Skip to content

Release v0.2.0#3

Merged
tcheeric merged 6 commits intomainfrom
develop
Jan 30, 2026
Merged

Release v0.2.0#3
tcheeric merged 6 commits intomainfrom
develop

Conversation

@tcheeric
Copy link
Contributor

@tcheeric tcheeric commented Jan 30, 2026

Summary

Release version 0.2.0 with verification improvements, CI fixes, and dependency updates.

Added

  • Docker image build bound to Maven deploy phase for streamlined CI/CD
  • E2E testing documentation and architecture guide
  • CI configuration with build and test jobs

Changed

  • Domain verification now uses _nostr-verification naming for better protocol alignment
  • Admin UI shows both DNS and Well-Known verification options without method selection
  • Verification attempts both DNS and Well-Known methods automatically
  • Auto-generates verification token when viewing unverified domains
  • Updated nostr-java dependency to 1.3.0
  • Removed nsecbunker-account dependency from bottin-core

Fixed

  • SecurityFilterChain conflict in E2E tests
  • Qodana security findings addressed
  • CI workflow fixes for google-java-format and Maven wrapper
  • Admin credentials now properly use environment variables
  • Fixed 500 error when viewing domains list

Security

  • Removed credentials from dependabot registry configuration

Test plan

  • All unit tests pass (mvn verify)
  • Deployed to Maven repository (v0.2.0)
  • Deploy Docker images to registry
  • Verify domain verification flow on staging

🤖 Generated with Claude Code

tcheeric and others added 5 commits January 4, 2026 21:25
docs: update nsecbunker-java repository link in README
5a7842b
@claude
fix(ci): reference registries in dependabot maven config
14e8366 
Add registries key to Maven ecosystem configuration to use the defined
maven-releases and maven-snapshots registries. Fixes Dependabot parsing
error about unused registry definitions.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@claude
fix(ci): remove credentials from dependabot registry config
1a0f2dd 
Keep maven-releases and maven-snapshots registries but remove
username and password fields as authentication is not needed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
fix(deps): update nostr-java version to 1.3.0
de8c9d6
@claude
fix(verification): use nostr-verification naming and show both methods
8b31f56 
- Change DNS subdomain from _bottin-verification to _nostr-verification
- Change token prefix from bottin-verification= to nostr-verification=
- Change well-known path from bottin-verification.txt to nostr-verification.txt
- Show both DNS and Well-Known options in admin UI without method selection
- Auto-generate verification token when viewing unverified domain
- Try both verification methods when verifying (DNS first, then Well-Known)
- Update tests and documentation to match new naming

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@tcheeric tcheeric requested a review from Copilot January 30, 2026 01:30
@github-actions
Copy link

github-actions bot commented Jan 30, 2026
edited
Loading

Qodana for JVM

157 new problems were found

Inspection name Severity Problems
Vulnerable declared dependency 🔴 Failure 10
Invalid YAML configuration 🔴 Failure 4
Vulnerable declared dependency 🔶 Warning 68
Unresolved view reference 🔶 Warning 4
Invalid YAML configuration 🔶 Warning 2
Vulnerable declared dependency ◽️ Notice 67
Non-distinguishable logging calls ◽️ Notice 2

☁️ View the detailed Qodana report

Detected 141 dependencies

Third-party software list

This page lists the third-party software dependencies used in project

Dependency Version Licenses
angus-activation 2.0.2 BSD-3-Clause
annotations 13.0 Apache-2.0
antlr4-runtime 4.13.0 BSD-3-Clause
aspectjweaver 1.9.22.1 Apache-2.0
attoparser 2.0.7.release Apache-2.0
awaitility 4.2.2 Apache-2.0
bcprov-jdk18on 1.81 MIT
byte-buddy 1.15.11 Apache-2.0
caffeine 3.1.8 Apache-2.0
checker-qual 3.37.0 MIT
checker-qual 3.42.0 MIT
classmate 1.7.0 Apache-2.0
commons-lang3 3.17.0 Apache-2.0
commons-text 1.12.0 Apache-2.0
dnsjava 3.6.0 BSD-3-Clause
error_prone_annotations 2.21.1 Apache-2.0
error_prone_annotations 2.27.0 Apache-2.0
flyway-core 10.10.0 Apache-2.0
flyway-database-postgresql 10.10.0 Apache-2.0
gson 2.11.0 Apache-2.0
h2 2.2.224 EPL-1.0
MPL-2.0
hamcrest 2.2 BSD-3-Clause
hdrhistogram 2.2.2 BSD-2-Clause
hikaricp 5.1.0 Apache-2.0
istack-commons-runtime 4.1.2 BSD-3-Clause
jackson-annotations 2.18.2 Apache-2.0
jackson-core 2.18.2 Apache-2.0
jackson-databind 2.18.2 Apache-2.0
jackson-dataformat-toml 2.18.2 OML
jackson-dataformat-yaml 2.18.2 AML
jackson-datatype-jdk8 2.18.2 Apache-2.0
jackson-datatype-jsr310 2.18.2 Apache-2.0
jackson-module-blackbird 2.18.2 BSD-3-CLAUSE-NO-TRADEMARK
jackson-module-parameter-names 2.18.2 Apache-2.0
jakarta.activation-api 2.1.3 BSD-3-Clause
jakarta.annotation-api 2.1.1 Classpath-exception-2.0
EPL-2.0
GPL-2.0-only
jakarta.inject-api 2.0.1 Apache-2.0
jakarta.persistence-api 3.1.0 BSD-3-Clause
EPL-2.0
jakarta.transaction-api 2.0.1 Classpath-exception-2.0
EPL-2.0
GPL-2.0-only
jakarta.validation-api 3.0.2 Apache-2.0
jakarta.xml.bind-api 4.0.2 BSD-3-Clause
jandex 3.2.0 Apache-2.0
jaxb-core 4.0.5 BSD-3-Clause
jaxb-runtime 4.0.5 BSD-3-Clause
jboss-logging 3.6.1.final Apache-2.0
jul-to-slf4j 2.0.16 MIT
kotlin-stdlib-common 1.9.25 Apache-2.0
kotlin-stdlib-jdk7 1.9.25 Apache-2.0
kotlin-stdlib-jdk8 1.9.25 Apache-2.0
kotlin-stdlib 1.9.25 Apache-2.0
latencyutils 2.0.3 CC0-1.0
log4j-api 2.24.3 Apache-2.0
log4j-to-slf4j 2.24.3 Apache-2.0
logback-classic 1.4.14 EPL-1.0
LGPL-2.0-or-later
logback-core 1.5.12 EPL-1.0
LGPL-2.0-or-later
lombok 1.18.32 BSD-3-CLAUSE-NO-TRADEMARK
MIT
micrometer-commons 1.14.2 Apache-2.0
micrometer-core 1.14.2 Apache-2.0
micrometer-jakarta9 1.14.2 Apache-2.0
micrometer-observation 1.14.2 Apache-2.0
netty-common 4.1.116.final Apache-2.0
nostr-java-api 1.3.0 MIT
nostr-java-base 1.3.0 MIT
nostr-java-client 1.3.0 MIT
nostr-java-crypto 1.3.0 MIT
nostr-java-encryption 1.3.0 MIT
nostr-java-event 1.3.0 MIT
nostr-java-id 1.3.0 MIT
nostr-java-util 1.3.0 MIT
nsecbunker-account 0.1.0 MIT
nsecbunker-admin 0.1.0 MIT
nsecbunker-connection 0.1.0 MIT
nsecbunker-core 0.1.0 MIT
nsecbunker-protocol 0.1.0 MIT
okhttp 4.12.0 Apache-2.0
okio-jvm 3.6.0 Apache-2.0
okio 3.6.0 Apache-2.0
postgresql 42.7.3 BSD-2-Clause
reactive-streams 1.0.4 MIT-0
reactor-core 3.7.1 Apache-2.0
reactor-netty-core 1.2.1 Apache-2.0
reactor-netty-http 1.2.1 Apache-2.0
slf4j-api 2.0.12 MIT
snakeyaml 2.3 Apache-2.0
spring-aop 6.2.1 Apache-2.0
spring-aspects 6.2.1 Apache-2.0
spring-beans 6.2.1 Apache-2.0
spring-boot-actuator-autoconfigure 3.4.1 Apache-2.0
spring-boot-actuator 3.4.1 Apache-2.0
spring-boot-autoconfigure 3.4.1 Apache-2.0
spring-boot-configuration-processor 3.4.1 Apache-2.0
spring-boot-starter-actuator 3.4.1 Apache-2.0
spring-boot-starter-cache 3.4.1 Apache-2.0
spring-boot-starter-data-jpa 3.4.1 Apache-2.0
spring-boot-starter-jdbc 3.4.1 Apache-2.0
spring-boot-starter-json 3.4.1 Apache-2.0
spring-boot-starter-logging 3.4.1 Apache-2.0
spring-boot-starter-reactor-netty 3.4.1 Apache-2.0
spring-boot-starter-security 3.4.1 Apache-2.0
spring-boot-starter-thymeleaf 3.4.1 Apache-2.0
spring-boot-starter-tomcat 3.4.1 Apache-2.0
spring-boot-starter-validation 3.4.1 Apache-2.0
spring-boot-starter-web 3.4.1 Apache-2.0
spring-boot-starter-webflux 3.4.1 Apache-2.0
spring-boot-starter-websocket 3.4.1 Apache-2.0
spring-boot-starter 3.4.1 Apache-2.0
spring-boot 3.4.1 Apache-2.0
spring-context-support 6.2.1 Apache-2.0
spring-context 6.2.1 Apache-2.0
spring-core 6.2.1 Apache-2.0
spring-data-commons 3.4.1 Apache-2.0
spring-data-jpa 3.4.1 Apache-2.0
spring-expression 6.2.1 Apache-2.0
spring-jcl 6.2.1 Apache-2.0
spring-jdbc 6.2.1 Apache-2.0
spring-messaging 6.2.1 Apache-2.0
spring-orm 6.2.1 Apache-2.0
spring-retry 2.0.11 Apache-2.0
spring-security-config 6.4.2 Apache-2.0
spring-security-core 6.4.2 Apache-2.0
spring-security-crypto 6.4.2 Apache-2.0
spring-security-web 6.4.2 Apache-2.0
spring-tx 6.2.1 Apache-2.0
spring-web 6.2.1 Apache-2.0
spring-webflux 6.2.1 Apache-2.0
spring-webmvc 6.2.1 Apache-2.0
spring-websocket 6.2.1 Apache-2.0
springdoc-openapi-starter-common 2.4.0 Apache-2.0
springdoc-openapi-starter-webmvc-api 2.4.0 Apache-2.0
springdoc-openapi-starter-webmvc-ui 2.4.0 Apache-2.0
swagger-annotations-jakarta 2.2.20 Apache-2.0
swagger-core-jakarta 2.2.20 Apache-2.0
swagger-models-jakarta 2.2.20 Apache-2.0
swagger-ui 5.11.8 Apache-2.0
thymeleaf-extras-springsecurity6 3.1.3.release Apache-2.0
thymeleaf-spring6 3.1.3.release Apache-2.0
tomcat-embed-core 10.1.34 Apache-2.0
CDDL-1.0
PROPRIETARY-LICENSE
tomcat-embed-el 10.1.34 Apache-2.0
tomcat-embed-websocket 10.1.34 Apache-2.0
txw2 4.0.5 BSD-3-Clause
unbescape 1.1.6.release Apache-2.0
Contact Qodana team

Contact us at qodana-support@jetbrains.com

@claude
chore(release): bump version to 0.2.0
260103d 
Projects updated:
- bottin: 0.1.0 → 0.2.0 (minor)

Changes include:
- Domain verification uses nostr-verification naming
- Admin UI shows both verification options
- Docker build bound to deploy phase
- Various CI and security fixes
- Updated nostr-java to 1.3.0

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@tcheeric tcheeric merged commit b67974c into main Jan 30, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tcheeric