build(deps): bump org.passay:passay from 1.6.6 to 2.0.0 with API migration

[dependabot]

Description

Bumps org.passay:passay from 1.6.6 to 2.0.0 and migrates all usages to the new v2 API.

Passay 2.0.0 contains many breaking API changes including package reorganization, interface changes, and new constructor patterns. This PR updates all affected source files to use the new API.

Migration Summary

Package migrations:

• org.passay.CharacterRule → org.passay.rule.CharacterRule
• org.passay.LengthRule → org.passay.rule.LengthRule
• org.passay.WhitespaceRule → org.passay.rule.WhitespaceRule
• org.passay.EnglishCharacterData → org.passay.data.EnglishCharacterData
• org.passay.PasswordGenerator → org.passay.generate.PasswordGenerator

API changes:

• new PasswordValidator(...) → new DefaultPasswordValidator(...) (PasswordValidator is now an interface)
• RuleResult → ValidationResult (new return type from validate())
• passwordValidator.getMessages(result) → result.getMessages() (messages now on result object)
• PasswordGenerator constructor now takes (int length, Rule...), generate() returns UnicodeString

Module system:

• requires passay → requires org.passay in both module-info.java files (new Automatic-Module-Name)

Files Changed

• service.impl/.../ChangePasswordService.java — imports, DefaultPasswordValidator, ValidationResult
• service.impl/.../RegisterUserService.java — imports, DefaultPasswordValidator, ValidationResult
• citizen-intelligence-agency/.../TestUtils.java — imports, PasswordGenerator API
• service.impl/src/main/java/module-info.java — module name update
• citizen-intelligence-agency/src/main/java/module-info.java — module name update

Type of Change

Primary Changes

• 🚀 New Feature
• 🔄 Enhancement
• 🐛 Bug Fix
• 📦 Dependency Update

Political Analysis

• 📊 Political Data Analysis
  • Party Analysis
  • Committee Processing
  • Government Data
  • Riksdagen Integration
• 📈 Analytics & Metrics
  • Performance Metrics
  • Risk Assessment
  • Decision Analysis
  • Transparency Metrics

Technical Changes

• 🎨 UI/UX Changes
  • Layout Updates
  • Form Improvements
  • Visualization Updates
• 🏗️ Infrastructure
  • Database Changes
  • Performance Optimization
  • Configuration Updates
• 🔒 Security & Compliance
  • Authentication
  • Authorization
  • Data Protection
• 📝 Documentation
  • Technical Documentation
  • User Documentation
  • API Documentation
• ✅ Testing
  • Unit Tests
  • Integration Tests
  • Performance Tests

Impact Analysis

Political Analysis Impact

• Impact on data quality: None — password validation logic unchanged
• Impact on analysis accuracy: None
• Impact on transparency features: None

Technical Impact

• Performance impact: None — same validation logic with updated API
• Security implications: Password validation rules remain identical (length 8-64, uppercase, lowercase, digit, special, no whitespace). Using latest passay library version for improved security posture.
• Dependency changes: org.passay:passay 1.6.6 → 2.0.0 (major version bump with breaking API changes)

Testing

• Unit tests added/updated
• Integration tests added/updated
• Political data validation completed
• Security compliance verified
• Performance testing completed

Full project compiles successfully. All 38 unit tests in service.impl pass. Javadoc generates cleanly. CodeQL security scan reports 0 alerts.

Documentation

• JavaDoc updated
• README updated
• API documentation updated
• Package/module documentation updated
• Political analysis documentation updated

Module declarations updated in both module-info.java files to reflect new module name.

Screenshots

N/A — no UI changes

Related Issues

Related to dependency maintenance and security posture

Checklist

• Code follows project coding standards
• Comments are clear and helpful
• Documentation is updated
• Tests are passing
• Security compliance is maintained
• Performance impact is acceptable
• Breaking changes are documented
• Changes are backward compatible

Additional Notes

The passay 2.0.0 release reorganizes classes into sub-packages (org.passay.rule.*, org.passay.data.*, org.passay.generate.*), changes PasswordValidator from a class to an interface (with DefaultPasswordValidator as the implementation), and changes the validation return type from RuleResult to ValidationResult which now carries messages directly.

Security Considerations

• No sensitive data exposed
• Security best practices followed
• Compliance requirements met

Password validation rules are unchanged — the same strength requirements (length, character classes, no whitespace) are enforced with the updated API.

Release Notes

Upgraded passay password validation library from 1.6.6 to 2.0.0, migrating all usages to the new v2 API including updated package structure, DefaultPasswordValidator implementation, and ValidationResult return type.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA a0dd464.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

service.impl/pom.xml

Package	Version	License	Issue Type
org.passay:passay	2.0.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/org.passay:passay	2.0.0	Unknown	Unknown

Scanned Files

• service.impl/pom.xml

[pethers]

@copilot analyse and fix all issues

v2 contains many API breaking changes which were introduced to support new features and improve extensibility. The following list is not comprehensive, but are likely the most impactful:

Setters removed on many classes in favor of constructor parameters
PasswordValidator is now an interface and returns ValidationResult
DefaultPasswordValidator is the primary implementation provided by passay
Many classes reorganized into new sub-packages
org.passay.data for CharacterData and SequenceData
org.passay.rule for Rule implementations
org.passay.resolver for MessageResolver implementations
org.passay.support for password data classes
New maven modules to avoid the use of optional dependencies
passay-crypt for classes requiring cryptographic functions
passay-bloom for Bloom implementation and dependencies
passay-spring for classes with Spring dependencies

CodeQL / Analyze (java) (pull_request)
CodeQL / Analyze (java) (pull_request)Failing after 6m
Required
Generate Javadoc / Generate Javadoc Documentation (pull_request)
Generate Javadoc / Generate Javadoc Documentation (pull_request)Failing after 1m

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

@copilot analyse and fix all issues

v2 contains many API breaking changes which were introduced to support new features and improve extensibility. The following list is not compreh...

Fixed all passay 2.0.0 API breaking changes in commit a0dd464:

Package migrations:

• org.passay.CharacterRule → org.passay.rule.CharacterRule
• org.passay.LengthRule → org.passay.rule.LengthRule
• org.passay.WhitespaceRule → org.passay.rule.WhitespaceRule
• org.passay.EnglishCharacterData → org.passay.data.EnglishCharacterData
• org.passay.PasswordGenerator → org.passay.generate.PasswordGenerator

API changes:

• new PasswordValidator(...) → new DefaultPasswordValidator(...)
• RuleResult → ValidationResult (return type of validate())
• passwordValidator.getMessages(result) → result.getMessages()
• PasswordGenerator now takes (int length, Rule...) in constructor, generate() returns UnicodeString

Module system:

• requires passay → requires org.passay in both module-info.java files

5 files changed across ChangePasswordService.java, RegisterUserService.java, TestUtils.java, and 2 module-info.java files. Full project compiles, all 38 unit tests pass, Javadoc generates cleanly, CodeQL clean.

[github-actions]

📚 Javadoc Generated

The Javadoc documentation has been generated for this PR. Download the javadoc artifact from the workflow run to view the complete API documentation with UML diagrams.