docs: add dependency audit for outdated Spring Boot 1.5.x stack

[sharma-sugurthi]

Closes PSMRI/AMRIT#152

while looking into the HWC-API backend, i found that the project is running on Spring Boot 1.5.3 along with several other outdated dependencies like springfox, old lettuce redis client, and guava 21.

this PR adds a DEPENDENCY_AUDIT.md to the repo that:

• lists all outdated dependencies with their current vs latest versions
• flags the ones that carry the most risk (EOL frameworks, abandoned projects, relocated artifacts)
• proposes a phased upgrade path 1.5 -> 2.x -> 3.x .

this is meant to be a starting point for planning the upgrade, not the upgrade itself.
happy to iterate on this based on feedback.

Summary by CodeRabbit

• Documentation
  • Added a dependency audit detailing the project's current technical baseline and a three-phase upgrade roadmap, including targeted Spring Boot and Java version upgrades, migration notes (e.g., javax→jakarta), library rename/relocation points, and references to migration guides to support planned incremental updates.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d2064605-b16c-41c2-b404-e6c747fd38ec

📥 Commits

Reviewing files that changed from the base of the PR and between fefa2d9 and f7753f4.

📒 Files selected for processing (1)

• DEPENDENCY_AUDIT.md

---

📝 Walkthrough

Hidden review stack artifact:

Walkthrough

This PR adds DEPENDENCY_AUDIT.md: a full dependency baseline for HWC-API (Spring Boot 1.5.3, Java 8), enumerates outdated libraries and artifact notes, and defines a three-phase upgrade path (prep → Spring Boot 2.7/Java 11 → Spring Boot 3.x/Java 17) with migration pointers.

Changes

Dependency Audit Documentation

Layer / File(s)	Summary
Baseline & dependency listing DEPENDENCY_AUDIT.md	Document header and tables listing current runtime baseline and dependency status across framework/runtime, data/caching, FHIR, API docs, utilities, and JPA, including relocation/renaming notes.
Incremental upgrade path DEPENDENCY_AUDIT.md	Three-phase upgrade plan: prep (no Boot change), upgrade 1.5→2.7 (Java 8→11) with migration tasks (springfox→springdoc, Lettuce coords, connector notes), then upgrade 2.7→3.x (Java 17, javax.*→jakarta.*, MySQL connector rename, HAPI FHIR/JPA upgrades).
References & links DEPENDENCY_AUDIT.md	Reference links for Spring Boot support/migration guides and Springfox→Springdoc migration guidance.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

• [HWC-API] Spring Boot 1.5.3 is end-of-life - needs a dependency audit AMRIT#152 — Directly corresponds: requests a dependency audit and incremental upgrade plan for Spring Boot 1.5.3 and other outdated libraries.

Poem

🐰 I hopped through pom and noted each stack,
A trail of old versions tucked in my sack.
From 1.5 we plan the steady climb,
To newer springs and a modern time.
A carrot for progress, small but exact.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: adding a dependency audit document for the outdated Spring Boot 1.5.x stack.
Linked Issues check	✅ Passed	The pull request fulfills all coding requirements from issue #152: DEPENDENCY_AUDIT.md enumerates outdated dependencies with versions, flags maintenance risks, and outlines an incremental upgrade path (1.5→2.x→3.x).
Out of Scope Changes check	✅ Passed	The pull request contains only the requested DEPENDENCY_AUDIT.md documentation file with no out-of-scope changes or unrelated modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@DEPENDENCY_AUDIT.md`:
- Around line 32-35: Update the HAPI FHIR version entries in the dependency
table to the current latest release v8.9.14: change the "Latest" column value
for hapi-fhir-base, hapi-fhir-structures-r4, hapi-fhir-server, and
hapi-fhir-validation from "7.6.x" to "8.9.14" and adjust any related note text
if it references the older major version; ensure all four rows (hapi-fhir-base,
hapi-fhir-structures-r4, hapi-fhir-server, hapi-fhir-validation) consistently
show "8.9.14" as the latest version.
- Line 9: Update the historical and current version statements in the sentence
containing "Spring Boot 1.5.3" and "Java 8": change the Java 8 "public updates
ended March 2022" to "End of Public Updates: January 15, 2019", and replace the
outdated "latest stable" examples "Spring Boot 3.4.x, Java 21 LTS" with the
current releases as of May 2026 ("Spring Boot 4.0.6" and "Java 25 LTS"); ensure
the surrounding wording still reads clearly and preserves the Spring Boot 1.5.3
EOL note.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d6debb4a-6c4b-4bd5-9372-a1c2e0e94432

📥 Commits

Reviewing files that changed from the base of the PR and between 3861dd1 and fefa2d9.

📒 Files selected for processing (1)

• DEPENDENCY_AUDIT.md

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud