Modernize the API surface and remove legacy endpoints#163
Open
bartes wants to merge 8 commits into
Open
Conversation
Run CI on a JDK 17/21/25 matrix (CircleCI 2.1 parameterized job). Bump JaCoCo to 0.8.15, Mockito to 5.23.0 and System Stubs to 2.1.8 so the suite instruments and runs on Java 25, and grant the configuration environment-variable tests the required --add-opens.
Upgrades org.assertj:assertj-core from 3.24.2 to 3.27.7 so the test suite's Byte Buddy-backed assertions run on the Java 25 build matrix, and picks up the XXE fix in isXmlEqualTo (CVE-2026-24400).
Bump runtime dependencies (Gson 2.14.0, Guava 33.6.0-jre, SLF4J 2.0.18, jackson-databind-nullable 0.2.10, swagger-annotations 1.6.16, ThreeTen-Backport 1.7.3) and declare an explicit jsr305 dependency for the JSR-305 annotations used by the generated models, which Guava no longer brings in transitively. Bump test dependencies (Logback 1.5.34, JSONassert 1.5.3, spring-test 6.1.21 to match spring-web) and drop the unused System Rules dependency. Bump build plugins: maven-compiler-plugin 3.14.0, maven-surefire-plugin 3.5.6, maven-source-plugin 3.4.0, maven-javadoc-plugin 3.12.0, versions-maven-plugin 2.18.0, maven-gpg-plugin 3.2.8 and central-publishing-maven-plugin 0.10.0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Modernizes the SDK's public surface around the current Castle API and removes the legacy endpoints. Releases 3.0.0.
Public API
risk,filter,logget,post,put,deletecreateList,getAllLists,getList,queryLists,updateList,deleteListcreateListItem,createListItemsBatch,getListItem,queryListItems,countListItems,updateListItem,archiveListItem,unarchiveListItemrequestUserData,deleteUserDataeventsSchema,queryEvents,groupEventsverifyWebhookSignaturesecureUserIDAdded
Castle#verifyWebhookSignature(String, byte[])andCastle#verifyWebhookSignature(HttpServletRequest, byte[]), plus theCastle.WEBHOOK_SIGNATURE_HEADERconstant and aWebhookHMAC-SHA256 helper.CastleApi:eventsSchema(),queryEvents(...)andgroupEvents(...).CastleApi:requestUserData(...)anddeleteUserData(...)against/v1/privacy/users.Removed (breaking)
authenticateandtrackendpoints (sync/async variants and their request builders).approve,report,userDevices,device) and impersonation (impersonateStart,impersonateEnd).recoverendpoint and theremoveUserprivacy method.AuthenticateFailoverStrategy,CastleConfigurationBuilder#withAuthenticateFailoverStrategy, thefailover_strategysetting) and theVerdict/CastleMessagemodels.Bumps the version to 3.0.0 and documents the supported API surface in the README.
Build