Skip to content

Move release-1.3.x changes to develop#256

Closed
kameshsr wants to merge 69 commits into
mosip:developfrom
kameshsr:develop-latest
Closed

Move release-1.3.x changes to develop#256
kameshsr wants to merge 69 commits into
mosip:developfrom
kameshsr:develop-latest

Conversation

@kameshsr

@kameshsr kameshsr commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • New Features

    • Added comprehensive third-party license documentation across modules
  • Improvements

    • Version upgraded to 1.3.1
    • Enhanced biometric data validation and serialization handling
    • Updated documentation with license attribution
  • Documentation

    • CI/CD pipeline references updated to release-1.3.x branch
    • New third-party notices files for license compliance tracking

Prafulrakhade and others added 30 commits June 19, 2025 15:20
Signed-off-by: techno-467 <prafulrakhade02@gmail.com>
Signed-off-by: Praful Rakhade <prafulrakhade02@gmail.com>
[MOSIP-41674] central sonatype migration changes
Signed-off-by: Janardhan B S <72377118+JanardhanBS-SyncByte@users.noreply.github.com>
Signed-off-by: JanardhanBS-SyncByte <janardhan@syncbyte.in>
Signed-off-by: JanardhanBS-SyncByte <janardhan@syncbyte.in>
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Signed-off-by: Dhanendra Sahu <dhanendra.tech@gmail.com>
This file lists third-party packages used in the project along with their licenses and version information.

Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Removed JaCoCo Maven Plugin details from notices.

Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
…trics-api)

This file lists third-party packages used in the project along with their licenses and homepages. It includes packages such as MOSIP Kernel, Spring Boot, Jackson, and various Apache Maven plugins.

Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
…bosdk-provider)

Added third-party notices and license information.

Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
…cbeffutil-api)

Updated third-party notices with package details and licenses.

Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Add NOTICE file with third-party component attributions

Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
…osip#218)

Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
* [MOSIP-42183] : Updated POM

Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>

* Fix formatting issues in pom.xml

Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>

---------

Signed-off-by: Chetan Kumar Hirematha <chetankumar.h.239@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Rakshithasai123 and others added 25 commits December 12, 2025 11:46
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: Rakshithasai123 <rakshithasai2002@gmail.com>
Signed-off-by: rajapandi1234 <138785181+rajapandi1234@users.noreply.github.com>
* MOSIP-37256: readme file update

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>

* MOSIP-37256: readme file update

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>

* MOSIP-37256: add missing sonar profile to pom file

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>

---------

Signed-off-by: nagendra0721 <nagendra0718@gmail.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: Prafulrakhade <Prafulrakhade@users.noreply.github.com>
Update THIRD-PARTY-NOTICES with package information(bio-utils/kernel-cbeffutil-api)
Create NOTICE.txt for third-party licenses
 MOSIP-43815 - Add THIRD-PARTY-NOTICES file with package licenses
Update THIRD-PARTY-NOTICES.txt with license details(bio-utils/kernel-bosdk-provider)
Add third-party notices and license information(bio-util/kernel-biome…
Signed-off-by: amanbh321 <Aman.Bahuguna@iiitb.ac.in>
…sip#246)

* MOSIP-44867 SNAPSHOT changes for licensing folder space issue fix

Signed-off-by: kameshsr <kameshsr1338@gmail.com>

* corrected pom

Signed-off-by: kameshsr <kameshsr1338@gmail.com>

---------

Signed-off-by: kameshsr <kameshsr1338@gmail.com>
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: Prafulrakhade <Prafulrakhade@users.noreply.github.com>
Signed-off-by: kameshsr <kameshsr1338@gmail.com>
@coderabbitai

coderabbitai Bot commented Jun 2, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

This PR releases v1.3.1 of the MOSIP biometrics utility modules with version upgrades across all Maven POMs, comprehensive third-party license documentation, and targeted enhancements to the biometrics API serialization and XML validation layers.

Changes

Version Release and Build Configuration

Layer / File(s) Summary
Root POM and Release Tracking
README.md, pom.xml, test/pom.xml
Root and test module versions bumped to 1.3.1; kernel BOM/core versions updated to 1.3.0; Maven badge links updated to track release-1.3.x branch instead of develop.
Module Maven Versions and Dependencies
biometrics-util/pom.xml, kernel-biometrics-api/pom.xml, kernel-biosdk-provider/pom.xml, kernel-cbeffutil-api/pom.xml
All modules bumped to 1.3.1 with kernel dependency versions aligned to 1.3.0/1.3.1; JUnit BOM scope changed from test to import in biometrics-util.
Build Plugin Configuration and Relocation
biometrics-util/pom.xml, test/pom.xml
Jacoco Maven plugin configuration relocated to earlier position in biometrics-util build plugins list while preserving prepare-agent and report executions; Sonar plugin property entries reordered.

Third-Party Licensing and Documentation

Layer / File(s) Summary
Third-Party License Documentation Files
THIRD-PARTY-NOTICES.txt, kernel-biometrics-api/THIRD-PARTY-NOTICES.txt, kernel-biosdk-provider/THIRD-PARTY-NOTICES.txt, kernel-cbeffutil-api/THIRD-PARTY-NOTICES.txt
Comprehensive THIRD-PARTY-NOTICES.txt files added to root, kernel-biometrics-api, kernel-biosdk-provider, and kernel-cbeffutil-api modules documenting all third-party dependencies with version, license type, and homepage information.
NOTICE and README Formatting and Text Updates
kernel-biometrics-api/NOTICE, kernel-cbeffutil-api/NOTICE, kernel-cbeffutil-api/README.md
kernel-biometrics-api NOTICE restructured with visual delimiters and section headings for "Apache License 2.0 Components" and "Notes"; kernel-cbeffutil-api README updated to use hyphenated "CBEFF-compliant" terminology; whitespace normalized.

Biometrics API Serialization and Validation Enhancements

Layer / File(s) Summary
CbeffValidator JAXB and XML Marshalling Refactoring
kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/commons/CbeffValidator.java
Imports cleaned (unused IOException/JAXBException removed, wildcard entity import added); JAXBContext initialization expanded from BIR.class only to include BIRInfo, BDBInfo, SBInfo, VersionType; createXMLBytes refactored to explicitly set UTF-8 JAXB encoding and marshal through OutputStreamWriter backed by ByteArrayOutputStream.
Byte/Int Array Serialization Optimization
kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/ByteArrayToIntArraySerializer.java, kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/IntArrayToByteArrayDeserializer.java
ByteArrayToIntArraySerializer refactored to pre-convert input byte[] to int[] array and emit via single writeArray call instead of element-by-element writes; IntArrayToByteArrayDeserializer optimized with cached ObjectMapper and Base64.Decoder, deserializing entire JSON array to int[] in one operation with range validation during byte conversion.
JAXB Registry and Test Adjustments
kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/ObjectFactory.java, kernel-biometrics-api/src/test/io/mosip/kernel/biometrics/CbeffValidatorTest.java, kernel-biometrics-api/src/test/resources/schema/updatedcbeff.xsd
New ObjectFactory JAXB registry class added with public no-arg constructor and createBIR() factory method; CbeffValidatorTest and updatedcbeff.xsd whitespace/indentation normalized.

CBEFF Implementation Consolidation

Layer / File(s) Summary
CbeffImpl Test Method Removal
kernel-cbeffutil-api/src/test/java/io/mosip/kernel/cbeffutil/test/CbeffImplTest.java
Two validateXML test methods (single-parameter and two-parameter variants) removed from CbeffImplTest as XSD validation logic consolidates into enhanced CbeffValidator.

🎯 3 (Moderate) | ⏱️ ~25 minutes

🐰 A version released with care,
Third-party notices laid bare,
Serializers refine their way,
CBEFF gets consolidated today,
From 1.2.1 to 1.3.1 fair! 📦✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 58.33% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check ⚠️ Warning The PR title 'Move release-1.3.x changes to develop' is misleading—the changeset contains a comprehensive 1.3.1 release (version bumps, new third-party notices, code refactoring, and feature removal), not a merge of release branch changes into develop. Update the title to accurately reflect the main change, such as 'Release 1.3.1: version updates, dependency management, and CBEFF validator refactoring' or similar.
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
biometrics-util/pom.xml (1)

156-162: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fix junit-bom BOM import placement in biometrics-util/pom.xml

org.junit:junit-bom is declared in the regular <dependencies> section with <type>pom</type> and <scope>import</scope>. Maven only allows scope=import for pom dependencies inside <dependencyManagement>, so the BOM won’t be applied correctly (and may fail model validation).

<dependency>
  <groupId>org.junit</groupId>
  <artifactId>junit-bom</artifactId>
  <version>${org.junit.version}</version>
  <type>pom</type>
  <scope>import</scope>
</dependency>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@biometrics-util/pom.xml` around lines 156 - 162, The junit-bom entry is
declared as a <dependency> with <type>pom</type> and <scope>import</scope>,
which is invalid; move the org.junit:junit-bom declaration out of the regular
<dependencies> block and place it inside the <dependencyManagement> section of
biometrics-util/pom.xml (keeping the groupId artifactId version and
type/pom/scope/import metadata) so Maven applies the BOM correctly and remove
the invalid entry from <dependencies>.
♻️ Duplicate comments (1)
kernel-biosdk-provider/THIRD-PARTY-NOTICES.txt (1)

122-125: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

H2 Database license is incomplete.

Same issue as in kernel-biometrics-api/THIRD-PARTY-NOTICES.txt: H2 Database should be listed as "EPL-1.0 OR MPL-2.0" to reflect its dual-license status.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kernel-biosdk-provider/THIRD-PARTY-NOTICES.txt` around lines 122 - 125,
Update the H2 Database entry in THIRD-PARTY-NOTICES by changing the License line
for the "Package: H2 Database" entry from "EPL 1.0" to the correct dual-license
string "EPL-1.0 OR MPL-2.0", ensuring the Homepage and separator lines remain
unchanged; locate the block starting with "Package: H2 Database" and replace
only the License value to reflect the dual-license status.
🧹 Nitpick comments (1)
kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/IntArrayToByteArrayDeserializer.java (1)

50-52: ⚡ Quick win

Use the active deserialization context instead of a private ObjectMapper.

Reading the array through a separate ObjectMapper makes this field ignore the owning mapper's deserialization configuration and diagnostics. It also makes the local STRICT_DUPLICATE_DETECTION setting misleading, because it cannot reconfigure the parser that's already in flight. context.readValue(parser, int[].class) keeps the behavior aligned with the caller's Jackson pipeline and lets you drop the extra global mapper.

Suggested fix
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
@@
-    private static final ObjectMapper MAPPER = new ObjectMapper()
-            .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)
-            .disable(JsonParser.Feature.STRICT_DUPLICATE_DETECTION);
-
     private static final Base64.Decoder STD_DECODER = Base64.getDecoder();
@@
-            int[] intArray = MAPPER.readValue(parser, int[].class);
+            int[] intArray = context.readValue(parser, int[].class);

Also applies to: 103-104

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/IntArrayToByteArrayDeserializer.java`
around lines 50 - 52, The deserializer creates and uses a private ObjectMapper
which ignores the caller's deserialization context and parser settings; update
IntArrayToByteArrayDeserializer to use the provided DeserializationContext and
JsonParser instead (e.g., call context.readValue(parser, int[].class) or
equivalent within the deserialize(...) method) and remove the static MAPPER;
apply the same change to the other occurrence around lines 103-104 so all int[]
reads use the context-provided readValue rather than a separate ObjectMapper.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/ByteArrayToIntArraySerializer.java`:
- Around line 88-93: ByteArrayToIntArraySerializer currently builds a full int[]
(intArray) before writing, causing large extra allocations for biometric blobs;
change the serialize implementation to stream the bytes directly into the
JsonGenerator instead of materializing an int[]: call gen.writeStartArray(),
loop over the input byte[] (value) and for each element call
gen.writeNumber(useUnsigned ? Byte.toUnsignedInt(value[i]) : value[i]), then
call gen.writeEndArray(); keep the existing useUnsigned logic and method/class
names (ByteArrayToIntArraySerializer and its serialize(...) method) so the
change is localized and avoids O(n) extra memory per serialization.

In `@kernel-biometrics-api/THIRD-PARTY-NOTICES.txt`:
- Around line 122-125: The H2 Database entry in this THIRD-PARTY-NOTICES file
incorrectly lists the license as "EPL 1.0"; update the H2 Database package
license string to the canonical dual-license text "EPL-1.0 OR MPL-2.0" to match
the root and other module notices, and ensure formatting/capitalization matches
the other notices (e.g., "H2 Database" package name and separator lines remain
unchanged).

In `@kernel-cbeffutil-api/pom.xml`:
- Around line 87-91: The POM contains a duplicate dependency entry for
io.mosip.kernel:kernel-biometrics-api using ${kernel.biometrics.api.version};
remove the second declaration (the repeated <dependency> block that repeats
groupId io.mosip.kernel and artifactId kernel-biometrics-api) so the dependency
appears only once in the <dependencies> section, leaving the first/primary
declaration with the version property intact.

In `@THIRD-PARTY-NOTICES.txt`:
- Around line 6-9: Update the package version entry in THIRD-PARTY-NOTICES.txt
for "MOSIP Bio Utils" to match the release target by replacing "Version:
1.3.0-SNAPSHOT" with "Version: 1.3.1"; ensure the line under the "Package: MOSIP
Bio Utils" header is changed and consistency is preserved with the rest of the
file.

---

Outside diff comments:
In `@biometrics-util/pom.xml`:
- Around line 156-162: The junit-bom entry is declared as a <dependency> with
<type>pom</type> and <scope>import</scope>, which is invalid; move the
org.junit:junit-bom declaration out of the regular <dependencies> block and
place it inside the <dependencyManagement> section of biometrics-util/pom.xml
(keeping the groupId artifactId version and type/pom/scope/import metadata) so
Maven applies the BOM correctly and remove the invalid entry from
<dependencies>.

---

Duplicate comments:
In `@kernel-biosdk-provider/THIRD-PARTY-NOTICES.txt`:
- Around line 122-125: Update the H2 Database entry in THIRD-PARTY-NOTICES by
changing the License line for the "Package: H2 Database" entry from "EPL 1.0" to
the correct dual-license string "EPL-1.0 OR MPL-2.0", ensuring the Homepage and
separator lines remain unchanged; locate the block starting with "Package: H2
Database" and replace only the License value to reflect the dual-license status.

---

Nitpick comments:
In
`@kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/IntArrayToByteArrayDeserializer.java`:
- Around line 50-52: The deserializer creates and uses a private ObjectMapper
which ignores the caller's deserialization context and parser settings; update
IntArrayToByteArrayDeserializer to use the provided DeserializationContext and
JsonParser instead (e.g., call context.readValue(parser, int[].class) or
equivalent within the deserialize(...) method) and remove the static MAPPER;
apply the same change to the other occurrence around lines 103-104 so all int[]
reads use the context-provided readValue rather than a separate ObjectMapper.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a85ddac8-b5ad-4818-b0c4-75c8affa719a

📥 Commits

Reviewing files that changed from the base of the PR and between f197fd2 and 45f61a0.

📒 Files selected for processing (22)
  • README.md
  • THIRD-PARTY-NOTICES.txt
  • biometrics-util/pom.xml
  • kernel-biometrics-api/NOTICE
  • kernel-biometrics-api/THIRD-PARTY-NOTICES.txt
  • kernel-biometrics-api/pom.xml
  • kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/commons/CbeffValidator.java
  • kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/ByteArrayToIntArraySerializer.java
  • kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/IntArrayToByteArrayDeserializer.java
  • kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/ObjectFactory.java
  • kernel-biometrics-api/src/test/io/mosip/kernel/biometrics/CbeffValidatorTest.java
  • kernel-biometrics-api/src/test/resources/schema/updatedcbeff.xsd
  • kernel-biosdk-provider/THIRD-PARTY-NOTICES.txt
  • kernel-biosdk-provider/pom.xml
  • kernel-cbeffutil-api/NOTICE
  • kernel-cbeffutil-api/README.md
  • kernel-cbeffutil-api/THIRD-PARTY-NOTICES.txt
  • kernel-cbeffutil-api/pom.xml
  • kernel-cbeffutil-api/src/main/java/io/mosip/kernel/cbeffutil/impl/CbeffImpl.java
  • kernel-cbeffutil-api/src/test/java/io/mosip/kernel/cbeffutil/test/CbeffImplTest.java
  • pom.xml
  • test/pom.xml
💤 Files with no reviewable changes (2)
  • kernel-cbeffutil-api/src/main/java/io/mosip/kernel/cbeffutil/impl/CbeffImpl.java
  • kernel-cbeffutil-api/src/test/java/io/mosip/kernel/cbeffutil/test/CbeffImplTest.java

Comment on lines +88 to +93
// Convert byte[] to int[] for writing
int[] intArray = new int[value.length];
for (int i = 0; i < value.length; i++) {
intArray[i] = useUnsigned ? Byte.toUnsignedInt(value[i]) : value[i];
}
gen.writeArray(intArray, 0, intArray.length);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid materializing a second array for biometric payloads.

BIR.bdb and BIR.sb are raw biometric blobs, so building a same-length int[] here turns every serialization into a full extra allocation with ~4x per-element overhead before Jackson even writes anything. That is a noticeable heap regression on large BDB/SB payloads and can push this path into GC churn or OOMs. Please keep the write loop streaming directly to JsonGenerator so serialization stays O(1) in extra space.

Suggested fix
-        // Convert byte[] to int[] for writing
-        int[] intArray = new int[value.length];
-        for (int i = 0; i < value.length; i++) {
-            intArray[i] = useUnsigned ? Byte.toUnsignedInt(value[i]) : value[i];
-        }
-        gen.writeArray(intArray, 0, intArray.length);
+        gen.writeStartArray(value.length);
+        for (byte b : value) {
+            gen.writeNumber(useUnsigned ? Byte.toUnsignedInt(b) : b);
+        }
+        gen.writeEndArray();
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// Convert byte[] to int[] for writing
int[] intArray = new int[value.length];
for (int i = 0; i < value.length; i++) {
intArray[i] = useUnsigned ? Byte.toUnsignedInt(value[i]) : value[i];
}
gen.writeArray(intArray, 0, intArray.length);
gen.writeStartArray(value.length);
for (byte b : value) {
gen.writeNumber(useUnsigned ? Byte.toUnsignedInt(b) : b);
}
gen.writeEndArray();
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@kernel-biometrics-api/src/main/java/io/mosip/kernel/biometrics/entities/ByteArrayToIntArraySerializer.java`
around lines 88 - 93, ByteArrayToIntArraySerializer currently builds a full
int[] (intArray) before writing, causing large extra allocations for biometric
blobs; change the serialize implementation to stream the bytes directly into the
JsonGenerator instead of materializing an int[]: call gen.writeStartArray(),
loop over the input byte[] (value) and for each element call
gen.writeNumber(useUnsigned ? Byte.toUnsignedInt(value[i]) : value[i]), then
call gen.writeEndArray(); keep the existing useUnsigned logic and method/class
names (ByteArrayToIntArraySerializer and its serialize(...) method) so the
change is localized and avoids O(n) extra memory per serialization.

Comment on lines +122 to +125
Package: H2 Database
License: EPL 1.0
Homepage: https://www.h2database.com
================================================================================

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

H2 Database license is inconsistent across THIRD-PARTY-NOTICES files.

This file lists H2 Database as "EPL 1.0", but the root THIRD-PARTY-NOTICES.txt (line 148) lists it as "EPL-1.0 OR MPL-2.0", and kernel-cbeffutil-api/THIRD-PARTY-NOTICES.txt (line 123) lists it as "EPL 1.0 or MPL 2.0". H2 Database is officially dual-licensed under EPL-1.0 OR MPL-2.0.

🔧 Suggested fix
 Package: H2 Database
-License: EPL 1.0 
+License: EPL-1.0 OR MPL-2.0
 Homepage: https://www.h2database.com
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Package: H2 Database
License: EPL 1.0
Homepage: https://www.h2database.com
================================================================================
Package: H2 Database
License: EPL-1.0 OR MPL-2.0
Homepage: https://www.h2database.com
================================================================================
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kernel-biometrics-api/THIRD-PARTY-NOTICES.txt` around lines 122 - 125, The H2
Database entry in this THIRD-PARTY-NOTICES file incorrectly lists the license as
"EPL 1.0"; update the H2 Database package license string to the canonical
dual-license text "EPL-1.0 OR MPL-2.0" to match the root and other module
notices, and ensure formatting/capitalization matches the other notices (e.g.,
"H2 Database" package name and separator lines remain unchanged).

Comment on lines +87 to +91
<dependency>
<groupId>io.mosip.kernel</groupId>
<artifactId>kernel-biometrics-api</artifactId>
<version>${kernel.biometrics.api.version}</version>
</dependency>

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

python - <<'PY'
import xml.etree.ElementTree as ET
from collections import Counter

pom = "kernel-cbeffutil-api/pom.xml"
ns = {"m": "http://maven.apache.org/POM/4.0.0"}
root = ET.parse(pom).getroot()

deps = []
for dep in root.findall("./m:dependencies/m:dependency", ns):
    deps.append((
        dep.findtext("m:groupId", namespaces=ns),
        dep.findtext("m:artifactId", namespaces=ns),
        dep.findtext("m:version", namespaces=ns),
        dep.findtext("m:scope", namespaces=ns) or "compile",
    ))

for dep, count in Counter(deps).items():
    if count > 1:
        print("duplicate:", count, dep)
PY

nl -ba kernel-cbeffutil-api/pom.xml | sed -n '62,92p'

Repository: mosip/bio-utils

Length of output: 226


🏁 Script executed:

#!/bin/bash
set -euo pipefail

pom="kernel-cbeffutil-api/pom.xml"

echo "== Snippet around lines 60-100 =="
awk 'NR>=55 && NR<=105 {printf "%4d:%s\n", NR, $0}' "$pom" | sed -n '1,60p'

echo
echo "== Dependency duplicates (dependencies section only) =="
python3 - <<'PY'
import xml.etree.ElementTree as ET
from collections import Counter

pom = "kernel-cbeffutil-api/pom.xml"
ns = {"m": "http://maven.apache.org/POM/4.0.0"}
root = ET.parse(pom).getroot()

deps = []
for dep in root.findall("./m:dependencies/m:dependency", ns):
    deps.append((
        dep.findtext("m:groupId", namespaces=ns),
        dep.findtext("m:artifactId", namespaces=ns),
        dep.findtext("m:version", namespaces=ns),
        dep.findtext("m:scope", namespaces=ns) or "compile",
    ))

for (g,a,v,s), count in Counter(deps).items():
    if count > 1:
        print(f"duplicate: {count} ({g}, {a}, {v}, {s})")
PY

Repository: mosip/bio-utils

Length of output: 1879


Remove the duplicate kernel-biometrics-api dependency entry

kernel-cbeffutil-api/pom.xml declares io.mosip.kernel:kernel-biometrics-api twice in <dependencies> (once around lines 67-71 and again around 87-91) with the same version property (defaulting to compile scope). Remove the second declaration to avoid duplicate dependency noise.

Suggested cleanup
-		<dependency>
-			<groupId>io.mosip.kernel</groupId>
-			<artifactId>kernel-biometrics-api</artifactId>
-			<version>${kernel.biometrics.api.version}</version>
-		</dependency>
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<dependency>
<groupId>io.mosip.kernel</groupId>
<artifactId>kernel-biometrics-api</artifactId>
<version>${kernel.biometrics.api.version}</version>
</dependency>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@kernel-cbeffutil-api/pom.xml` around lines 87 - 91, The POM contains a
duplicate dependency entry for io.mosip.kernel:kernel-biometrics-api using
${kernel.biometrics.api.version}; remove the second declaration (the repeated
<dependency> block that repeats groupId io.mosip.kernel and artifactId
kernel-biometrics-api) so the dependency appears only once in the <dependencies>
section, leaving the first/primary declaration with the version property intact.

Comment thread THIRD-PARTY-NOTICES.txt
Comment on lines +6 to +9
Package: MOSIP Bio Utils
Version: 1.3.0-SNAPSHOT
License: Mozilla Public License 2.0 (Inferred from project’s official repository)
Homepage: https://github.com/mosip/bio-utils

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Update version to match the release target.

The package version is listed as 1.3.0-SNAPSHOT, but this PR is releasing v1.3.1 according to the PR objectives and AI summary.

📝 Suggested fix
 Package: MOSIP Bio Utils
-Version: 1.3.0-SNAPSHOT
+Version: 1.3.1
 License: Mozilla Public License 2.0 (Inferred from project's official repository)
 Homepage: https://github.com/mosip/bio-utils
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
Package: MOSIP Bio Utils
Version: 1.3.0-SNAPSHOT
License: Mozilla Public License 2.0 (Inferred from projects official repository)
Homepage: https://github.com/mosip/bio-utils
Package: MOSIP Bio Utils
Version: 1.3.1
License: Mozilla Public License 2.0 (Inferred from project's official repository)
Homepage: https://github.com/mosip/bio-utils
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@THIRD-PARTY-NOTICES.txt` around lines 6 - 9, Update the package version entry
in THIRD-PARTY-NOTICES.txt for "MOSIP Bio Utils" to match the release target by
replacing "Version: 1.3.0-SNAPSHOT" with "Version: 1.3.1"; ensure the line under
the "Package: MOSIP Bio Utils" header is changed and consistency is preserved
with the rest of the file.

Signed-off-by: kameshsr <kameshsr1338@gmail.com>
@kameshsr kameshsr changed the title Develop latest Move release-1.3.x changes to develop Jun 2, 2026
@kameshsr kameshsr closed this Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.