refactor/secuty fix#2709
Merged
simonredfern merged 15 commits intoOpenBankProject:developfrom Feb 26, 2026
Merged
Conversation
… value - Add ipAddressExample to ExampleValue using RFC 5737 documentation IP range - Replace hardcoded IPv6 addresses in SwaggerDefinitionsJSON with ExampleValue reference - Resolves SonarCloud security hotspot for hardcoded IP addresses - Follows existing pattern for centralized example values
…ference - Replace hardcoded password string in Http4sCallContextBuilderTest - Use ExampleValue.passwordExample.value for test data - Resolves SonarCloud security hotspot for hardcoded credentials - Add ExampleValue import to test file
…alue references - Replace hardcoded passwords in Http4sRequestConversionPropertyTest - Replace hardcoded passwords in PasswordResetTest (strongPassword and newPassword) - Add ExampleValue imports to both test files - Resolves remaining SonarCloud security hotspots for hardcoded credentials - All test passwords now reference centralized ExampleValue.passwordExample
Use hostname and dev.port instead of http4s-specific config properties
# Conflicts: # obp-api/src/main/scala/bootstrap/http4s/Http4sServer.scala
Remove obp-http4s-runner module and merge its functionality into obp-api. This simplifies the project structure from 3 modules to 2 modules. Changes: - Add maven-shade-plugin to obp-api/pom.xml to create executable fat JAR - Change obp-api packaging from WAR to JAR - Remove obp-http4s-runner module from parent pom.xml - Delete obp-http4s-runner directory - Update build commands: obp-http4s-runner -> obp-api - Update startup: obp-http4s-runner.jar -> obp-api.jar - Update documentation (README.md, sample.props.template) - Update steering files (3myRules.md, obpRules.md, Test.md) Rationale: The obp-http4s-runner module was created to support dual deployment (Jetty WAR + http4s JAR). After removing Jetty/WAR deployment support, this separation no longer serves any purpose. Merging into obp-api eliminates unnecessary complexity and aligns with the pure backend API server architecture. New project structure: - obp-commons (jar) - Common library - obp-api (jar) - Main application + executable fat JAR Migration: - Build: mvn -pl obp-api -am package -DskipTests -T 4 - Run: java -jar obp-api/target/obp-api.jar - Stop: pkill -9 -f obp-api.jar
…dencies
- Remove obsolete maven-idea-plugin and maven-eclipse-plugin from parent and obp-api POMs
- Remove unnecessary javax.servlet-api dependency (no longer needed after Jetty removal)
- Fix maven-surefire-plugin version (was incorrectly using ${scala.version}=2.12, now 3.5.2)
- Update security-critical dependencies:
- logback-classic: 1.2.13 → 1.4.14
- postgresql: 42.4.4 → 42.7.3
- Centralize commons library versions in parent dependencyManagement:
- commons-lang3: 3.12.0 → 3.14.0
- commons-text: 1.10.0 → 1.12.0
- Remove insecure HTTP repository (java.net.maven3)
Related spec: .kiro/specs/pom-optimization/
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.