2.0.2

   • ✅ Artifact rename properly handled (mariadb → testcontainers-mariadb)
   • ⚠️ No current usage found in codebase via grep search
   • 💡 These appear to be forward-looking dependencies for future integration tests
   • 💡 Consider adding integration tests using Testcontainers to justify the dependency

3. rest-assured: 5.5.6 → 6.0.0

   • ⚠️ No current usage found in codebase via grep search
   • 💡 Another forward-looking dependency for future API testing
   • 💡 Consider adding REST API integration tests to justify the dependency

Dependency Hygiene

• ✅ Only test-scoped dependencies affected - no production impact
• ✅ Coordinates with jakarta.validation-api:3.1.1 (compile-scoped)
• ✅ No transitive dependency conflicts expected

💡 Suggestions

1. Unused Dependencies (Minor)
Both testcontainers and rest-assured don't appear to be actively used in the current test suite. Consider:

• Adding integration tests that utilize these frameworks
• OR documenting that these are preparatory dependencies for planned test improvements
• OR removing them until actually needed (YAGNI principle)

2. Test Verification
Since this is a major version update affecting testing infrastructure:

• ✅ Run ./gradlew testAll to verify compatibility with JDK 17 and 21
• ✅ Verify parallel test execution still works correctly
• ✅ Check for any deprecation warnings in test output

3. Release Notes
Consider mentioning this update in your release notes/changelog as it affects:

• Developers running tests locally
• CI/CD pipelines
• Future test development

🔒 Security

• ✅ No security concerns identified
• ✅ Test-scoped dependencies have minimal security impact
• ✅ Moving to latest versions improves security posture

🎯 Recommendation

APPROVE with minor suggestions

The PR is well-executed with proper artifact renaming and clear documentation. The test-only scope minimizes risk. Main suggestion is to either utilize or document the purpose of testcontainers and rest-assured dependencies.

---

Review generated via Claude Code following CLAUDE.md guidelines