Ensono · RichardSlater · Jan 26, 2026 · Feb 16, 2026 · Feb 23, 2026 · Mar 1, 2026
diff --git a/api-tests/pom.xml b/api-tests/pom.xml
@@ -13,12 +13,13 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <serenity.version>4.3.4</serenity.version>
     <serenity.maven.version>4.3.4</serenity.maven.version>
-    <cucumber.version>7.33.0</cucumber.version>
-    <logback.version>1.5.18</logback.version>
+    <cucumber.version>7.34.2</cucumber.version>
+    <logback.version>1.5.32</logback.version>
     <encoding>UTF-8</encoding>
     <parallel.tests>4</parallel.tests>
     <webdriver.base.url/>
-    <jackson.version>2.19.2</jackson.version>
+    <jackson.version>2.21.1</jackson.version>
+    <jackson.annotations.version>2.21</jackson.annotations.version>
-    <jackson.annotations.version>2.21</jackson.annotations.version>
+    <jackson.annotations.version>${jackson.version}</jackson.annotations.version>
-    <jackson.annotations.version>2.21</jackson.annotations.version>
+    <jackson.annotations.version>${jackson.version}</jackson.annotations.version>
     <java.version>17</java.version>
     <cucumber.filter.tags>(@Functional or @Smoke or @Performance) and not @Ignore</cucumber.filter.tags>
 
@@ -29,41 +30,41 @@
     <pact.jvm.consumer.junit.version>4.0.10</pact.jvm.consumer.junit.version>
     <pact.jvm.consumer.version>4.0.10</pact.jvm.consumer.version>
     <pact.jvm.provider.junit.version>4.0.10</pact.jvm.provider.junit.version>
-    <spotbugs.version>4.9.4</spotbugs.version>
+    <spotbugs.version>4.9.8</spotbugs.version>
     <puppycrawl-tools-checkstyle.version>11.0.0</puppycrawl-tools-checkstyle.version>
     <junit-jupiter.version>5.13.4</junit-jupiter.version>
-    <assertj.core.version>3.27.4</assertj.core.version>
+    <assertj.core.version>3.27.7</assertj.core.version>
     <hamcrest.version>3.0</hamcrest.version>
-    <byte.buddy.version>1.17.6</byte.buddy.version>
+    <byte.buddy.version>1.18.5</byte.buddy.version>
     <springfox.swagger2.version>3.0.0</springfox.swagger2.version>
     <springfox.swagger-ui.version>3.0.0</springfox.swagger-ui.version>
-    <guava.version>33.4.8-jre</guava.version>
+    <guava.version>33.5.0-jre</guava.version>
     <json.version>20250517</json.version>
-    <netty.codec.http.version>4.2.8.Final</netty.codec.http.version>
-    <netty.codec.http2.version>4.2.3.Final</netty.codec.http2.version>
-    <netty.transport.native.epoll.version>4.2.3.Final</netty.transport.native.epoll.version>
-    <httpclient5.version>5.5</httpclient5.version>
+    <netty.codec.http.version>4.2.10.Final</netty.codec.http.version>
+    <netty.codec.http2.version>4.2.10.Final</netty.codec.http2.version>
+    <netty.transport.native.epoll.version>4.2.10.Final</netty.transport.native.epoll.version>
+    <httpclient5.version>5.6</httpclient5.version>
     <xerces.version>2.12.2</xerces.version>
-    <commons.codec.version>1.19.0</commons.codec.version>
+    <commons.codec.version>1.21.0</commons.codec.version>
     <spring.web.version>6.2.9</spring.web.version>
     <freemarker.version>2.3.34</freemarker.version>
-    <gson.version>2.13.1</gson.version>
+    <gson.version>2.13.2</gson.version>
     <rest-assured.version>5.5.5</rest-assured.version>
     <net.thucydides.core.version>0.9.275</net.thucydides.core.version>
-    <org.projectlombok.version>1.18.38</org.projectlombok.version>
+    <org.projectlombok.version>1.18.42</org.projectlombok.version>
 
     <!-- Maven plugins -->
-    <spotbugs-maven-plugin.version>4.9.3.2</spotbugs-maven-plugin.version>
-    <owasp-dependency-check-plugin.version>12.1.9</owasp-dependency-check-plugin.version>
+    <spotbugs-maven-plugin.version>4.9.8.2</spotbugs-maven-plugin.version>
+    <owasp-dependency-check-plugin.version>12.2.0</owasp-dependency-check-plugin.version>
     <fmt-maven-plugin.version>2.13</fmt-maven-plugin.version>
     <maven-checkstyle-plugin.version>3.6.0</maven-checkstyle-plugin.version>
-    <maven-surefire-plugin.version>3.5.3</maven-surefire-plugin.version>
-    <maven-failsafe-plugin.version>3.5.3</maven-failsafe-plugin.version>
-    <maven-compiler-plugin.version>3.14.0</maven-compiler-plugin.version>
-    <pact.provider-plugin.version>4.6.17</pact.provider-plugin.version>
-    <maven-pmd-plugin.version>3.27.0</maven-pmd-plugin.version>
+    <maven-surefire-plugin.version>3.5.5</maven-surefire-plugin.version>
+    <maven-failsafe-plugin.version>3.5.5</maven-failsafe-plugin.version>
+    <maven-compiler-plugin.version>3.15.0</maven-compiler-plugin.version>
+    <pact.provider-plugin.version>4.6.20</pact.provider-plugin.version>
+    <maven-pmd-plugin.version>3.28.0</maven-pmd-plugin.version>
     <findbugs-maven-plugin.version>3.0.5</findbugs-maven-plugin.version>
-    <exec-maven-plugin.version>3.5.1</exec-maven-plugin.version>
+    <exec-maven-plugin.version>3.6.3</exec-maven-plugin.version>
   </properties>
 
   <dependencyManagement>
@@ -259,7 +260,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-annotations</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.annotations.version}</version>
     </dependency>
     <dependency>
       <groupId>io.netty</groupId>

diff --git a/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java b/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java
@@ -1,6 +1,7 @@
 package com.amido.stacks.tests.api;
 
 import static io.cucumber.junit.platform.engine.Constants.FEATURES_PROPERTY_NAME;
+import static io.cucumber.junit.platform.engine.Constants.GLUE_PROPERTY_NAME;
 
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
@@ -18,4 +19,5 @@
 @DisabledIfSystemProperty(named = "untagged.test.check", matches = "true")
 @IncludeEngines("cucumber")
 @ConfigurationParameter(key = FEATURES_PROPERTY_NAME, value = "classpath:cucumber/features")
+@ConfigurationParameter(key = GLUE_PROPERTY_NAME, value = "com.amido.stacks.tests.api.stepdefinitions")
 public class CucumberTestSuite {}
diff --git a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml
@@ -7,6 +7,12 @@
 #############################################################################################################################
 name: $(version_major).$(version_minor).$(version_patch)-$(Build.SourceBranchName)-$(Rev:r)
 
+parameters:
+  - name: runVulnerabilityScan
+    displayName: Run OWASP Dependency Check
+    type: boolean
+    default: false
-    default: false
+    default: true
-    default: false
+    default: true
-    default: false
+    default: true
-    default: false
+    default: true
+
 pr:
   - master
 
@@ -138,7 +144,7 @@ variables:
 
   # Vulnerability Scan
   - name: vulnerability_scan
-    value: true
+    value: ${{ parameters.runVulnerabilityScan }}
   - name: vulnerability_scan_report
     value: "target/dependency-check-report.html"
   - name: oss_index_username

diff --git a/build/azDevOps/azure/coverage/package-lock.json b/build/azDevOps/azure/coverage/package-lock.json
diff --git a/docs/spring-boot-3.5-migration.md b/docs/spring-boot-3.5-migration.md
@@ -11,7 +11,7 @@ The `stacks-modules-parent:3.0.98` brings in Spring Boot 3.5.7, which introduces
 **Problem:**  
 The current Spring Cloud version (`2022.0.4`) is incompatible with Spring Boot 3.5.7.
 
-```
+```text
 Spring Boot [3.5.7] is not compatible with this Spring Cloud release train.
 Change Spring Boot version to one of the following versions [3.0.x, 3.1.x].
 ```
@@ -24,7 +24,7 @@ Update `spring.cloud.dependencies.version` to a version compatible with Spring B
 | 3.0.x, 3.1.x        | 2022.0.x (Kilburn)              |
 | 3.2.x               | 2023.0.x (Leyton)               |
 | 3.3.x, 3.4.x        | 2024.0.x                        |
-| 3.5.x               | 2025.0.x                        |
+| 3.5.x               | 2024.0.x in this repository     |
 
 **Workaround (current):**  
 Projects can disable the compatibility verifier in `application-test.yml`:
@@ -36,7 +36,7 @@ spring:
       enabled: false
 ```
 
-**Action Required:** Update parent POM to use Spring Cloud 2024.0.x or later (once 2025.0.x is available for Spring Boot 3.5.x support).
+**Action Required:** Keep this repository on Spring Cloud 2024.0.x while it remains on the current parent POM and Spring Boot 3.5.x line. This repository now uses Spring Cloud 2024.0.3 because Spring Cloud 2025.1.1 pulled in `spring-cloud-config-client 5.0.1`, which is not compatible with the Spring Framework 6.2.x line provided by the current parent.
 
 ---
 
@@ -45,7 +45,7 @@ spring:
 **Problem:**  
 Spring Boot 3.5.x has stricter validation for Spring Security filter chains. Multiple `SecurityFilterChain` beans matching "any request" now throw an error:
 
-```
+```text
 UnreachableFilterChainException: A filter chain that matches any request
 [...ApplicationConfig...] has already been configured, which means that this
 filter chain [...ApplicationNoSecurity...] will never get invoked.
@@ -81,7 +81,7 @@ public class ApplicationNoSecurity {
 **Problem:**  
 Spring Boot 3.5.x has stricter bean resolution when multiple beans of the same type exist through inheritance:
 
-```
+```text
 NoUniqueBeanDefinitionException: expected single matching bean but found 2:
 menuService, menuServiceV2
 ```
@@ -111,7 +111,7 @@ public class MenuServiceV2 extends MenuService {
 **Problem:**  
 Property placeholders like `@aws.profile.name@` in `application.yml` are not being replaced because Maven resource filtering is not enabled by default.
 
-```
+```text
 Profile '@aws.profile.name@' must start and end with a letter or digit
 ```
 
@@ -149,9 +149,9 @@ Enable resource filtering in `pom.xml`:
 
 ### Recommended (Should Add)
 
-2. **Add default resource filtering configuration** so child projects don't need to configure it manually
+1. **Add default resource filtering configuration** so child projects don't need to configure it manually
 
-3. **Update documentation** to note the following breaking changes for downstream projects:
+2. **Update documentation** to note the following breaking changes for downstream projects:
    - Security filter chain mutual exclusivity requirements
    - Bean resolution changes for inheritance hierarchies
    - Profile annotation requirements for conditional configurations
@@ -160,12 +160,10 @@ Enable resource filtering in `pom.xml`:
 
 Until the parent POM is updated, the following workarounds have been applied:
 
-| Issue                          | Workaround                      | File                                      |
-|--------------------------------|---------------------------------|-------------------------------------------|
-| Spring Cloud incompatibility   | Disabled compatibility verifier | `src/test/resources/application-test.yml` |
-| Security filter chain conflict | Added `@Profile("!test")`       | `ApplicationConfig.java`                  |
-| Bean resolution conflict       | Added `@Primary`                | `MenuService.java`                        |
-| Resource filtering             | Added filtering config          | `pom.xml`                                 |
+- Spring Cloud incompatibility: pin the BOM to `2024.0.3` and avoid Spring bootstrapping in mapper unit tests. Files: `java/pom.xml`, `java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java`
+- Security filter chain conflict: added `@Profile("!test")`. File: `ApplicationConfig.java`
+- Bean resolution conflict: added `@Primary`. File: `MenuService.java`
+- Resource filtering: added filtering config. File: `pom.xml`
 
 ## Testing Verification
 

diff --git a/java/pom.xml b/java/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.ensono.stacks.modules</groupId>
     <artifactId>stacks-modules-parent</artifactId>
-    <version>3.0.111</version>
+    <version>3.0.139</version>
   </parent>
 
   <groupId>com.amido.stacks.workloads</groupId>
@@ -28,15 +28,15 @@
     <applicationinsights.version>2.6.4</applicationinsights.version>
     <azure.springboot.version>4.0.0</azure.springboot.version>
     <au.com.dius.pact-jvm-provider-spring.version>4.0.10</au.com.dius.pact-jvm-provider-spring.version>
-    <au.com.dius.pact.consumer-version>4.6.17</au.com.dius.pact.consumer-version>
-    <au.com.dius.pact.provider.maven-version>4.6.17</au.com.dius.pact.provider.maven-version>
-    <aws-java-sdk-s3.version>1.12.788</aws-java-sdk-s3.version>
+    <au.com.dius.pact.consumer-version>4.6.19</au.com.dius.pact.consumer-version>
+    <au.com.dius.pact.provider.maven-version>4.6.19</au.com.dius.pact.provider.maven-version>
+    <aws-java-sdk-s3.version>1.12.797</aws-java-sdk-s3.version>
     <aspectjweaver.version>1.9.9.1</aspectjweaver.version>
-    <exec-maven-plugin.version>3.5.1</exec-maven-plugin.version>
-    <spring.cloud.dependencies.version>2025.0.0</spring.cloud.dependencies.version>
+    <exec-maven-plugin.version>3.6.3</exec-maven-plugin.version>
+    <spring.cloud.dependencies.version>2024.0.3</spring.cloud.dependencies.version>
     <pact.version>3.5.24</pact.version>
     <spring.data.commons>3.5.2</spring.data.commons>
-    <owasp-dependency-check-plugin.version>12.1.9</owasp-dependency-check-plugin.version>
+    <owasp-dependency-check-plugin.version>12.2.0</owasp-dependency-check-plugin.version>
     <junit-jupiter.version>5.13.4</junit-jupiter.version>
     <junit-platform.version>1.13.4</junit-platform.version>
 
@@ -398,7 +398,7 @@
           <dependency>
             <groupId>org.pitest</groupId>
             <artifactId>pitest-junit5-plugin</artifactId>
-            <version>1.2.1</version>
+            <version>1.2.3</version>
           </dependency>
           <dependency>
             <groupId>org.junit.platform</groupId>

diff --git a/java/src/test/java/com/amido/stacks/workloads/actuator/ActuatorTest.java b/java/src/test/java/com/amido/stacks/workloads/actuator/ActuatorTest.java
@@ -12,12 +12,14 @@
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.TestPropertySource;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 @TestPropertySource(properties = {"management.port=0"})
 @EnableAutoConfiguration
 @Tag("Component")
+@ActiveProfiles("test")
 class ActuatorTest {
 
   @Value("${local.management.port}")

diff --git a/...src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java b/...src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java
@@ -15,30 +15,32 @@
 import java.util.UUID;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.util.ReflectionTestUtils;
 
 @Tag("Unit")
-@SpringBootTest(
-    classes = {
-      MenuMapper.class,
-      MenuMapperImpl.class,
-      CategoryMapper.class,
-      CategoryMapperImpl.class,
-      ItemMapper.class,
-      ItemMapperImpl.class,
-      SearchMenuResultItemMapper.class,
-      SearchMenuResultItemMapperImpl.class
-    })
 class DomainToDtoMapperMapstructTest {
 
-  @Autowired private MenuMapper menuMapper;
+  private final MenuMapper menuMapper;
 
-  @Autowired private CategoryMapper categoryMapper;
+  private final CategoryMapper categoryMapper;
 
-  @Autowired private ItemMapper itemMapper;
+  private final ItemMapper itemMapper;
 
-  @Autowired private SearchMenuResultItemMapper searchMenuResultItemMapper;
+  private final SearchMenuResultItemMapper searchMenuResultItemMapper;
+
+  DomainToDtoMapperMapstructTest() {
+    itemMapper = new ItemMapperImpl();
+
+    CategoryMapperImpl categoryMapperImpl = new CategoryMapperImpl();
+    ReflectionTestUtils.setField(categoryMapperImpl, "itemMapper", itemMapper);
+    categoryMapper = categoryMapperImpl;
+
+    MenuMapperImpl menuMapperImpl = new MenuMapperImpl();
+    ReflectionTestUtils.setField(menuMapperImpl, "categoryMapper", categoryMapper);
+    menuMapper = menuMapperImpl;
+
+    searchMenuResultItemMapper = new SearchMenuResultItemMapperImpl();
+  }
 
   @Test
   void menuToMenuDto() {

diff --git a/java/src/test/resources/application-test.yml b/java/src/test/resources/application-test.yml
@@ -0,0 +1,6 @@
+spring:
+  cloud:
+    compatibility-verifier:
+      enabled: false
+    config:
+      enabled: false