From 824f6a7c140d467d3b0b262dc95b6de1c260dfdd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 05:11:38 +0000 Subject: [PATCH 1/2] chore(deps): bump org.passay:passay from 1.6.6 to 2.0.0 Bumps [org.passay:passay](https://github.com/vt-middleware/passay) from 1.6.6 to 2.0.0. - [Release notes](https://github.com/vt-middleware/passay/releases) - [Commits](https://github.com/vt-middleware/passay/compare/v1.6.6...v2.0.0) --- updated-dependencies: - dependency-name: org.passay:passay dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 6c412a3..6f6a85f 100644 --- a/build.gradle +++ b/build.gradle @@ -45,7 +45,7 @@ dependencies { compileOnly 'nz.net.ultraq.thymeleaf:thymeleaf-layout-dialect:4.0.1' // Other dependencies (moved to test scope for library) - implementation 'org.passay:passay:1.6.6' + implementation 'org.passay:passay:2.0.0' implementation 'com.google.guava:guava:33.5.0-jre' implementation 'org.apache.commons:commons-text:1.15.0' compileOnly 'jakarta.validation:jakarta.validation-api:3.1.1' From 42335ee76015e8e45d97a150d3c50e6e0def395e Mon Sep 17 00:00:00 2001 From: Devon Hillard Date: Mon, 6 Apr 2026 08:25:33 -0600 Subject: [PATCH 2/2] fix(deps): update PasswordPolicyService for Passay 2.0 API changes Passay 2.0 reorganized packages (rules under org.passay.rule, character data under org.passay.data), made PasswordValidator an interface with DefaultPasswordValidator impl, and changed validate() to return ValidationResult with getMessages() directly on the result. --- .../user/service/PasswordPolicyService.java | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/digitalsanctuary/spring/user/service/PasswordPolicyService.java b/src/main/java/com/digitalsanctuary/spring/user/service/PasswordPolicyService.java index 4f702b0..3fab195 100644 --- a/src/main/java/com/digitalsanctuary/spring/user/service/PasswordPolicyService.java +++ b/src/main/java/com/digitalsanctuary/spring/user/service/PasswordPolicyService.java @@ -4,15 +4,16 @@ import lombok.extern.slf4j.Slf4j; import org.apache.commons.text.similarity.LevenshteinDistance; -import org.passay.CharacterData; -import org.passay.CharacterRule; -import org.passay.DictionaryRule; -import org.passay.EnglishCharacterData; -import org.passay.LengthRule; +import org.passay.DefaultPasswordValidator; import org.passay.PasswordData; import org.passay.PasswordValidator; -import org.passay.Rule; -import org.passay.RuleResult; +import org.passay.ValidationResult; +import org.passay.data.CharacterData; +import org.passay.data.EnglishCharacterData; +import org.passay.rule.CharacterRule; +import org.passay.rule.DictionaryRule; +import org.passay.rule.LengthRule; +import org.passay.rule.Rule; import org.passay.dictionary.ArrayWordList; import org.passay.dictionary.WordListDictionary; import org.passay.dictionary.WordLists; @@ -281,19 +282,19 @@ private Optional checkPasswordSimilarity(String password, String usernam * @return list of error messages if validation fails, empty if valid */ private List validateWithPassay(String password, List rules, Locale locale) { - PasswordValidator validator = new PasswordValidator( + PasswordValidator validator = new DefaultPasswordValidator( (detail) -> messages.getMessage(detail.getErrorCode(), detail.getValues(), locale), rules); PasswordData passwordData = new PasswordData(password); - RuleResult result = validator.validate(passwordData); + ValidationResult result = validator.validate(passwordData); if (result.isValid()) { log.debug("Password is valid."); return List.of(); } else { - log.warn("Password validation failed: {}", validator.getMessages(result)); - return validator.getMessages(result); + log.warn("Password validation failed: {}", result.getMessages()); + return result.getMessages(); } } }