chore(deps): update Spring Boot version to 4.0.6 and adjust testing behavior for new version

[balazs-szucs]

Description

Linked Issue: Fixes #

Changes

Summary by CodeRabbit

• Chores

  • Upgraded Spring Boot Gradle plugin to version 4.0.6.

• Tests

  • Adjusted file download tests to accept a simplified UTF‑8 filename header format while retaining encoded filename support, improving robustness of download header validation.

[coderabbitai]

📝 Walkthrough

Walkthrough

Upgrades Spring Boot Gradle plugin from 4.0.5 to 4.0.6 and updates a test to accept a changed Content-Disposition header format for UTF-8 downloads (asserting presence and structure rather than an exact encoded-word filename).

Changes

Cohort / File(s)	Summary
Build Configuration backend/build.gradle.kts	Bumped Spring Boot Gradle plugin version from 4.0.5 to 4.0.6.
Test Assertions backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java	Adjusted UTF-8 download test to expect a different Content-Disposition header format (now checks for quoted filename plus filename* parameter / structure rather than a specific RFC2047-encoded filename).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• refactor(api): use spring content disposition helper for BookDownloadService #449: Changed Content-Disposition generation in BookDownloadService to use Spring's ContentDisposition, which aligns with the updated test expectations here.

Suggested reviewers

• zachyale
• imajes

Poem

🐰 A little bump, a header’s new face,
Tests learn to match structure with grace.
Spring hops forward, version refined,
Filenames settle, nicely defined. 📚

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
Description check	❌ Error	The description uses the required template structure with Description and Changes sections, but both sections are empty with only placeholder comments and incomplete fields.	Fill in the Description section explaining what the PR does, add a commit message or detailed summary under Changes, and include the issue number if this fixes a specific issue.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The PR title follows conventional commit format with 'chore(deps):' prefix and describes the main changes (Spring Boot version update and testing adjustments).

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

✨ Simplify code

• Create PR with simplified code

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java (1)

74-89: Document why the UTF-8 assertion was relaxed.

The PR title says this "fixes Content-Disposition header validation", but the test is only being loosened — not the production code. Based on the Spring Boot 4.0.6 bump in the companion diff, the most likely cause is a change in how Spring Framework 7.x (pulled in by Spring Boot 4.0.6) serializes the Content-Disposition header for UTF-8 filenames (e.g., whitespace/order of parameters, or a change to the quoted filename= fallback encoding).

Please add a brief comment above this test (or in the PR description) noting which Spring change motivated switching from an exact string match to pattern checks. It makes future maintenance much easier if someone wonders why the ASCII variant above still uses assertEquals while this one doesn't.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java`
around lines 74 - 89, Add a short comment above the test
downloadBook_includesContentDispositionUTF8 in BookDownloadServiceTest
explaining that the UTF-8 assertion was relaxed due to header serialization
changes introduced by Spring Framework 7.x (brought in by the Spring Boot 4.0.6
bump), which can change parameter ordering/quoting for Content-Disposition; note
that this is why the test uses pattern checks (contains/startsWith) rather than
the exact filename equality used in the ASCII test and reference
bookDownloadService.downloadBook as the behavior under test so future
maintainers understand the rationale for the looser assertion.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java`:
- Around line 86-88: The test in BookDownloadServiceTest currently only asserts
the RFC 5987 filename* parameter; update the assertions to also verify the
legacy quoted filename fallback is present (the expected output from
ContentDisposition.builder(...).filename(name, StandardCharsets.UTF_8).build()).
Specifically, in the test method where variables/assertions use actual, add an
assertion that actual contains a quoted filename parameter like filename="
(e.g., assertTrue(actual.contains("filename=\"") or a regex matching the RFC
2047-quoted fallback) to ensure both the legacy filename= and the
filename*=UTF-8'' parameters are emitted.

---

Nitpick comments:
In
`@backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java`:
- Around line 74-89: Add a short comment above the test
downloadBook_includesContentDispositionUTF8 in BookDownloadServiceTest
explaining that the UTF-8 assertion was relaxed due to header serialization
changes introduced by Spring Framework 7.x (brought in by the Spring Boot 4.0.6
bump), which can change parameter ordering/quoting for Content-Disposition; note
that this is why the test uses pattern checks (contains/startsWith) rather than
the exact filename equality used in the ASCII test and reference
bookDownloadService.downloadBook as the behavior under test so future
maintainers understand the rationale for the looser assertion.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: b25da96d-5221-4858-acc6-e25a1fc3fb5b

📥 Commits

Reviewing files that changed from the base of the PR and between cb12ff1 and 4a18e6d.

📒 Files selected for processing (2)

• backend/build.gradle.kts
• backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Test Suite / Frontend Tests
• GitHub Check: Test Suite / Backend Tests
• GitHub Check: Analyze (java-kotlin)

🧰 Additional context used

📓 Path-based instructions (2)

backend/src/**/*.java

📄 CodeRabbit inference engine (AGENTS.md)

backend/src/**/*.java: Use 4-space indentation and match surrounding Java style in backend code
Prefer constructor injection via Lombok patterns already used in the codebase. Do not introduce @Autowired field injection in backend code
Use MapStruct for entity/DTO mapping in backend code
Keep JPA entities on the *Entity suffix in backend code

Files:

• backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java

backend/src/test/**/*.java

📄 CodeRabbit inference engine (AGENTS.md)

Prefer focused unit tests; use @SpringBootTest only when the Spring context is required in backend code

Files:

• backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java

🧠 Learnings (4)

📚 Learning: 2026-03-31T06:22:25.311Z

Learnt from: imnotjames
Repo: grimmory-tools/grimmory PR: 113
File: booklore-api/build.gradle.kts:89-90
Timestamp: 2026-03-31T06:22:25.311Z
Learning: When reviewing build logic or CI checks that call the JitPack build status API, do not treat a response like {"status":"none"} as evidence that a dependency is unavailable or that a build has failed. JitPack typically builds packages on-demand the first time they’re requested (e.g., via Gradle); "none" means the package isn’t pre-built/cached yet. Only raise a build failure concern when the status explicitly indicates an error/failure (e.g., failed/cancelled), or when dependent resolution actually fails.

Applied to files:

• backend/build.gradle.kts

📚 Learning: 2026-04-02T09:12:48.158Z

Learnt from: balazs-szucs
Repo: grimmory-tools/grimmory PR: 334
File: booklore-api/build.gradle.kts:0-0
Timestamp: 2026-04-02T09:12:48.158Z
Learning: In this repo, nightcompress (groupId `com.github.gotson.nightcompress`, artifact `nightcompress`) is the preferred library for archive/unarchive operations (including RAR and other formats). During code review, flag changes to Gradle dependency declarations that remove nightcompress or replace it with an alternative for unarchiving (e.g., junrar, commons-compress, JNI-based libraries, or standard Java `ZipInputStream`/`ZipFile`) unless there’s a justified exception. Exceptions are acceptable only when nightcompress cannot handle a specific archive format; in that case, require the PR to clearly document the format limitation, the alternative being used, and get maintainer confirmation of the trade-off.

Applied to files:

• backend/build.gradle.kts

📚 Learning: 2026-04-10T08:15:37.436Z

Learnt from: imnotjames
Repo: grimmory-tools/grimmory PR: 449
File: booklore-api/src/main/java/org/booklore/service/book/BookDownloadService.java:139-145
Timestamp: 2026-04-10T08:15:37.436Z
Learning: When using Spring `ContentDisposition.builder(...).filename(name, StandardCharsets.UTF_8).build()` (i.e., explicitly providing UTF-8), the resulting header value should include both the quoted `filename="=?UTF-8?..."` and the RFC 5987 `filename*=` parameters. In this case, any extra ASCII fallback computation (e.g., deriving an ASCII `fallbackFilename` via `NON_ASCII_PATTERN` and calling `.filename(fallbackFilename)`) is likely redundant—prefer calling only `.filename(fallbackName?, StandardCharsets.UTF_8)` as appropriate and let Spring handle the UTF-8 header parameters. Verify by comparing the emitted header for `filename` and `filename*` before deciding to keep an ASCII fallback.

Applied to files:

• backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java

📚 Learning: 2026-04-14T12:43:08.698Z

Learnt from: balazs-szucs
Repo: grimmory-tools/grimmory PR: 502
File: booklore-api/src/main/java/org/booklore/service/reader/ChapterCacheService.java:0-0
Timestamp: 2026-04-14T12:43:08.698Z
Learning: For this codebase (booklore-api), target Java 25 with `--enable-preview`, so `_` is intentionally used as an unnamed/ignored variable (e.g., lambda parameter or pattern variable) per Java’s preview feature JEP 456. Do not flag `_` in those contexts as an invalid/reserved identifier; only flag it if it’s used in a non-supported position (e.g., where an unnamed variable is not applicable for the Java preview rules).

Applied to files:

• backend/src/test/java/org/booklore/service/book/BookDownloadServiceTest.java

🔇 Additional comments (1)

backend/build.gradle.kts (1)

9-9: Spring Boot 4.0.6 bump — LGTM.

4.0.6 was released on 2026-04-23 with 65 bug fixes plus CVE patches (notably CVE-2026-40970 / CVE-2026-40971 around SSL-bundle TLS hostname verification for Elasticsearch and RabbitMQ auto-configuration). Neither affects this codebase's current usage (no Elasticsearch/RabbitMQ starters in dependencies {}), but picking up the patch release is the right call.

[imnotjames]

nit pick, the title as update Srping Boot version to 4.0.6 on its own would be reasonable as it's updating the tests to match the new behavior introduced by 4.0.6.

When I originally read it I thought we were changing some validation logic in the app.

[balazs-szucs]

nit pick, the title as update Srping Boot version to 4.0.6 on its own would be reasonable as it's updating the tests to match the new behavior introduced by 4.0.6.

When I originally read it I thought we were changing some validation logic in the app.

Fair! I adjusted the title :)

Good to keep release notes more informative via better PR titles.