chore: release v2.3.0

[Koosha-Owji]

Explain your changes

Release v2.3.0 - bumps version in pom files and update maven publishing version to 0.9.0

Checklist

• I have read the “Pull requests” section in the contributing guidelines.
• I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.

Summary by CodeRabbit

• Chores
  • Released version 2.3.0 across all modules and components
  • Updated release management tooling for improved publishing processes

[coderabbitai]

📝 Walkthrough

Walkthrough

Maven artifact versions across the entire Kinde Java SDK project are bumped from 2.2.0 to 2.3.0. The root POM updates managed dependency versions and a plugin (central-publishing-maven-plugin 0.8.0 → 0.9.0). All modules, submodules, and example applications follow the same version increment.

Changes

Version Bump 2.2.0 → 2.3.0

Layer / File(s)	Summary
Root POM & Dependency Management pom.xml	Parent version bumped to 2.3.0; managed versions for kinde-core, kinde-management, kinde-j2ee, kinde-springboot-core set to 2.3.0; central-publishing-maven-plugin upgraded from 0.8.0 to 0.9.0.
Core Modules kinde-core/pom.xml, kinde-management/pom.xml, kinde-j2ee/pom.xml, kinde-test-utils/pom.xml	Module and parent versions updated to 2.3.0 independently.
SpringBoot Framework Modules kinde-springboot/pom.xml, kinde-springboot/kinde-springboot-core/pom.xml, kinde-springboot/kinde-springboot-starter/pom.xml	Module versions and internal com.kinde dependency versions bumped to 2.3.0.
Reporting Module kinde-report-aggregate/pom.xml	Module, parent, and kinde-core dependency versions updated to 2.3.0; central-publishing-maven-plugin configuration changed from skip to skipPublishing flag.
Example & Playground Applications playground/kinde-accounts-example/pom.xml, playground/kinde-core-example/pom.xml, playground/kinde-j2ee-app/pom.xml, playground/kinde-management-example/pom.xml, playground/kinde-springboot-pkce-client-example/pom.xml, playground/kinde-springboot-starter-example/pom.xml, playground/kinde-springboot-thymeleaf-full-example/pom.xml	All example module versions and their internal com.kinde dependency references updated to 2.3.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• chore: upgrade versions in pom files #173: Previous version bump from 2.1.0 to 2.2.0 following the same POM update pattern across all modules.

Suggested reviewers

• DaveOrDead
• rairaman

Poem

🐰 Hop, skip, and version-bound,
From 2.2 to 2.3 we're round!
All the POMs align with care,
A release unified, declared fair. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore: release v2.3.0' clearly and concisely summarizes the main change—a version bump and release of v2.3.0 across multiple Maven POM files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release/v2.3.0

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

kinde-management/pom.xml (1)

93-98: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

junit-jupiter-api is missing <scope>test</scope> — it will be a compile-time dependency of kinde-management.

Without an explicit scope, Maven defaults to compile. This means junit-jupiter-api will be included in the published artifact's transitive dependency graph, leaking a test-only library into consumers' compile classpaths.

🐛 Proposed fix

 <dependency>
     <groupId>org.junit.jupiter</groupId>
     <artifactId>junit-jupiter-api</artifactId>
     <version>5.13.4</version>
+    <scope>test</scope>
 </dependency>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kinde-management/pom.xml` around lines 93 - 98, The junit-jupiter-api
dependency is missing a test scope and is currently pulled in as a compile
dependency; update the dependency declaration for artifactId "junit-jupiter-api"
(groupId "org.junit.jupiter") to include a <scope>test</scope> element so it is
treated as a test-only dependency and not propagated to consumers' compile
classpaths.

🧹 Nitpick comments (6)

kinde-core/pom.xml (2)

148-193: ⚡ Quick win

OkHttp component version mismatch within kinde-core.

okhttp is pinned at 5.3.0 while logging-interceptor is at 5.1.0. These should be at the same version to avoid binary incompatibilities.

♻️ Proposed fix

 <dependency>
     <groupId>com.squareup.okhttp3</groupId>
     <artifactId>logging-interceptor</artifactId>
-    <version>5.1.0</version>
+    <version>5.3.0</version>
     ...
 </dependency>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kinde-core/pom.xml` around lines 148 - 193, The okhttp and
logging-interceptor dependencies have mismatched versions (okhttp: 5.3.0 vs
logging-interceptor: 5.1.0) which can cause binary incompatibilities; update the
logging-interceptor dependency (artifactId logging-interceptor) to match
okhttp's version (5.3.0) or, better, introduce a shared property (e.g.,
<okhttp.version>) and use it for both the okhttp and logging-interceptor
<version> elements so they remain identical going forward; keep existing
exclusions as-is.

---

17-73: ⚡ Quick win

Five duplicate dependency declarations.

The following are each declared twice in kinde-core/pom.xml:

Artifact	First occurrence	Second occurrence
com.nimbusds:oauth2-oidc-sdk	Lines 19–22	Lines 45–48
com.nimbusds:nimbus-jose-jwt	Lines 24–27	Lines 49–52
junit:junit	Lines 29–32	Lines 59–62
junit-jupiter-api	Lines 34–38	Lines 64–68
junit-jupiter-engine	Lines 39–43	Lines 69–73

Maven silently ignores the second declaration. Remove the duplicates.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kinde-core/pom.xml` around lines 17 - 73, Remove the duplicated Maven
dependency declarations for the artifacts com.nimbusds:oauth2-oidc-sdk,
com.nimbusds:nimbus-jose-jwt, junit:junit, org.junit.jupiter:junit-jupiter-api,
and org.junit.jupiter:junit-jupiter-engine by keeping only one declaration of
each artifactId/groupId pair in the <dependencies> block; locate the duplicate
blocks referencing those artifactIds and delete the second occurrences so each
dependency (oauth2-oidc-sdk, nimbus-jose-jwt, junit, junit-jupiter-api,
junit-jupiter-engine) appears exactly once.

pom.xml (1)

187-212: ⚡ Quick win

Jackson component versions are inconsistent with the BOM.

jackson-bom is pinned at 2.20.0, but jackson-core is explicitly overridden to 2.21.1 while jackson-databind remains at 2.20.0. Jackson core and databind must track the same version for binary compatibility. Additionally, jackson-annotations is declared as 2.20 (no patch segment), which is non-standard.

Consider aligning all explicit Jackson overrides to a single version (e.g. 2.21.1) or, better yet, removing the per-artifact overrides entirely and letting the BOM drive all Jackson versions.

♻️ Proposed alignment

- <version>2.20.0</version>  <!-- jackson-bom -->
+ <version>2.21.1</version>  <!-- jackson-bom, aligns all Jackson artifacts -->
  ...
- <version>2.21.1</version>  <!-- jackson-core -->
+ <!-- remove: managed by BOM -->
- <version>2.20</version>    <!-- jackson-annotations -->
+ <!-- remove: managed by BOM -->
- <version>2.20.0</version>  <!-- jackson-databind, datatype-joda, datatype-jsr310 -->
+ <!-- remove: managed by BOM -->

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pom.xml` around lines 187 - 212, The POM declares inconsistent Jackson
versions: jackson-bom is 2.20.0 but jackson-core is 2.21.1 and
jackson-annotations is "2.20" (missing patch), which breaks binary
compatibility; update the explicit dependency declarations (jackson-core,
jackson-annotations, jackson-databind, jackson-datatype-joda,
jackson-datatype-jsr310) so they all use a single consistent version (either
remove the per-artifact <version> entries to let jackson-bom drive versions, or
set them all to the same explicit version such as 2.21.1 and also update the
jackson-bom to 2.21.1), and normalize jackson-annotations to a full semantic
version string (e.g., 2.21.1) if keeping explicit overrides.

kinde-management/pom.xml (1)

114-159: ⚡ Quick win

OkHttp component version mismatch within kinde-management.

okhttp is at 5.1.0 and logging-interceptor is at 5.2.1. Additionally, kinde-core uses okhttp:5.3.0, so when both modules are on the classpath, there are three different OkHttp artifact versions in play. Align all OkHttp components to the same version across both modules.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kinde-management/pom.xml` around lines 114 - 159, The pom has an OkHttp
version mismatch: com.squareup.okhttp3:okhttp is 5.1.0 while
com.squareup.okhttp3:logging-interceptor is 5.2.1 and kinde-core uses 5.3.0;
unify these to a single version (best to choose the highest tested version,
e.g., 5.3.0). Update the com.squareup.okhttp3:okhttp and
com.squareup.okhttp3:logging-interceptor dependency entries to the chosen
version (or introduce a shared property like okhttp.version and use it for both
artifacts) so all modules (including kinde-core) reference the same OkHttp
version and avoid classpath conflicts.

kinde-springboot/pom.xml (1)

7-11: Both kinde-springboot-core and kinde-springboot-starter hardcode dependency versions—inconsistent with the rest of the project.

kinde-springboot-core declares <version>2.3.0</version> for com.kinde:kinde-core, and kinde-springboot-starter hardcodes versions for both kinde-springboot-core and kinde-core. Meanwhile, kinde-management and kinde-j2ee omit versions and inherit from the root pom's dependencyManagement. Future version bumps require manual updates in two separate files, creating maintenance risk and inconsistency.

Remove the hardcoded version declarations from both submodules to inherit from the parent pom:

♻️ Fixes required

In kinde-springboot/kinde-springboot-core/pom.xml:

 <dependency>
     <groupId>com.kinde</groupId>
     <artifactId>kinde-core</artifactId>
-    <version>2.3.0</version>
 </dependency>

In kinde-springboot/kinde-springboot-starter/pom.xml:

 <dependency>
     <groupId>com.kinde.spring</groupId>
     <artifactId>kinde-springboot-core</artifactId>
-    <version>2.3.0</version>
 </dependency>
 <dependency>
     <groupId>com.kinde</groupId>
     <artifactId>kinde-core</artifactId>
-    <version>2.3.0</version>
 </dependency>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kinde-springboot/pom.xml` around lines 7 - 11, Remove the hardcoded <version>
elements so the modules inherit versions from the parent dependencyManagement:
in the kinde-springboot-core pom remove the explicit <version>2.3.0</version>
for com.kinde:kinde-core, and in the kinde-springboot-starter pom remove the
explicit version entries for com.kinde:kinde-springboot-core and
com.kinde:kinde-core so both dependencies rely on the parent POM's
dependencyManagement; ensure only the groupId and artifactId remain for those
dependencies and run a Maven build to verify resolution.

kinde-springboot/kinde-springboot-core/pom.xml (1)

56-59: ⚡ Quick win

Pre-existing: spring-boot-starter-security declared twice.

The same dependency (org.springframework.boot:spring-boot-starter-security:3.5.6) appears at lines 56–59 and again at lines 77–81. Maven will emit a duplicate dependency warning; one declaration should be removed.

Similarly, org.mockito:mockito-core:5.19.0 is declared twice (lines 102–107 and lines 145–150).

🔧 Suggested removal

-    <!-- Spring deps-->
-    <dependency>
-      <groupId>org.springframework.boot</groupId>
-      <artifactId>spring-boot-starter-security</artifactId>
-      <version>3.5.6</version>
-    </dependency>

And remove the second mockito-core block (lines 145–150) since the one at lines 102–107 already covers it with the correct test scope.

Also applies to: 77-82

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@kinde-springboot/kinde-springboot-core/pom.xml` around lines 56 - 59, Remove
the duplicate dependency declarations in the POM: keep a single
org.springframework.boot:spring-boot-starter-security (remove the other
spring-boot-starter-security block) and keep only one org.mockito:mockito-core
entry — ensure the remaining mockito-core uses the test scope (remove the other
mockito-core block). Update the dependency list so each artifactId
(spring-boot-starter-security, mockito-core) appears only once to eliminate
Maven duplicate dependency warnings.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@kinde-management/pom.xml`:
- Around line 93-98: The junit-jupiter-api dependency is missing a test scope
and is currently pulled in as a compile dependency; update the dependency
declaration for artifactId "junit-jupiter-api" (groupId "org.junit.jupiter") to
include a <scope>test</scope> element so it is treated as a test-only dependency
and not propagated to consumers' compile classpaths.

---

Nitpick comments:
In `@kinde-core/pom.xml`:
- Around line 148-193: The okhttp and logging-interceptor dependencies have
mismatched versions (okhttp: 5.3.0 vs logging-interceptor: 5.1.0) which can
cause binary incompatibilities; update the logging-interceptor dependency
(artifactId logging-interceptor) to match okhttp's version (5.3.0) or, better,
introduce a shared property (e.g., <okhttp.version>) and use it for both the
okhttp and logging-interceptor <version> elements so they remain identical going
forward; keep existing exclusions as-is.
- Around line 17-73: Remove the duplicated Maven dependency declarations for the
artifacts com.nimbusds:oauth2-oidc-sdk, com.nimbusds:nimbus-jose-jwt,
junit:junit, org.junit.jupiter:junit-jupiter-api, and
org.junit.jupiter:junit-jupiter-engine by keeping only one declaration of each
artifactId/groupId pair in the <dependencies> block; locate the duplicate blocks
referencing those artifactIds and delete the second occurrences so each
dependency (oauth2-oidc-sdk, nimbus-jose-jwt, junit, junit-jupiter-api,
junit-jupiter-engine) appears exactly once.

In `@kinde-management/pom.xml`:
- Around line 114-159: The pom has an OkHttp version mismatch:
com.squareup.okhttp3:okhttp is 5.1.0 while
com.squareup.okhttp3:logging-interceptor is 5.2.1 and kinde-core uses 5.3.0;
unify these to a single version (best to choose the highest tested version,
e.g., 5.3.0). Update the com.squareup.okhttp3:okhttp and
com.squareup.okhttp3:logging-interceptor dependency entries to the chosen
version (or introduce a shared property like okhttp.version and use it for both
artifacts) so all modules (including kinde-core) reference the same OkHttp
version and avoid classpath conflicts.

In `@kinde-springboot/kinde-springboot-core/pom.xml`:
- Around line 56-59: Remove the duplicate dependency declarations in the POM:
keep a single org.springframework.boot:spring-boot-starter-security (remove the
other spring-boot-starter-security block) and keep only one
org.mockito:mockito-core entry — ensure the remaining mockito-core uses the test
scope (remove the other mockito-core block). Update the dependency list so each
artifactId (spring-boot-starter-security, mockito-core) appears only once to
eliminate Maven duplicate dependency warnings.

In `@kinde-springboot/pom.xml`:
- Around line 7-11: Remove the hardcoded <version> elements so the modules
inherit versions from the parent dependencyManagement: in the
kinde-springboot-core pom remove the explicit <version>2.3.0</version> for
com.kinde:kinde-core, and in the kinde-springboot-starter pom remove the
explicit version entries for com.kinde:kinde-springboot-core and
com.kinde:kinde-core so both dependencies rely on the parent POM's
dependencyManagement; ensure only the groupId and artifactId remain for those
dependencies and run a Maven build to verify resolution.

In `@pom.xml`:
- Around line 187-212: The POM declares inconsistent Jackson versions:
jackson-bom is 2.20.0 but jackson-core is 2.21.1 and jackson-annotations is
"2.20" (missing patch), which breaks binary compatibility; update the explicit
dependency declarations (jackson-core, jackson-annotations, jackson-databind,
jackson-datatype-joda, jackson-datatype-jsr310) so they all use a single
consistent version (either remove the per-artifact <version> entries to let
jackson-bom drive versions, or set them all to the same explicit version such as
2.21.1 and also update the jackson-bom to 2.21.1), and normalize
jackson-annotations to a full semantic version string (e.g., 2.21.1) if keeping
explicit overrides.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3e5152de-5a69-4303-8b44-cb89f87c3516

📥 Commits

Reviewing files that changed from the base of the PR and between 590099a and 9c2f670.

📒 Files selected for processing (16)

• kinde-core/pom.xml
• kinde-j2ee/pom.xml
• kinde-management/pom.xml
• kinde-report-aggregate/pom.xml
• kinde-springboot/kinde-springboot-core/pom.xml
• kinde-springboot/kinde-springboot-starter/pom.xml
• kinde-springboot/pom.xml
• kinde-test-utils/pom.xml
• playground/kinde-accounts-example/pom.xml
• playground/kinde-core-example/pom.xml
• playground/kinde-j2ee-app/pom.xml
• playground/kinde-management-example/pom.xml
• playground/kinde-springboot-pkce-client-example/pom.xml
• playground/kinde-springboot-starter-example/pom.xml
• playground/kinde-springboot-thymeleaf-full-example/pom.xml
• pom.xml