FAForever · dependabot · Nov 27, 2025 · Nov 30, 2025 · Dec 3, 2025 · Dec 23, 2025
diff --git a/build.gradle b/build.gradle
@@ -11,7 +11,7 @@ buildscript {
 
 plugins {
   id "java"
-  id "org.springframework.boot" version "3.5.6"
+  id "org.springframework.boot" version "4.0.1"
   id "idea"
   id "com.adarshr.test-logger" version "4.0.0"
 }
@@ -28,7 +28,6 @@ jar.enabled = false
 
 repositories {
   mavenCentral()
-  maven { url "https://jitpack.io" }
 }
 
 compileJava.dependsOn(processResources)
@@ -143,9 +142,13 @@ dependencies {
   implementation("org.checkerframework:checker-qual:3.51.0")
   implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
   implementation("org.springframework.boot:spring-boot-starter-data-jpa")
-  implementation("org.springframework.boot:spring-boot-starter-web")
+  implementation("org.springframework.boot:spring-boot-starter-webmvc")
+  implementation("org.springframework.boot:spring-boot-starter-jackson")
+  implementation("org.springframework.boot:spring-boot-jackson2")
+  implementation("org.springframework.boot:spring-boot-starter-restclient")
   implementation("org.springframework.boot:spring-boot-starter-amqp")
   implementation("org.springframework.boot:spring-boot-starter-security")
+  implementation("org.springframework.security:spring-security-access")
   implementation("org.springframework.boot:spring-boot-starter-thymeleaf")
   implementation("org.springframework.boot:spring-boot-starter-mail")
   implementation("org.springframework.boot:spring-boot-starter-validation")
@@ -154,6 +157,8 @@ dependencies {
   implementation("com.github.ben-manes.caffeine:caffeine")
 
   testImplementation("org.springframework.boot:spring-boot-starter-test")
+  testImplementation("org.springframework.boot:spring-boot-starter-webmvc-test")
+  testImplementation("org.springframework.boot:spring-boot-starter-security-test")
   testImplementation("org.springframework.restdocs:spring-restdocs-mockmvc")
   testImplementation("org.springframework.security:spring-security-test")
   testImplementation("com.jayway.jsonpath:json-path")
@@ -165,14 +170,16 @@ dependencies {
   // Manually managed dependencies
   def elideVersion = "7.1.15"
   def springdocVersion = "2.8.13"
+  def commonsVersion = "20251112-0a26247"
   implementation("com.yahoo.elide:elide-core:${elideVersion}")
   implementation("com.yahoo.elide:elide-model-config:${elideVersion}")
   implementation("com.yahoo.elide:elide-spring-boot-autoconfigure:${elideVersion}")
   implementation("com.yahoo.elide:elide-swagger:${elideVersion}")
   implementation("com.yahoo.elide:elide-datastore-jpa:${elideVersion}")
   implementation("com.yahoo.elide:elide-datastore-multiplex:${elideVersion}")
   implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:${springdocVersion}")
-  implementation("com.github.FAForever:faf-java-commons:0e5d22ffff6e4dea81bac494d532627fcca8ebc4")
+  implementation("com.faforever.commons:data:${commonsVersion}")
+  implementation("com.faforever.commons:api:${commonsVersion}")
   implementation("org.kohsuke:github-api:1.330")
   implementation("org.eclipse.jgit:org.eclipse.jgit:7.3.0.202506031305-r")
   implementation("org.jetbrains:annotations:26.0.2-1")

diff --git a/src/inttest/java/com/faforever/api/clan/ClanControllerTest.java b/src/inttest/java/com/faforever/api/clan/ClanControllerTest.java
@@ -7,11 +7,11 @@
 import com.faforever.api.player.PlayerRepository;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
 import org.springframework.test.context.jdbc.Sql;
 import org.springframework.test.context.jdbc.Sql.ExecutionPhase;
 import org.springframework.test.web.servlet.MvcResult;
 import org.springframework.test.web.servlet.ResultActions;
+import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 
 import static org.hamcrest.Matchers.is;
@@ -78,7 +78,7 @@ public void createClanWithSuccess() throws Exception {
     assertNull(player.getClan());
     assertFalse(clanRepository.findOneByName(NEW_CLAN_NAME).isPresent());
 
-    MultiValueMap<String, String> params = new HttpHeaders();
+    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
     params.add("name", NEW_CLAN_NAME);
     params.add("tag", NEW_CLAN_TAG);
     params.add("description", NEW_CLAN_DESCRIPTION);
@@ -98,15 +98,15 @@ public void createClanWithSuccess() throws Exception {
 
   @Test
   public void createClanWithoutAuth() throws Exception {
-    MultiValueMap<String, String> params = new HttpHeaders();
+    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
     params.add("name", NEW_CLAN_NAME);
     params.add("tag", NEW_CLAN_TAG);
     params.add("description", NEW_CLAN_DESCRIPTION);
 
     mockMvc.perform(
       post("/clans/create")
         .params(params))
-      .andExpect(status().isForbidden());
+      .andExpect(status().isUnauthorized());
   }
 
   @Test
@@ -116,7 +116,7 @@ public void createClanWithExistingName() throws Exception {
     assertNull(player.getClan());
     assertTrue(clanRepository.findOneByName(EXISTING_CLAN).isPresent());
 
-    MultiValueMap<String, String> params = new HttpHeaders();
+    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
     params.add("name", EXISTING_CLAN);
     params.add("tag", NEW_CLAN_TAG);
     params.add("description", NEW_CLAN_DESCRIPTION);
@@ -138,7 +138,7 @@ public void createClanWithExistingTag() throws Exception {
     assertNull(player.getClan());
     assertFalse(clanRepository.findOneByName(NEW_CLAN_NAME).isPresent());
 
-    MultiValueMap<String, String> params = new HttpHeaders();
+    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
     params.add("name", NEW_CLAN_NAME);
     params.add("tag", "123");
     params.add("description", NEW_CLAN_DESCRIPTION);
@@ -160,7 +160,7 @@ public void createSecondClan() throws Exception {
     assertNotNull(player.getClan());
     assertFalse(clanRepository.findOneByName(NEW_CLAN_NAME).isPresent());
 
-    MultiValueMap<String, String> params = new HttpHeaders();
+    MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
     params.add("name", NEW_CLAN_NAME);
     params.add("tag", NEW_CLAN_TAG);
     params.add("description", NEW_CLAN_DESCRIPTION);

diff --git a/src/inttest/java/com/faforever/api/config/LeagueDbTestContainers.java b/src/inttest/java/com/faforever/api/config/LeagueDbTestContainers.java
@@ -5,8 +5,8 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.autoconfigure.jdbc.DataSourceProperties;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.jdbc.autoconfigure.DataSourceProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.testcontainers.containers.GenericContainer;

diff --git a/src/inttest/java/com/faforever/api/config/MainDbTestContainers.java b/src/inttest/java/com/faforever/api/config/MainDbTestContainers.java
@@ -5,8 +5,8 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.autoconfigure.jdbc.DataSourceProperties;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.jdbc.autoconfigure.DataSourceProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;

diff --git a/src/inttest/java/com/faforever/api/moderationreport/ModerationReportTest.java b/src/inttest/java/com/faforever/api/moderationreport/ModerationReportTest.java
@@ -63,7 +63,7 @@ public void anonymousUserCannotCreateValidModerationReport() throws Exception {
       post("/data/moderationReport")
         .header(HttpHeaders.CONTENT_TYPE, JSON_API_MEDIA_TYPE)
         .content(createJsonApiContent(validModerationReport)))
-      .andExpect(status().isForbidden());
+      .andExpect(status().isUnauthorized());
   }
 
   @Test

diff --git a/src/inttest/java/com/faforever/api/user/MeControllerTest.java b/src/inttest/java/com/faforever/api/user/MeControllerTest.java
@@ -18,7 +18,7 @@ public class MeControllerTest extends AbstractIntegrationTest {
   @Test
   public void withoutTokenUnauthorized() throws Exception {
     mockMvc.perform(get("/me"))
-      .andExpect(status().isForbidden());
+      .andExpect(status().isUnauthorized());
   }
 
   @Test