bancolombia · juancgalvis · Nov 15, 2025 · Nov 14, 2025 · Nov 15, 2025 · Nov 15, 2025
diff --git a/build.gradle b/build.gradle
@@ -12,11 +12,11 @@ plugins {
     id 'jacoco'
     id 'maven-publish'
     id 'java-gradle-plugin'
-    id 'org.sonarqube' version '6.3.1.5724'
+    id 'org.sonarqube' version '7.0.1.6134'
     id 'com.gradle.plugin-publish' version '2.0.0'
     id 'com.diffplug.spotless' version '8.0.0'
     id 'io.github.gradle-nexus.publish-plugin' version '2.0.0'
-    id 'org.owasp.dependencycheck' version '12.1.6'
+    id 'org.owasp.dependencycheck' version '12.1.9'
 }
 
 ext {
@@ -178,36 +178,36 @@ if (project.hasProperty('signing.keyId')) { // publish as library in maven centr
 
 dependencies {
     api 'com.github.spullara.mustache.java:compiler:0.9.14'
-    api 'com.fasterxml.jackson.core:jackson-databind:2.20.0'
-    api 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.20.0'
-    api 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.20.0'
-    api 'commons-io:commons-io:2.20.0'
+    api 'com.fasterxml.jackson.core:jackson-databind:2.20.1'
+    api 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.20.1'
+    api 'com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.20.1'
+    api 'commons-io:commons-io:2.21.0'
     api gradleApi()
 
-    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.20.0'
+    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.20.1'
     implementation 'org.reflections:reflections:0.10.2'
     // swagger generators
-    implementation('io.swagger.codegen.v3:swagger-codegen-generators:1.0.58') {
+    implementation('io.swagger.codegen.v3:swagger-codegen-generators:1.0.59') {
         exclude group: 'net.sf.jopt-simple', module: 'jopt-simple'
     }
     constraints { // for previous swagger dependency
-        implementation('commons-codec:commons-codec:1.19.0') {
+        implementation('commons-codec:commons-codec:1.20.0') {
             because "This version closes a security vulnerability"
         }
     }
     implementation 'com.googlecode.lambdaj:lambdaj:2.3.3'
 
     testImplementation gradleTestKit()
     testImplementation 'org.mockito:mockito-junit-jupiter:5.20.0'
-    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.13.4'
-    testImplementation 'org.junit.jupiter:junit-jupiter-params:5.13.4'
-    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.13.4'
-    testRuntimeOnly 'org.junit.platform:junit-platform-launcher:1.13.4'
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:6.0.1'
+    testImplementation 'org.junit.jupiter:junit-jupiter-params:6.0.1'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:6.0.1'
+    testRuntimeOnly 'org.junit.platform:junit-platform-launcher:6.0.1'
 
     compileOnly 'org.projectlombok:lombok:1.18.42'
     annotationProcessor 'org.projectlombok:lombok:1.18.42'
-    implementation 'com.squareup.okhttp3:okhttp:5.1.0'
-    testImplementation 'com.squareup.okhttp3:mockwebserver:5.1.0'
+    implementation 'com.squareup.okhttp3:okhttp:5.3.0'
+    testImplementation 'com.squareup.okhttp3:mockwebserver:5.3.0'
 }
 
 jacocoTestReport {
@@ -297,7 +297,7 @@ tasks.register('installGitHooks') {
 }
 
 tasks.named('wrapper') {
-    gradleVersion = '9.1.0'
+    gradleVersion = '8.14.3'
     validateDistributionUrl = true
     distributionSha256Sum = "a17ddd85a26b6a7f5ddb71ff8b05fc5104c0202c6e64782429790c933686c806"
 }

diff --git a/src/main/java/co/com/bancolombia/Constants.java b/src/main/java/co/com/bancolombia/Constants.java
@@ -12,26 +12,26 @@ public final class Constants {
   public static final String APP_SERVICE = "app-service";
   public static final String PATH_GRAPHQL = "/graphql";
   // dependencies
-  public static final String SECRETS_VERSION = "4.4.35";
-  public static final String SPRING_BOOT_VERSION = "3.5.6";
+  public static final String SECRETS_VERSION = "4.4.36";
+  public static final String SPRING_BOOT_VERSION = "3.5.7";
   public static final String LOMBOK_VERSION = "1.18.42";
-  public static final String REACTIVE_COMMONS_VERSION = "6.0.0";
+  public static final String REACTIVE_COMMONS_VERSION = "6.1.0";
   public static final String REACTIVE_COMMONS_MAPPER_VERSION = "0.1.0";
-  public static final String BLOCK_HOUND_VERSION = "1.0.14.RELEASE";
-  public static final String AWS_BOM_VERSION = "2.35.1";
-  public static final String COMMONS_JMS_VERSION = "2.5.0";
+  public static final String BLOCK_HOUND_VERSION = "1.0.15.RELEASE";
+  public static final String AWS_BOM_VERSION = "2.38.7";
+  public static final String COMMONS_JMS_VERSION = "2.5.3";
   public static final String ARCH_UNIT_VERSION = "1.4.1";
-  public static final String OKHTTP_VERSION = "5.1.0";
+  public static final String OKHTTP_VERSION = "5.3.0";
   public static final String RESILIENCE_4J_VERSION = "2.3.0";
   public static final String BIN_STASH_VERSION = "1.3.2";
-  public static final String SPRING_DOC_OPENAPI_VERSION = "2.8.13";
+  public static final String SPRING_DOC_OPENAPI_VERSION = "2.8.14";
   public static final String CLOUD_EVENTS_VERSION = "4.0.1";
   // gradle plugins
-  public static final String JACOCO_VERSION = "0.8.13";
-  public static final String SONAR_VERSION = "6.3.1.5724";
+  public static final String JACOCO_VERSION = "0.8.14";
+  public static final String SONAR_VERSION = "7.0.1.6134";
   public static final String COBERTURA_VERSION = "4.0.0";
   public static final String PLUGIN_VERSION = "3.26.2";
-  public static final String DEPENDENCY_CHECK_VERSION = "12.1.6";
+  public static final String DEPENDENCY_CHECK_VERSION = "12.1.9";
   public static final String PITEST_VERSION = "1.19.0-rc.2";
   // custom
   public static final String GRADLE_WRAPPER_VERSION = "8.14.3";

diff --git a/src/main/java/co/com/bancolombia/models/DependencyReleasesDeserializer.java b/src/main/java/co/com/bancolombia/models/DependencyReleasesDeserializer.java
@@ -1,5 +1,7 @@
 package co.com.bancolombia.models;
 
+import static co.com.bancolombia.utils.Utils.isStableVersion;
+
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -27,7 +29,7 @@ public DependencyRelease deserialize(JsonParser jp, DeserializationContext ctxt)
     while (list.has(i)) {
       JsonNode dependency = list.get(i);
       String version = dependency.get("v").textValue();
-      if (isStable(version)) {
+      if (isStableVersion(version)) {
         dependencyRelease.setGroup(dependency.get("g").textValue());
         dependencyRelease.setArtifact(dependency.get("a").textValue());
         dependencyRelease.setVersion(version);
@@ -37,8 +39,4 @@ public DependencyRelease deserialize(JsonParser jp, DeserializationContext ctxt)
     }
     return dependencyRelease;
   }
-
-  private boolean isStable(String version) {
-    return !version.contains("alpha") && !version.contains("beta") && !version.contains("RC");
-  }
 }
diff --git a/src/main/java/co/com/bancolombia/models/MavenMetadata.java b/src/main/java/co/com/bancolombia/models/MavenMetadata.java
@@ -0,0 +1,39 @@
+package co.com.bancolombia.models;
+
+import static co.com.bancolombia.utils.Utils.isStableVersion;
+
+import java.util.List;
+import lombok.Data;
+
+@Data
+public class MavenMetadata {
+  private String groupId;
+  private String artifactId;
+  private Versioning versioning;
+
+  @Data
+  public static class Versioning {
+    private String latest;
+    private String release;
+    private List<String> versions;
+    private String lastUpdated;
+  }
+
+  public DependencyRelease toDependencyRelease() {
+    var release = new DependencyRelease();
+    release.setGroup(this.groupId);
+    release.setArtifact(this.artifactId);
+    if (isStableVersion(this.versioning.getLatest())) {
+      release.setVersion(this.versioning.getLatest());
+      return release;
+    }
+    for (var i = this.versioning.versions.size() - 1; i >= 0; i--) {
+      var version = this.versioning.versions.get(i);
+      if (isStableVersion(version)) {
+        release.setVersion(version);
+        return release;
+      }
+    }
+    return release;
+  }
+}
diff --git a/src/main/java/co/com/bancolombia/utils/Utils.java b/src/main/java/co/com/bancolombia/utils/Utils.java
@@ -184,4 +184,14 @@ public static Set<String> findExpressions(String content, String regex) {
         .map(s -> s.replace("\"", ""))
         .collect(Collectors.toSet());
   }
+
+  public static boolean isStableVersion(String version) {
+    String lowerCaseVersion = version.toLowerCase();
+    return !(lowerCaseVersion.contains("alpha")
+        || lowerCaseVersion.contains("beta")
+        || lowerCaseVersion.contains("rc")
+        || lowerCaseVersion.contains("snapshot")
+        || lowerCaseVersion.contains("preview")
+        || lowerCaseVersion.contains("-m"));
+  }
 }
diff --git a/src/main/java/co/com/bancolombia/utils/offline/LocalTasks.java b/src/main/java/co/com/bancolombia/utils/offline/LocalTasks.java
@@ -1,5 +1,6 @@
 package co.com.bancolombia.utils.offline;
 
+import co.com.bancolombia.utils.operations.OperationsProvider;
 import java.io.IOException;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
@@ -10,7 +11,9 @@ public class LocalTasks {
   public static void main(String[] args) throws IOException {
     // When needed you can use args[0] to determine task to run
     UpdateDependencies.ofDefaults().run(); // Updates dependencies version for generated code
-    UpdateProjectDependencies.ofDefaults()
+    UpdateProjectDependencies.ofDefaults().toBuilder()
+        .withOperations(OperationsProvider.real())
+        .build()
         .run(); // Updates dependencies and gradle plugins in local build.gradle project
   }
 }
diff --git a/src/main/java/co/com/bancolombia/utils/offline/UpdateProjectDependencies.java b/src/main/java/co/com/bancolombia/utils/offline/UpdateProjectDependencies.java
@@ -6,7 +6,6 @@
 import co.com.bancolombia.utils.operations.ExternalOperations;
 import co.com.bancolombia.utils.operations.OperationsProvider;
 import java.io.File;
-import java.io.IOException;
 import java.nio.file.Paths;
 import java.util.List;
 import java.util.Optional;
@@ -15,7 +14,7 @@
 import lombok.SneakyThrows;
 
 @Setter
-@Builder(setterPrefix = "with")
+@Builder(setterPrefix = "with", toBuilder = true)
 public class UpdateProjectDependencies {
   public static final String BUILD_GRADLE_FILE = "build.gradle";
 
@@ -26,7 +25,7 @@ public static UpdateProjectDependencies ofDefaults() {
     return UpdateProjectDependencies.builder().build();
   }
 
-  public void run() throws IOException {
+  public void run() {
     files.forEach(this::updateDependency);
   }
 

diff --git a/src/main/java/co/com/bancolombia/utils/operations/HttpOperations.java b/src/main/java/co/com/bancolombia/utils/operations/HttpOperations.java
@@ -2,6 +2,7 @@
 
 import co.com.bancolombia.models.DependencyRelease;
 import co.com.bancolombia.models.DependencyReleaseXml;
+import co.com.bancolombia.models.MavenMetadata;
 import co.com.bancolombia.models.Release;
 import co.com.bancolombia.utils.FileUtils;
 import co.com.bancolombia.utils.operations.http.RestConsumer;
@@ -17,7 +18,7 @@ public class HttpOperations implements ExternalOperations {
   public static final String PLUGIN_RELEASES =
       "https://api.github.com/repos/bancolombia/scaffold-clean-architecture/releases";
   public static final String DEPENDENCY_RELEASES =
-      "https://search.maven.org/solrsearch/select?q=g:%22%group%22+AND+a:%22%artifact%22&core=gav&rows=5&wt=json";
+      "https://repo1.maven.org/maven2/%group/%artifact/maven-metadata.xml";
   public static final String GRADLE_PLUGINS =
       "https://plugins.gradle.org/m2/%group/%artifact/maven-metadata.xml";
   public static final String SPRING_INITIALIZER = "https://start.spring.io/starter.zip";
@@ -64,10 +65,11 @@ private static boolean filterValidVersions(Release release) {
 
   @Override
   public Optional<DependencyRelease> getTheLastDependencyRelease(DependencyRelease dependency) {
-    String endpoint = "";
+    var endpoint = "";
     try {
       endpoint = getDependencyEndpoint(dependency);
-      DependencyRelease release = RestConsumer.getRequest(endpoint, DependencyRelease.class);
+      var metadata = RestConsumer.getRequest(endpoint, MavenMetadata.class, true);
+      var release = metadata.toDependencyRelease();
       if (release.isNewest(dependency)) {
         logger.lifecycle("Updating {} to {}", dependency.toString(), release.toString());
         return Optional.of(release);
@@ -125,9 +127,11 @@ public Optional<String> getGradleWrapperFromFile() {
 
   private String getDependencyEndpoint(DependencyRelease dependency) {
     if (dependency.valid()) {
+      var group = String.join("/", dependency.getGroup().split("\\."));
+      var artifact = String.join("/", dependency.getArtifact().split("\\."));
       return resolve(DEPENDENCY_RELEASES)
-          .replaceFirst("%group", dependency.getGroup())
-          .replaceFirst("%artifact", dependency.getArtifact());
+          .replaceFirst("%group", group)
+          .replaceFirst("%artifact", artifact);
     }
     throw new IllegalArgumentException(
         dependency

diff --git a/src/test/java/co/com/bancolombia/utils/operations/HttpOperationsTest.java b/src/test/java/co/com/bancolombia/utils/operations/HttpOperationsTest.java
@@ -39,9 +39,27 @@ class HttpOperationsTest {
   void setup() throws IOException {
     String releaseResponse = "[{\"tag_name\":\"2.0.0\",\"published_at\":\"2021-11-18T13:30:02Z\"}]";
     String dependencyResponse =
-        "{\"response\":{\"docs\":[{\"v\":\"2.0.1\",\"g\":\"some.dependency\",\"a\":\"name\"}]}}";
+        """
+                <metadata>
+                  <groupId>some.dependency</groupId>
+                  <artifactId>name</artifactId>
+                  <versioning>
+                    <latest>2.0.1</latest>
+                    <release>2.0.1</release>
+                    <versions>
+                      <version>0.0.1</version>
+                    </versions>
+                  </versioning>
+                </metadata>
+                """;
     String xmlResponse =
-        "<metadata><groupId>org.sonarqube</groupId><artifactId>org.sonarqube.gradle.plugin</artifactId><version>4.4.1.3373</version></metadata>";
+        """
+                <metadata>
+                  <groupId>org.sonarqube</groupId>
+                  <artifactId>org.sonarqube.gradle.plugin</artifactId>
+                  <version>4.4.1.3373</version>
+                </metadata>
+                """;
     final Dispatcher dispatcher =
         new Dispatcher() {
           @Override
@@ -51,9 +69,12 @@ void setup() throws IOException {
                 {
                   return new MockResponse().setResponseCode(200).setBody(releaseResponse);
                 }
-              case "/maven":
+              case "/name/maven-metadata.xml":
                 {
-                  return new MockResponse().setResponseCode(200).setBody(dependencyResponse);
+                  return new MockResponse()
+                      .setResponseCode(200)
+                      .addHeader("Content-Type", "application/xml")
+                      .setBody(dependencyResponse);
                 }
               case "/maven-metadata.xml":
                 {
@@ -92,7 +113,7 @@ void setup() throws IOException {
                 PLUGIN_RELEASES,
                 server.url("/releases").toString(),
                 DEPENDENCY_RELEASES,
-                server.url("/maven").toString(),
+                server.url("name/maven-metadata.xml").toString(),
                 GRADLE_PLUGINS,
                 server.url("/maven-metadata.xml").toString(),
                 SPRING_INITIALIZER,