Skip to content

chore(deps): bump org.passay:passay from 1.6.6 to 2.0.0#298

Merged
devondragon merged 2 commits intomainfrom
dependabot/gradle/org.passay-passay-2.0.0
Apr 6, 2026
Merged

chore(deps): bump org.passay:passay from 1.6.6 to 2.0.0#298
devondragon merged 2 commits intomainfrom
dependabot/gradle/org.passay-passay-2.0.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026

Bumps org.passay:passay from 1.6.6 to 2.0.0.

Release notes

Sourced from org.passay:passay's releases.

v2.0.0 Release

See https://www.passay.org/download.html for change log and binaries.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump org.passay:passay from 1.6.6 to 2.0.0
824f6a7 
Bumps [org.passay:passay](https://github.com/vt-middleware/passay) from 1.6.6 to 2.0.0.
- [Release notes](https://github.com/vt-middleware/passay/releases)
- [Commits](vt-middleware/passay@v1.6.6...v2.0.0)

---
updated-dependencies:
- dependency-name: org.passay:passay
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Apr 6, 2026
@devondragon
fix(deps): update PasswordPolicyService for Passay 2.0 API changes
42335ee 
Passay 2.0 reorganized packages (rules under org.passay.rule, character
data under org.passay.data), made PasswordValidator an interface with
DefaultPasswordValidator impl, and changed validate() to return
ValidationResult with getMessages() directly on the result.
@devondragon devondragon merged commit daca285 into main Apr 6, 2026
@dependabot dependabot bot deleted the dependabot/gradle/org.passay-passay-2.0.0 branch April 6, 2026 14:25
@claude
Copy link
Copy Markdown

claude bot commented Apr 6, 2026

PR Review: passay 1.6.6 → 2.0.0 upgrade

Note: This PR is already merged. This is a retrospective review for reference.

Summary

This is a clean Dependabot dependency upgrade from passay 1.6.6 to 2.0.0. The passay 2.0.0 release is a major version bump that reorganized the package structure and updated the API, and the code changes here correctly adapt to those breaking changes.

What Changed

build.gradle

  • Simple version bump. Correct.

PasswordPolicyService.java
Package reorganization handled correctly:

  • org.passay.CharacterRuleorg.passay.rule.CharacterRule
  • org.passay.DictionaryRuleorg.passay.rule.DictionaryRule
  • org.passay.LengthRuleorg.passay.rule.LengthRule
  • org.passay.Ruleorg.passay.rule.Rule
  • org.passay.CharacterDataorg.passay.data.CharacterData
  • org.passay.EnglishCharacterDataorg.passay.data.EnglishCharacterData
  • PasswordValidator (now an interface) → instantiated as DefaultPasswordValidator
  • RuleResultValidationResult
  • validator.getMessages(result)result.getMessages() (moved to result object)

Assessment

Strengths:

  • All necessary API changes are accounted for — no missed import renames.
  • The validator variable is correctly typed as PasswordValidator (the interface) while DefaultPasswordValidator is used for instantiation, which is good practice.
  • result.getMessages() is the cleaner API in 2.0.0 since the result object now owns its messages.
  • Existing tests cover the behavior end-to-end so the migration is validated.

Minor observations (non-blocking):

  1. Import ordering (PasswordPolicyService.java, lines 7–20): The passay imports are now split across three packages (org.passay, org.passay.data, org.passay.rule) but aren't grouped alphabetically — org.passay.DefaultPasswordValidator appears before org.passay.data.* which appears before org.passay.rule.*. Per CLAUDE.md, imports should be alphabetical. Low priority since it's a cosmetic issue introduced by the migration.

  2. Tests don't use @ServiceTest: PasswordPolicyServiceTest extends MockitoExtension directly rather than using the project's custom @ServiceTest annotation (see CLAUDE.md). This is pre-existing and not introduced by this PR, but worth cleaning up in a follow-on.

  3. Commented-out code in tests (lines 46–48 and 188): Pre-existing commented code in the test file. Not introduced here, but worth a cleanup pass.

  4. No RepeatCharacterRegexRule impact: Passay 2.0.0 removed RepeatCharacterRegexRule. This class isn't used anywhere in the codebase, so there's no impact.

Verdict

✅ The migration is correct and complete. No functional regressions expected. The minor issues above are all pre-existing or cosmetic and don't warrant blocking the upgrade.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@devondragon