Moderne Recipes
This doc includes every recipe that is exclusive to users of Moderne. For a full list of all recipes, check out our recipe catalog. For more information about how to use Moderne for automating code refactoring and analysis at scale, contact us.
rewrite-ai
- io.moderne.ai.FindAgentsInUse
- Find AI agents configuration files
- Scans codebases to identify usage of AI agents by looking at the agent configuration files present in the repository.
- io.moderne.ai.FindLibrariesInUse
- Find AI libraries in use
- Scans codebases to identify usage of AI services. Detects AI libraries across Java dependencies. Useful for auditing and understanding AI integration patterns.
- io.moderne.ai.FindModelsInUse
- Find AI models in use
- Scans codebases to identify usage of Large Language Models (LLMs). Detects model references and configuration patterns across Java classes, properties files, YAML configs... Useful for identifying model usage.
rewrite-ai-search
- io.moderne.ai.FindCommentsLanguage
- Find comments' language distribution
- Finds all comments and uses AI to predict which language the comment is in.
- io.moderne.ai.FixMisencodedCommentsInFrench
- Fix mis-encoded French comments, javadocs and pom.xml comments
- Fixes mis-encoded French comments in your code, javadocs and in your pom.xml files. Mis-encoded comments contain a ? or � character.
- io.moderne.ai.ListAllMethodsUsed
- List all methods used
- List all methods used in any Java source file.
- io.moderne.ai.SpellCheckCommentsInFrench
- Fix mis-encoded comments in French
- Use spellchecker to fix mis-encoded French comments in comments, JavaDocs, properties or XML files. Mis-encoded comments will contain either '?' or '�'.
- io.moderne.ai.research.FindCodeThatResembles
- Find method invocations that resemble a pattern
- This recipe uses two phase AI approach to find a method invocation that resembles a search string.
- io.moderne.ai.research.GetCodeEmbedding
- Get embeddings for code snippets in code
- This recipe calls an AI model to get an embedding for either classes or methods which can then be used for downstream tasks.
- io.moderne.ai.research.GetRecommendations
- Get recommendations
- This recipe calls an AI model to get recommendations for modernizing the code base by looking at a sample of method declarations.
rewrite-android
- org.openrewrite.android.ChangeAndroidSdkVersion
- Change Android SDK version
- Change
compileSdk,compileSdkVersion,targetSdkandtargetSdkVersionin an Android Gradle build file to the argument version.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_7_2
- Migrate to Android Gradle Plugin 7.2
- Recipes to migrate to Android Gradle Plugin version 7.2.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_7_3
- Migrate to Android Gradle Plugin 7.3
- Recipes to migrate to Android Gradle Plugin version 7.3.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_7_4
- Migrate to Android Gradle Plugin 7.4
- Recipes to migrate to Android Gradle Plugin version 7.4.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_8_0
- Migrate to Android Gradle Plugin 8.0
- Recipes to migrate to Android Gradle Plugin version 8.0.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_8_1
- Migrate to Android Gradle Plugin 8.1
- Recipes to migrate to Android Gradle Plugin version 8.1.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_8_2
- Migrate to Android Gradle Plugin 8.2
- Recipes to migrate to Android Gradle Plugin version 8.2.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_8_3
- Migrate to Android Gradle Plugin 8.3
- Recipes to migrate to Android Gradle Plugin version 8.3.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_8_4
- Migrate to Android Gradle Plugin 8.4
- Recipes to migrate to Android Gradle Plugin version 8.4.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_8_5
- Migrate to Android Gradle Plugin 8.5
- Recipes to migrate to Android Gradle Plugin version 8.5.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_8_6
- Migrate to Android Gradle Plugin 8.6
- Recipes to migrate to Android Gradle Plugin version 8.6.
- org.openrewrite.android.MigrateToAndroidGradlePlugin_8_7
- Migrate to Android Gradle Plugin 8.7
- Recipes to migrate to Android Gradle Plugin version 8.7.
- org.openrewrite.android.UpgradeAndroidGradlePluginVersion
- Upgrade Android Gradle Plugin (AGP) version
- Upgrade Android Gradle Plugin (AGP) version and update the Gradle Wrapper version. Compatible versions are published in the AGP release notes.
- org.openrewrite.android.UpgradeToAndroidSDK33
- Upgrade to Android SDK 33
- Recipes to upgrade to Android SDK version 33.
- org.openrewrite.android.UpgradeToAndroidSDK34
- Upgrade to Android SDK 34
- Recipes to upgrade to Android SDK version 34.
- org.openrewrite.android.UpgradeToAndroidSDK35
- Upgrade to Android SDK 35
- Recipes to upgrade to Android SDK version 35.
rewrite-angular
- org.openrewrite.angular.search.FindAngularComponent
- Find Angular component
- Locates usages of Angular components across the codebase including template elements and other references. If
componentNameisnull, finds all Angular components.
rewrite-azul
- io.moderne.azul.EliminateUnusedClasses
- Eliminate unused classes
- Deprecate and later delete classes that are unused, as detected by Azul Intelligence Cloud.
- io.moderne.azul.search.FindReachableMethods
- Find reachable methods
- Find all methods defined in the repository's source code that are reachable.
rewrite-circleci
- org.openrewrite.circleci.InstallOrb
- Install an orb
- Install a CircleCI orb if it is not already installed.
- org.openrewrite.circleci.UpdateImage
- Update CircleCI image
- See the list of pre-built CircleCI images.
rewrite-codemods-ng
- org.openrewrite.codemods.migrate.angular.ApplyAngularCLI
- Upgrade Angular versions
- Run
ng updateto upgrade Angular CLI and Angular Core to the specified version.
- org.openrewrite.codemods.migrate.angular.v15
- Update to Angular v15
- Upgrade to Angular v15 through
ApplyAngularCLI.
- org.openrewrite.codemods.migrate.angular.v16
- Update to Angular v16
- Upgrade to Angular v16 through
ApplyAngularCLI.
- org.openrewrite.codemods.migrate.angular.v17
- Update to Angular v17
- Upgrade to Angular v17 through
ApplyAngularCLI.
- org.openrewrite.codemods.migrate.angular.v18
- Update to Angular v18
- Upgrade to Angular v18 through
ApplyAngularCLI.
- org.openrewrite.codemods.migrate.angular.v19
- Update to Angular v19
- Upgrade to Angular v19 through
ApplyAngularCLI.
- org.openrewrite.codemods.migrate.angular.v20
- Update to Angular v20
- Upgrade to Angular v20 through
ApplyAngularCLI.
- org.openrewrite.codemods.migrate.angular.v21
- Update to Angular v21
- Upgrade to Angular v21 through
ApplyAngularCLI.
rewrite-compiled-analysis
- io.moderne.compiled.verification.ChangeListMethodAndVerify
- Change
List#addtoList#plusand verify - We know this won't compile.
- Change
- io.moderne.compiled.verification.VerifyCompilation
- Verify compilation
- This is a task that runs after another recipe to verify that the changes made by that recipe would result in a successful compilation.
rewrite-concourse
- org.openrewrite.concourse.ChangeResourceVersion
- Change resource version
- Pin or unpin a resource to a particular version.
- org.openrewrite.concourse.ChangeValue
- Change Concourse value
- Change every value matching the key pattern.
- org.openrewrite.concourse.FindResource
- Find resource
- Find a Concourse resource by name.
- org.openrewrite.concourse.UpdateGitResourceUri
- Update git resource
source.urireferences - Update git resource
source.uriURI values to point to a new URI value.
- Update git resource
- org.openrewrite.concourse.search.FindPinnedResource
- Find pinned resources by type
- Find resources of a particular type that have pinned versions.
- org.openrewrite.concourse.search.FindPrivilegedResourceType
- Find privileged
resource_typedefinitions - By default,
resource_typedefinitions are unprivileged.
- Find privileged
rewrite-cryptography
- io.moderne.cryptography.FindRSAKeyGenParameters
- Find RSA key generation parameters
- Finds RSAKeyGenParameterSpec instantiations and extracts their parameter values into a data table.
- io.moderne.cryptography.FindSSLSocketParameters
- Find SSL socket configuration parameters
- Finds SSLSocket setter method invocations and extracts their parameter values into a data table.
- io.moderne.cryptography.FindSecurityModifications
- Find Security class modifications
- Finds invocations of java.security.Security methods that modify security configuration such as removeProvider, addProvider, insertProviderAt, setProperty, and removeProperty.
- io.moderne.cryptography.FindSecuritySetProperties
- Find
Security.setProperty(..)calls for certain properties - There is a defined set of properties that should not be set using
Security.setProperty(..)as they can lead to security vulnerabilities.
- Find
- io.moderne.cryptography.PostQuantumCryptography
- Post quantum cryptography
- This recipe searches for instances in code that may be impacted by post quantum cryptography. Applications may need to support larger key sizes, different algorithms, or use crypto agility to handle the migration. The recipe includes detection of hardcoded values that affect behavior in a post-quantum world, programmatic configuration that may prevent algorithm changes, and general cryptographic usage patterns that should be reviewed.
rewrite-dotnet
- org.openrewrite.dotnet.MigrateToNet6
- Upgrade to .NET 6.0 using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to .NET 6.0.
- org.openrewrite.dotnet.MigrateToNet7
- Upgrade to .NET 7.0 using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to .NET 7.0.
- org.openrewrite.dotnet.MigrateToNet8
- Upgrade to .NET 8.0 using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to .NET 8.0.
- org.openrewrite.dotnet.MigrateToNet9
- Upgrade to .NET 9.0 using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to .NET 9.0.
- org.openrewrite.dotnet.UpgradeAssistant
- Upgrade a .NET project using upgrade-assistant
- Run upgrade-assistant upgrade across a repository to upgrade projects to a newer version of .NET.
- org.openrewrite.dotnet.UpgradeAssistantAnalyze
- Analyze a .NET project using upgrade-assistant
- Run upgrade-assistant analyze across a repository to analyze changes required to upgrade projects to a newer version of .NET. This recipe will generate an
org.openrewrite.dotnet.UpgradeAssistantAnalysisdata table containing the report details.
rewrite-elastic
- io.moderne.elastic.elastic9.ChangeApiNumericFieldType
- Change numeric field type with conversion
- Adds conversion methods with null checks for numeric type changes in Elasticsearch 9 API.
- io.moderne.elastic.elastic9.ChangeApiNumericFieldTypes
- Change numeric field types for Elasticsearch 9
- Handles changes between different numeric types (
LongtoInteger,inttoLong...) in Elasticsearch 9 API responses by adding appropriate conversion methods with null checks.
- io.moderne.elastic.elastic9.MigrateDenseVectorElementType
- Migrate DenseVectorProperty.elementType from String to DenseVectorElementType enum
- In Elasticsearch 9,
DenseVectorProperty.elementType()returnsDenseVectorElementTypeenum instead ofString, and the builder methodelementType(String)now accepts the enum type. This recipe handles both builder calls and getter calls.
- io.moderne.elastic.elastic9.MigrateDenseVectorSimilarity
- Migrate DenseVectorProperty.similarity from String to DenseVectorSimilarity enum
- In Elasticsearch 9,
DenseVectorProperty.similarity()returnsDenseVectorSimilarityenum instead ofString, and the builder methodsimilarity(String)now accepts the enum type. This recipe handles both builder calls and getter calls.
- io.moderne.elastic.elastic9.MigrateMatchedQueries
- Migrate
matchedQueriesfrom List to Map - In Elasticsearch Java Client 9.0,
Hit.matchedQueries()changed from returningList<String>toMap<String, Double>. This recipe migrates the usage by adding.keySet()for iterations and usingnew ArrayList<>(result.keySet())for assignments.
- Migrate
- io.moderne.elastic.elastic9.MigrateScriptSource
- Migrate script source from String to Script/ScriptSource
- Migrates
Script.source(String)calls to useScriptSource.scriptString(String)wrapper in Elasticsearch Java client 9.x.
- io.moderne.elastic.elastic9.MigrateSpanTermQueryValue
- Migrate
SpanTermQuery.value()from String to FieldValue - In Elasticsearch 9,
SpanTermQuery.value()returns aFieldValueinstead ofString. This recipe updates calls to handle the new return type by checking if it's a string and extracting the string value.
- Migrate
- io.moderne.elastic.elastic9.MigrateToElasticsearch9
- Migrate from Elasticsearch 8 to 9
- This recipe performs a comprehensive migration from Elasticsearch 8 to Elasticsearch 9, addressing breaking changes, API removals, deprecations, and required code modifications.
- io.moderne.elastic.elastic9.RenameApiField
- Rename
Elasticsearch valueBody()methods - In Elasticsearch Java Client 9.0, the generic
valueBody()method andvalueBody(...)builder methods have been replaced with specific getter and setter methods that better reflect the type of data being returned. Similarly, forGetRepositoryResponse, theresultfield also got altered torepositories.
- Rename
- io.moderne.elastic.elastic9.RenameApiFields
- Rename API fields for Elasticsearch 9
- Renames various API response fields from
valueBodyto align with Elasticsearch 9 specifications.
- io.moderne.elastic.elastic9.UseNamedValueParameters
- Use NamedValue parameters instead of Map
- Migrates
indicesBoostanddynamicTemplatesparameters fromMaptoNamedValuein Elasticsearch Java client 9.x.
rewrite-hibernate
- io.moderne.hibernate.MigrateToHibernate40
- Migrate to Hibernate 4.0.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating from Hibernate 3.x to 4.0.x, including migration of collection annotations to their JPA 2.0 equivalents.
- io.moderne.hibernate.MigrateToHibernate66
- Migrate to Hibernate 6.6.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating to Hibernate 6.6.x.
- io.moderne.hibernate.MigrateToHibernate70
- Migrate to Hibernate 7.0.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating to Hibernate 7.0.x.
- io.moderne.hibernate.MigrateToHibernate71
- Migrate to Hibernate 7.1.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating to Hibernate 7.0.x.
- io.moderne.hibernate.MigrateToHibernate72
- Migrate to Hibernate 7.2.x (Moderne Edition)
- This recipe will apply changes commonly needed when migrating to Hibernate 7.2.x.
- io.moderne.hibernate.search.FindJPQLDefinitions
- Find JPQL definitions (Moderne Edition)
- Find Java Persistence Query Language definitions in the codebase.
- io.moderne.hibernate.update40.MigrateJoinTableToCollectionTable
- Migrate
@JoinTableto@CollectionTablefor element collections (Moderne Edition) - Replaces
@JoinTablewith@CollectionTablewhen used alongside@CollectionOfElementsor@ElementCollection.@CollectionTableis the JPA 2.0 standard for defining the table that stores element collections.
- Migrate
- io.moderne.hibernate.update66.FixConflictingClassTypeAnnotations
- Fix conflicting class type annotation Hibernate 6.6 (Moderne Edition)
- Since Hibernate 6.6 a mapped class can have either
@MappedSuperclassor@Embeddable, or@Entity. This recipe removes@Entityfrom classes annotated with@MappedSuperclassor@Embeddable. For the moment die combination of@MappedSuperclassor@Embeddableis advised to migrate to Single Table Inheritance but still accepted and therefore stays.
- io.moderne.hibernate.update66.MigrateCascadeTypes
- Migrate Hibernate CascadeType constants (Moderne Edition)
- Moving away from deprecated Hibernate CascadeType constants. CascadeType.SAVE_UPDATE -> CascadeType.PERSIST and/or CascadeType.MERGE, CascadeType.DELETE -> CascadeType.REMOVE.
- io.moderne.hibernate.update66.RemoveTableFromInheritedEntity
- Remove table from single table inherited entity (Moderne Edition)
- For Single Table Inherited Entities Hibernate ignores the
@Tableannotation on child entities. From Version 6.6 it is considered an error.
- io.moderne.hibernate.update70.AddCascadePersistToIdMappedAssociations
- Migrate implicit cascade=PERSIST for @Id and @MapsId associations (Moderne Edition)
- Hibernate used to automatically enable cascade=PERSIST for association fields annotated @Id or @MapsId. This was undocumented and unexpected behavior, and no longer supported in Hibernate 7. Existing code which relies on this behavior will be modified by addition of explicit cascade=PERSIST to the association fields.
- io.moderne.hibernate.update70.CompositeUserTypeSessionFactoryImplementor
- Remove leaking of SessionFactoryImplementor from
org.hibernate.usertype.CompositeUserTypeinvocations and implementations (Moderne Edition) - Remove leaking of SessionFactoryImplementor from
org.hibernate.usertype.CompositeUserTypeinvocations and implementations.
- Remove leaking of SessionFactoryImplementor from
- io.moderne.hibernate.update70.MigrateConfigurableToGeneratorCreationContext
- Migrate
Configurable.configure()to useGeneratorCreationContext(Moderne Edition) - In Hibernate 7.0,
Configurable.configure()now takes aGeneratorCreationContextparameter instead ofServiceRegistry. This recipe migrates method signatures and call sites.
- Migrate
- io.moderne.hibernate.update70.MigrateIntegratorMethod
- Migrate Hibernate
Integrator#integratemethod (Moderne Edition) - Migrate Hibernate
Integrator#integratemethod from deprecated signature to Hibernate 7 compatible signature. Changesintegrate(Metadata, SessionFactoryImplementor, SessionFactoryServiceRegistry)tointegrate(Metadata, BootstrapContext, SessionFactoryImplementor).
- Migrate Hibernate
- io.moderne.hibernate.update70.MigrateJdbcTypeToJdbcTypeCode
- Migrate @JdbcType to @JdbcTypeCode (Moderne Edition)
- In Hibernate 7.0, various JDBC types were moved to internal packages. Use @JdbcTypeCode with SqlTypes constants instead of @JdbcType with specific classes.
- io.moderne.hibernate.update70.MigrateLockOptionsToDirectParameters
- Migrate LockOptions to direct parameters (Moderne Edition)
- Migrates deprecated
LockOptionsusage to direct parameters in method calls. As of JPA 3.2 and Hibernate 7,LockMode,Timeout, andPessimisticLockScopeare passed directly tofind(),refresh(), andlock()methods instead of being wrapped in aLockOptionsobject.
- io.moderne.hibernate.update70.MigrateMetamodelImplementor
- Migrate
MetamodelImplementorto Hibernate 7.0 (Moderne Edition) - In Hibernate 7.0,
MetamodelImplementorhas been split intoMappingMetamodelfor ORM-specific operations andJpaMetamodelfor JPA-standard operations. This recipe migrates the usage based on which methods are called.
- Migrate
- io.moderne.hibernate.update70.MigrateNaturalIdLoadAccess
- Migrate NaturalIdLoadAccess method calls (Moderne Edition)
- Migrates NaturalIdLoadAccess#using(Object...) to using(Map.of(...)) variants for Hibernate 7.0.
- io.moderne.hibernate.update70.MigrateNaturalIdMultiLoadAccess
- Migrate NaturalIdMultiLoadAccess method calls (Moderne Edition)
- Migrates NaturalIdMultiLoadAccess#compoundValue(Object...) to Map.of(...) variants for Hibernate 7.0.
- io.moderne.hibernate.update70.MigrateSessionInterface
- Migrate Session interface method calls (Moderne Edition)
- Migrates code using deprecated Session interface methods to their Hibernate 7.0 replacements.
- io.moderne.hibernate.update70.MigrateSessionToDeferToJPA
- Migrate Session save/update/delete method calls (Moderne Edition)
- Migrates code using deprecated Session load/get/refresh/save/update/delete methods to their Hibernate 7.0 replacements.
- io.moderne.hibernate.update70.MigrateSetFlushModeToSetQueryFlushMode
- Migrate
setFlushMode()tosetQueryFlushMode()(Moderne Edition) - In Hibernate 7.0,
CommonQueryContract.setFlushMode(FlushModeType)has been replaced withsetQueryFlushMode(QueryFlushMode). This recipe migrates the method call and convertsFlushModeTypeparameters to theirQueryFlushModeequivalents.
- Migrate
- io.moderne.hibernate.update70.MigrateToHibernate7JFR
- Migrate to Hibernate 7 JFR APIs (Moderne Edition)
- Migrates deprecated JFR integration APIs to their Hibernate 7 replacements.
EventManagerbecomesEventMonitorandHibernateMonitoringEventbecomesDiagnosticEvent.
- io.moderne.hibernate.update70.MigrateToTargetEmbeddable
- Migrate to @TargetEmbeddable (Moderne Edition)
- Migrates code using removed @Target to to Hibernate 7.0's @TargetEmbeddable equivalent. Removes misused @Target annotations.
- io.moderne.hibernate.update70.RemoveUnnecessaryCastToSession
- Remove unnecessary cast to
SessionforSessionFactory.createEntityManager()(Moderne Edition) - In Hibernate 7.0,
SessionFactory.createEntityManager()explicitly returns Session, making casts to Session unnecessary.
- Remove unnecessary cast to
- io.moderne.hibernate.update70.ReplaceHibernateWithJakartaAnnotations
- Replace hibernate annotations with Jakarta variants (Moderne Edition)
- Tries to replaces annotations that have been removed in Hibernate 7.0 with its Jakarta equivalent, such as Table, @Where, @OrderBy, etc. If a annotation is used with arguments that do not have a direct replacement, the annotation is not replaced at all.
- io.moderne.hibernate.update70.ReplaceSessionLockRequest
- Replace Session.buildLockRequest with LockOptions (Moderne Edition)
- Migrates Session.buildLockRequest(LockOptions.X) calls to use session.lock(entity, new LockOptions(LockMode.X)) in Hibernate 7.0.
- io.moderne.hibernate.update70.UnboxingTransactionTimeout
- Null safe Transaction#getTimeout() (Moderne Edition)
- JPA 3.2 adds
#getTimeoutbut usesIntegerwhereas Hibernate has historically usedint. Note that this raises the possibility of aNullPointerExceptionduring migration if, e.g., performing direct comparisons on the timeout value against an in (auto unboxing). This recipe adds ternary operators whereTransaction#getTimeout()is used and a negative value will be used if thegetTimeout()resulted in a null value.
- io.moderne.hibernate.update70.UserTypeNullSafeGetSharedSessionContractImplementorRecipe
- Remove leaking of SharedSessionContractImplementor from
org.hibernate.usertype.UserTypeinvocations (Moderne Edition) - Remove leaking of SharedSessionContractImplementor from
org.hibernate.usertype.UserTypeinvocations.
- Remove leaking of SharedSessionContractImplementor from
- io.moderne.hibernate.update70.UserTypeSharedSessionContractImplementor
- Remove leaking of SharedSessionContractImplementor from
org.hibernate.usertype.UserTypeimplementations (Moderne Edition) - Remove leaking of SharedSessionContractImplementor from
org.hibernate.usertype.UserTypeimplementations.
- Remove leaking of SharedSessionContractImplementor from
rewrite-jasperreports
- io.moderne.jasperreports.MigrateExporterConfigToJasper6
- Update JasperReports exporter configuration
- Updates deprecated exporter parameter imports to the new configuration classes introduced in JasperReports 6. This includes migrating from parameter classes to configuration classes for PDF, HTML, CSV, and other exporters.
- io.moderne.jasperreports.MigrateXlsToXlsxExporter
- Migrate JRXlsExporter to JRXlsxExporter
- Migrates the deprecated
JRXlsExporterto the newJRXlsxExporterclass in JasperReports 6. Also updates related configuration classes from XLS to XLSX variants.
- io.moderne.jasperreports.UpgradeToJasperReports5
- Migrate to JasperReports 5.6.x
- Migrates JasperReports from 4.6.0 to 5.6.x. This recipe includes minimal breaking changes, allowing teams to test and validate the migration before proceeding to version 6.
- io.moderne.jasperreports.UpgradeToJasperReports6
- Migrate to JasperReports 6
- Migrates JasperReports from 5.x to 6.x with the new exporter API, XLS to XLSX move, and removal of Spring JasperReports views.
- io.moderne.jasperreports.v5.MigrateExporterSetParameter
- Migrate JasperReports exporter setParameter to new API
- Migrates deprecated
setParametercalls on JasperReports exporters to the new API usingsetExporterInputandsetExporterOutput.
- io.moderne.jasperreports.v5.MigratePrintServiceExporterConfiguration
- Migrate JRPrintServiceExporterParameter to SimplePrintServiceExporterConfiguration
- Migrates
JRPrintServiceExporterParametersetParameter calls to useSimplePrintServiceExporterConfiguration.
rewrite-java-application-server
- io.moderne.java.server.jboss.DeleteJBossDescriptors
- Delete JBoss deployment descriptor files
- Removes jboss-web.xml and jboss-deployment-structure.xml files as they are no longer needed after a migration.
- io.moderne.java.server.jboss.PlanJBossMigration
- Plan JBoss migration
- Analyzes the repository to plan a JBoss migration, identifying JBoss descriptor files (jboss-web.xml, jboss-deployment-structure.xml) and recording them in a data table.
- io.moderne.java.server.jboss.migrate.jetty.MigrateJBossToJetty
- Migrate JBoss to Jetty
- Comprehensive migration from JBoss to Jetty.
- io.moderne.java.server.jboss.migrate.jetty.devcenter.JBossToJettyMigrationCard$Scanner
- JBoss to Jetty migration scanner
- Scans for JBoss and Jetty configuration files.
rewrite-java-security
- org.openrewrite.csharp.dependencies.DependencyInsight
- Dependency insight for C#
- Finds dependencies in
*.csprojandpackages.config.
- org.openrewrite.csharp.dependencies.DependencyVulnerabilityCheck
- Find and fix vulnerable Nuget dependencies
- This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
- org.openrewrite.csharp.dependencies.UpgradeDependencyVersion
- Upgrade C# dependency versions
- Upgrades dependencies in
*.csprojandpackages.config.
- org.openrewrite.java.dependencies.AddExplicitTransitiveDependencies
- Add explicit transitive dependencies
- Detects when Java source code or configuration files reference types from transitive Maven dependencies and promotes those transitive dependencies to explicit direct dependencies in the pom.xml. This ensures the build is resilient against changes in transitive dependency trees of upstream libraries.
- org.openrewrite.java.dependencies.DependencyLicenseCheck
- Find licenses in use in third-party dependencies
- Locates and reports on all licenses in use.
- org.openrewrite.java.dependencies.DependencyVulnerabilityCheck
- Find and fix vulnerable dependencies
- This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the
maximumUpgradeDeltaoption. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Upgrades dependencies versioned according to Semantic Versioning. ## Customizing Vulnerability Data This recipe can be customized by extendingDependencyVulnerabilityCheckBaseand overriding the vulnerability data sources: -baselineVulnerabilities(ExecutionContext ctx): Provides the default set of known vulnerabilities. The base implementation loads vulnerability data from the GitHub Security Advisory Database CSV file usingResourceUtils.parseResourceAsCsv(). Override this method to replace the entire vulnerability dataset with your own curated list. -supplementalVulnerabilities(ExecutionContext ctx): Allows adding custom vulnerability data beyond the baseline. The base implementation returns an empty list. Override this method to add organization-specific vulnerabilities, internal security advisories, or vulnerabilities from additional sources while retaining the baseline GitHub Advisory Database. Both methods returnList<Vulnerability>objects. Vulnerability data can be loaded from CSV files usingResourceUtils.parseResourceAsCsv(path, Vulnerability.class, consumer)or constructed programmatically. To customize, extendDependencyVulnerabilityCheckBaseand override one or both methods depending on your needs. For example, overridesupplementalVulnerabilities()to add custom CVEs while keeping the standard vulnerability database, or overridebaselineVulnerabilities()to use an entirely different vulnerability data source. Last updated: 2026-02-09T1116.
- org.openrewrite.java.dependencies.RemoveUnusedDependencies
- Remove unused dependencies
- Scans through source code collecting references to types and methods, removing any dependencies that are not used from Maven or Gradle build files. This is best effort and not guaranteed to work well in all cases; false positives are still possible. This recipe takes reflective access into account: - When reflective access to a class is made unambiguously via a string literal, such as:
Class.forName("java.util.List")that is counted correctly. - When reflective access to a class is made ambiguously via anything other than a string literal no dependencies will be removed. This recipe takes transitive dependencies into account: - When a direct dependency is not used but a transitive dependency it brings in is in use the direct dependency is not removed.
- org.openrewrite.java.dependencies.SoftwareBillOfMaterials
- Software bill of materials
- Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.
- org.openrewrite.java.security.FindTextDirectionChanges
- Find text-direction changes
- Finds unicode control characters which can change the direction text is displayed in. These control characters can alter how source code is presented to a human reader without affecting its interpretation by tools like compilers. So a malicious patch could pass code review while introducing vulnerabilities. Note that text direction-changing unicode control characters aren't inherently malicious. These characters can appear for legitimate reasons in code written in or dealing with right-to-left languages. See: https://trojansource.codes/ for more information.
- org.openrewrite.java.security.FixCwe338
- Fix CWE-338 with
SecureRandom - Use a cryptographically strong pseudo-random number generator (PRNG).
- Fix CWE-338 with
- org.openrewrite.java.security.ImproperPrivilegeManagement
- Improper privilege management
- Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.
- org.openrewrite.java.security.JavaSecurityBestPractices
- Java security best practices
- Applies security best practices to Java code.
- org.openrewrite.java.security.OwaspA01
- Remediate OWASP A01:2021 Broken access control
- OWASP A01:2021 describes failures related to broken access control.
- org.openrewrite.java.security.OwaspA02
- Remediate OWASP A02:2021 Cryptographic failures
- OWASP A02:2021 describes failures related to cryptography (or lack thereof), which often lead to exposure of sensitive data. This recipe seeks to remediate these vulnerabilities.
- org.openrewrite.java.security.OwaspA03
- Remediate OWASP A03:2021 Injection
- OWASP A03:2021 describes failures related to user-supplied data being used to influence program state to operate outside of its intended bounds. This recipe seeks to remediate these vulnerabilities.
- org.openrewrite.java.security.OwaspA05
- Remediate OWASP A05:2021 Security misconfiguration
- OWASP A05:2021 describes failures related to security misconfiguration.
- org.openrewrite.java.security.OwaspA06
- Remediate OWASP A06:2021 Vulnerable and outdated components
- OWASP A06:2021 describes failures related to vulnerable and outdated components.
- org.openrewrite.java.security.OwaspA08
- Remediate OWASP A08:2021 Software and data integrity failures
- OWASP A08:2021 software and data integrity failures.
- org.openrewrite.java.security.OwaspTopTen
- Remediate vulnerabilities from the OWASP Top Ten
- OWASP publishes a list of the most impactful common security vulnerabilities. These recipes identify and remediate vulnerabilities from the OWASP Top Ten.
- org.openrewrite.java.security.PartialPathTraversalVulnerability
- Partial path traversal vulnerability
- Replaces
dir.getCanonicalPath().startsWith(parent.getCanonicalPath(), which is vulnerable to partial path traversal attacks, with the more securedir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath()). To demonstrate this vulnerability, consider"/usr/outnot".startsWith("/usr/out"). The check is bypassed although/outnotis not under the/outdirectory. It's important to understand that the terminating slash may be removed when using variousStringrepresentations of theFileobject. For example, on Linux,println(new File("/var"))will print/var, butprintln(new File("/var", "/")will print/var/; however,println(new File("/var", "/").getCanonicalPath())will print/var.
- org.openrewrite.java.security.RegularExpressionDenialOfService
- Regular Expression Denial of Service (ReDOS)
- ReDoS is a Denial of Service attack that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). See the OWASP description of this attack here for more details.
- org.openrewrite.java.security.SecureRandom
- Secure random
- Use cryptographically secure Pseudo Random Number Generation in the "main" source set. Replaces instantiation of
java.util.Randomwithjava.security.SecureRandom.
- org.openrewrite.java.security.SecureRandomPrefersDefaultSeed
- SecureRandom seeds are not constant or predictable
- Remove
SecureRandom#setSeed(*)method invocations having constant or predictable arguments.
- org.openrewrite.java.security.SecureTempFileCreation
- Use secure temporary file creation
java.io.File.createTempFile()has exploitable default file permissions. This recipe migrates to the more securejava.nio.file.Files.createTempFile().
- org.openrewrite.java.security.UseFilesCreateTempDirectory
- Use
Files#createTempDirectory - Use
Files#createTempDirectorywhen the sequenceFile#createTempFile(..)->File#delete()->File#mkdir()is used for creating a temp directory.
- Use
- org.openrewrite.java.security.XmlParserXXEVulnerability
- XML parser XXE vulnerability
- Avoid exposing dangerous features of the XML parser by updating certain factory settings.
- org.openrewrite.java.security.ZipSlip
- Zip slip
- Zip slip is an arbitrary file overwrite critical vulnerability, which typically results in remote command execution. A fuller description of this vulnerability is available in the Snyk documentation on it.
- org.openrewrite.java.security.marshalling.InsecureJmsDeserialization
- Insecure JMS deserialization
- JMS
Objectmessages depend on Java Serialization for marshalling/unmarshalling of the message payload whenObjectMessage#getObjectis called. Deserialization of untrusted data can lead to security flaws.
- org.openrewrite.java.security.marshalling.SecureJacksonDefaultTyping
- Secure the use of Jackson default typing
- See the blog post on this subject.
- org.openrewrite.java.security.marshalling.SecureSnakeYamlConstructor
- Secure the use of SnakeYAML's constructor
- See the paper on this subject.
- org.openrewrite.java.security.search.FindJacksonDefaultTypeMapping
- Find Jackson default type mapping enablement
ObjectMapper#enableTypeMapping(..)can lead to vulnerable deserialization.
- org.openrewrite.java.security.search.FindSensitiveApiEndpoints
- Find sensitive API endpoints
- Find data models exposed by REST APIs that contain sensitive information like PII and secrets.
- org.openrewrite.java.security.search.FindVulnerableJacksonJsonTypeInfo
- Find vulnerable uses of Jackson
@JsonTypeInfo - Identify where attackers can deserialize gadgets into a target field.
- Find vulnerable uses of Jackson
- org.openrewrite.java.security.secrets.FindArtifactorySecrets
- Find Artifactory secrets
- Locates Artifactory secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindAwsSecrets
- Find AWS secrets
- Locates AWS secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindAzureSecrets
- Find Azure secrets
- Locates Azure secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindDiscordSecrets
- Find Discord secrets
- Locates Discord secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindFacebookSecrets
- Find Facebook secrets
- Locates Facebook secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindGenericSecrets
- Find generic secrets
- Locates generic secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindGitHubSecrets
- Find GitHub secrets
- Locates GitHub secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindGoogleSecrets
- Find Google secrets
- Locates Google secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindHerokuSecrets
- Find Heroku secrets
- Locates Heroku secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindJwtSecrets
- Find JWT secrets
- Locates JWTs stored in plain text in code.
- org.openrewrite.java.security.secrets.FindMailChimpSecrets
- Find MailChimp secrets
- Locates MailChimp secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindMailgunSecrets
- Find Mailgun secrets
- Locates Mailgun secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindNpmSecrets
- Find NPM secrets
- Locates NPM secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindPasswordInUrlSecrets
- Find passwords used in URLs
- Locates URLs that contain passwords in plain text.
- org.openrewrite.java.security.secrets.FindPayPalSecrets
- Find PayPal secrets
- Locates PayPal secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindPgpSecrets
- Find PGP secrets
- Locates PGP secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindPicaticSecrets
- Find Picatic secrets
- Locates Picatic secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindRsaSecrets
- Find RSA private keys
- Locates RSA private keys stored in plain text in code.
- org.openrewrite.java.security.secrets.FindSecrets
- Find secrets
- Locates secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindSecretsByPattern
- Find secrets with regular expressions
- A secret is a literal that matches any one of the provided patterns.
- org.openrewrite.java.security.secrets.FindSendGridSecrets
- Find SendGrid secrets
- Locates SendGrid secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindSlackSecrets
- Find Slack secrets
- Locates Slack secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindSquareSecrets
- Find Square secrets
- Locates Square secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindSshSecrets
- Find SSH secrets
- Locates SSH secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindStripeSecrets
- Find Stripe secrets
- Locates Stripe secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindTelegramSecrets
- Find Telegram secrets
- Locates Telegram secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindTwilioSecrets
- Find Twilio secrets
- Locates Twilio secrets stored in plain text in code.
- org.openrewrite.java.security.secrets.FindTwitterSecrets
- Find Twitter secrets
- Locates Twitter secrets stored in plain text in code.
- org.openrewrite.java.security.servlet.CookieSetSecure
- Insecure cookies
- Check for use of insecure cookies. Cookies should be marked as secure. This ensures that the cookie is sent only over HTTPS to prevent cross-site scripting attacks.
- org.openrewrite.java.security.spring.CsrfProtection
- Enable CSRF attack prevention
- Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. See the full OWASP cheatsheet.
- org.openrewrite.java.security.spring.InsecureSpringServiceExporter
- Secure Spring service exporters
- The default Java deserialization mechanism is available via
ObjectInputStreamclass. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution. Spring’sRemoteInvocationSerializingExporteruses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at leastHttpInvokerServiceExporterandSimpleHttpInvokerServiceExporterthat extendRemoteInvocationSerializingExporter. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism. See the full blog post by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.
- org.openrewrite.java.security.spring.PreventClickjacking
- Prevent clickjacking
- The
frame-ancestorsdirective can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a<frame>or<iframe>. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
- org.openrewrite.recipe.rewrite-java-security.InlineDeprecatedMethods
- Inline deprecated delegating methods
- Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.
- org.openrewrite.text.FindHardcodedLoopbackAddresses
- Find hard-coded loopback IPv4 addresses
- Locates mentions of hard-coded IPv4 addresses from the loopback IP range. The loopback IP range includes
127.0.0.0to127.255.255.255. This detects the entire localhost/loopback subnet range, not just the commonly used127.0.0.1.
- org.openrewrite.text.FindHardcodedPrivateIPAddresses
- Find hard-coded private IPv4 addresses
- Locates mentions of hard-coded IPv4 addresses from private IP ranges. Private IP ranges include: *
192.168.0.0to192.168.255.255*10.0.0.0to10.255.255.255*172.16.0.0to172.31.255.255It is not detecting the localhost subnet127.0.0.0to127.255.255.255.
- org.openrewrite.text.RemoveHardcodedIPAddressesFromComments
- Remove hard-coded IP addresses from comments
- Removes hard-coded IPv4 addresses from comments when they match private IP ranges or loopback addresses. This targets IP addresses that are commented out in various comment formats: Private IP ranges: *
192.168.0.0to192.168.255.255*10.0.0.0to10.255.255.255*172.16.0.0to172.31.255.255Loopback IP range: *127.0.0.0to127.255.255.255Supported comment formats: * C-style line comments (//) * C-style block comments (/* */) * Shell/Python style comments (#) * XML comments (<!-- -->) * YAML comments (#) * Properties file comments (#or!) For line comments, the entire line is removed. For block comments, only the IP address is removed.
rewrite-kafka
- io.moderne.kafka.MigrateAdminListConsumerGroups
- Migrate
Admin.listConsumerGroups()tolistGroups() - Migrates the deprecated
Admin.listConsumerGroups()method tolistGroups()and updates related types for Kafka 4.1 compatibility.
- Migrate
- io.moderne.kafka.MigrateAlterConfigsToIncrementalAlterConfigs
- Migrate
AdminClient.alterConfigs()toincrementalAlterConfigs() - Migrates the removed
AdminClient.alterConfigs()method toincrementalAlterConfigs()for Kafka 4.0 compatibility.
- Migrate
- io.moderne.kafka.MigrateConsumerCommittedToSet
- Migrate
KafkaConsumer.committed(TopicPartition)tocommitted(Set<TopicPartition>) - Migrates from the removed
KafkaConsumer.committed(TopicPartition)tocommitted(Set<TopicPartition>)for Kafka 4.0 compatibility. Converts singleTopicPartitionarguments toCollections.singleton()calls.
- Migrate
- io.moderne.kafka.MigrateConsumerGroupStateToGroupState
- Migrate
ConsumerGroupStatetoGroupState - Migrates from the deprecated
ConsumerGroupStatetoGroupStatefor Kafka 4.0 compatibility.ConsumerGroupStatewas deprecated in favor ofGroupStatewhich supports both consumer groups and share groups.
- Migrate
- io.moderne.kafka.MigrateConsumerPollToDuration
- Migrate
KafkaConsumer.poll(long)topoll(Duration) - Migrates from the deprecated
KafkaConsumer.poll(long)topoll(Duration)for Kafka 4.0 compatibility. Converts millisecond timeout values toDuration.ofMillis()calls.
- Migrate
- io.moderne.kafka.MigrateSendOffsetsToTransaction
- Migrate deprecated
sendOffsetsToTransactionto useConsumerGroupMetadata - Migrates from the deprecated
KafkaProducer.sendOffsetsToTransaction(Map, String)tosendOffsetsToTransaction(Map, ConsumerGroupMetadata)for Kafka 4.0 compatibility. This recipe uses a conservative approach withnew ConsumerGroupMetadata(groupId).
- Migrate deprecated
- io.moderne.kafka.MigrateToKafka23
- Migrate to Kafka 2.3
- Migrate applications to the latest Kafka 2.3 release.
- io.moderne.kafka.MigrateToKafka24
- Migrate to Kafka 2.4
- Migrate applications to the latest Kafka 2.4 release.
- io.moderne.kafka.MigrateToKafka25
- Migrate to Kafka 2.5
- Migrate applications to the latest Kafka 2.5 release.
- io.moderne.kafka.MigrateToKafka26
- Migrate to Kafka 2.6
- Migrate applications to the latest Kafka 2.6 release.
- io.moderne.kafka.MigrateToKafka27
- Migrate to Kafka 2.7
- Migrate applications to the latest Kafka 2.7 release.
- io.moderne.kafka.MigrateToKafka28
- Migrate to Kafka 2.8
- Migrate applications to the latest Kafka 2.8 release.
- io.moderne.kafka.MigrateToKafka30
- Migrate to Kafka 3.0
- Migrate applications to the latest Kafka 3.0 release.
- io.moderne.kafka.MigrateToKafka31
- Migrate to Kafka 3.1
- Migrate applications to the latest Kafka 3.1 release.
- io.moderne.kafka.MigrateToKafka32
- Migrate to Kafka 3.2
- Migrate applications to the latest Kafka 3.2 release.
- io.moderne.kafka.MigrateToKafka33
- Migrate to Kafka 3.3
- Migrate applications to the latest Kafka 3.3 release.
- io.moderne.kafka.MigrateToKafka40
- Migrate to Kafka 4.0
- Migrate applications to the latest Kafka 4.0 release. This includes updating dependencies to 4.0.x, ensuring Java 11+ for clients and Java 17+ for brokers/tools, and handling changes.
- io.moderne.kafka.MigrateToKafka41
- Migrate to Kafka 4.1
- Migrate applications to the latest Kafka 4.1 release. This includes updating dependencies to 4.1.x, migrating deprecated Admin API methods, updating Streams configuration properties, and removing deprecated broker properties.
- io.moderne.kafka.RemoveDeprecatedKafkaProperties
- Remove deprecated Kafka property
- Removes a specific Kafka property that is no longer supported in Kafka 4.0.
- io.moderne.kafka.UpgradeJavaForKafkaBroker
- Upgrade Java to 17+ for Kafka broker/tools
- Ensures Java 17 or higher is used when Kafka broker or tools dependencies are present.
- io.moderne.kafka.UpgradeJavaForKafkaClients
- Upgrade Java to 11+ for Kafka clients
- Ensures Java 11 or higher is used when Kafka client libraries are present.
- io.moderne.kafka.streams.MigrateJoinedNameMethod
- Migrate
Joined.named()toJoined.as() - In Kafka Streams 2.3,
Joined.named()was deprecated in favor ofJoined.as(). Additionally, thename()method was deprecated for removal and should not be used.
- Migrate
- io.moderne.kafka.streams.MigrateKStreamToTable
- Migrate KStream to KTable conversion to use
toTable()method - In Kafka Streams 2.5, a new
toTable()method was added to simplify converting a KStream to a KTable. This recipe replaces the manual aggregation pattern.groupByKey().reduce((oldVal, newVal) -> newVal)with the more concise.toTable()method.
- Migrate KStream to KTable conversion to use
- io.moderne.kafka.streams.MigrateKafkaStreamsStoreMethod
- Migrate deprecated
KafkaStreams#storemethod - In Kafka Streams 2.5, the method
KafkaStreams#store(String storeName, QueryableStoreType<T> storeType)was deprecated. It only allowed querying active stores and did not support any additional query options. Use the newStoreQueryParametersAPI instead.
- Migrate deprecated
- io.moderne.kafka.streams.MigrateRetryConfiguration
- Migrate deprecated retry configuration to task timeout
- In Kafka 2.7,
RETRIES_CONFIGandRETRY_BACKOFF_MS_CONFIGwere deprecated in favor ofTASK_TIMEOUT_MS_CONFIG. This recipe migrates the old retry configuration to the new task timeout configuration, attempting to preserve the retry budget by multiplying retries × backoff time. If only one config is present, it falls back to 60000ms (1 minute).
- io.moderne.kafka.streams.MigrateStreamsUncaughtExceptionHandler
- Migrate to StreamsUncaughtExceptionHandler API
- Migrates from the JVM-level Thread.UncaughtExceptionHandler to Kafka Streams' StreamsUncaughtExceptionHandler API introduced in version 2.8. This new API provides explicit control over how the Streams client should respond to uncaught exceptions (REPLACE_THREAD, SHUTDOWN_CLIENT, or SHUTDOWN_APPLICATION).
- io.moderne.kafka.streams.MigrateTaskAndThreadMetadata
- Migrate TaskMetadata and ThreadMetadata
- Migrates TaskMetadata and ThreadMetadata from org.apache.kafka.streams.processor package to org.apache.kafka.streams package, and updates TaskMetadata.taskId() calls to include .toString() for String compatibility.
- io.moderne.kafka.streams.MigrateTaskMetadataTaskId
- Migrate
TaskMetadata.taskId()to returnTaskId - In Kafka Streams 3.0,
TaskMetadata.taskId()changed its return type fromStringtoTaskId. This recipe adds.toString()calls where necessary to maintain String compatibility.
- Migrate
- io.moderne.kafka.streams.MigrateWindowStorePutMethod
- Migrate
WindowStore.put()to include timestamp - In Kafka Streams 2.4,
WindowStore.put()requires a timestamp parameter. This recipe addscontext.timestamp()as the third parameter.
- Migrate
- io.moderne.kafka.streams.ProcessingGuaranteeExactlyOnceToBeta
- Migrate
exactly_oncetoexactly_once_beta - Kafka Streams 2.6 introduces the exactly-once semantics v2, which is a more efficient implementation with improved internal handling. Though it is beta, it’s fully backward-compatible from the API standpoint, but internally it uses a different transaction/commit protocol. Starting from 3.0, it becomes the default "exactly_once_v2".
- Migrate
- io.moderne.kafka.streams.ProcessingGuaranteeExactlyOnceToV2
- Migrate
exactly_onceandexactly_once_betatoexactly_once_v2 - Kafka Streams 2.6 introduces the exactly-once semantics v2, which is a more efficient implementation with improved internal handling. Starting from 3.0, it becomes the default "exactly_once_v2".
- Migrate
- io.moderne.kafka.streams.RemovePartitionGrouperConfiguration
- Remove
PartitionGrouperconfiguration - Starting with Kafka Streams 2.4, the
PartitionGrouperAPI was deprecated and partition grouping is now fully handled internally by the library. This recipe removes the deprecatedPARTITION_GROUPER_CLASS_CONFIGconfiguration.
- Remove
rewrite-kubernetes
- org.openrewrite.kubernetes.AddConfiguration
- Add Kubernetes configuration
- Add default required configuration when it is missing.
- org.openrewrite.kubernetes.ChangeApiVersion
- Change Kubernetes API version
- Change the Kubernetes API version in a resource.
- org.openrewrite.kubernetes.ImagePullPolicyAlways
- Ensure image pull policy is
Always - Ensures the latest version of a tag is deployed each time.
- Ensure image pull policy is
- org.openrewrite.kubernetes.KubernetesBestPractices
- Kubernetes best practices
- Applies best practices to Kubernetes manifests.
- org.openrewrite.kubernetes.LifecycleRuleOnStorageBucket
- Ensure lifecycle rule on
StorageBucket - When defining a rule, you can specify any set of conditions for any action. The following configuration defines a rule to delete all objects older than 7 days in a bucket.
- Ensure lifecycle rule on
- org.openrewrite.kubernetes.LimitContainerCapabilities
- Limit root capabilities in a container
- Limiting the admission of containers with capabilities ensures that only a small number of containers have extended capabilities outside the default range.
- org.openrewrite.kubernetes.MissingCpuLimits
- Ensure CPU limits are set
- A system without managed quotas could eventually collapse due to inadequate resources for the tasks it bares.
- org.openrewrite.kubernetes.MissingCpuRequest
- Ensure CPU request is set
- If a container is created in a namespace that has a default CPU limit, and the container does not specify its own CPU limit, then the container is assigned the default CPU limit.
- org.openrewrite.kubernetes.MissingMemoryLimits
- Ensure memory limits are set
- With no limit set, kubectl allocates more and more memory to the container until it runs out.
- org.openrewrite.kubernetes.MissingMemoryRequest
- Ensure memory request is set
- A container is guaranteed to have as much memory as it requests, but is not allowed to use more memory than the limit set. This configuration may save resources and prevent an attack on an exploited container.
- org.openrewrite.kubernetes.MissingPodLivenessProbe
- Ensure liveness probe is configured
- The kubelet uses liveness probes to know when to schedule restarts for containers. Restarting a container in a deadlock state can help to make the application more available, despite bugs.
- org.openrewrite.kubernetes.MissingPodReadinessProbe
- Ensure readiness probe is configured
- Using the Readiness Probe ensures teams define what actions need to be taken to prevent failure and ensure recovery in case of unexpected errors.
- org.openrewrite.kubernetes.NoHostIPCSharing
- No host IPC sharing
- Preventing sharing of host PID/IPC namespace, networking, and ports ensures proper isolation between Docker containers and the underlying host.
- org.openrewrite.kubernetes.NoHostNetworkSharing
- No host network sharing
- When using the host network mode for a container, that container’s network stack is not isolated from the Docker host, so the container shares the host’s networking namespace and does not get its own IP-address allocation.
- org.openrewrite.kubernetes.NoHostProcessIdSharing
- No host process ID sharing
- Sharing the host process ID namespace breaks the isolation between container images and can make processes visible to other containers in the pod. This includes all information in the /proc directory, which can sometimes include passwords or keys, passed as environment variables.
- org.openrewrite.kubernetes.NoPrivilegeEscalation
- No privilege escalation
- Does not allow a process to gain more privileges than its parent process.
- org.openrewrite.kubernetes.NoPrivilegedContainers
- No privileged containers
- Privileged containers are containers that have all of the root capabilities of a host machine, allowing access to resources that are not accessible in ordinary containers.
- org.openrewrite.kubernetes.NoRootContainers
- No root containers
- Containers that run as root frequently have more permissions than their workload requires which, in case of compromise, could help an attacker further their exploits.
- org.openrewrite.kubernetes.ReadOnlyRootFilesystem
- Read-only root filesystem
- Using an immutable root filesystem and a verified boot mechanism prevents against attackers from "owning" the machine through permanent local changes.
- org.openrewrite.kubernetes.UpdateContainerImageName
- Update image name
- Search for image names that match patterns and replace the components of the name with new values.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_16
- Migrate to Kubernetes API v1.16
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.16.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_22
- Migrate to Kubernetes API v1.22
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.22.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_25
- Migrate to Kubernetes API v1.25
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.25.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_26
- Migrate to Kubernetes API v1.26
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.26.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_27
- Migrate to Kubernetes API v1.27
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.27.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_29
- Migrate to Kubernetes API v1.29
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.29.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_32
- Migrate to Kubernetes API v1.32
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.32.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_33
- Migrate to Kubernetes API v1.33
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.33.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_34
- Migrate to Kubernetes API v1.34
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.34.
- org.openrewrite.kubernetes.migrate.MigrateToAPIv1_35
- Migrate to Kubernetes API v1.35
- This recipe will apply changes commonly needed when migrating to Kubernetes API v1.35.
- org.openrewrite.kubernetes.rbac.AddRuleToRole
- Add RBAC rules
- Add RBAC rules to ClusterRoles or namespaced Roles.
- org.openrewrite.kubernetes.resource.CapResourceValueToMaximum
- Cap exceeds resource value
- Cap resource values that exceed a specific maximum.
- org.openrewrite.kubernetes.resource.FindExceedsResourceRatio
- Find exceeds resource ratio
- Find resource manifests that have requests to limits ratios beyond a specific maximum.
- org.openrewrite.kubernetes.resource.FindExceedsResourceValue
- Find exceeds resource limit
- Find resource manifests that have limits set beyond a specific maximum.
- org.openrewrite.kubernetes.search.FindAnnotation
- Find annotation
- Find annotations that optionally match a given regex.
- org.openrewrite.kubernetes.search.FindDisallowedImageTags
- Find disallowed image tags
- The set of image tags to find which are considered disallowed.
- org.openrewrite.kubernetes.search.FindHarcodedIPAddresses
- Find hardcoded IP addresses
- Find hardcoded IP address anywhere in text-based files.
- org.openrewrite.kubernetes.search.FindImage
- Find image by name
- The image name to search for in containers and initContainers.
- org.openrewrite.kubernetes.search.FindMissingDigest
- Find missing image digest
- Find instances of a container name that fails to specify a digest.
- org.openrewrite.kubernetes.search.FindMissingOrInvalidAnnotation
- Find annotation
- Find annotations that optionally match a given value.
- org.openrewrite.kubernetes.search.FindMissingOrInvalidLabel
- Find label
- Find labels that optionally match a given regex.
- org.openrewrite.kubernetes.search.FindNonTlsIngress
- Find non-TLS Ingresses
- Find Ingress resources that don't disallow HTTP or don't have TLS configured.
- org.openrewrite.kubernetes.search.FindResourceMissingConfiguration
- Find missing configuration
- Find Kubernetes resources with missing configuration.
- org.openrewrite.kubernetes.services.FindServiceExternalIPs
- Find uses of
externalIP - Find any
ServicewhoseexternalIPlist contains, or does not contain, one of a list of IPs.
- Find uses of
- org.openrewrite.kubernetes.services.FindServicesByType
- Service type
- Type of Kubernetes
Serviceto find.
- org.openrewrite.kubernetes.services.UpdateServiceExternalIP
- Update
ServiceexternalIP - Swap out an IP address with another one in
ServiceexternalIPsettings.
- Update
rewrite-migrate-python
- org.openrewrite.python.migrate.FindAifcModule
- Find deprecated
aifcmodule usage - The
aifcmodule was deprecated in Python 3.11 and removed in Python 3.13. Use third-party audio libraries instead.
- Find deprecated
- org.openrewrite.python.migrate.FindAsyncioCoroutineDecorator
- Find deprecated
@asyncio.coroutinedecorator - Find usage of the deprecated
@asyncio.coroutinedecorator which was removed in Python 3.11. Convert toasync defsyntax withawaitinstead ofyield from.
- Find deprecated
- org.openrewrite.python.migrate.FindAudioopModule
- Find deprecated
audioopmodule usage - The
audioopmodule was deprecated in Python 3.11 and removed in Python 3.13. Use pydub, numpy, or scipy for audio operations.
- Find deprecated
- org.openrewrite.python.migrate.FindCgiModule
- Find deprecated
cgimodule usage - The
cgimodule was deprecated in Python 3.11 and removed in Python 3.13. Useurllib.parsefor query string parsing,html.escape()for escaping, and web frameworks oremail.messagefor form handling.
- Find deprecated
- org.openrewrite.python.migrate.FindCgiParseQs
- Find removed
cgi.parse_qs()usage cgi.parse_qs()was removed in Python 3.8. Useurllib.parse.parse_qs()instead.
- Find removed
- org.openrewrite.python.migrate.FindCgiParseQsl
- Find removed
cgi.parse_qsl()usage cgi.parse_qsl()was removed in Python 3.8. Useurllib.parse.parse_qsl()instead.
- Find removed
- org.openrewrite.python.migrate.FindCgitbModule
- Find deprecated
cgitbmodule usage - The
cgitbmodule was deprecated in Python 3.11 and removed in Python 3.13. Use the standardloggingandtracebackmodules for error handling.
- Find deprecated
- org.openrewrite.python.migrate.FindChunkModule
- Find deprecated
chunkmodule usage - The
chunkmodule was deprecated in Python 3.11 and removed in Python 3.13. Implement IFF chunk reading manually or use specialized libraries.
- Find deprecated
- org.openrewrite.python.migrate.FindCryptModule
- Find deprecated
cryptmodule usage - The
cryptmodule was deprecated in Python 3.11 and removed in Python 3.13. Usebcrypt,argon2-cffi, orpasslibinstead.
- Find deprecated
- org.openrewrite.python.migrate.FindDistutilsUsage
- Find deprecated distutils module usage
- Find imports of the deprecated
distutilsmodule which was removed in Python 3.12. Migrate tosetuptoolsor other modern build tools.
- org.openrewrite.python.migrate.FindElementGetchildren
- Find deprecated
Element.getchildren()usage - Find usage of
getchildren()method on XML Element objects. Deprecated in Python 3.9. Uselist(element)instead.
- Find deprecated
- org.openrewrite.python.migrate.FindFunctoolsCmpToKey
- Find
functools.cmp_to_key()usage - Find usage of
functools.cmp_to_key()which is a Python 2 compatibility function. Consider using a key function directly.
- Find
- org.openrewrite.python.migrate.FindHtmlParserUnescape
- Find removed
HTMLParser.unescape()usage HTMLParser.unescape()was removed in Python 3.9. Usehtml.unescape()instead.
- Find removed
- org.openrewrite.python.migrate.FindImghdrModule
- Find deprecated
imghdrmodule usage - The
imghdrmodule was deprecated in Python 3.11 and removed in Python 3.13. Usefiletype,python-magic, orPillowinstead.
- Find deprecated
- org.openrewrite.python.migrate.FindImpUsage
- Find deprecated imp module usage
- Find imports of the deprecated
impmodule which was removed in Python 3.12. Migrate toimportlib.
- org.openrewrite.python.migrate.FindLocaleGetdefaultlocale
- Find deprecated
locale.getdefaultlocale()usage locale.getdefaultlocale()was deprecated in Python 3.11. Uselocale.setlocale(),locale.getlocale(), orlocale.getpreferredencoding(False)instead.
- Find deprecated
- org.openrewrite.python.migrate.FindMacpathModule
- Find removed
macpathmodule usage - The
macpathmodule was removed in Python 3.8. Useos.pathinstead.
- Find removed
- org.openrewrite.python.migrate.FindMailcapModule
- Find deprecated
mailcapmodule usage - The
mailcapmodule was deprecated in Python 3.11 and removed in Python 3.13. Usemimetypesmodule for MIME type handling.
- Find deprecated
- org.openrewrite.python.migrate.FindMsilibModule
- Find deprecated
msilibmodule usage - The
msilibmodule was deprecated in Python 3.11 and removed in Python 3.13. Use platform-specific tools for MSI creation.
- Find deprecated
- org.openrewrite.python.migrate.FindNisModule
- Find deprecated
nismodule usage - The
nismodule was deprecated in Python 3.11 and removed in Python 3.13. There is no direct replacement.
- Find deprecated
- org.openrewrite.python.migrate.FindNntplibModule
- Find deprecated
nntplibmodule usage - The
nntplibmodule was deprecated in Python 3.11 and removed in Python 3.13. NNTP is largely obsolete; consider alternatives if needed.
- Find deprecated
- org.openrewrite.python.migrate.FindOsPopen
- Find deprecated
os.popen()usage os.popen()has been deprecated since Python 3.6. Usesubprocess.run()orsubprocess.Popen()instead for better control over process creation and output handling.
- Find deprecated
- org.openrewrite.python.migrate.FindOsSpawn
- Find deprecated
os.spawn*()usage - The
os.spawn*()family of functions are deprecated. Usesubprocess.run()orsubprocess.Popen()instead.
- Find deprecated
- org.openrewrite.python.migrate.FindOssaudiodevModule
- Find deprecated
ossaudiodevmodule usage - The
ossaudiodevmodule was deprecated in Python 3.11 and removed in Python 3.13. There is no direct replacement.
- Find deprecated
- org.openrewrite.python.migrate.FindPathlibLinkTo
- Find deprecated
Path.link_to()usage - Find usage of
Path.link_to()which was deprecated in Python 3.10 and removed in 3.12. Usehardlink_to()instead (note: argument order is reversed).
- Find deprecated
- org.openrewrite.python.migrate.FindPipesModule
- Find deprecated
pipesmodule usage - The
pipesmodule was deprecated in Python 3.11 and removed in Python 3.13. Use subprocess with shlex.quote() for shell escaping.
- Find deprecated
- org.openrewrite.python.migrate.FindPlatformPopen
- Find removed
platform.popen()usage platform.popen()was removed in Python 3.8. Useos.popen()orsubprocess.run()instead.
- Find removed
- org.openrewrite.python.migrate.FindReTemplate
- Find deprecated
re.template()/re.TEMPLATEusage re.template()andre.TEMPLATEwere deprecated in Python 3.11 and removed in 3.13.
- Find deprecated
- org.openrewrite.python.migrate.FindRemovedModules312
- Find modules removed in Python 3.12
- Find imports of modules that were removed in Python 3.12, including asynchat, asyncore, and smtpd.
- org.openrewrite.python.migrate.FindShutilRmtreeOnerror
- Find deprecated
shutil.rmtree(onerror=...)parameter - The
onerrorparameter ofshutil.rmtree()was deprecated in Python 3.12 in favor ofonexc. Theonexccallback receives the exception object directly rather than an exc_info tuple.
- Find deprecated
- org.openrewrite.python.migrate.FindSndhdrModule
- Find deprecated
sndhdrmodule usage - The
sndhdrmodule was deprecated in Python 3.11 and removed in Python 3.13. Usefiletypeor audio libraries likepydubinstead.
- Find deprecated
- org.openrewrite.python.migrate.FindSocketGetFQDN
- Find
socket.getfqdn()usage - Find usage of
socket.getfqdn()which can be slow and unreliable. Consider usingsocket.gethostname()instead.
- Find
- org.openrewrite.python.migrate.FindSpwdModule
- Find deprecated
spwdmodule usage - The
spwdmodule was deprecated in Python 3.11 and removed in Python 3.13. There is no direct replacement.
- Find deprecated
- org.openrewrite.python.migrate.FindSslMatchHostname
- Find deprecated
ssl.match_hostname() - Find usage of the deprecated
ssl.match_hostname()function which was removed in Python 3.12. Usessl.SSLContext.check_hostnameinstead.
- Find deprecated
- org.openrewrite.python.migrate.FindSunauModule
- Find deprecated
sunaumodule usage - The
sunaumodule was deprecated in Python 3.11 and removed in Python 3.13. Usesoundfileorpydubinstead.
- Find deprecated
- org.openrewrite.python.migrate.FindSysCoroutineWrapper
- Find removed
sys.set_coroutine_wrapper()/sys.get_coroutine_wrapper() sys.set_coroutine_wrapper()andsys.get_coroutine_wrapper()were deprecated in Python 3.7 and removed in Python 3.8.
- Find removed
- org.openrewrite.python.migrate.FindSysLastExcInfo
- Find deprecated
sys.last_type/sys.last_value/sys.last_traceback sys.last_type,sys.last_value, andsys.last_tracebackwere deprecated in Python 3.12. Usesys.last_excinstead.
- Find deprecated
- org.openrewrite.python.migrate.FindTarfileFilemode
- Find removed
tarfile.filemodeusage tarfile.filemodewas removed in Python 3.8. Usestat.filemode()instead.
- Find removed
- org.openrewrite.python.migrate.FindTelnetlibModule
- Find deprecated
telnetlibmodule usage - The
telnetlibmodule was deprecated in Python 3.11 and removed in Python 3.13. Consider usingtelnetlib3from PyPI, direct socket usage, or SSH-based alternatives like paramiko.
- Find deprecated
- org.openrewrite.python.migrate.FindTempfileMktemp
- Find deprecated
tempfile.mktemp()usage - Find usage of
tempfile.mktemp()which is deprecated due to security concerns (race condition). Usemkstemp()orNamedTemporaryFile()instead.
- Find deprecated
- org.openrewrite.python.migrate.FindUrllibParseSplitFunctions
- Find deprecated urllib.parse split functions
- Find usage of deprecated urllib.parse split functions (splithost, splitport, etc.) removed in Python 3.14. Use urlparse() instead.
- org.openrewrite.python.migrate.FindUrllibParseToBytes
- Find deprecated
urllib.parse.to_bytes()usage - Find usage of
urllib.parse.to_bytes()which was deprecated in Python 3.8 and removed in 3.14. Use str.encode() directly.
- Find deprecated
- org.openrewrite.python.migrate.FindUuModule
- Find deprecated
uumodule usage - The
uumodule was deprecated in Python 3.11 and removed in Python 3.13. Usebase64module instead for encoding binary data.
- Find deprecated
- org.openrewrite.python.migrate.FindXdrlibModule
- Find deprecated
xdrlibmodule usage - The
xdrlibmodule was deprecated in Python 3.11 and removed in Python 3.13. Usestructmodule for binary packing/unpacking.
- Find deprecated
- org.openrewrite.python.migrate.MigrateAsyncioCoroutine
- Migrate
@asyncio.coroutinetoasync def - Migrate functions using the deprecated
@asyncio.coroutinedecorator to useasync defsyntax. Also transformsyield fromtoawait. The decorator was removed in Python 3.11.
- Migrate
- org.openrewrite.python.migrate.ReplaceArrayFromstring
- Replace
array.fromstring()witharray.frombytes() - Replace
fromstring()withfrombytes()on array objects. The fromstring() method was deprecated in Python 3.2 and removed in 3.14.
- Replace
- org.openrewrite.python.migrate.ReplaceArrayTostring
- Replace
array.tostring()witharray.tobytes() - Replace
tostring()withtobytes()on array objects. The tostring() method was deprecated in Python 3.2 and removed in 3.14.
- Replace
- org.openrewrite.python.migrate.ReplaceAstBytes
- Replace
ast.Byteswithast.Constant - The
ast.Bytesnode type was deprecated in Python 3.8 and removed in Python 3.14. Replace withast.Constantand checkisinstance(node.value, bytes).
- Replace
- org.openrewrite.python.migrate.ReplaceAstEllipsis
- Replace
ast.Ellipsiswithast.Constant - The
ast.Ellipsisnode type was deprecated in Python 3.8 and removed in Python 3.14. Replace withast.Constantand checknode.value is ....
- Replace
- org.openrewrite.python.migrate.ReplaceAstNameConstant
- Replace
ast.NameConstantwithast.Constant - The
ast.NameConstantnode type was deprecated in Python 3.8 and removed in Python 3.14. Replace withast.Constantand checknode.value in (True, False, None).
- Replace
- org.openrewrite.python.migrate.ReplaceAstNum
- Replace
ast.Numwithast.Constant - The
ast.Numnode type was deprecated in Python 3.8 and removed in Python 3.14. Replace withast.Constantand checkisinstance(node.value, (int, float, complex)).
- Replace
- org.openrewrite.python.migrate.ReplaceAstStr
- Replace
ast.Strwithast.Constant - The
ast.Strnode type was deprecated in Python 3.8 and removed in Python 3.14. Replace withast.Constantand checkisinstance(node.value, str).
- Replace
- org.openrewrite.python.migrate.ReplaceCalendarConstants
- Replace deprecated calendar constants with uppercase
- Replace deprecated mixed-case calendar constants like
calendar.Januarywith their uppercase equivalents likecalendar.JANUARY. The mixed-case constants were deprecated in Python 3.12.
- org.openrewrite.python.migrate.ReplaceCollectionsAbcImports
- Replace
collectionsABC imports withcollections.abc - Migrate deprecated abstract base class imports from
collectionstocollections.abc. These imports were deprecated in Python 3.3 and removed in Python 3.10.
- Replace
- org.openrewrite.python.migrate.ReplaceConditionNotifyAll
- Replace
Condition.notifyAll()withCondition.notify_all() - Replace
notifyAll()method calls withnotify_all(). The camelCase version was deprecated in Python 3.10 and removed in 3.12.
- Replace
- org.openrewrite.python.migrate.ReplaceConfigparserReadfp
- Replace
ConfigParser.readfp()withread_file() - The
ConfigParser.readfp()method was deprecated in Python 3.2 and removed in Python 3.13. Replace withread_file().
- Replace
- org.openrewrite.python.migrate.ReplaceConfigparserSafeConfigParser
- Replace
configparser.SafeConfigParserwithConfigParser - The
configparser.SafeConfigParserclass was deprecated in Python 3.2 and removed in Python 3.12. Replace withconfigparser.ConfigParser.
- Replace
- org.openrewrite.python.migrate.ReplaceDatetimeUtcFromTimestamp
- Replace
datetime.utcfromtimestamp()withdatetime.fromtimestamp(ts, UTC) - The
datetime.utcfromtimestamp()method is deprecated in Python 3.12. Replace it withdatetime.fromtimestamp(ts, datetime.UTC)for timezone-aware datetime objects.
- Replace
- org.openrewrite.python.migrate.ReplaceDatetimeUtcNow
- Replace
datetime.utcnow()withdatetime.now(UTC) - The
datetime.utcnow()method is deprecated in Python 3.12. Replace it withdatetime.now(datetime.UTC)for timezone-aware datetime objects.
- Replace
- org.openrewrite.python.migrate.ReplaceDistutilsVersion
- Replace deprecated distutils.version usage
- Detect usage of deprecated
distutils.version.LooseVersionanddistutils.version.StrictVersion. These should be migrated topackaging.version.Version. Note: Manual migration is required aspackaging.version.Versionis not a drop-in replacement.
- org.openrewrite.python.migrate.ReplaceElementGetiterator
- Replace
Element.getiterator()withElement.iter() - Replace
getiterator()withiter()on XML Element objects. The getiterator() method was deprecated in Python 3.9.
- Replace
- org.openrewrite.python.migrate.ReplaceEventIsSet
- Replace
Event.isSet()withEvent.is_set() - Replace
isSet()method calls withis_set(). The camelCase version was deprecated in Python 3.10 and removed in 3.12.
- Replace
- org.openrewrite.python.migrate.ReplaceGettextDeprecations
- Replace deprecated gettext l*gettext() functions
- Replace deprecated gettext functions like
lgettext()with their modern equivalents likegettext(). The l*gettext() functions were removed in Python 3.11.
- org.openrewrite.python.migrate.ReplaceLocaleResetlocale
- Replace
locale.resetlocale()withlocale.setlocale(LC_ALL, '') - The
locale.resetlocale()function was deprecated in Python 3.11 and removed in Python 3.13. Replace withlocale.setlocale(locale.LC_ALL, '').
- Replace
- org.openrewrite.python.migrate.ReplacePercentFormatWithFString
- Replace
%formatting with f-string - Replace
"..." % (...)expressions with f-strings (Python 3.6+). Only converts%sand%rspecifiers where the format string is a literal and the conversion is safe.
- Replace
- org.openrewrite.python.migrate.ReplacePkgutilFindLoader
- Replace
pkgutil.find_loader()withimportlib.util.find_spec() - The
pkgutil.find_loader()function was deprecated in Python 3.12. Replace withimportlib.util.find_spec(). Note: returns ModuleSpec, use .loader for loader.
- Replace
- org.openrewrite.python.migrate.ReplacePkgutilGetLoader
- Replace
pkgutil.get_loader()withimportlib.util.find_spec() - The
pkgutil.get_loader()function was deprecated in Python 3.12. Replace withimportlib.util.find_spec(). Note: returns ModuleSpec, use .loader for loader.
- Replace
- org.openrewrite.python.migrate.ReplaceStrFormatWithFString
- Replace
str.format()with f-string - Replace
"...".format(...)calls with f-strings (Python 3.6+). Only converts cases where the format string is a literal and the conversion is safe.
- Replace
- org.openrewrite.python.migrate.ReplaceThreadGetName
- Replace
Thread.getName()withThread.name - Replace
getName()method calls with thenameproperty. Deprecated in Python 3.10, removed in 3.12.
- Replace
- org.openrewrite.python.migrate.ReplaceThreadIsAlive
- Replace
Thread.isAlive()withThread.is_alive() - Replace
isAlive()method calls withis_alive(). Deprecated in Python 3.1 and removed in 3.9.
- Replace
- org.openrewrite.python.migrate.ReplaceThreadIsDaemon
- Replace
Thread.isDaemon()withThread.daemon - Replace
isDaemon()method calls with thedaemonproperty. Deprecated in Python 3.10, removed in 3.12.
- Replace
- org.openrewrite.python.migrate.ReplaceThreadSetDaemon
- Replace
Thread.setDaemon()withThread.daemon = ... - Replace
setDaemon()method calls withdaemonproperty assignment. Deprecated in Python 3.10, removed in 3.12.
- Replace
- org.openrewrite.python.migrate.ReplaceThreadSetName
- Replace
Thread.setName()withThread.name = ... - Replace
setName()method calls withnameproperty assignment. Deprecated in Python 3.10, removed in 3.12.
- Replace
- org.openrewrite.python.migrate.ReplaceThreadingActiveCount
- Replace
threading.activeCount()withthreading.active_count() - Replace
threading.activeCount()withthreading.active_count(). The camelCase version was deprecated in Python 3.10 and removed in 3.12.
- Replace
- org.openrewrite.python.migrate.ReplaceThreadingCurrentThread
- Replace
threading.currentThread()withthreading.current_thread() - Replace
threading.currentThread()withthreading.current_thread(). The camelCase version was deprecated in Python 3.10 and removed in 3.12.
- Replace
- org.openrewrite.python.migrate.ReplaceTypingCallableWithCollectionsAbcCallable
- Replace
typing.Callablewithcollections.abc.Callable - PEP 585 deprecated
typing.Callablein Python 3.9. Replace withcollections.abc.Callablefor type annotations.
- Replace
- org.openrewrite.python.migrate.ReplaceTypingDictWithDict
- Replace
typing.Dictwithdict - PEP 585 deprecated
typing.Dictin Python 3.9. Replace with the built-indicttype for generic annotations.
- Replace
- org.openrewrite.python.migrate.ReplaceTypingListWithList
- Replace
typing.Listwithlist - PEP 585 deprecated
typing.Listin Python 3.9. Replace with the built-inlisttype for generic annotations.
- Replace
- org.openrewrite.python.migrate.ReplaceTypingOptionalWithUnion
- Replace
typing.Optional[X]withX | None - PEP 604 introduced the
|operator for union types in Python 3.10. ReplaceOptional[X]with the more conciseX | Nonesyntax.
- Replace
- org.openrewrite.python.migrate.ReplaceTypingSetWithSet
- Replace
typing.Setwithset - PEP 585 deprecated
typing.Setin Python 3.9. Replace with the built-insettype for generic annotations.
- Replace
- org.openrewrite.python.migrate.ReplaceTypingText
- Replace
typing.Textwithstr typing.Textis deprecated as of Python 3.11. It was an alias forstrfor Python 2/3 compatibility. Replace withstr.
- Replace
- org.openrewrite.python.migrate.ReplaceTypingTupleWithTuple
- Replace
typing.Tuplewithtuple - PEP 585 deprecated
typing.Tuplein Python 3.9. Replace with the built-intupletype for generic annotations.
- Replace
- org.openrewrite.python.migrate.ReplaceTypingUnionWithPipe
- Replace
typing.Union[X, Y]withX | Y - PEP 604 introduced the
|operator for union types in Python 3.10. ReplaceUnion[X, Y, ...]with the more conciseX | Y | ...syntax.
- Replace
- org.openrewrite.python.migrate.ReplaceUnittestDeprecatedAliases
- Replace deprecated unittest method aliases
- Replace deprecated unittest.TestCase method aliases like
assertEqualswith their modern equivalents likeassertEqual. These aliases were removed in Python 3.11/3.12.
- org.openrewrite.python.migrate.UpgradeToPython310
- Upgrade to Python 3.10
- Migrate deprecated APIs and adopt new syntax for Python 3.10 compatibility. This includes adopting PEP 604 union type syntax (
X | Y) and other modernizations between Python 3.9 and 3.10.
- org.openrewrite.python.migrate.UpgradeToPython311
- Upgrade to Python 3.11
- Migrate deprecated and removed APIs for Python 3.11 compatibility. This includes handling removed modules, deprecated functions, and API changes between Python 3.10 and 3.11.
- org.openrewrite.python.migrate.UpgradeToPython312
- Upgrade to Python 3.12
- Migrate deprecated and removed APIs for Python 3.12 compatibility. This includes detecting usage of the removed
impmodule and other legacy modules that were removed in Python 3.12.
- org.openrewrite.python.migrate.UpgradeToPython313
- Upgrade to Python 3.13
- Migrate deprecated and removed APIs for Python 3.13 compatibility. This includes detecting usage of modules removed in PEP 594 ('dead batteries') and other API changes between Python 3.12 and 3.13.
- org.openrewrite.python.migrate.UpgradeToPython314
- Upgrade to Python 3.14
- Migrate deprecated and removed APIs for Python 3.14 compatibility. This includes replacing deprecated AST node types with
ast.Constantand other API changes between Python 3.13 and 3.14.
- org.openrewrite.python.migrate.UpgradeToPython38
- Upgrade to Python 3.8
- Migrate deprecated APIs and detect legacy patterns for Python 3.8 compatibility.
- org.openrewrite.python.migrate.UpgradeToPython39
- Upgrade to Python 3.9
- Migrate deprecated APIs for Python 3.9 compatibility. This includes PEP 585 built-in generics, removed base64 functions, and deprecated XML Element methods.
- org.openrewrite.python.migrate.langchain.FindDeprecatedLangchainAgents
- Find deprecated LangChain agent patterns
- Find usage of deprecated LangChain agent patterns including
initialize_agent,AgentExecutor, andLLMChain. These were deprecated in LangChain v0.2 and removed in v1.0.
- org.openrewrite.python.migrate.langchain.FindLangchainCreateReactAgent
- Find
create_react_agentusage (replace withcreate_agent) - Find
from langgraph.prebuilt import create_react_agentwhich should be replaced withfrom langchain.agents import create_agentin LangChain v1.0.
- Find
- org.openrewrite.python.migrate.langchain.ReplaceLangchainClassicImports
- Replace
langchainlegacy imports withlangchain_classic - Migrate legacy chain, retriever, and indexing imports from
langchaintolangchain_classic. These were moved in LangChain v1.0.
- Replace
- org.openrewrite.python.migrate.langchain.ReplaceLangchainCommunityImports
- Replace
langchainimports withlangchain_community - Migrate third-party integration imports from
langchaintolangchain_community. These integrations were moved in LangChain v0.2.
- Replace
- org.openrewrite.python.migrate.langchain.ReplaceLangchainProviderImports
- Replace
langchain_communityimports with provider packages - Migrate provider-specific imports from
langchain_communityto dedicated provider packages likelangchain_openai,langchain_anthropic, etc.
- Replace
- org.openrewrite.python.migrate.langchain.UpgradeToLangChain02
- Upgrade to LangChain 0.2
- Migrate to LangChain 0.2 by updating imports from
langchaintolangchain_communityand provider-specific packages.
- org.openrewrite.python.migrate.langchain.UpgradeToLangChain1
- Upgrade to LangChain 1.0
- Migrate to LangChain 1.0 by applying all v0.2 migrations and then moving legacy functionality to
langchain_classic.
rewrite-nodejs
- org.openrewrite.nodejs.DependencyVulnerabilityCheck
- Find and fix vulnerable npm dependencies
- This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
- org.openrewrite.nodejs.UpgradeDependencyVersion
- Upgrade Node.js dependencies
- Upgrade matching Node.js direct dependencies.
- org.openrewrite.nodejs.search.DatabaseInteractionInsights
- Javascript database interaction library insights
- Discover which popular javascript database interaction libraries (Sequelize, TypeORM, Mongoose, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.DependencyInsight
- Node.js dependency insight
- Identify the direct and transitive Node.js dependencies used in a project.
- org.openrewrite.nodejs.search.FindNodeProjects
- Find Node.js projects
- Find Node.js projects and summarize data about them.
- org.openrewrite.nodejs.search.FormHandlingInsights
- Javascript form handling library insights
- Discover which popular javascript form handling libraries (Formik, React Hook Form, Yup, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.LintingFormattingInsights
- Javascript linting & formatting library insights
- Discover which popular javascript linting and formatting libraries (ESLint, Prettier, Stylelint, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.RealTimeCommunicationInsights
- Javascript real-time communication library insights
- Discover which popular javascript real-time communication libraries (Socket.io, Ws, SockJS, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.SecurityInsights
- Javascript security library insights
- Discover which popular javascript security libraries (Helmet, Cors, Bcrypt, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.ServerSideFrameworksInsights
- Javascript server-side frameworks insights
- Discover which popular javascript server-side frameworks (Express, Koa, Hapi, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.StateManagementInsights
- Javascript state management library insights
- Discover which popular javascript state management libraries (Redux, MobX, Vuex, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.TaskRunnersBuildToolsInsights
- Javascript task runners & build tools insights
- Discover which popular javascript task runners and build tools (Webpack, Parcel, Gulp, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.TestingInsights
- Javascript testing library insights
- Discover which popular javascript testing libraries (Jest, Mocha, Chai, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.UIInsights
- Javascript UI library insights
- Discover which popular javascript UI libraries (React, Vue.js, Angular, etc.) are being used in your projects.
- org.openrewrite.nodejs.search.UtilityInsights
- Javascript utility library insights
- Discover which popular javascript utility libraries (Lodash, Moment.js, Date-fns, etc.) are being used in your projects.
- org.openrewrite.recipe.rewrite-nodejs.InlineDeprecatedMethods
- Inline deprecated delegating methods
- Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.
rewrite-prethink
- io.moderne.prethink.ComprehendCode
- Comprehend code with AI
- Use an LLM to generate descriptions for classes and methods in the codebase. Descriptions are cached based on source code checksums to avoid regenerating descriptions for unchanged code.
- io.moderne.prethink.ComprehendCodeTokenCounter
- Estimate comprehension token usage
- Estimate the input token counts that would be sent to an LLM for method comprehension, without actually calling a model. Uses OpenAI's tokenizer locally. Outputs to the MethodDescriptions table with blank descriptions.
- io.moderne.prethink.ExtractCodingConventions
- Extract coding conventions
- Analyze the codebase to extract coding conventions including naming patterns, import organization, and documentation patterns.
- io.moderne.prethink.ExtractDependencyUsage
- Extract dependency usage patterns
- Analyze the codebase to extract dependency usage patterns by examining which types from external libraries are actually used in the code.
- io.moderne.prethink.ExtractErrorPatterns
- Extract error handling patterns
- Analyze the codebase to extract error handling patterns including exception types, handling strategies, and logging frameworks used.
- io.moderne.prethink.FindTestCoverage
- Find test coverage mapping
- Map test methods to their corresponding implementation methods. Uses JavaType.Method matching to determine coverage relationships. Optionally generates AI summaries of what each test is verifying when LLM provider is configured.
- io.moderne.prethink.UpdatePrethinkContextNoAiStarter
- Update Prethink context (no AI)
- Generate Moderne Prethink context files with architectural discovery, test coverage mapping, dependency inventory, and FINOS CALM architecture diagrams. This recipe does not require an LLM provider - use UpdatePrethinkContextStarter if you want AI-generated code comprehension and test summaries.
- io.moderne.prethink.UpdatePrethinkContextStarter
- Update Prethink context (with AI)
- Generate Moderne Prethink context files with AI-generated code comprehension, test coverage mapping, dependency inventory, and FINOS CALM architecture diagrams. Maps tests to implementation methods and optionally generates AI summaries of what each test verifies when LLM provider is configured.
- io.moderne.prethink.calm.FindCalmRelationships
- Find CALM relationships
- Discover method call relationships within the repository for building interaction diagrams. Captures all method-to-method calls between in-repo classes. Entity IDs are resolved by GenerateCalmArchitecture when building CALM relationships.
- io.moderne.prethink.calm.FindDataAssets
- Find data assets
- Identify data assets including JPA entities, MongoDB documents, Java records, and DTOs in the application.
- io.moderne.prethink.calm.FindDatabaseConnections
- Find database connections
- Identify database connections and data access patterns in the application. Detects JPA entities, Spring Data repositories, JDBC templates, and MyBatis mappers.
- io.moderne.prethink.calm.FindDeploymentArtifacts
- Find deployment artifacts
- Identify deployment artifacts including Dockerfiles, docker-compose files, and Kubernetes manifests.
- io.moderne.prethink.calm.FindExpressEndpoints
- Find Express endpoints
- Identify REST/HTTP endpoints in Express and Fastify applications. Detects app.get(), router.post(), and similar route definition patterns.
- io.moderne.prethink.calm.FindExternalServiceCalls
- Find external service calls
- Identify outbound HTTP calls to external services. Detects RestTemplate, WebClient, Feign clients, Apache HttpClient, OkHttp, and JAX-RS clients.
- io.moderne.prethink.calm.FindMessagingConnections
- Find messaging connections
- Identify message queue producers and consumers. Detects Kafka, RabbitMQ, JMS, Spring Cloud Stream, and AWS SQS messaging.
- io.moderne.prethink.calm.FindMongooseSchemas
- Find Mongoose schemas
- Identify Mongoose models and schemas in Node.js applications. Detects mongoose.model() calls and populates the DatabaseConnections table.
- io.moderne.prethink.calm.FindNestJSEndpoints
- Find NestJS endpoints
- Identify REST/HTTP endpoints in NestJS controllers. Detects @Controller, @Get, @Post, @Put, @Delete, and @Patch decorators and populates the ServiceEndpoints data table.
- io.moderne.prethink.calm.FindNodeErrorPatterns
- Find Node.js error patterns
- Identify error handling patterns in Node.js applications. Detects try/catch blocks and identifies logging frameworks used.
- io.moderne.prethink.calm.FindNodeHttpClients
- Find Node.js HTTP clients
- Identify HTTP client usage in Node.js applications. Detects axios, fetch, got, and superagent call patterns.
- io.moderne.prethink.calm.FindNodeMessaging
- Find Node.js messaging
- Identify messaging patterns in Node.js applications. Detects KafkaJS, amqplib, and Bull/BullMQ usage.
- io.moderne.prethink.calm.FindNodeProjectMetadata
- Find Node.js project metadata
- Extract project metadata (name, version, description) from Node.js package.json files.
- io.moderne.prethink.calm.FindNodeSecurityConfig
- Find Node.js security configuration
- Identify security middleware in Node.js applications. Detects cors, helmet, passport, and JWT middleware usage.
- io.moderne.prethink.calm.FindNodeTestCoverage
- Find Node.js test coverage
- Identify test methods in Jest, Mocha, and Vitest test files. Detects describe(), it(), and test() blocks and populates the TestMapping table.
- io.moderne.prethink.calm.FindPrismaUsage
- Find Prisma usage
- Identify Prisma ORM usage in Node.js applications. Detects prisma.model.findMany() and similar Prisma Client query patterns.
- io.moderne.prethink.calm.FindProjectMetadata
- Find project metadata
- Extract project metadata (artifact ID, group ID, name, description) from Maven pom.xml files.
- io.moderne.prethink.calm.FindSecurityConfiguration
- Find security configuration
- Identify security configurations including Spring Security, OAuth2, and CORS settings.
- io.moderne.prethink.calm.FindServerConfiguration
- Find server configuration
- Extract server configuration (port, SSL, context path) from application.properties and application.yml files.
- io.moderne.prethink.calm.FindServiceComponents
- Find service components
- Identify service layer components (@Service, @Component, @Named) in the application. Excludes controllers and repositories which are handled by dedicated recipes.
- io.moderne.prethink.calm.FindServiceEndpoints
- Find service endpoints
- Identify all REST/HTTP service endpoints exposed by the application. Supports Spring MVC, JAX-RS, Micronaut, and Quarkus REST endpoints.
- io.moderne.prethink.calm.FindTypeORMEntities
- Find TypeORM entities
- Identify TypeORM entities in Node.js applications. Detects @Entity() decorator on classes and populates the DatabaseConnections table.
- io.moderne.prethink.calm.GenerateCalmMermaidDiagram
- Generate architecture mermaid diagram
- Generate a markdown file with a mermaid architecture diagram from discovered service endpoints, database connections, external service calls, and messaging connections.
rewrite-program-analysis
- org.openrewrite.analysis.java.FindNullPointerIssues
- Find null pointer issues
- Detects potential null pointer dereferences using path-sensitive analysis to distinguish between definite NPEs, possible NPEs, and safe dereferences.
- org.openrewrite.analysis.java.controlflow.FindUnusedDefinitions
- Find unused variable definitions
- Identifies variable assignments whose values are never used before being overwritten.
- org.openrewrite.analysis.java.controlflow.search.FindCyclomaticComplexity
- Find cyclomatic complexity
- Calculates the cyclomatic complexity of methods and produces a data table containing the class name, method name, argument types, complexity value, and complexity threshold.
- org.openrewrite.analysis.java.controlflow.search.FindUnreachableCode
- Find unreachable code
- Uses control flow analysis to identify statements that can never be executed.
- org.openrewrite.analysis.java.dataflow.FindDeadStores
- Find dead stores
- Identifies variable assignments whose values are never used before being overwritten or going out of scope.
- org.openrewrite.analysis.java.datalineage.TrackDataLineage
- Track data lineage
- Tracks the flow of data from database sources (JDBC queries, JPA entities) to API sinks (REST endpoints, GraphQL mutations) to understand data dependencies and support compliance requirements.
- org.openrewrite.analysis.java.privacy.FindPiiExposure
- Find PII exposure in logs and external APIs
- Detects when Personally Identifiable Information (PII) is exposed through logging statements or sent to external APIs without proper sanitization. This helps prevent data leaks and ensures compliance with privacy regulations like GDPR and CCPA.
- org.openrewrite.analysis.java.security.FindCommandInjection
- Find command injection vulnerabilities
- Detects when user-controlled input flows into system command execution methods like Runtime.exec() or ProcessBuilder, which could allow attackers to execute arbitrary commands.
- org.openrewrite.analysis.java.security.FindLdapInjection
- Find LDAP injection vulnerabilities
- Finds LDAP injection vulnerabilities by tracking tainted data flow from user input to LDAP queries.
- org.openrewrite.analysis.java.security.FindPathTraversal
- Find path traversal vulnerabilities
- Detects potential path traversal vulnerabilities where user input flows to file system operations without proper validation.
- org.openrewrite.analysis.java.security.FindSecurityVulnerabilities
- Find security vulnerabilities using taint analysis
- Identifies potential security vulnerabilities where untrusted data from sources flows to sensitive sinks without proper sanitization.
- org.openrewrite.analysis.java.security.FindSqlInjection
- Find SQL injection vulnerabilities
- Detects potential SQL injection vulnerabilities where user input flows to SQL execution methods without proper sanitization.
- org.openrewrite.analysis.java.security.FindUnencryptedPiiStorage
- Find unencrypted PII storage
- Identifies when personally identifiable information (PII) is stored in databases, files, or other persistent storage without encryption.
- org.openrewrite.analysis.java.security.FindXssVulnerability
- Find XSS vulnerabilities
- Detects potential cross-site scripting vulnerabilities where user input flows to output methods without proper sanitization.
- org.openrewrite.analysis.java.security.FindXxeVulnerability
- Find XXE vulnerabilities
- Locates XML parsers that are not configured to prevent XML External Entity (XXE) attacks.
rewrite-python
- org.openrewrite.python.AddDependency
- Add Python dependency
- Add a dependency to the
[project].dependenciesarray inpyproject.toml. Whenuvis available, theuv.lockfile is regenerated.
- org.openrewrite.python.ChangeDependency
- Change Python dependency
- Change a dependency to a different package in
pyproject.toml. Searches all dependency arrays. Whenuvis available, theuv.lockfile is regenerated.
- org.openrewrite.python.RemoveDependency
- Remove Python dependency
- Remove a dependency from the
[project].dependenciesarray inpyproject.toml. Whenuvis available, theuv.lockfile is regenerated.
- org.openrewrite.python.RemovePass
- Remove redundant pass statements
- Remove redundant
passstatements from Python code when there are other executable statements in the block.
- org.openrewrite.python.UpgradeDependencyVersion
- Upgrade Python dependency version
- Upgrade the version constraint for a dependency in
[project].dependenciesinpyproject.toml. Whenuvis available, theuv.lockfile is regenerated.
- org.openrewrite.python.UpgradeTransitiveDependencyVersion
- Upgrade transitive Python dependency version
- Pin a transitive dependency version using the appropriate strategy for the detected package manager: uv uses
[tool.uv].constraint-dependencies, PDM uses[tool.pdm.overrides], and other managers add a direct dependency.
- org.openrewrite.python.format.PythonSpaces
- Formats spaces in Python code
- Standardizes spaces in Python code. Currently limited to formatting method arguments.
- org.openrewrite.python.search.DependencyInsight
- Python dependency insight
- Find direct and transitive Python dependencies matching a package name pattern. Results include dependencies that either directly match or transitively include a matching dependency.
rewrite-react
- org.openrewrite.react.search.FindPropUsage
- Find React prop usage
- Locates usages of a specific prop of a React component.
- org.openrewrite.react.search.FindReactComponent
- Find React component
- Locates usages of React components across the codebase including JSX elements and other references. If
componentNameisnull, finds all React components.
rewrite-reactive-streams
- org.openrewrite.reactive.reactor.ReactorBestPractices
- Reactor Best Practices
- This recipe applies best practices for using Reactor.
- org.openrewrite.reactive.reactor.ReactorDoAfterSuccessOrErrorToTap
- Replace
doAfterSuccessOrErrorcalls withtapoperator - As of reactor-core 3.5 the
doAfterSuccessOrErrormethod is removed, this recipe replaces it with thetapoperator.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCacheToSinkRecipes
- Replace various
Processor.cachecalls with theirSinksequivalent - As of 3.5 Processors are deprecated and Sinks are preferred.
- Replace various
- org.openrewrite.reactive.reactor.ReactorProcessorCacheToSinkRecipes$ReplayProcessorCacheDefaultToSinkRecipe
- Replace
ReplayProcessor.cacheLast()withSinks.many().replay().latest() - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCacheToSinkRecipes$ReplayProcessorCacheToSinkRecipe
- Replace
ReplayProcessor.cacheLast()withSinks.many().replay().latest() - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes
- Replace various
Processor.createcalls with theirSinksequivalent - As of 3.5 Processors are deprecated and Sinks are preferred.
- Replace various
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$DirectProcessorCreateToSinkRecipe
- Replace
DirectProcessor.create()withSinks.many().multicast().directBestEffort() - As of 3.5 DirectProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$EmitterProcessorCreateBooleanToSinkRecipe
- Replace
EmitterProcessor.create(Boolean)withSinks.many().multicast().onBackpressureBuffer(Queues.SMALL_BUFFER_SIZE, Boolean) - As of 3.5 EmitterProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$EmitterProcessorCreateIntBooleanToSinkRecipe
- Replace
EmitterProcessor.create(int, Boolean)withSinks.many().multicast().onBackpressureBuffer(int, Boolean) - As of 3.5 EmitterProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$EmitterProcessorCreateIntToSinkRecipe
- Replace
EmitterProcessor.create(int)withSinks.many().multicast().onBackpressureBuffer(int) - As of 3.5 EmitterProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$EmitterProcessorCreateToSinkRecipe
- Replace
EmitterProcessor.create()withSinks.many().multicast().onBackpressureBuffer() - As of 3.5 EmitterProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$MonoProcessorCreateToSinkRecipe
- Replace
MonoProcessor.create()withSinks.one() - As of 3.5 MonoProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateIntLiteralFalseToSinkRecipe
- Replace
ReplayProcessor.create(int, false)withSinks.many().replay().limit(int) - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateIntLiteralTrueToSinkRecipe
- Replace
ReplayProcessor.create(int, true)withSinks.many().replay().all(int) - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateIntToSinkRecipe
- Replace
ReplayProcessor.create(int)withSinks.many().replay().limit(int) - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateSizeAndTimeoutSchedulerToSinkRecipe
- Replace
ReplayProcessor.createSizeAndTimeout(int, Duration, Scheduler)withSinks.many().replay().limit(int, Duration, Scheduler) - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateSizeAndTimeoutToSinkRecipe
- Replace
ReplayProcessor.createSizeAndTimeout(int, Duration)withSinks.many().replay().limit(int, duration) - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateTimeoutSchedulerToSinkRecipe
- Replace
ReplayProcessor.createTimeout(Duration, Scheduler)withSinks.many().replay().limit(Duration, Scheduler) - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateTimeoutToSinkRecipe
- Replace
ReplayProcessor.createTimeout(Duration)withSinks.many().replay().limit(duration) - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$ReplayProcessorCreateToSinkRecipe
- Replace
ReplayProcessor.create()withSinks.many().replay().all() - As of 3.5 ReplayProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$UnicastProcessorCreateQueueConsumerDisposableToSinkRecipe
- Replace
UnicastProcessor.create(Queue, Consumer, Disposable)withSinks.many().unicast().onBackpressureBuffer(Queue, Disposable) - As of 3.5 UnicastProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$UnicastProcessorCreateQueueDisposableToSinkRecipe
- Replace
UnicastProcessor.create(Queue, Disposable)withSinks.many().unicast().onBackpressureBuffer(Queue, Disposable) - As of 3.5 UnicastProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$UnicastProcessorCreateQueueToSinkRecipe
- Replace
UnicastProcessor.create(Queue)withSinks.many().unicast().onBackpressureBuffer(Queue) - As of 3.5 UnicastProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.ReactorProcessorCreateToSinkRecipes$UnicastProcessorCreateToSinkRecipe
- Replace
UnicastProcessor.create()withSinks.many().unicast().onBackpressureBuffer() - As of 3.5 UnicastProcessor is deprecated and Sinks are preferred.
- Replace
- org.openrewrite.reactive.reactor.UpgradeReactor_3_5
- Migrate to Reactor 3.5
- Adopt to breaking changes in Reactor 3.5.
rewrite-spring
- io.moderne.java.jsf.MigrateToJsf_2_3
- Migrate to JSF 2.3
- Complete migration to JSF 2.3, including associated technologies like RichFaces. Updates dependencies, transforms XHTML views, and migrates Java APIs.
- io.moderne.java.jsf.richfaces.ConvertExtendedDataTableHeightToStyle
- Convert height/width attributes to
extendedDataTablestyle - Converts height and width attributes to inline style attribute for RichFaces
extendedDataTablecomponents.
- Convert height/width attributes to
- io.moderne.java.jsf.richfaces.MigrateRichFaces_4_5
- Migrate RichFaces 3.x to 4.5
- Complete RichFaces 3.x to 4.5 migration including tag renames, attribute migrations, and Java API updates.
- io.moderne.java.jsf.richfaces.update45.UpdateXHTMLTags
- Migrate RichFaces tags in
xhtmlfiles - Migrate RichFaces tags in
xhtmlfiles to RichFaces 4.
- Migrate RichFaces tags in
- io.moderne.java.spring.boot.AddSpringBootApplication
- Add
@SpringBootApplicationclass - Adds a
@SpringBootApplicationclass containing a main method to bootify your Spring Framework application.
- Add
- io.moderne.java.spring.boot.FieldToConstructorInjection
- Convert field injection to constructor injection
- Converts
@Autowiredfield injection to constructor injection pattern. For non-final classes, adds both a no-args constructor and the autowired constructor to maintain compatibility with extending classes. Moves@Qualifierannotations to constructor parameters.
- io.moderne.java.spring.boot.IsLikelyNotSpringBoot
- Is likely not a Spring Boot project
- Marks the project if it's likely not a Spring Boot project.
- io.moderne.java.spring.boot.IsLikelySpringBoot
- Is likely a Spring Boot project
- Marks the project if it's likely a Spring Boot project.
- io.moderne.java.spring.boot.MarkEmbeddedServerProvidedForWar
- Mark embedded server as provided for WAR projects
- For WAR-packaged projects migrating to Spring Boot, add the embedded Tomcat starter with provided scope to prevent conflicts with the external servlet container.
- io.moderne.java.spring.boot.MigrateSpringFrameworkDependenciesToSpringBoot
- Migrate Spring Framework dependencies to Spring Boot
- Migrate Spring Framework dependencies to Spring Boot.
- io.moderne.java.spring.boot.ReplaceSpringFrameworkDepsWithBootStarters
- Replace Spring Framework dependencies with Spring Boot starters
- Replace common Spring Framework dependencies with their Spring Boot starter equivalents. This recipe handles the direct dependency replacement; any remaining Spring Framework dependencies that become transitively available through starters are cleaned up separately by RemoveRedundantDependencies.
- io.moderne.java.spring.boot.SpringToSpringBoot
- Migrate Spring Framework to Spring Boot
- Migrate non Spring Boot applications to the latest compatible Spring Boot release. This recipe will modify an application's build files introducing Maven dependency management for Spring Boot, or adding the Gradle Spring Boot build plugin.
- io.moderne.java.spring.boot2.UpgradeSpringBoot_2_0
- Migrate to Spring Boot 2.0
- Migrate applications to the latest Spring Boot 2.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 2.0.
- io.moderne.java.spring.boot3.AddValidToConfigurationPropertiesFields
- Add
@Validannotation to fields - In Spring Boot 3.4, validation of
@ConfigurationPropertiesclasses annotated with@Validatednow follows the Bean Validation specification, only cascading to nested properties if the corresponding field is annotated with@Valid. The recipe will add a@Validannotation to each field which has a type that has a field which is annotated with ajakarta.validation.constraints.*annotation.
- Add
- io.moderne.java.spring.boot3.CommentDeprecations
- Comment deprecated methods in Spring 3.4
- Spring Boot 3.4 deprecates methods that are not commonly used or need manual interaction.
- io.moderne.java.spring.boot3.CommentOnMockAndSpyBeansInConfigSpring34
- Comment on
@MockitoSpyBeanand@MockitoBeanin@Configuration - As stated in Spring Docs
@MockitoSpyBeanand@MockitoBeanwill only work in tests, explicitly not in@Configurationannotated classes.
- Comment on
- io.moderne.java.spring.boot3.ConditionalOnAvailableEndpointMigrationSpring34
- Migrate
ConditionalOnAvailableEndpointfor Spring Boot 3.4 - Migrate
@ConditionalOnAvailableEndpoint(EndpointExposure.CLOUD_FOUNDRY)to@ConditionalOnAvailableEndpoint(EndpointExposure.WEB)for Spring Boot 3.4.
- Migrate
- io.moderne.java.spring.boot3.MigrateAbstractDiscoveredEndpointConstructor
- Migrate
AbstractDiscoveredEndpointdeprecated constructor - The boolean-parameter constructor of
AbstractDiscoveredEndpointhas been deprecated in Spring Boot 3.4. This recipe transforms it to use the new constructor with anAccessparameter.
- Migrate
- io.moderne.java.spring.boot3.MigrateAbstractExposableEndpointConstructor
- Migrate
AbstractExposableEndpointdeprecated constructor - The boolean-parameter constructor of
AbstractExposableEndpointhas been deprecated in Spring Boot 3.4. This recipe transforms it to use the new constructor with anAccessparameter instead of booleanenableByDefault.
- Migrate
- io.moderne.java.spring.boot3.MigrateEndpointAnnotationAccessValueSpring34
- Migrate
@EndpointsdefaultAccessvalue - Since Spring Boot 3.4 the
@Endpointaccess configuration values are no longertrue|falsebutnone|read-only|unrestricted.
- Migrate
- io.moderne.java.spring.boot3.MigrateEndpointDiscovererConstructor
- Migrate
EndpointDiscovererdeprecated constructor - The 4-parameter constructor of
EndpointDiscovererhas been deprecated in Spring Boot 3.4. This recipe transforms it to use the new 5-parameter constructor with an additional Collection parameter.
- Migrate
- io.moderne.java.spring.boot3.MigrateEntityManagerFactoryBuilderConstructor
- Migrate
EntityManagerFactoryBuilderdeprecated constructor - The constructors of
EntityManagerFactoryBuilderhave been deprecated in Spring Boot 3.4. This recipe transforms them to use the new constructor with a Function parameter for property mapping.
- Migrate
- io.moderne.java.spring.boot3.MigrateJmxEndpointDiscovererConstructor
- Migrate
JmxEndpointDiscovererdeprecated constructor - The 4-parameter constructor of
JmxEndpointDiscovererhas been deprecated in Spring Boot 3.4. This recipe transforms it to use the new 5-parameter constructor with an additional Collection parameter.
- Migrate
- io.moderne.java.spring.boot3.MigrateWebEndpointDiscovererConstructor
- Migrate WebEndpointDiscoverer 6-parameter constructor to 8-parameter
- The 6-parameter constructor of
WebEndpointDiscovererhas been deprecated in Spring Boot 3.3. This recipe adds two new parameters (AdditionalPathsMapperandOperationFilter<WebOperation>) to the constructor and updates the Bean method signature to inject them asObjectProvidertypes.
- io.moderne.java.spring.boot3.RemoveDeprecatedConditions
- Remove Spring Boot 3.5 deprecated conditions
- Replace Spring Boot 3.5 deprecated condition classes with their corresponding conditional annotations.
- io.moderne.java.spring.boot3.RemoveReplaceNoneFromAutoConfigureTestDatabase
- Remove
Replace.NONEfrom@AutoConfigureTestDatabase Replace.NONEis the default value for@AutoConfigureTestDatabasesince Spring Boot 3.4.
- Remove
- io.moderne.java.spring.boot3.RemoveTestRestTemplateEnableRedirectsOptionRecipe
- Remove
TestRestTemplate.HttpClientOption.ENABLE_REDIRECTSoption - The
TestRestTemplatenow uses the same follow redirects settings as the regular RestTemplate. TheHttpOption.ENABLE_REDIRECTSoption has also been deprecated. This recipe removes the option from theTestRestTemplateconstructor arguments.
- Remove
- io.moderne.java.spring.boot3.ReplaceConditionalOutcomeInverse
- Replace ConditionOutcome.inverse() with constructor
- Replace deprecated
ConditionOutcome.inverse(ConditionOutcome outcome)calls withnew ConditionOutcome(!outcome.isMatch(), outcome.getConditionMessage()).
- io.moderne.java.spring.boot3.ReplaceDeprecatedKafkaConnectionDetailsBootstrapServerGetters
- Replace deprecated
KafkaConnectionDetailsbootstrap server methods - Replace deprecated
KafkaConnectionDetailsbootstrap server methods with chained calls. For example,getProducerBootstrapServers()becomesgetProducer().getBootstrapServers().
- Replace deprecated
- io.moderne.java.spring.boot3.ReplaceDeprecatedThreadPoolTaskSchedulerConstructor
- Replace deprecated ThreadPoolTaskSchedulerBuilder 5-argument constructor
- The 5-parameter constructor of
ThreadPoolTaskSchedulerBuilderhas been deprecated in Spring Boot 3.5. This recipe transforms it to use the builder pattern instead, omitting null values and defaults.
- io.moderne.java.spring.boot3.ReplaceKafkaTransactionManagerSetter
- Use
kafkaAwareTransactionManagersetter - Replace deprecated
ContainerProperties#setTransactionManager(org.springframework.transaction.PlatformTransactionManager)method withContainerProperties#setKafkaAwareTransactionManager(org.springframework.kafka.transaction.KafkaAwareTransactionManager). The method will be replaced only if its argument has the typeKafkaAwareTransactionManager.
- Use
- io.moderne.java.spring.boot3.ReplaceTaskExecutorNameByApplicationTaskExecutorName
- Use bean name
applicationTaskExecutorinstead oftaskExecutor - Spring Boot 3.5 removed the bean name
taskExecutor. Where this bean name is used, the recipe replaces the bean name toapplicationTaskExecutor. This also includes instances where the developer provided their own bean namedtaskExecutor. This also includes scenarios where JSR-250's@Resourceannotation is used.
- Use bean name
- io.moderne.java.spring.boot3.ResolveDeprecationsSpringBoot_3_3
- Resolve Deprecations in Spring Boot 3.3
- Migrates Deprecations in the Spring Boot 3.3 Release. Contains the removal of
DefaultJmsListenerContainerFactoryConfigurer.setObservationRegistryand adds new parameter ofWebEndpointDiscovererconstructor.
- io.moderne.java.spring.boot3.ResolveTaskExecutorFromContext
- Replace
taskExecutorwithapplicationTaskExecutor - Use bean name
applicationTaskExecutorinstead oftaskExecutorwhen resolvingTaskExecutorBean from application context.
- Replace
- io.moderne.java.spring.boot3.SpringBoot34Deprecations
- Migrate Spring Boot 3.4 deprecated classes and methods
- Migrate deprecated classes and methods that have been marked for removal in Spring Boot 4.0. This includes constructor changes for
EntityManagerFactoryBuilder,HikariCheckpointRestoreLifecycle, and various actuator endpoint discovery classes.
- io.moderne.java.spring.boot3.SpringBoot35Deprecations
- Migrate Spring Boot 3.5 deprecated classes and methods
- Migrate deprecated classes and methods that have been marked for removal in Spring Boot 3.5.
- io.moderne.java.spring.boot3.SpringBoot3BestPractices
- Spring Boot 3.5 best practices
- Applies best practices to Spring Boot 3.5+ applications.
- io.moderne.java.spring.boot3.SpringBootProperties_3_4
- Migrate
@EndpointSecurity properties to 3.4 - Migrate the settings for Spring Boot Management Endpoint Security from
true|falsetoread-only|none.
- Migrate
- io.moderne.java.spring.boot3.UpdateOpenTelemetryResourceAttributes
- Update OpenTelemetry resource attributes
- The
service.groupresource attribute has been deprecated for OpenTelemetry in Spring Boot 3.5. Consider using alternative attributes or remove the deprecated attribute.
- io.moderne.java.spring.boot3.UpgradeGradle7Spring34
- Upgrade Gradle to 7.6.4+ for Spring Boot 3.4
- Spring Boot 3.4 requires Gradle 7.6.4.
- io.moderne.java.spring.boot3.UpgradeGradle8Spring34
- Upgrade Gradle 8 to 8.4+ for Spring Boot 3.4
- Spring Boot 3.4 requires Gradle 8.4+.
- io.moderne.java.spring.boot3.UpgradeMyBatisToSpringBoot_3_4
- Upgrade MyBatis to Spring Boot 3.4
- Upgrade MyBatis Spring modules to a version corresponding to Spring Boot 3.4.
- io.moderne.java.spring.boot3.UpgradeSpringBoot_3_4
- Migrate to Spring Boot 3.4 (Moderne Edition)
- Migrate applications to the latest Spring Boot 3.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.4.
- io.moderne.java.spring.boot3.UpgradeSpringBoot_3_5
- Migrate to Spring Boot 3.5 (Moderne Edition)
- Migrate applications to the latest Spring Boot 3.5 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.5.
- io.moderne.java.spring.boot3.UpgradeSpringCloudAWSToSpringBoot_3_4
- Upgrade Spring Cloud AWS to Spring Boot 3.4 compatible version
- Upgrade the Spring Cloud AWS dependency to a version compatible with Spring Boot 3.4.
- io.moderne.java.spring.boot3.UpgradeSpringKafka_3_3
- Migrate to Spring Kafka 3.3
- Migrate applications to the latest Spring Kafka 3.3 release.
- io.moderne.java.spring.boot4.AddAutoConfigureMockMvc
- Add
@AutoConfigureMockMvcto@SpringBootTestclasses usingMockMvc - Adds
@AutoConfigureMockMvcannotation to classes annotated with@SpringBootTestthat useMockMvc.
- Add
- io.moderne.java.spring.boot4.AddFlywayStarters
- Add Flyway starters
- Adds spring-boot-starter-flyway and spring-boot-starter-flyway-test dependencies when Flyway usage is detected in the module.
- io.moderne.java.spring.boot4.AddJackson2ForJerseyJson
- Add Jackson2 for Jersey using JSON
- Check whether a module uses Jersey on combination with JSON and adds the needed
spring-boot-jacksondependency and conditionallyspring-boot-jackson2dependency.
- io.moderne.java.spring.boot4.AddLiquibaseStarters
- Add Liquibase starters
- Adds spring-boot-starter-liquibase and spring-boot-starter-liquibase-test dependencies when Liquibase usage is detected in the module.
- io.moderne.java.spring.boot4.AddModularStarters
- Add Spring Boot 4.0 modular starters
- Add Spring Boot 4.0 starter dependencies based on package usage. Note: Higher-level starters (like data-jpa) include lower-level ones (like jdbc) transitively, so only the highest-level detected starter is added for each technology.
- io.moderne.java.spring.boot4.AddMongoDbRepresentationProperties
- Add MongoDB representation properties for UUID and BigDecimal
- Adds the 'spring.mongodb.representation.uuid' property with value 'standard' and the 'spring.data.mongodb.representation.big-decimal' property with the value 'decimal128' to Spring configuration files when a MongoDB dependency is detected.
- io.moderne.java.spring.boot4.AddMssqlKerberosJaasConfig
- Add
useDefaultJaasConfig=trueto MSSQL Kerberos JDBC URLs - For MSSQL JDBC connections using Kerberos authentication (
authenticationScheme=JavaKerberosorintegratedSecurity=true), addsuseDefaultJaasConfig=trueto the connection string. This is required for compatibility with Keycloak 26.4+ which changes JAAS configuration handling.
- Add
- io.moderne.java.spring.boot4.AddValidationStarterDependency
- Add
spring-boot-starter-validationdependency - In Spring Boot 4, validation is no longer auto-included from the web starter. This recipe adds the
spring-boot-starter-validationdependency when Jakarta Validation annotations are used in the project.
- Add
- io.moderne.java.spring.boot4.AdoptJackson3
- Adopt Jackson 3
- Adopt Jackson 3 which is supported by Spring Boot 4 and Jackson 2 support is deprecated.
- io.moderne.java.spring.boot4.FlagDeprecatedReactorNettyHttpClientMapper
- Flag deprecated ReactorNettyHttpClientMapper for migration
- Adds a TODO comment to classes implementing the deprecated
ReactorNettyHttpClientMapperinterface. Migration toClientHttpConnectorBuilderCustomizer<ReactorClientHttpConnectorBuilder>requires wrapping the HttpClient configuration inbuilder.withHttpClientCustomizer(...).
- io.moderne.java.spring.boot4.InsertPropertyMapperAlwaysMethodInvocation
- Preserve
PropertyMappernull-passing behavior - Spring Boot 4.0 changes the
PropertyMapperbehavior so thatfrom()no longer callsto()when the source value isnull. This recipe inserts.always()before terminal mapping methods to preserve the previous behavior.
- Preserve
- io.moderne.java.spring.boot4.MigrateHazelcastSpringSession
- Migrate Spring Session Hazelcast to Hazelcast Spring Session
- Spring Boot 4.0 removed direct support for Spring Session Hazelcast. The Hazelcast team now maintains their own Spring Session integration. This recipe changes the dependency from
org.springframework.session:spring-session-hazelcasttocom.hazelcast.spring:hazelcast-spring-sessionand updates the package fromorg.springframework.session.hazelcasttocom.hazelcast.spring.session.
- io.moderne.java.spring.boot4.MigrateSpringRetry
- Migrate Spring Retry to Spring Resilience
- Handle spring-retry not longer managed by Spring Boot and the possible migration to Spring Core Resilience.
- io.moderne.java.spring.boot4.MigrateSpringRetryToSpringFramework7
- Migrate
spring-retryto Spring Framework resilience - Migrate
spring-retrys@Retryableand@Backoffannotation to Spring Framework 7 Resilience annotations.
- Migrate
- io.moderne.java.spring.boot4.MigrateToModularStarters
- Migrate to Spring Boot 4.0 modular starters
- Remove monolithic starters and adds the necessary Spring Boot 4.0 starter dependencies based on package usage, where any spring-boot-starter was used previously.
- io.moderne.java.spring.boot4.ModuleHasMonolithicStarter
- Module has monolithic Spring Boot starter
- Precondition that matches modules with the monolithic Spring Boot starters that need to be migrated to modular starters. Matches the production monolithic spring-boot-starter and spring-boot-starter-classic, but not specific modular starters like spring-boot-starter-test or spring-boot-starter-ldap.
- io.moderne.java.spring.boot4.ModuleStarterRelocations
- Spring Boot 4.0 Module Starter Relocations
- Relocate types and packages for Spring Boot 4.0 modular starters.
- io.moderne.java.spring.boot4.ModuleUsesFlyway
- Module uses Flyway
- Precondition that marks all files in a module if Flyway usage is detected. Detection is based on having a Flyway dependency, using Flyway types, or having migration files.
- io.moderne.java.spring.boot4.ModuleUsesLiquibase
- Module uses Liquibase
- Precondition that marks all files in a module if Liquibase usage is detected. Detection is based on having a Liquibase dependency, using Liquibase types, or having changelog files.
- io.moderne.java.spring.boot4.RemoveContentNegotiationFavorPathExtension
- Remove
ContentNegotiationConfigurer.favorPathExtension()calls - Spring Framework 7 removed
favorPathExtension()fromContentNegotiationConfigurer. Path extension content negotiation is no longer supported. This recipe removes calls tofavorPathExtension().
- Remove
- io.moderne.java.spring.boot4.RemoveGradleUberJarLoaderImplementationConfig
- Remove
loaderImplementationfrom Gradle - Removes the Spring Boot Uber-Jar
loaderImplementationconfiguration from Gradle build files.
- Remove
- io.moderne.java.spring.boot4.RemoveHttpMessageConvertersAutoConfigurationReferences
- Remove
HttpMessageConvertersAutoConfigurationreferences - Removes references to the deprecated
HttpMessageConvertersAutoConfigurationclass which was removed in Spring Boot 4.0. For@AutoConfigureAfterand@AutoConfigureBeforeannotations, the reference is removed. For@Importannotations, a TODO comment is added since manual migration may be required.
- Remove
- io.moderne.java.spring.boot4.RemoveSpringPulsarReactive
- Remove Spring Pulsar Reactive support
- Spring Boot 4.0 removed support for Spring Pulsar Reactive as it is no longer maintained. This recipe removes the Spring Pulsar Reactive dependencies.
- io.moderne.java.spring.boot4.ReplaceDeprecatedAutoconfigureMongoApi
- Replace deprecated
org.springframework.boot.autoconfigure.mongoAPI - Replace deprecated
org.springframework.boot.autoconfigure.mongoAPI.
- Replace deprecated
- io.moderne.java.spring.boot4.ReplaceDeprecatedDockerApi
- Replace deprecated
DockerApi - Replaces deprecated
DockerApiconstructors and configuration methods with their modern equivalents.
- Replace deprecated
- io.moderne.java.spring.boot4.ReplaceDeprecatedRequestMatcherProvider
- Replace deprecated RequestMatcherProvider with new API
- Replaces the deprecated
org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProviderwithorg.springframework.boot.security.autoconfigure.actuate.web.servlet.RequestMatcherProvider. The new interface adds anHttpMethodparameter to thegetRequestMatchermethod.
- io.moderne.java.spring.boot4.ReplaceDeprecatedThreadPoolTaskSchedulerBuilderApi
- Replace deprecated
ThreadPoolTaskSchedulerBuilderconstructor - Replaces the deprecated 5-argument constructor of
ThreadPoolTaskSchedulerBuilderwith the builder pattern.
- Replace deprecated
- io.moderne.java.spring.boot4.UpgradeSpringBoot_4_0
- Migrate to Spring Boot 4.0 (Moderne Edition)
- Migrate applications to the latest Spring Boot 4.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 4.0.
- io.moderne.java.spring.cloud2020.SpringCloudProperties_2020
- Migrate Spring Cloud properties to 2020
- Migrate properties found in
application.propertiesandapplication.yml.
- io.moderne.java.spring.cloud2021.SpringCloudProperties_2021
- Migrate Spring Cloud properties to 2021
- Migrate properties found in
application.propertiesandapplication.yml.
- io.moderne.java.spring.cloud2022.SpringCloudProperties_2022
- Migrate Spring Cloud properties to 2022
- Migrate properties found in
application.propertiesandapplication.yml.
- io.moderne.java.spring.cloud2023.SpringCloudProperties_2023
- Migrate Spring Cloud properties to 2023
- Migrate properties found in
application.propertiesandapplication.yml.
- io.moderne.java.spring.cloud2024.SpringCloudProperties_2024
- Migrate Spring Cloud properties to 2024
- Migrate properties found in
application.propertiesandapplication.yml.
- io.moderne.java.spring.cloud2025.SpringCloudProperties_2025
- Migrate Spring Cloud properties to 2025
- Migrate properties found in
application.propertiesandapplication.yml.
- io.moderne.java.spring.cloud20251.SpringCloudProperties_2025_1
- Migrate Spring Cloud properties to 2025.1
- Migrate properties found in
application.propertiesandapplication.ymlfor Spring Cloud 2025.1 (Oakwood). This includes the stubrunner property prefix migration fromstubrunner.tospring.cloud.contract.stubrunner..
- io.moderne.java.spring.cloud20251.UpgradeSpringCloud_2025_1
- Upgrade to Spring Cloud 2025.1
- Upgrade to Spring Cloud 2025.1 (Oakwood). This release is based on Spring Framework 7 and Spring Boot 4. Each Spring Cloud project has been updated to version 5.0.0.
- io.moderne.java.spring.framework.AddSetUseSuffixPatternMatch
- Add
setUseSuffixPatternMatch(true)in Spring MVC configuration - In Spring Framework 5.2.4 and earlier, suffix pattern matching was enabled by default. This meant a controller method mapped to
/userswould also match/users.json,/users.xml, etc. Spring Framework 5.3 deprecated this behavior and changed the default to false. This recipe addssetUseSuffixPatternMatch(true)toWebMvcConfigurerimplementations to preserve the legacy behavior during migration. Note: This only applies to Spring MVC; Spring WebFlux does not support suffix pattern matching.
- Add
- io.moderne.java.spring.framework.FindDeprecatedPathMatcherUsage
- Find deprecated
PathMatcherusage - In Spring Framework 7.0,
PathMatcherandAntPathMatcherare deprecated in favor ofPathPatternParser. This recipe finds usages of the deprecatedAntPathMatcherclass that may require manual migration toPathPatternParser.
- Find deprecated
- io.moderne.java.spring.framework.FlagSuffixPatternMatchUsage
- Flag deprecated suffix pattern matching usage for manual review
- Handles deprecated
setUseSuffixPatternMatch()andsetUseRegisteredSuffixPatternMatch()calls. When suffix pattern matching is explicitly enabled, adds TODO comments and search markers since there is no automatic migration path. When explicitly disabled, the call is safely removed sincefalseis already the default since Spring Framework 5.3.
- io.moderne.java.spring.framework.IsLikelySpringFramework
- Is likely a Spring Framework project
- Marks the project if it's likely a Spring Framework project.
- io.moderne.java.spring.framework.JaxRsToSpringWeb
- Convert JAX-RS annotations to Spring Web
- Converts JAX-RS annotations such as
@Path,@GET,@POST, etc., to their Spring Web equivalents like@RestController,@RequestMapping,@GetMapping, etc.
- io.moderne.java.spring.framework.MigrateDefaultResponseErrorHandler
- Migrate
DefaultResponseErrorHandler.handleErrormethod signature - Migrates overridden
handleError(ClientHttpResponse response)methods to the new signaturehandleError(URI url, HttpMethod method, ClientHttpResponse response)in classes extendingDefaultResponseErrorHandler. The old single-argument method was removed in Spring Framework 7.0.
- Migrate
- io.moderne.java.spring.framework.MigrateDeprecatedBeanXmlProperties
- Migrate Bean XML properties deprecated in Spring Framework 3.0
- Migrate Bean XML properties that were deprecated in Spring Framework 3.0.
- io.moderne.java.spring.framework.MigrateFilterToOncePerRequestFilter
- Migrate
FiltertoOncePerRequestFilter - Migrates classes that implement
javax.servlet.Filter(orjakarta.servlet.Filter) to extendorg.springframework.web.filter.OncePerRequestFilter. This transformation renamesdoFiltertodoFilterInternal, changes parameter types to HTTP variants, removes manual casting, and removes emptyinit()anddestroy()methods.
- Migrate
- io.moderne.java.spring.framework.MigrateHandleErrorMethodInvocations
- Migrate
handleErrormethod invocations to new signature - Updates invocations of
handleError(ClientHttpResponse)to the newhandleError(URI, HttpMethod, ClientHttpResponse)signature introduced in Spring Framework 7.0. In test sources, example values are used. In main sources,nullis passed with a TODO comment.
- Migrate
- io.moderne.java.spring.framework.MigrateHttpHeadersMultiValueMapMethods
- Migrate
HttpHeadersmethods removed whenMultiValueMapcontract was dropped - Spring Framework 7.0 changed
HttpHeadersto no longer implementMultiValueMap. This recipe replaces removed inherited method calls:containsKey()withcontainsHeader(),keySet()withheaderNames(), andentrySet()withheaderSet().
- Migrate
- io.moderne.java.spring.framework.MigrateTrailingSlashMatch
- Migrate trailing slash matching to explicit routes
- Migrates deprecated
setUseTrailingSlashMatch(true)configuration by adding explicit trailing slash routes to controller methods, then removing the deprecated configuration call. This ensures applications that relied on automatic trailing slash matching continue to work after upgrading to Spring Framework 7.0.
- io.moderne.java.spring.framework.ModularSpringFrameworkDependencies
- Add Spring Framework modular dependencies
- Adds Spring Framework modular dependencies based on package usage, replacing legacy monolithic
org.springframework:spring.
- io.moderne.java.spring.framework.NullableSpringWebParameters
- Add
@Nullableto optional Spring web parameters - In Spring Boot 4, JSpecify's
@Nullableannotation should be used to indicate that a parameter can be null. This recipe adds@Nullableto parameters annotated with@PathVariable(required = false)or@RequestParam(required = false)and removes the now-redundantrequired = falseattribute.
- Add
- io.moderne.java.spring.framework.RemoveDeprecatedPathMappingOptions
- Migrate deprecated path mapping options
- Migrates deprecated path mapping configuration options that have been removed in Spring Framework 7.0. For trailing slash matching, this recipe adds explicit dual routes to controller methods before removing the deprecated configuration. For suffix pattern matching, this recipe flags usages for manual review since there is no automatic migration path. Path extension content negotiation options are removed as they should be replaced with query parameter-based negotiation.
- io.moderne.java.spring.framework.RemoveEmptyPathMatchConfiguration
- Remove empty path match configuration methods
- Removes empty
configurePathMatch(WebMvc) andconfigurePathMatching(WebFlux) method overrides. These methods may become empty after deprecated path matching options are removed.
- io.moderne.java.spring.framework.RemovePathExtensionContentNegotiation
- Remove path extension content negotiation methods
- Remove calls to
favorPathExtension()andignoreUnknownPathExtensions()onContentNegotiationConfigurer. These methods and the underlyingPathExtensionContentNegotiationStrategywere removed in Spring Framework 7.0. Path extension content negotiation was deprecated due to URI handling issues. Use query parameter-based negotiation withfavorParameter(true)as an alternative.
- io.moderne.java.spring.framework.RemoveSetPathMatcherCall
- Remove deprecated
setPathMatcher()calls - In Spring Framework 7.0,
PathMatcherandAntPathMatcherare deprecated in favor ofPathPatternParser, which has been the default in Spring MVC since 6.0. This recipe removes calls tosetPathMatcher(new AntPathMatcher())since they are now redundant. The defaultPathPatternParserprovides better performance through pre-parsed patterns.
- Remove deprecated
- io.moderne.java.spring.framework.UpgradeSpringFramework_3_0
- Migrate to Spring Framework 3.x
- Migrate applications to the latest Spring Framework 3 release, pulling in additional proprietary Moderne recipes.
- io.moderne.java.spring.framework.UpgradeSpringFramework_5_3
- Migrate to Spring Framework 5.3
- Migrate applications to the latest Spring Framework 5.3 release, pulling in additional proprietary Moderne recipes.
- io.moderne.java.spring.framework.beansxml.BeansXmlToConfiguration
- Migrate
beans.xmlto Spring Framework configuration class - Converts Java/Jakarta EE
beans.xmlconfiguration files to Spring Framework@Configurationclasses.
- Migrate
- io.moderne.java.spring.framework.jsf23.MigrateFacesConfig
- Migrate JSF variable-resolver to el-resolver
- Migrates JSF faces-config.xml from namespaces, tags and values that was deprecated in JSF 1.2 and removed in later versions, to the JSF 2.3 compatible constructs.
- io.moderne.java.spring.framework.webxml.FindWelcomeFileConfiguration
- Add landing page controller for welcome file configuration
- Generates a
LandingPageControllerwhenwelcome-file-listis found inweb.xmlorcontext-rootinjboss-web.xml. When migrating to Spring Framework 5.3+, applications that rely on these server-side landing page configurations need a@Controllerwith a@RequestMappingfor/to avoid 404 errors, as Spring MVC can take over the root mapping. Skips generation if a controller already maps to/.
- io.moderne.java.spring.framework.webxml.WebXmlToWebApplicationInitializer
- Migrate
web.xmltoWebApplicationInitializer - Migrate
web.xmltoWebApplicationInitializerfor Spring applications. This allows for programmatic configuration of the web application context, replacing the need for XML-based configuration. This recipe only picks upweb.xmlfiles located in thesrc/main/webapp/WEB-INFdirectory to avoid inference with tests. It creates aWebXmlWebAppInitializerclass insrc/main/javawith respect to submodules if they contain java files. If it finds an existingWebXmlWebAppInitializer, it skips the creation.
- Migrate
- io.moderne.java.spring.framework7.AddDynamicDestinationResolverToJmsTemplate
- Explicitly set DynamicDestinationResolver on JmsTemplate
- Spring Framework 7.0 changed the default
DestinationResolverforJmsTemplatefromDynamicDestinationResolvertoSimpleDestinationResolver, which caches Session-resolved Queue and Topic instances. This recipe adds an explicit call tosetDestinationResolver(new DynamicDestinationResolver())to preserve the previous behavior. The caching behavior ofSimpleDestinationResolvershould be fine for most JMS brokers, so this explicit configuration can be removed once compatibility with the new default is verified.
- io.moderne.java.spring.framework7.AddSpringExtensionConfigForNestedTests
- Add
@SpringExtensionConfigfor nested tests - Spring Framework 7.0 changed
SpringExtensionto use test-method scopedExtensionContextinstead of test-class scoped. This can break@Nestedtest class hierarchies. Adding@SpringExtensionConfig(useTestClassScopedExtensionContext = true)restores the previous behavior.
- Add
- io.moderne.java.spring.framework7.FindOkHttp3IntegrationUsage
- Find Spring OkHttp3 integration usage
- Spring Framework 7.0 removes OkHttp3 integration classes. This recipe identifies usages of
OkHttp3ClientHttpRequestFactoryandOkHttp3ClientHttpConnectorthat need to be replaced. Consider migrating to Java's built-inHttpClientwithJdkClientHttpRequestFactoryorJdkClientHttpConnector, or to Apache HttpClient 5 withHttpComponentsClientHttpRequestFactory.
- io.moderne.java.spring.framework7.FindRemovedAPIs
- Find removed APIs in Spring Framework 7.0
- Finds usages of APIs that were removed in Spring Framework 7.0 and require manual intervention. This includes Theme support, OkHttp3 integration, and servlet view document/feed classes which have no direct automated replacement.
- io.moderne.java.spring.framework7.FindServletViewSupportUsage
- Find removed Spring servlet view classes
- Spring Framework 7.0 removes the
org.springframework.web.servlet.view.documentandorg.springframework.web.servlet.view.feedpackages. This recipe adds TODO comments to imports ofAbstractPdfView,AbstractXlsView,AbstractXlsxView,AbstractXlsxStreamingView,AbstractPdfStampView,AbstractFeedView,AbstractAtomFeedView, andAbstractRssFeedViewthat need to be replaced with direct usage of the underlying libraries (Apache POI, OpenPDF/iText, ROME) in web handlers.
- io.moderne.java.spring.framework7.FindThemeSupportUsage
- Find Spring Theme support usage
- Spring Framework 7.0 removes Theme support entirely. This recipe identifies usages of Theme-related classes like
ThemeResolver,ThemeSource, andThemeChangeInterceptorthat need to be removed or replaced with CSS-based alternatives. The Spring team recommends using CSS directly for theming functionality.
- io.moderne.java.spring.framework7.MigrateDeprecatedAPIs
- Migrate deprecated APIs removed in Spring Framework 7.0
- Migrates deprecated APIs that were removed in Spring Framework 7.0. This includes ListenableFuture to CompletableFuture migration.
- io.moderne.java.spring.framework7.MigrateHttpStatusToRfc9110
- Migrate
HttpStatusenum values to RFC 9110 names - Spring Framework 7.0 aligns HttpStatus enum values with RFC 9110. This recipe replaces deprecated status code constants with their RFC 9110 equivalents:
PAYLOAD_TOO_LARGEbecomesCONTENT_TOO_LARGEandUNPROCESSABLE_ENTITYbecomesUNPROCESSABLE_CONTENT.
- Migrate
- io.moderne.java.spring.framework7.MigrateJmsDestinationResolver
- Preserve DynamicDestinationResolver behavior for JmsTemplate
- Spring Framework 7.0 changed the default
DestinationResolverforJmsTemplatefromDynamicDestinationResolvertoSimpleDestinationResolver, which caches Session-resolved Queue and Topic instances. This recipe explicitly configuresDynamicDestinationResolverto preserve the pre-7.0 behavior. The caching behavior ofSimpleDestinationResolvershould be fine for most JMS brokers, so this explicit configuration can be removed once verified.
- io.moderne.java.spring.framework7.MigrateListenableFuture
- Migrate
ListenableFuturetoCompletableFuture - Spring Framework 6.0 deprecated
ListenableFuturein favor ofCompletableFuture. Spring Framework 7.0 removesListenableFutureentirely. This recipe migrates usages ofListenableFutureand its callbacks to useCompletableFutureandBiConsumerinstead.
- Migrate
- io.moderne.java.spring.framework7.RemoveSpringJcl
- Remove spring-jcl dependency
- The
spring-jclmodule has been removed in Spring Framework 7.0 in favor of Apache Commons Logging 1.3.0. This recipe removes any explicit dependency onorg.springframework:spring-jcl. The change should be transparent for most applications, as spring-jcl was typically a transitive dependency and the logging API calls (org.apache.commons.logging.*) remain unchanged.
- io.moderne.java.spring.framework7.RenameMemberCategoryConstants
- Rename MemberCategory field constants for Spring Framework 7.0
- Renames deprecated
MemberCategoryconstants to their new names in Spring Framework 7.0.MemberCategory.PUBLIC_FIELDSis renamed toMemberCategory.INVOKE_PUBLIC_FIELDSandMemberCategory.DECLARED_FIELDSis renamed toMemberCategory.INVOKE_DECLARED_FIELDS. These renames clarify the original intent of these categories and align with the rest of the API.
- io.moderne.java.spring.framework7.RenameRequestContextJstlPresent
- Rename
RequestContext.jstPresenttoJSTL_PRESENT - Renames the protected static field
RequestContext.jstPresenttoJSTL_PRESENTin Spring Framework 7.0. This field was renamed as part of a codebase-wide effort to use uppercase for classpath-related static final field names (see https://github.com/spring-projects/spring-framework/issues/35525).
- Rename
- io.moderne.java.spring.framework7.ReplaceJUnit4SpringTestBaseClasses
- Replace JUnit 4 Spring test base classes with JUnit Jupiter annotations
- Replace
AbstractJUnit4SpringContextTestsandAbstractTransactionalJUnit4SpringContextTestsbase classes with@ExtendWith(SpringExtension.class)and@Transactionalannotations. These base classes are deprecated in Spring Framework 7.0 in favor of the SpringExtension for JUnit Jupiter.
- io.moderne.java.spring.framework7.SimplifyReflectionHintRegistration
- Simplify reflection hint registrations for Spring Framework 7.0
- Removes deprecated
MemberCategoryarguments fromregisterType()calls onReflectionHints. In Spring Framework 7.0, registering a reflection hint for a type now implies methods, constructors, and fields introspection. AllMemberCategoryvalues exceptINVOKE_*have been deprecated. This recipe removes those deprecated arguments, simplifying code likehints.reflection().registerType(MyType.class, MemberCategory.DECLARED_FIELDS)tohints.reflection().registerType(MyType.class).
- io.moderne.java.spring.framework7.UpdateGraalVmNativeHints
- Update GraalVM native reflection hints for Spring Framework 7.0
- Migrates GraalVM native reflection hints to Spring Framework 7.0 conventions. Spring Framework 7.0 adopts the unified reachability metadata format for GraalVM. This recipe renames deprecated
MemberCategoryconstants and simplifies reflection hint registrations where explicit member categories are no longer needed.
- io.moderne.java.spring.framework7.UpgradeSpringFramework_7_0
- Migrate to Spring Framework 7.0
- Migrates applications to Spring Framework 7.0. This recipe applies all necessary changes including API migrations, removed feature detection, and configuration updates.
- io.moderne.java.spring.hibernate.MigrateDaoSupportGetSession
- Migrate
HibernateDaoSupport#getSession()usage - Migrate
HibernateDaoSupport#getSession()usage toHibernateDaoSupport#getSessionFactory()#getCurrentSession()and annotate the methods with@Transactional.
- Migrate
- io.moderne.java.spring.hibernate.MigrateSaveOrUpdateAll
- Migrate
HibernateDaoSupport#getHibernateTemplate#saveOrUpdateAll - Migrate removed
HibernateDaoSupport#getHibernateTemplate#.saveOrUpdateAllto an iterativeHibernateDaoSupport#getHibernateTemplate#.saveOrUpdate.
- Migrate
- io.moderne.java.spring.kafka.consumer.FindKafkaListenerWithoutErrorHandling
- Find
@KafkaListenermethods without error handling - Flags
@KafkaListenermethods that lack proper error handling. Methods should have@RetryableTopic, specify anerrorHandlerin the annotation, or implement try-catch blocks for error handling.
- Find
- io.moderne.java.spring.kafka.consumer.FindMissingDltHandler
- Find
@RetryableTopicwithout@DltHandler - Flags classes that use
@RetryableTopicwithout a corresponding@DltHandlermethod. A DLT handler should be defined to process messages that have exhausted all retries.
- Find
- io.moderne.java.spring.kafka.consumer.IsKafkaConsumer
- Is likely a Kafka consumer module
- Marks the project if it's likely a Kafka consumer module.
- io.moderne.java.spring.kafka.producer.FindCustomKeyUsage
- Find
KafkaTemplate.send()with custom key - Flags
KafkaTemplate.send()calls that use a custom key (3+ arguments). Custom keys should be reviewed to ensure they provide appropriate partition distribution.
- Find
- io.moderne.java.spring.kafka.producer.IsKafkaProducer
- Is likely a Kafka producer module
- Marks the project if it's likely a Kafka producer module.
- io.moderne.java.spring.orm.SpringORM5
- Migrate to Spring ORM to 5
- Migrate applications using Spring ORM Hibernate Support to Hibernate 5 compatible version. This will enable a further migration by the Spring Framework migration past 5.
- io.moderne.java.spring.security.MigrateAcegiToSpringSecurity_5_0
- Migrate from Acegi Security 1.0.x to Spring Security 5.0
- Migrates Acegi Security 1.0.x directly to Spring Security 5.0. This recipe handles dependency changes, type renames, XML configuration updates, web.xml filter migration, and adds TODO comments for password encoders that require manual migration.
- io.moderne.java.spring.security6.MigrateAntPathRequestMatcher
- Migrate antPathRequestMatcher to pathPatternRequestMatcher
- In Spring Security 6.5,
AntPathRequestMatcheris deprecated in favor ofPathPatternRequestMatcher. This recipe migrates static method calls and constructor usage to the new pattern.
- io.moderne.java.spring.security6.UpgradeSpringSecurity_6_5
- Migrate to Spring Security 6.5
- Migrate applications to the latest Spring Security 6.5 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
- io.moderne.java.spring.security7.MigrateMvcRequestMatcher
- Migrate
MvcRequestMatchertoPathPatternRequestMatcher - In Spring Security 7.0,
MvcRequestMatcherwhich depends on the deprecatedHandlerMappingIntrospectoris removed in favor ofPathPatternRequestMatcher. This recipe migrates constructor and builder usage to the new pattern.
- Migrate
- io.moderne.java.spring.security7.MigrateOAuth2AccessTokenResponseClient
- Migrate
OAuth2AccessTokenResponseClientfromRestOperationstoRestClientbased implementations - A new set of
OAuth2AccessTokenResponseClientimplementations were introduced based onRestClient. This recipe replaces theRestOperations-based implementations which have been deprecated. TheRestClientimplementations are drop-in replacements for the deprecated implementations.
- Migrate
- io.moderne.java.spring.security7.MigrateOAuth2RestOperationsToRestClient
- Migrate OAuth2 token response client from
RestOperationstoRestClient - Migrates
setRestOperations(RestOperations)calls tosetRestClient(RestClient)on the newRestClient-based OAuth2AccessTokenResponseClientimplementations. TheRestClient-based implementations introduced in Spring Security 7 useRestClientinstead ofRestOperations.
- Migrate OAuth2 token response client from
- io.moderne.java.spring.security7.ModularizeSpringSecurity7
- Spring Security 7 modularization
- Spring Security Core was modularized in version 7, deprecated classes that are still a crucial part of some applications are moved to
spring-security-access.
rewrite-sql
- org.openrewrite.sql.ChangeFunctionName
- Change a SQL function name
- When migrating between dialects, often one name can be substituted for another. For example, Oracle's
NVLfunction can be replaced with PostgresCOALESCE.
- org.openrewrite.sql.ConvertDataType
- Convert SQL data type
- When migrating between SQL dialects, data types often need to be converted. For example, Oracle's
VARCHAR2can be replaced with PostgresVARCHAR, orNUMBERwithNUMERIC.
- org.openrewrite.sql.ConvertOracleDataTypesToPostgres
- Convert Oracle data types to PostgreSQL
- Replaces Oracle-specific data types with PostgreSQL equivalents.
- org.openrewrite.sql.ConvertOracleFunctionsToPostgres
- Convert Oracle functions to PostgreSQL
- Replaces Oracle-specific functions with PostgreSQL equivalents.
- org.openrewrite.sql.ConvertSqlServerDataTypesToPostgres
- Convert SQL Server data types to PostgreSQL
- Replaces SQL Server-specific data types with PostgreSQL equivalents.
- org.openrewrite.sql.ConvertSqlServerFunctionsToPostgres
- Convert SQL Server functions to PostgreSQL
- Replaces SQL Server-specific functions with PostgreSQL equivalents.
- org.openrewrite.sql.FindSql
- Find SQL in code and resource files
- Find SQL in code (e.g. in string literals) and in resources like those ending with
.sql.
- org.openrewrite.sql.FormatSql
- Format SQL in string text blocks
- Checks whether a text block may contain SQL, and if so, formats the text accordingly.
- org.openrewrite.sql.MigrateOracleToPostgres
- Migrate Oracle SQL to PostgreSQL
- Converts Oracle-specific SQL syntax and functions to PostgreSQL equivalents.
- org.openrewrite.sql.MigrateSqlServerToPostgres
- Migrate SQL Server to PostgreSQL
- Converts Microsoft SQL Server-specific SQL syntax and functions to PostgreSQL equivalents.
- org.openrewrite.sql.search.FindFunction
- Find SQL function
- Find SQL functions by name.
rewrite-struts
- org.openrewrite.java.struts.MigrateStrutsDtd
- Migrate DTD to a specific Struts version
- Update Struts DTD to reflect the specified version.
- org.openrewrite.java.struts.migrate2.MigrateActionClass
- Migrate Struts 1 Action to Struts 2 ActionSupport
- Migrates Struts 1.x Action classes to Struts 2.x ActionSupport, transforming the execute method signature and return statements.
- org.openrewrite.java.struts.migrate2.MigrateJspTaglib
- Migrate JSP taglib directives for Struts 2
- Update Struts 1 taglib directives to Struts 2 taglib.
- org.openrewrite.java.struts.migrate2.MigrateJspTags
- Migrate Struts 1 JSP tags to Struts 2
- Transforms Struts 1 JSP tags (
html:,bean:,logic:) to Struts 2 tags (s:).
- org.openrewrite.java.struts.migrate2.MigrateStruts2
- Migrate to Struts 2.x from Struts 1.x
- Comprehensive migration from Struts 1.x to Struts 2.x framework.
- org.openrewrite.java.struts.migrate2.MigrateStrutsConfig
- Migrate
struts-config.xmltostruts.xml - Transforms Struts 1.x
struts-config.xmlto Struts 2.xstruts.xmlformat.
- Migrate
- org.openrewrite.java.struts.migrate2.MigrateWebXml
- Migrate web.xml from Struts 1 to Struts 2
- Converts Struts 1 ActionServlet configuration to Struts 2 StrutsPrepareAndExecuteFilter.
- org.openrewrite.java.struts.migrate6.MigrateAwareInterfaces
- Migrate Struts 2.0 interceptors to action "aware" interfaces
- These types have moved to a new package in Struts 6.0 and their methods have been renamed from set* to with*.
- org.openrewrite.java.struts.migrate6.MigrateDateTagFormat
- Migrate Struts date tag format patterns
- Converts SimpleDateFormat patterns in
<s:date>tags to DateTimeFormatter-compatible patterns. Struts 6.0 uses DateTimeFormatter instead of SimpleDateFormat, which has different pattern letter meanings.
- org.openrewrite.java.struts.migrate6.MigrateDynamicMethodInvocation
- Migrate Dynamic Method Invocation to explicit action mappings
- Identifies Struts configurations using Dynamic Method Invocation (DMI) and marks them for migration, as DMI is disabled by default in Struts 6 for security reasons.
- org.openrewrite.java.struts.migrate6.MigrateOpenSymphonyClasses
- Migrate OpenSymphony classes to Struts 6.0
- Migrate classes from
com.opensymphony.xwork2to their replacements inorg.apache.struts2.
- org.openrewrite.java.struts.migrate6.MigrateStaticOgnlMethodAccess
- Migrate static OGNL method access to action wrapper methods
- Migrates OGNL expressions using static method access (e.g.,
@com.app.Util@makeCode()) to use action wrapper methods instead. Static method access is disabled by default in Struts 6 for security reasons.
- org.openrewrite.java.struts.migrate6.MigrateStruts6
- Migrate to Struts 6.0
- Migrate Struts 2.x to Struts 6.0.
- org.openrewrite.java.struts.migrate6.MigrateStruts6Constants
- Migrate to Struts 6.0 constants
- All Xwork constants had been already deprecated, with this version all of them have been removed and Struts constants have been used instead.
- org.openrewrite.java.struts.migrate6.MigrateValidatorDtd
- Migrate
xwork-validatorDTD to 1.0.4 - Update
xwork-validatorDTD from 1.0.3 to 1.0.4 for Struts 6 compatibility.
- Migrate
- org.openrewrite.java.struts.migrate6.RemoveFreemarkerHtmlBuiltin
- Remove deprecated Freemarker
?htmlbuilt-in - Removes the deprecated
?htmlbuilt-in from Freemarker templates. After migrating to Struts 6 with the latest Freemarker (which enables auto-escaping by default), the?htmlbuilt-in is no longer needed and should be removed. See the Struts 2.5 to 6.0 migration guide.
- Remove deprecated Freemarker
- org.openrewrite.java.struts.migrate6.UpgradeStruts6Dependencies
- Upgrade Struts 6.0 dependencies
- Upgrade Struts 2.x dependencies to Struts 6.0.
- org.openrewrite.java.struts.migrate7.MigrateStruts7
- Migrate to Struts 7.0
- Migrate Struts 6.x to Struts 7.x.
- org.openrewrite.java.struts.migrate7.RenameOpenSymphonyToStruts2
- Rename OpenSymphony / XWork classes to Struts 7 packages
- Updates classes moved from com.opensymphony.xwork2.* to their new org.apache.struts2.* packages in Struts 7.
- org.openrewrite.java.struts.migrate7.UpdateStruts7Constants
- Align Struts XML constants for Struts 7
- Updates Struts XML constants that were renamed or tightened in Struts 7.
- org.openrewrite.java.struts.search.FindStaticOgnlMethodAccess
- Find static OGNL method access
- Find OGNL expressions that use static method access (e.g.,
@com.app.Util@makeCode()), which is disabled by default in Struts 6 for security reasons. These expressions need to be migrated to use action instance methods instead.
- org.openrewrite.java.struts.search.FindStrutsActions
- Find Struts actions
- Find actions and their associated definitions.
rewrite-tapestry
- org.openrewrite.tapestry.ChangeTapestryPackages
- Change Tapestry 4 packages to Tapestry 5
- Updates package imports from org.apache.tapestry to org.apache.tapestry5. Only renames packages that have direct equivalents in Tapestry 5.
- org.openrewrite.tapestry.ChangeTapestryTypes
- Change Tapestry 4 types to Tapestry 5 equivalents
- Renames Tapestry 4 types that have direct equivalents in Tapestry 5. This handles types from different packages that were reorganized in T5.
- org.openrewrite.tapestry.ConvertAnnotatedMethodToField
- Convert annotated abstract method to field
- Converts abstract getter methods annotated with
sourceAnnotationto private fields annotated withtargetAnnotation. Also removes corresponding abstract setter methods.
- org.openrewrite.tapestry.ConvertBeanAnnotation
- Convert Tapestry 4
@Beanto@Property - Converts Tapestry 4's
@Beanannotation to@Propertyfields. Bean initialization with 'initializer' attribute requires manual migration.
- Convert Tapestry 4
- org.openrewrite.tapestry.ConvertListenerInterfaces
- Convert Tapestry 4 listener interfaces to Tapestry 5 annotations
- Converts Tapestry 4 page lifecycle listener interfaces (
PageBeginRenderListener,PageEndRenderListener, etc.) to Tapestry 5 lifecycle annotations (@SetupRender,@CleanupRender, etc.) and removes the interface implementations.
- org.openrewrite.tapestry.MigrateTapestry4To5
- Migrate Tapestry 4 to Tapestry 5
- Migrates Apache Tapestry 4 applications to Tapestry 5. This includes package renames, removing base class inheritance, converting listener interfaces to annotations, and updating dependencies.
- org.openrewrite.tapestry.RemoveIRequestCycleParameter
- Remove
IRequestCycleparameters - Removes
IRequestCycleparameters from methods. In Tapestry 5, event handler methods don't receive the request cycle as a parameter.
- Remove
- org.openrewrite.tapestry.RemoveObsoleteFormTypes
- Remove obsolete Tapestry form types
- Removes field declarations and imports for Tapestry 4 form component types (
IPropertySelectionModel,StringPropertySelectionModel, etc.) that don't exist in Tapestry 5. Code using these types will need manual refactoring to use Tapestry 5'sSelectModelpattern.
- org.openrewrite.tapestry.RemoveTapestryBaseClasses
- Remove Tapestry 4 base classes
- Removes Tapestry 4 base class inheritance (
BasePage,BaseComponent,AbstractComponent) and converts the class to a POJO suitable for Tapestry 5. Abstract getter/setter methods are converted to fields with@Propertyannotation.
- org.openrewrite.tapestry.ReplaceReverseComparator
- Replace
ReverseComparatorwithCollections.reverseOrder() - Replaces tapestry-contrib's
ReverseComparatorwith the standard JavaCollections.reverseOrder()method.
- Replace
- org.openrewrite.tapestry.UpdateTapestryDependencies
- Update Tapestry dependencies
- Updates dependencies from Tapestry 4 to Tapestry 5.
rewrite-terraform
- org.openrewrite.terraform.AddConfiguration
- Add Terraform configuration
- If the configuration has a different value, leave it alone. If it is missing, add it.
- org.openrewrite.terraform.ChangeResourceAttribute
- Change Terraform resource attribute
- Change the value of a Terraform resource attribute if it matches a given pattern.
- org.openrewrite.terraform.MoveProviderVersionToRequiredProviders
- Move provider version to
required_providers - In Terraform 0.13+, version constraints should be specified in the
terraform \{ required_providers \{ ... \} \}block instead of theproviderblock. This recipe removes theversionattribute fromproviderblocks and adds it torequired_providers.
- Move provider version to
- org.openrewrite.terraform.SecureRandom
- Use a long enough byte length for
randomresources - Use a long enough byte length for
randomresources.
- Use a long enough byte length for
- org.openrewrite.terraform.UpgradeTerraformTo0_14
- Upgrade Terraform to 0.14
- Migrate Terraform configuration from 0.13 to 0.14. Moves version constraints from
providerblocks toterraform \{ required_providers \{ ... \} \}.
- org.openrewrite.terraform.aws.AWSBestPractices
- Best practices for AWS
- Securely operate on Amazon Web Services.
- org.openrewrite.terraform.aws.DisableInstanceMetadataServiceV1
- Disable Instance Metadata Service version 1
- As a request/response method IMDSv1 is prone to local misconfigurations.
- org.openrewrite.terraform.aws.EnableApiGatewayCaching
- Enable API gateway caching
- Enable caching for all methods of API Gateway.
- org.openrewrite.terraform.aws.EnableDynamoDbPITR
- Enable point-in-time recovery for DynamoDB
- DynamoDB Point-In-Time Recovery (PITR) is an automatic backup service for DynamoDB table data that helps protect your DynamoDB tables from accidental write or delete operations.
- org.openrewrite.terraform.aws.EnableECRScanOnPush
- Scan images pushed to ECR
- ECR Image Scanning assesses and identifies operating system vulnerabilities. Using automated image scans you can ensure container image vulnerabilities are found before getting pushed to production.
- org.openrewrite.terraform.aws.EncryptAuroraClusters
- Encrypt Aurora clusters
- Native Aurora encryption helps protect your cloud applications and fulfils compliance requirements for data-at-rest encryption.
- org.openrewrite.terraform.aws.EncryptCodeBuild
- Encrypt CodeBuild projects
- Build artifacts, such as a cache, logs, exported raw test report data files, and build results, are encrypted by default using CMKs for Amazon S3 that are managed by the AWS Key Management Service.
- org.openrewrite.terraform.aws.EncryptDAXStorage
- Encrypt DAX storage at rest
- DAX encryption at rest automatically integrates with AWS KMS for managing the single service default key used to encrypt clusters.
- org.openrewrite.terraform.aws.EncryptDocumentDB
- Encrypt DocumentDB storage
- The encryption feature available for Amazon DocumentDB clusters provides an additional layer of data protection by helping secure your data against unauthorized access to the underlying storage.
- org.openrewrite.terraform.aws.EncryptEBSSnapshots
- Encrypt EBS snapshots
- EBS snapshots should be encrypted, as they often include sensitive information, customer PII or CPNI.
- org.openrewrite.terraform.aws.EncryptEBSVolumeLaunchConfiguration
- Encrypt EBS volume launch configurations
- EBS volumes allow you to create encrypted launch configurations when creating EC2 instances and auto scaling. When the entire EBS volume is encrypted, data stored at rest on the volume, disk I/O, snapshots created from the volume, and data in-transit between EBS and EC2 are all encrypted.
- org.openrewrite.terraform.aws.EncryptEBSVolumes
- Encrypt EBS volumes
- Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed. AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots. Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.
- org.openrewrite.terraform.aws.EncryptEFSVolumesInECSTaskDefinitionsInTransit
- Encrypt EFS Volumes in ECS Task Definitions in transit
- Enable attached EFS definitions in ECS tasks to use encryption in transit.
- org.openrewrite.terraform.aws.EncryptElastiCacheRedisAtRest
- Encrypt ElastiCache Redis at rest
- ElastiCache for Redis offers default encryption at rest as a service.
- org.openrewrite.terraform.aws.EncryptElastiCacheRedisInTransit
- Encrypt ElastiCache Redis in transit
- ElastiCache for Redis offers optional encryption in transit. In-transit encryption provides an additional layer of data protection when transferring data over standard HTTPS protocol.
- org.openrewrite.terraform.aws.EncryptNeptuneStorage
- Encrypt Neptune storage
- Encryption of Neptune storage protects data and metadata against unauthorized access.
- org.openrewrite.terraform.aws.EncryptRDSClusters
- Encrypt RDS clusters
- Native RDS encryption helps protect your cloud applications and fulfils compliance requirements for data-at-rest encryption.
- org.openrewrite.terraform.aws.EncryptRedshift
- Encrypt Redshift storage at rest
- Redshift clusters should be securely encrypted at rest.
- org.openrewrite.terraform.aws.EnsureAWSCMKRotationIsEnabled
- Ensure AWS CMK rotation is enabled
- Ensure AWS CMK rotation is enabled.
- org.openrewrite.terraform.aws.EnsureAWSEFSWithEncryptionForDataAtRestIsEnabled
- Ensure AWS EFS with encryption for data at rest is enabled
- Ensure AWS EFS with encryption for data at rest is enabled.
- org.openrewrite.terraform.aws.EnsureAWSEKSClusterEndpointAccessIsPubliclyDisabled
- Ensure AWS EKS cluster endpoint access is publicly disabled
- Ensure AWS EKS cluster endpoint access is publicly disabled.
- org.openrewrite.terraform.aws.EnsureAWSElasticsearchDomainEncryptionForDataAtRestIsEnabled
- Ensure AWS Elasticsearch domain encryption for data at rest is enabled
- Ensure AWS Elasticsearch domain encryption for data at rest is enabled.
- org.openrewrite.terraform.aws.EnsureAWSElasticsearchDomainsHaveEnforceHTTPSEnabled
- Ensure AWS Elasticsearch domains have
EnforceHTTPSenabled - Ensure AWS Elasticsearch domains have
EnforceHTTPSenabled.
- Ensure AWS Elasticsearch domains have
- org.openrewrite.terraform.aws.EnsureAWSElasticsearchHasNodeToNodeEncryptionEnabled
- Ensure AWS Elasticsearch has node-to-node encryption enabled
- Ensure AWS Elasticsearch has node-to-node encryption enabled.
- org.openrewrite.terraform.aws.EnsureAWSIAMPasswordPolicyHasAMinimumOf14Characters
- Ensure AWS IAM password policy has a minimum of 14 characters
- Ensure AWS IAM password policy has a minimum of 14 characters.
- org.openrewrite.terraform.aws.EnsureAWSLambdaFunctionIsConfiguredForFunctionLevelConcurrentExecutionLimit
- Ensure AWS Lambda function is configured for function-level concurrent execution limit
- Ensure AWS Lambda function is configured for function-level concurrent execution limit.
- org.openrewrite.terraform.aws.EnsureAWSLambdaFunctionsHaveTracingEnabled
- Ensure AWS Lambda functions have tracing enabled
- Ensure AWS Lambda functions have tracing enabled.
- org.openrewrite.terraform.aws.EnsureAWSRDSDatabaseInstanceIsNotPubliclyAccessible
- Ensure AWS RDS database instance is not publicly accessible
- Ensure AWS RDS database instance is not publicly accessible.
- org.openrewrite.terraform.aws.EnsureAWSS3ObjectVersioningIsEnabled
- Ensure AWS S3 object versioning is enabled
- Ensure AWS S3 object versioning is enabled.
- org.openrewrite.terraform.aws.EnsureAmazonEKSControlPlaneLoggingEnabledForAllLogTypes
- Ensure Amazon EKS control plane logging enabled for all log types
- Ensure Amazon EKS control plane logging enabled for all log types.
- org.openrewrite.terraform.aws.EnsureCloudTrailLogFileValidationIsEnabled
- Ensure CloudTrail log file validation is enabled
- Ensure CloudTrail log file validation is enabled.
- org.openrewrite.terraform.aws.EnsureDataStoredInAnS3BucketIsSecurelyEncryptedAtRest
- Ensure data stored in an S3 bucket is securely encrypted at rest
- Ensure data stored in an S3 bucket is securely encrypted at rest.
- org.openrewrite.terraform.aws.EnsureDetailedMonitoringForEC2InstancesIsEnabled
- Ensure detailed monitoring for EC2 instances is enabled
- Ensure detailed monitoring for EC2 instances is enabled.
- org.openrewrite.terraform.aws.EnsureEC2IsEBSOptimized
- Ensure EC2 is EBS optimized
- Ensure EC2 is EBS optimized.
- org.openrewrite.terraform.aws.EnsureECRRepositoriesAreEncrypted
- Ensure ECR repositories are encrypted
- Ensure ECR repositories are encrypted.
- org.openrewrite.terraform.aws.EnsureEnhancedMonitoringForAmazonRDSInstancesIsEnabled
- Ensure enhanced monitoring for Amazon RDS instances is enabled
- Ensure enhanced monitoring for Amazon RDS instances is enabled.
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyExpiresPasswordsWithin90DaysOrLess
- Ensure IAM password policy expires passwords within 90 days or less
- Ensure IAM password policy expires passwords within 90 days or less.
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyPreventsPasswordReuse
- Ensure IAM password policy prevents password reuse
- Ensure IAM password policy prevents password reuse.
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneLowercaseLetter
- Ensure IAM password policy requires at least one lowercase letter
- Ensure IAM password policy requires at least one lowercase letter.
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneNumber
- Ensure IAM password policy requires at least one number
- Ensure IAM password policy requires at least one number.
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneSymbol
- Ensure IAM password policy requires at least one symbol
- Ensure IAM password policy requires at least one symbol.
- org.openrewrite.terraform.aws.EnsureIAMPasswordPolicyRequiresAtLeastOneUppercaseLetter
- Ensure IAM password policy requires at least one uppercase letter
- Ensure IAM password policy requires at least one uppercase letter.
- org.openrewrite.terraform.aws.EnsureKinesisStreamIsSecurelyEncrypted
- Ensure Kinesis Stream is securely encrypted
- Ensure Kinesis Stream is securely encrypted.
- org.openrewrite.terraform.aws.EnsureRDSDatabaseHasIAMAuthenticationEnabled
- Ensure RDS database has IAM authentication enabled
- Ensure RDS database has IAM authentication enabled.
- org.openrewrite.terraform.aws.EnsureRDSInstancesHaveMultiAZEnabled
- Ensure RDS instances have Multi-AZ enabled
- Ensure RDS instances have Multi-AZ enabled.
- org.openrewrite.terraform.aws.EnsureRespectiveLogsOfAmazonRDSAreEnabled
- Ensure respective logs of Amazon RDS are enabled
- Ensure respective logs of Amazon RDS are enabled.
- org.openrewrite.terraform.aws.EnsureTheS3BucketHasAccessLoggingEnabled
- Ensure the S3 bucket has access logging enabled
- Ensure the S3 bucket has access logging enabled.
- org.openrewrite.terraform.aws.EnsureVPCSubnetsDoNotAssignPublicIPByDefault
- Ensure VPC subnets do not assign public IP by default
- Ensure VPC subnets do not assign public IP by default.
- org.openrewrite.terraform.aws.ImmutableECRTags
- Make ECR tags immutable
- Amazon ECR supports immutable tags, preventing image tags from being overwritten. In the past, ECR tags could have been overwritten, this could be overcome by requiring users to uniquely identify an image using a naming convention.
- org.openrewrite.terraform.aws.UpgradeAwsAuroraMySqlToV3
- Upgrade AWS Aurora MySQL to version 3 (MySQL 8.0)
- Upgrade
engine_versionto Aurora MySQL version 3 (MySQL 8.0 compatible) onaws_rds_clusterresources and setallow_major_version_upgrade = trueto permit the major version change.
- org.openrewrite.terraform.aws.UpgradeAwsAuroraPostgresToV17
- Upgrade AWS Aurora PostgreSQL to 17
- Upgrade
engine_versionto Aurora PostgreSQL 17 onaws_rds_clusterresources and setallow_major_version_upgrade = trueto permit the major version change.
- org.openrewrite.terraform.aws.UpgradeAwsRdsMySqlToV8_4
- Upgrade AWS RDS MySQL to 8.4
- Upgrade
engine_versionto MySQL 8.4 onaws_db_instanceresources and setallow_major_version_upgrade = trueto permit the major version change.
- org.openrewrite.terraform.aws.UpgradeAwsRdsPostgresToV17
- Upgrade AWS RDS PostgreSQL to 17
- Upgrade
engine_versionto PostgreSQL 17 onaws_db_instanceresources and setallow_major_version_upgrade = trueto permit the major version change.
- org.openrewrite.terraform.aws.UseHttpsForCloudfrontDistribution
- Use HTTPS for Cloudfront distribution
- Secure communication by default.
- org.openrewrite.terraform.azure.AzureBestPractices
- Best practices for Azure
- Securely operate on Microsoft Azure.
- org.openrewrite.terraform.azure.DisableKubernetesDashboard
- Disable Kubernetes dashboard
- Disabling the dashboard eliminates it as an attack vector. The dashboard add-on is disabled by default for all new clusters created on Kubernetes 1.18 or greater.
- org.openrewrite.terraform.azure.EnableAzureStorageAccountTrustedMicrosoftServicesAccess
- Enable Azure Storage Account Trusted Microsoft Services access
- Certain Microsoft services that interact with storage accounts operate from networks that cannot be granted access through network rules. Using this configuration, you can allow the set of trusted Microsoft services to bypass those network rules.
- org.openrewrite.terraform.azure.EnableAzureStorageSecureTransferRequired
- Enable Azure Storage secure transfer required
- Microsoft recommends requiring secure transfer for all storage accounts.
- org.openrewrite.terraform.azure.EnableGeoRedundantBackupsOnPostgreSQLServer
- Enable geo-redundant backups on PostgreSQL server
- Ensure PostgreSQL server enables geo-redundant backups.
- org.openrewrite.terraform.azure.EncryptAzureVMDataDiskWithADECMK
- Encrypt Azure VM data disk with ADE/CMK
- Ensure Azure VM data disk is encrypted with ADE/CMK.
- org.openrewrite.terraform.azure.EnsureAKSPoliciesAddOn
- Ensure AKS policies add-on
- Azure Policy Add-on for Kubernetes service (AKS) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements and safeguards on your clusters in a centralized, consistent manner.
- org.openrewrite.terraform.azure.EnsureAKVSecretsHaveAnExpirationDateSet
- Ensure AKV secrets have an expiration date set
- Ensure AKV secrets have an expiration date set.
- org.openrewrite.terraform.azure.EnsureASecurityContactPhoneNumberIsPresent
- Ensure a security contact phone number is present
- Ensure a security contact phone number is present.
- org.openrewrite.terraform.azure.EnsureActivityLogRetentionIsSetTo365DaysOrGreater
- Ensure activity log retention is set to 365 days or greater
- Ensure activity log retention is set to 365 days or greater.
- org.openrewrite.terraform.azure.EnsureAllKeysHaveAnExpirationDate
- Ensure all keys have an expiration date
- Ensure all keys have an expiration date.
- org.openrewrite.terraform.azure.EnsureAppServiceEnablesDetailedErrorMessages
- Ensure app service enables detailed error messages
- Ensure app service enables detailed error messages.
- org.openrewrite.terraform.azure.EnsureAppServiceEnablesFailedRequestTracing
- Ensure app service enables failed request tracing
- Ensure app service enables failed request tracing.
- org.openrewrite.terraform.azure.EnsureAppServiceEnablesHTTPLogging
- Ensure app service enables HTTP logging
- Ensure app service enables HTTP logging.
- org.openrewrite.terraform.azure.EnsureAppServicesUseAzureFiles
- Ensure app services use Azure files
- Ensure app services use Azure files.
- org.openrewrite.terraform.azure.EnsureAzureAppServiceWebAppRedirectsHTTPToHTTPS
- Ensure Azure App Service Web app redirects HTTP to HTTPS
- Ensure Azure App Service Web app redirects HTTP to HTTPS.
- org.openrewrite.terraform.azure.EnsureAzureApplicationGatewayHasWAFEnabled
- Ensure Azure application gateway has WAF enabled
- Ensure Azure application gateway has WAF enabled.
- org.openrewrite.terraform.azure.EnsureAzureKeyVaultIsRecoverable
- Ensure Azure key vault is recoverable
- Ensure Azure key vault is recoverable.
- org.openrewrite.terraform.azure.EnsureAzureNetworkWatcherNSGFlowLogsRetentionIsGreaterThan90Days
- Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days
- Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days.
- org.openrewrite.terraform.azure.EnsureAzurePostgreSQLDatabaseServerWithSSLConnectionIsEnabled
- Ensure Azure PostgreSQL database server with SSL connection is enabled
- Ensure Azure PostgreSQL database server with SSL connection is enabled.
- org.openrewrite.terraform.azure.EnsureAzureSQLServerAuditLogRetentionIsGreaterThan90Days
- Ensure Azure SQL server audit log retention is greater than 90 days
- Ensure Azure SQL server audit log retention is greater than 90 days.
- org.openrewrite.terraform.azure.EnsureAzureSQLServerSendAlertsToFieldValueIsSet
- Ensure Azure SQL server send alerts to field value is set
- Ensure Azure SQL server send alerts to field value is set.
- org.openrewrite.terraform.azure.EnsureAzureSQLServerThreatDetectionAlertsAreEnabledForAllThreatTypes
- Ensure Azure SQL Server threat detection alerts are enabled for all threat types
- Ensure Azure SQL Server threat detection alerts are enabled for all threat types.
- org.openrewrite.terraform.azure.EnsureFTPDeploymentsAreDisabled
- Ensure FTP Deployments are disabled
- Ensure FTP Deployments are disabled.
- org.openrewrite.terraform.azure.EnsureKeyVaultAllowsFirewallRulesSettings
- Ensure key vault allows firewall rules settings
- Ensure key vault allows firewall rules settings.
- org.openrewrite.terraform.azure.EnsureKeyVaultEnablesPurgeProtection
- Ensure key vault enables purge protection
- Ensure key vault enables purge protection.
- org.openrewrite.terraform.azure.EnsureKeyVaultKeyIsBackedByHSM
- Ensure key vault key is backed by HSM
- Ensure key vault key is backed by HSM.
- org.openrewrite.terraform.azure.EnsureKeyVaultSecretsHaveContentTypeSet
- Ensure key vault secrets have
content_typeset - Ensure key vault secrets have
content_typeset.
- Ensure key vault secrets have
- org.openrewrite.terraform.azure.EnsureLogProfileIsConfiguredToCaptureAllActivities
- Ensure log profile is configured to capture all activities
- Ensure log profile is configured to capture all activities.
- org.openrewrite.terraform.azure.EnsureMSSQLServersHaveEmailServiceAndCoAdministratorsEnabled
- Ensure MSSQL servers have email service and co-administrators enabled
- Ensure MSSQL servers have email service and co-administrators enabled.
- org.openrewrite.terraform.azure.EnsureManagedIdentityProviderIsEnabledForAppServices
- Ensure managed identity provider is enabled for app services
- Ensure managed identity provider is enabled for app services.
- org.openrewrite.terraform.azure.EnsureMySQLIsUsingTheLatestVersionOfTLSEncryption
- Ensure MySQL is using the latest version of TLS encryption
- Ensure MySQL is using the latest version of TLS encryption.
- org.openrewrite.terraform.azure.EnsureMySQLServerDatabasesHaveEnforceSSLConnectionEnabled
- Ensure MySQL server databases have Enforce SSL connection enabled
- Ensure MySQL server databases have Enforce SSL connection enabled.
- org.openrewrite.terraform.azure.EnsureMySQLServerDisablesPublicNetworkAccess
- Ensure MySQL server disables public network access
- Ensure MySQL server disables public network access.
- org.openrewrite.terraform.azure.EnsureMySQLServerEnablesGeoRedundantBackups
- Ensure MySQL server enables geo-redundant backups
- Ensure MySQL server enables geo-redundant backups.
- org.openrewrite.terraform.azure.EnsureMySQLServerEnablesThreatDetectionPolicy
- Ensure MySQL server enables Threat Detection policy
- Ensure MySQL server enables Threat Detection policy.
- org.openrewrite.terraform.azure.EnsurePostgreSQLServerDisablesPublicNetworkAccess
- Ensure PostgreSQL server disables public network access
- Ensure PostgreSQL server disables public network access.
- org.openrewrite.terraform.azure.EnsurePostgreSQLServerEnablesInfrastructureEncryption
- Ensure PostgreSQL server enables infrastructure encryption
- Ensure PostgreSQL server enables infrastructure encryption.
- org.openrewrite.terraform.azure.EnsurePostgreSQLServerEnablesThreatDetectionPolicy
- Ensure PostgreSQL server enables Threat Detection policy
- Ensure PostgreSQL server enables Threat Detection policy.
- org.openrewrite.terraform.azure.EnsurePublicNetworkAccessEnabledIsSetToFalseForMySQLServers
- Ensure public network access enabled is set to False for mySQL servers
- Ensure public network access enabled is set to False for mySQL servers.
- org.openrewrite.terraform.azure.EnsureSendEmailNotificationForHighSeverityAlertsIsEnabled
- Ensure Send email notification for high severity alerts is enabled
- Ensure Send email notification for high severity alerts is enabled.
- org.openrewrite.terraform.azure.EnsureSendEmailNotificationForHighSeverityAlertsToAdminsIsEnabled
- Ensure Send email notification for high severity alerts to admins is enabled
- Ensure Send email notification for high severity alerts to admins is enabled.
- org.openrewrite.terraform.azure.EnsureStandardPricingTierIsSelected
- Ensure standard pricing tier is selected
- Ensure standard pricing tier is selected.
- org.openrewrite.terraform.azure.EnsureStorageAccountUsesLatestTLSVersion
- Ensure storage account uses latest TLS version
- Communication between an Azure Storage account and a client application is encrypted using Transport Layer Security (TLS). Microsoft recommends using the latest version of TLS for all your Microsoft Azure App Service web applications.
- org.openrewrite.terraform.azure.EnsureTheStorageContainerStoringActivityLogsIsNotPubliclyAccessible
- Ensure the storage container storing activity logs is not publicly accessible
- Ensure the storage container storing activity logs is not publicly accessible.
- org.openrewrite.terraform.azure.EnsureWebAppHasIncomingClientCertificatesEnabled
- Ensure Web App has incoming client certificates enabled
- Ensure Web App has incoming client certificates enabled.
- org.openrewrite.terraform.azure.EnsureWebAppUsesTheLatestVersionOfHTTP
- Ensure Web App uses the latest version of HTTP
- Ensure Web App uses the latest version of HTTP.
- org.openrewrite.terraform.azure.EnsureWebAppUsesTheLatestVersionOfTLSEncryption
- Ensure Web App uses the latest version of TLS encryption
- Ensure Web App uses the latest version of TLS encryption.
- org.openrewrite.terraform.azure.SetAzureStorageAccountDefaultNetworkAccessToDeny
- Set Azure Storage Account default network access to deny
- Ensure Azure Storage Account default network access is set to Deny.
- org.openrewrite.terraform.gcp.EnablePodSecurityPolicyControllerOnGKEClusters
- Enable
PodSecurityPolicycontroller on Google Kubernetes Engine (GKE) clusters - Ensure
PodSecurityPolicycontroller is enabled on Google Kubernetes Engine (GKE) clusters.
- Enable
- org.openrewrite.terraform.gcp.EnableVPCFlowLogsAndIntranodeVisibility
- Enable VPC flow logs and intranode visibility
- Enable VPC flow logs and intranode visibility.
- org.openrewrite.terraform.gcp.EnableVPCFlowLogsForSubnetworks
- Enable VPC Flow Logs for subnetworks
- Ensure GCP VPC flow logs for subnets are enabled. Flow Logs capture information on IP traffic moving through network interfaces. This information can be used to monitor anomalous traffic and provide security insights.
- org.openrewrite.terraform.gcp.EnsureBinaryAuthorizationIsUsed
- Ensure binary authorization is used
- Ensure binary authorization is used.
- org.openrewrite.terraform.gcp.EnsureComputeInstancesLaunchWithShieldedVMEnabled
- Ensure compute instances launch with shielded VM enabled
- Ensure compute instances launch with shielded VM enabled.
- org.openrewrite.terraform.gcp.EnsureGCPCloudStorageBucketWithUniformBucketLevelAccessAreEnabled
- Ensure GCP cloud storage bucket with uniform bucket-level access are enabled
- Ensure GCP cloud storage bucket with uniform bucket-level access are enabled.
- org.openrewrite.terraform.gcp.EnsureGCPKubernetesClusterNodeAutoRepairConfigurationIsEnabled
- Ensure GCP Kubernetes cluster node auto-repair configuration is enabled
- Ensure GCP Kubernetes cluster node auto-repair configuration is enabled.
- org.openrewrite.terraform.gcp.EnsureGCPKubernetesEngineClustersHaveLegacyComputeEngineMetadataEndpointsDisabled
- Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled
- Ensure GCP Kubernetes engine clusters have legacy compute engine metadata endpoints disabled.
- org.openrewrite.terraform.gcp.EnsureGCPVMInstancesHaveBlockProjectWideSSHKeysFeatureEnabled
- Ensure GCP VM instances have block project-wide SSH keys feature enabled
- Ensure GCP VM instances have block project-wide SSH keys feature enabled.
- org.openrewrite.terraform.gcp.EnsureIPForwardingOnInstancesIsDisabled
- Ensure IP forwarding on instances is disabled
- Ensure IP forwarding on instances is disabled.
- org.openrewrite.terraform.gcp.EnsurePrivateClusterIsEnabledWhenCreatingKubernetesClusters
- Ensure private cluster is enabled when creating Kubernetes clusters
- Ensure private cluster is enabled when creating Kubernetes clusters.
- org.openrewrite.terraform.gcp.EnsureSecureBootForShieldedGKENodesIsEnabled
- Ensure secure boot for shielded GKE nodes is enabled
- Ensure secure boot for shielded GKE nodes is enabled.
- org.openrewrite.terraform.gcp.EnsureShieldedGKENodesAreEnabled
- Ensure shielded GKE nodes are enabled
- Ensure shielded GKE nodes are enabled.
- org.openrewrite.terraform.gcp.EnsureTheGKEMetadataServerIsEnabled
- Ensure the GKE metadata server is enabled
- Ensure the GKE metadata server is enabled.
- org.openrewrite.terraform.gcp.GCPBestPractices
- Best practices for GCP
- Securely operate on Google Cloud Platform.
- org.openrewrite.terraform.search.FindRequiredProvider
- Find required providers
- Find
required_providersblocks in Terraform configuration files. Produces a data table of the provider names and their versions.
- org.openrewrite.terraform.search.FindResource
- Find Terraform resource
- Find a Terraform resource by resource type.
- org.openrewrite.terraform.terraform012.RemoveInterpolationOnlyExpressions
- Remove interpolation-only expressions
- Remove unnecessary interpolation expressions like
"$\{var.foo\}"in favor of first-class expression syntaxvar.foo, as supported in Terraform 0.12+.
- org.openrewrite.terraform.terraform012.ReplaceDeprecatedCollectionFunctions
- Replace deprecated
list()andmap()functions - In Terraform 0.12+, the
list()function is replaced by[...]tuple syntax and themap()function is replaced by\{...\}object syntax.
- Replace deprecated
- org.openrewrite.terraform.terraform012.UnquoteTypeConstraints
- Unquote variable type constraints
- In Terraform 0.12+, variable type constraints should be bare types instead of quoted strings. For example,
type = "string"becomestype = string.
- org.openrewrite.terraform.terraform012.UpgradeTerraformTo0_12
- Upgrade Terraform to 0.12
- Migrate Terraform configuration from 0.11 (HCL1) to 0.12 (HCL2) syntax. Removes interpolation-only expressions, unquotes type constraints, replaces deprecated collection functions, and fixes legacy index syntax.
- org.openrewrite.terraform.terraform013.UpgradeRequiredProvidersSyntax
- Upgrade
required_providersto object syntax - In Terraform 0.13+,
required_providersentries should use the object syntax with explicitsourceandversionattributes instead of a plain version string. For example,aws = "~> 3.0"becomesaws = \{ source = "hashicorp/aws", version = "~> 3.0" \}.
- Upgrade
- org.openrewrite.terraform.terraform013.UpgradeTerraformTo0_13
- Upgrade Terraform to 0.13
- Migrate Terraform configuration from 0.12 to 0.13 syntax. Upgrades
required_providersentries from shorthand version strings to the object syntax with explicitsourceandversionattributes.
- org.openrewrite.terraform.terraform015.FindRemovedProvisioners
- Find removed provisioners
- Find usage of provisioners that were removed in Terraform 0.15:
chef,habitat,puppet, andsalt-masterless.
- org.openrewrite.terraform.terraform015.UpgradeTerraformTo0_15
- Upgrade Terraform to 0.15
- Migrate Terraform configuration from 0.14 to 0.15. Finds usage of provisioners that were removed in Terraform 0.15:
chef,habitat,puppet, andsalt-masterless.
rewrite-vulncheck
- io.moderne.vulncheck.FixVulnCheckVulnerabilities
- Use VulnCheck Exploit Intelligence to fix vulnerabilities
- This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the
maximumUpgradeDeltaoption. Vulnerability information comes from VulnCheck Vulnerability Intelligence. The recipe has an option to limit fixes to only those vulnerabilities that have evidence of exploitation at various levels of severity.