Update dependency com.pinterest.ktlint:ktlint-ruleset-standard to v1.8.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
com.pinterest.ktlint:ktlint-ruleset-standard	1.7.1 → 1.8.0

---

Release Notes

pinterest/ktlint (com.pinterest.ktlint:ktlint-ruleset-standard)

v1.8.0

Compare Source

🆕 Features

• Set languageVersion to KOTLIN_2_0 to ensure metadata compatibility with Kotlin 2.0 - #​3110, by @​hugoncosta

• Simplify creation of a custom ruleset - #​3118, by @​paul-dingemans

• Add rule then-spacing - #​3129, by @​paul-dingemans

• Add CLI option '--ignore-autocorrect-failures' - #​3157, by @​paul-dingemans

• Allow _ as backing property name (needed for KEEP-412) - #​3166, by @​serras

• Promote experimental rules to standard rules - #​3171, by @​paul-dingemans:

  • blank-line-between-when-conditions
  • kdoc
  • "mixed-condition-operators"
  • square-brackets-spacing
  • when-entry-bracing

🔧 Fixes

• Fix link to maven wrapper - #​3112, by @​paul-dingemans

• Fix links in documentation, and fix some typo's/formatting - #​3127, by @​paul-dingemans

• Fix indent of function parameter with multiline expression in android_studio - #​3131, by @​paul-dingemans

• fix(deps): update dependency com.vanniktech:gradle-maven-publish-plugin to v0.35.0 - #​3169, by @​renovate[bot]

💬 Other

• Validate @​SinceKtlint annotations with test and uniformize existing rules - #​3101, by @​hugoncosta

• Fix snapshot repository location - #​3106, by @​paul-dingemans

• Add code vulnerability scanning with CodeQL - #​3113, by @​paul-dingemans

• Disable gradle build cache in code scanning workflow - #​3116, by @​paul-dingemans

• Restrict access to GitHub token to "contents: read" - #​3115, by @​paul-dingemans

• Change language for code-scanning workflow to 'kotlin' - #​3117, by @​paul-dingemans

• Allow publication documents workflow to write to Github pages - #​3121, by @​paul-dingemans

• Allow manual dispatch of workflow for publishing documentation - #​3122, by @​paul-dingemans

• Set contents write permission on workflows for publishing documentation - #​3123, by @​paul-dingemans

• Switch publication config to vanniktech's maven-publish plugin - #​3068, by @​mateuszkwiecinski

• Add SECURITY.md file - #​3114, by @​paul-dingemans

• Add public key to GitHub - #​3139, by @​shashachu

• Ignore renovate updates for JUnit v6 as it requires Java17+ - #​3146, by @​paul-dingemans

v1.7.2

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Pull Request Review: ktlint-ruleset-standard v1.8.0 Update

Summary

This PR updates the ktlint-ruleset-standard dependency from v1.7.1 to v1.8.0. This is an automated Renovate PR that includes bug fixes and new features from the ktlint project.

Code Quality ✅

Positive aspects:

• Clean, minimal change - only updates the version number in the TOML catalog
• Follows the project's dependency management pattern using Gradle version catalogs
• The dependency is properly referenced in SpotlessConventionPlugin.kt:21 via libs.ktlint.ruleset.standard

Potential Issues ⚠️

1. New Rules Promoted to Standard

The v1.8.0 release promotes 5 experimental rules to standard rules:

• blank-line-between-when-conditions
• kdoc
• mixed-condition-operators
• square-brackets-spacing
• when-entry-bracing

Impact: These rules are now enabled by default and may trigger new violations in the codebase that weren't previously flagged.

Recommendation: Before merging, run ./gradlew spotlessCheck (or the equivalent spotless task) to verify no new violations are introduced. If violations are found, either:

1. Fix them with ./gradlew spotlessApply
2. Disable specific rules in .editorconfig if they conflict with project style

2. New then-spacing Rule

A new rule for spacing around then keywords has been added.

Impact: May affect formatting of code using then (though this is less common in Kotlin).

3. Compatibility Check

The release sets languageVersion to KOTLIN_2_0 for metadata compatibility.

Status: ✅ Project is using Kotlin 2.2.21, so this is fully compatible.

Performance Considerations ✅

No performance concerns expected. Linting rules are applied during build time and won't affect runtime performance.

Security Concerns ✅

No security issues identified. This is a linting/formatting tool dependency that:

• Only runs at build time
• Comes from a trusted source (Pinterest's ktlint project)
• Has no runtime impact on the application

Test Coverage 📋

Recommendations:

1. Run the full linting suite:

   ./gradlew spotlessCheck

2. If violations are found, apply fixes:

   ./gradlew spotlessApply

3. Verify all checks pass:

   ./gradlew check

4. Consider running konsist tests (if they validate code style):

   ./gradlew konsist-test:test

Breaking Changes 🔍

Based on the changelog, this is a minor version update with:

• ✅ New features (promoted rules)
• ✅ Bug fixes (indent fixes, documentation updates)
• ❌ No documented breaking changes

However, the newly promoted rules may require code formatting adjustments.

Recommendations

Before Merging:

1. ✅ Verify CI checks pass - ensure all automated checks complete successfully
2. ⚠️ Check for formatting changes - run ./gradlew spotlessCheck to identify any new violations
3. ⚠️ Review any auto-formatting - if running spotlessApply, review the changes to ensure they're acceptable

Optional Considerations:

• If the new promoted rules conflict with project style preferences, add them to .editorconfig as disabled (similar to the existing ktlint_standard_import-ordering = disabled on line 10)

Overall Assessment

Status: Approved with recommendations ✅

This is a routine dependency update that should be safe to merge, provided that:

1. CI checks pass
2. No new linting violations are introduced (or they're resolved)

The update brings valuable improvements including bug fixes and standardized rules that will improve code consistency across the project.

---

🤖 Generated with Claude Code

[claude]

Code Review - PR #763: Update ktlint-ruleset-standard to v1.8.0

Summary

This PR updates ktlint-ruleset-standard from version 1.7.1 to 1.8.0. This is a Renovate-generated dependency update that introduces new linting rules and improvements to the ktlint standard ruleset.

---

Code Quality and Best Practices ✅

Overall Assessment: GOOD

• Single Dependency Update: The change is minimal and focused - only updating the version number in gradle/libs.versions.toml:43
• Version Catalog Usage: Properly uses Gradle version catalogs, maintaining consistency with the project's dependency management strategy
• Integration: The dependency is correctly referenced in SpotlessConventionPlugin.kt:21 as part of the custom rulesets

---

Potential Issues and Considerations ⚠️

1. New Standard Rules Promoted from Experimental

Ktlint 1.8.0 promotes several experimental rules to standard:

• blank-line-between-when-conditions
• kdoc
• mixed-condition-operators
• square-brackets-spacing
• when-entry-bracing

Impact: These rules will now be active by default and may introduce new formatting violations in your codebase.

Recommendation:

# Run spotlessCheck to identify any new violations
./gradlew spotlessCheck

# If violations are found, either:
# 1. Auto-fix them with:
./gradlew spotlessApply

# 2. Or disable specific rules in .editorconfig if they conflict with Detekt or project style

2. New Rule: then-spacing

A new rule for spacing around then keywords has been added.

Action: Monitor for any new violations related to conditional expressions.

3. Potential Detekt Conflicts

Your .editorconfig:10 already disables ktlint_standard_import-ordering due to Detekt conflicts. The new promoted rules (especially kdoc) might also conflict with Detekt's documentation rules.

Recommendation: If CI fails with conflicting rule violations, consider adding to .editorconfig:

ktlint_standard_kdoc = disabled  # If conflicts with Detekt

---

Performance Considerations ✅

No Performance Impact Expected

• This is a linting tool dependency that runs at build/CI time only
• No runtime impact on the application
• The new rules may slightly increase linting time, but this should be negligible

---

Security Concerns ✅

No Security Issues Identified

• This is an official Pinterest ktlint release (verified source)
• Dependency comes from Maven Central
• No known security vulnerabilities in ktlint 1.8.0
• The update includes metadata compatibility improvements with Kotlin 2.0

---

Test Coverage 📋

CI Pipeline Coverage: GOOD

Your CI workflow (.github/workflows/check.yml) includes:

• ✅ spotlessCheck job (line 118-134) - Will validate ktlint compliance
• ✅ detektCheck job - Will catch any rule conflicts
• ✅ Unit tests - Ensure code functionality isn't affected
• ✅ Build verification

Recommendation:

• Wait for CI to complete before merging
• Review any spotlessCheck failures carefully
• If CI passes, the update is safe to merge

---

Action Items Before Merging

1. Monitor CI Pipeline: Ensure all checks pass, especially spotlessCheck
2. Review Spotless Report: If spotlessCheck fails, review the artifact report to see which new rules are being violated
3. Consider Auto-fix: Run ./gradlew spotlessApply locally if there are violations that should be auto-formatted
4. Update .editorconfig if Needed: Disable any new rules that conflict with Detekt or project conventions

---

Verdict: ✅ APPROVE WITH RECOMMENDATIONS

This is a safe and beneficial update that:

• ✅ Keeps dependencies current
• ✅ Improves Kotlin 2.0 metadata compatibility
• ✅ Adds valuable linting rules for code quality
• ✅ Follows project conventions

Merge after CI passes. If CI fails due to new rule violations, decide whether to:

1. Accept the violations and auto-fix with spotlessApply, or
2. Disable specific conflicting rules in .editorconfig

---

Review generated by Claude Code

[claude]

Comprehensive Code Review - Android Showcase Project

I've conducted a thorough code review of the Android Showcase codebase. While this PR is a dependency update, I'm providing comprehensive feedback on the overall codebase quality, potential issues, and recommendations.

📊 Executive Summary

Overall Assessment: 7.5/10

The project demonstrates excellent adherence to Clean Architecture, strong test coverage, and modern Android development practices. However, several critical security and stability issues require immediate attention.

---

✅ Strengths

Architecture & Code Quality (9/10)

Clean Architecture Implementation - Excellent

• Clear separation of layers: domain/, data/, presentation/
• Konsist tests enforce architecture rules (konsist-test/)
• Proper dependency flow: Presentation → Domain ← Data
• Feature modularity: album, settings, favourite, base

Modern Kotlin Practices - Very Good

• Modern idioms with sealed interfaces, data classes
• Proper coroutine usage with suspend functions
• Extension functions for clean mapping
• Type-safe Gradle project accessors

Dependency Injection (Koin) - Good

• Modular DI setup per feature
• Lifecycle management handled correctly

Test Coverage (8/10) - Excellent

• Comprehensive unit tests for ViewModels, UseCases, Repositories
• Mapper tests with good coverage
• Outstanding Konsist architecture tests - This is a best practice many projects lack!
• Repository tests cover API success, error, and exception cases

---

🚨 Critical Issues (Must Fix)

1. Database Query Crash Risk

Location: feature/album/src/main/kotlin/.../database/AlbumDao.kt:14-19

@Query("SELECT * FROM albums where artist = :artistName and name = :albumName and mbId = :mbId")
suspend fun getAlbum(
    artistName: String,
    albumName: String,
    mbId: String?,
): AlbumRoomModel  // ❌ Non-nullable return

Problem: Returns non-nullable AlbumRoomModel but may not find a match
Impact: App crash when offline and album not in cache
Fix: Return AlbumRoomModel? and handle null case in repository

2. Cleartext Traffic Enabled Globally

Location: app/src/main/AndroidManifest.xml:21

android:usesCleartextTraffic="true">  <!-- ❌ Enabled in production -->

Problem: Cleartext traffic allowed globally, not just in debug
Impact: App allows unencrypted HTTP connections in production
Fix: Remove or set to false and rely on network security config

3. API Token Exposed in Repository

Location: gradle.properties:23

apiToken="70696db59158cb100370ad30a7a705c1"  # ❌ Public token

Problem: API token hardcoded in version-controlled file
Impact: Token is public and can be extracted from APK
Fix:

• Use local.properties (gitignored) for local development
• Use environment variables or secure storage for production
• Implement token refresh mechanism

4. ProGuard Disabled in Release

Location: app/build.gradle.kts:22

isMinifyEnabled = false  // ❌ Disabled

Impact: Larger APK, easier to reverse engineer, exposed internals
Fix: Enable with proper ProGuard rules for Retrofit, Room, Koin, Kotlinx Serialization

5. Hardcoded Error Codes

Location: feature/base/src/main/kotlin/.../ApiResultCall.kt:32

} ?: callback.onResponse(this@ApiResultCall, Response.success(ApiResult.Error(123, "message")))

Problem: Hardcoded error code 123 and message "message"
Fix:

} ?: callback.onResponse(this@ApiResultCall, Response.success(ApiResult.Error(response.code(), response.message())))

6. Missing Database Migrations

Location: feature/album/src/main/kotlin/.../AlbumDatabase.kt:7

@Database(entities = [AlbumRoomModel::class], version = 1, exportSchema = false)

Problem: exportSchema = false disables schema export
Impact: No migration path, users lose data on upgrades
Fix: Set exportSchema = true and provide migration strategies

---

⚠️ Important Issues (Should Fix Soon)

7. Duplicate HttpLoggingInterceptor

Location: app/src/main/kotlin/.../AppKoinModule.kt:23-59

Two HttpLoggingInterceptor instances created - first one (lines 24-29) never used
Fix: Remove lines 24-29

8. Incomplete Error Code Coverage

Location: feature/base/src/main/kotlin/.../ApiResultCall.kt:21-31

Only handles codes 200-208 and 400-409
Impact: Server errors (500-599) not handled
Fix: Add default case or expand range coverage

9. StateTimeTravelDebugger NPE Risk

Location: feature/base/src/main/kotlin/.../StateTimeTravelDebugger.kt:64

fun logLast() {
    val states = listOf(stateTimeline.last())  // ❌ Can throw if empty

Fix: Add check for empty timeline

10. Enum valueOf Can Crash

Location: feature/album/src/main/kotlin/.../ImageSizeApiModel.kt:29

internal fun ImageSizeApiModel.toDomainModel() = ImageSize.valueOf(this.name)

Problem: If API adds new size, throws IllegalArgumentException
Fix: Use try-catch or when expression with UNKNOWN case

---

🔒 Security Concerns

Network Security Config Only in Debug

• Location: app/src/debug/res/xml/network_security_config.xml
• Cleartext traffic permitted for API domain in debug (acceptable)
• Verify API actually uses HTTPS

Incomplete ProGuard Rules

• Location: app/proguard-rules.pro
• File only has template comments, no actual rules
• When minification enabled, app will likely crash

Data Backup Configuration

✅ Good: Backup properly disabled

• allowBackup="false" in manifest
• Explicit exclusions in data_extraction_rules.xml

---

🚀 Performance Considerations

Missing Pagination

Location: feature/album/src/main/kotlin/.../AlbumRetrofitService.kt:13

Fixed limit of 60, no pagination support
Recommendation: Implement Paging 3 library

Compose Recomposition Issue

Location: feature/album/src/main/kotlin/.../SearchBarComposable.kt:41-51

LaunchedEffect(textFieldValue.text, onSearch, onQueryChange) {  // ❌ Lambdas in deps

Problem: Lambdas in dependencies cause unnecessary recompositions
Fix: Remove lambdas from dependencies or use rememberUpdatedState

Image Loading

Location: feature/base/src/main/kotlin/.../PlaceholderImage.kt:30-38

Missing: error drawable, size configuration, memory cache strategy
Recommendation: Configure Coil properly for production use

---

📝 Code Quality Issues

Mapper Pattern Inconsistency

Both extension functions AND Mapper classes exist for same conversions:

• Extension: AlbumApiModel.toDomainModel()
• Mapper class: AlbumMapper.apiToDomain()

Recommendation: Standardize on one approach (Mapper classes for testability)

Silent Failure in Repository

Location: feature/album/src/main/kotlin/.../AlbumRepositoryImpl.kt:36-44

When API throws exception, always returns Result.Success with cached data
Issue: If cache empty, returns empty list as success instead of failure
Fix: Check if cached data exists before returning success

---

🧪 Test Coverage Gaps

Missing Tests

• ❌ Integration tests - No tests combining layers
• ❌ UI tests - No Compose UI tests with ComposeTestRule
• ❌ Database tests - No Room DAO tests with in-memory database
• ❌ Interceptor tests - AuthenticationInterceptor and UserAgentInterceptor not tested

Test Quality Issue

Location: Multiple repository tests

Using runBlocking instead of runTest
Impact: Tests don't use TestDispatcher, timing issues possible
Fix: Use runTest consistently (already used in ViewModel tests)

---

💡 Recommendations

Immediate Action (Before Production)

1. ✅ Fix database DAO to return nullable
2. ✅ Remove/restrict cleartext traffic
3. ✅ Secure API token storage
4. ✅ Enable ProGuard with proper rules
5. ✅ Fix hardcoded error codes
6. ✅ Enable database schema export and migrations

Short Term

7. Remove duplicate HttpLoggingInterceptor
8. Add comprehensive error code handling
9. Fix NPE risks in debug utilities
10. Add try-catch for enum conversions
11. Standardize mapper pattern
12. Add database, UI, and integration tests

Long Term

13. Implement pagination with Paging 3
14. Add certificate pinning for production
15. Optimize Compose recompositions
16. Complete or remove favourite module (currently placeholder)
17. Configure image loading properly

---

🎯 Conclusion

This is a well-architected Android showcase project with:

• ✅ Excellent Clean Architecture implementation
• ✅ Strong test coverage with outstanding Konsist tests
• ✅ Modern Android development practices
• ✅ Good module organization

However, critical security and stability issues must be addressed:

• 🚨 Database crash risks
• 🚨 Security misconfigurations
• 🚨 Missing error handling

Recommendation: Address critical issues (1-6) before any production use. The architectural foundation is solid, but operational readiness needs improvement.

---

Generated with Claude Code - Comprehensive analysis of 233 files across multiple feature modules

[claude]

Pull Request Review: ktlint-ruleset-standard v1.8.0 Update

Summary

This PR updates ktlint-ruleset-standard from version 1.7.1 to 1.8.0. The dependency is used as a custom ruleset in Spotless for Kotlin code formatting and linting (SpotlessConventionPlugin.kt:21).

---

✅ Code Quality & Best Practices

LGTM - The change follows proper dependency management practices:

• Version is centrally managed in gradle/libs.versions.toml (line 43)
• Single line change, minimal surface area for issues
• Follows the project's convention of using Gradle version catalogs

---

🔍 Potential Issues & Considerations

New Rules Promoted to Standard:
According to the ktlint 1.8.0 release notes, several experimental rules have been promoted to standard rules:

• blank-line-between-when-conditions
• kdoc
• mixed-condition-operators
• square-brackets-spacing
• when-entry-bracing

Action Required: These newly promoted rules may now apply to your codebase and could potentially flag new violations or auto-format code differently. The project should:

1. Run ./gradlew spotlessCheck to verify no new violations are introduced
2. Run ./gradlew spotlessApply if formatting changes are needed
3. Review any auto-formatting changes before committing

New Rule Added:

• then-spacing rule has been added which may affect if-then expressions

---

⚡ Performance Considerations

No concerns - This is a build-time dependency that only affects linting/formatting during development and CI. No runtime performance impact.

---

🔒 Security Concerns

No concerns - This is a code quality tool from Pinterest's official repository. The update includes:

• Security improvements: CodeQL scanning added to ktlint's development process
• Dependency updates with security patches
• No known CVEs associated with this version

---

🧪 Test Coverage

Recommendation: While this is a linting dependency update, the following verification is recommended:

1. CI Pipeline Check: Ensure all CI checks pass, particularly:

   • ./gradlew spotlessCheck
   • ./gradlew detektCheck
   • ./gradlew lintDebug

2. Local Verification:

   ./gradlew spotlessCheck
   ./gradlew spotlessApply  # If needed
   ./gradlew testDebugUnitTest -x konsist-test:test

3. Watch for Conflicts: Since the project uses multiple formatters (Spotless + Detekt), verify that new ktlint rules don't conflict with Detekt rules (some rules are already disabled in .editorconfig to avoid conflicts per SpotlessConventionPlugin.kt:18)

---

📋 Additional Notes

Breaking Changes: The release sets languageVersion to KOTLIN_2_0 for metadata compatibility, which aligns well with your project already using Kotlin 2.2.21.

Documentation: The project's README.md mentions ktlint at line 110-113 but links to an older version (0.49.1). Consider updating the documentation link to reflect the 1.x version being used.

---

✅ Recommendation: APPROVE (with verification)

This is a low-risk dependency update that brings useful improvements and new rules. The PR should be approved once CI checks pass successfully. Auto-merge is enabled, which is appropriate for this type of Renovate update.

Final Checklist:

• ✅ Change is minimal and well-scoped
• ✅ Dependency source is trusted (Pinterest's official ktlint)
• ✅ Version catalog properly updated
• ⏳ CI checks should pass (verify before merge)
• ℹ️ Consider running spotlessApply if new rules trigger formatting changes

---

Review conducted by Claude Code - focusing on code quality, security, and maintainability.