chore: Comment out unused code and update Swagger info

[RodolfoBonis]

Pull Request Description

Title

chore: Comment out unused code and update Swagger info

Summary of Changes

This pull request primarily focuses on:

• Commenting out unused code in various files to enhance code clarity and maintainability.
• Updating the Swagger documentation to reflect any changes made in the API.

Modified Files

• .github/workflows/cd.yaml
• .github/workflows/ci.yaml
• core/config/new-relic.go
• core/config/zap.go
• core/logger/logger.go
• core/middlewares/monitoring_middleware.go
• go.mod
• go.sum
• main.go

Context

During the ongoing development process, it has become evident that certain pieces of code are no longer in use or relevant to our current implementation. Commenting out this code will help future developers understand which parts of the codebase are active and which are not, thereby reducing confusion and potential errors.

Additionally, as we continue to evolve our API, keeping our Swagger documentation up to date is essential for ensuring that our API consumers have accurate information regarding available endpoints and their functionalities.

Testing the Changes

To test the changes implemented in this PR, follow these steps:

1. Pull the branch containing this PR into your local repository.
2. Run the application to ensure there are no compilation errors.
3. Verify that the commented-out code does not affect the functioning of the application.
4. Access the Swagger UI and confirm that the documentation is up-to-date and accurately reflects the current API structure.

Potential Issues or Considerations

• Commented Code: It is important to note that the commented-out code can still be visible in the codebase. Reviewers should consider whether this code should be removed entirely instead of simply commented out.
• Swagger Updates: Ensure that all changes made to the Swagger documentation are accurate and do not mislead API users. Any discrepancies can lead to confusion for developers relying on this documentation.

Conclusion

This PR aims to simplify our codebase and improve the developer experience by cleaning up unused code and updating our API documentation. Your feedback and suggestions are welcome to ensure we maintain high code quality and documentation standards.

Thank you for reviewing!

[github-actions]

ERROR:

[RodolfoBonis]

Vulnerabilities found by govulncheck

Pull Request Security Review - Vulnerability Assessment

1. Vulnerability Description:
   This vulnerability, identified as GO-2025-3595, involves the incorrect neutralization of input during web page generation within the golang.org/x/net package. It primarily arises from improper handling of user-generated content when calling the html.Tokenizer.Next method indirectly through gin.Context.BindJSON. If an attacker is able to inject malicious data or script tags, it could lead to Cross-Site Scripting (XSS) attacks, potentially compromising user sessions or data.

   Vulnerability ID: GO-2025-3595
   Affected Package and Version: golang.org/x/net@v0.20.0
   Fixed Version: golang.org/x/net@v0.38.0
   Remediation Advice: To remediate this vulnerability, update to the fixed version of the golang.org/x/net package. The following steps can be followed to perform the update:

   go get golang.org/x/net@v0.38.0
   go mod tidy

2. Vulnerability Description:
   The GO-2024-2955 vulnerability in the github.com/gin-contrib/cors package mismanages a wildcard in the origin string which can lead to security issues such as allowing unintended domains to access the server resources. This vulnerability can potentially allow Cross-Origin Resource Sharing (CORS) exploits where an attacker could execute actions on behalf of a user from an unauthorized origin.

   Vulnerability ID: GO-2024-2955
   Affected Package and Version: github.com/gin-contrib/cors@v1.5.0
   Fixed Version: github.com/gin-contrib/cors@v1.6.0
   Remediation Advice: Updating to version v1.6.0 or later of github.com/gin-contrib/cors will rectify this issue. Execute the following commands to update the package:

   go get github.com/gin-contrib/cors@v1.6.0
   go mod tidy

3. Vulnerability Description:
   The vulnerability labeled as GO-2024-2687 is associated with an HTTP/2 CONTINUATION flood in the golang.org/x/net module, specifically impacting resource use and potentially leading to denial-of-service conditions. This exploit occurs when an attacker can flood the server with a large number of CONTINUATION frames, overwhelming the server's resources and resulting in service disruption or crashing.

   Vulnerability ID: GO-2024-2687
   Affected Package and Version: golang.org/x/net@v0.20.0
   Fixed Version: golang.org/x/net@v0.23.0
   Remediation Advice: To mitigate this vulnerability, please upgrade to the fixed version of golang.org/x/net. Follow these commands to perform the update:

   go get golang.org/x/net@v0.23.0
   go mod tidy

Please ensure that all recommended updates are implemented promptly to maintain the security integrity of the application.

Suggested Fixes:

• Analyze the reported vulnerabilities and update the affected dependencies to their latest versions.
• If a fix is not available, consider using alternative packages or implementing a workaround.
• Refer to the official documentation or security advisories for more details on how to mitigate these vulnerabilities.

[github-actions]

ERROR:

[RodolfoBonis]

Vulnerabilities found by govulncheck

Pull Request Vulnerability Review

Vulnerability Summaries

1. Vulnerability Description:
   The vulnerability identified as GO-2025-3595 pertains to an improper neutralization of input during web page generation within the gopkg.in/x/net module. This flaw allows untrusted data to potentially bypass sanitation controls, leading to cross-site scripting (XSS) vulnerabilities. An attacker could exploit this by injecting malicious scripts, which could be executed in the context of a victim's browser, allowing theft of sensitive information or session hijacking. The vulnerability arises specifically in the BindJSON method of the gin.Context, which leverages html.Tokenizer for JSON parsing, failing to ensure safe content rendering.

   Vulnerability ID: GO-2025-3595
   Affected Package and Version: golang.org/x/net@v0.23.0
   Fixed Version: golang.org/x/net@v0.38.0

   Remediation Advice:
   To mitigate this vulnerability, you should upgrade the golang.org/x/net package to at least version 0.38.0, where the issue has been addressed. Follow the steps below to apply the fix:

   Step-by-Step Instructions:

   1. Open your terminal and navigate to your project directory.
   2. Run the following command to update the x/net package:

      go get golang.org/x/net@v0.38.0

   3. After updating, verify that your module file (go.mod) reflects the updated dependency:

      cat go.mod

   4. Run your tests to ensure nothing is broken due to the package update:

      go test ./...

   5. If any tests fail, investigate the changes introduced in the new version and adjust your code accordingly. Ensure the updated functionality aligns with your application's requirements.
   6. Commit your changes with a message indicating that you have fixed a vulnerability.

By addressing this vulnerability, you will enhance the security posture of your application against input manipulation attacks.

Suggested Fixes:

• Analyze the reported vulnerabilities and update the affected dependencies to their latest versions.
• If a fix is not available, consider using alternative packages or implementing a workaround.
• Refer to the official documentation or security advisories for more details on how to mitigate these vulnerabilities.

[github-actions]

ERROR:

[github-actions]

Code Review by OpenAI

Prompt too long for OpenAI: 40171 characters, sending only first 8000 characters

Code Review Feedback

The changes made in this commit involve modifications to GitHub Actions workflow files and some Go code. Below is a detailed review of the changes.

1. Workflow Changes

a. bot-code-reviewer.yaml

• Change: Updated the version of sshnaidm/gpt-code-review-action from v2.0 to v3.0.
• Feedback:
  • Ensure that the new version (v3.0) is compatible with your existing configuration and usage. Check the changelog or documentation for any breaking changes or new features that you may want to leverage.
  • It's good practice to specify a version tag for actions to avoid unexpected changes due to updates.

b. cd.yaml

• Change: Removed an empty line.
• Feedback:
  • This change is minor and does not affect functionality. However, maintaining consistent formatting and spacing can improve readability. Consider whether this change aligns with the project's style guide.

c. ci.yaml

• Change: Commented out the entire sonar_scan job and its related steps.
• Feedback:
  • If the sonar_scan job is being disabled temporarily, consider adding a comment explaining why this change was made. This could help future developers understand the context.
  • Ensure that this does not affect critical CI/CD processes. If SonarQube scanning is essential for quality checks, consider whether there is a better approach than commenting out the job entirely.
  • The notify job was also adjusted to remove dependencies on sonar_scan, which is logical given the previous change. Ensure that the notification logic still meets your requirements.

2. Go Code Changes

a. new-relic.go

• Change: The file has been deleted.
• Feedback:
  • Ensure that the removal of New Relic integration is intentional and that there are no dependencies elsewhere in the codebase that rely on this functionality.
  • If New Relic is being replaced by another monitoring solution, ensure that the transition is documented and that the new integration is fully implemented.

b. zap.go

• Change: Removed the dependency on New Relic and adjusted the ZapConfig function accordingly.
• Feedback:
  • Similar to the previous point, ensure that the removal of New Relic logging integration is intentional. If logging functionality is still required, confirm that the new implementation meets your logging requirements.
  • It’s good to see that you are maintaining the logger's configuration. Ensure that you have adequate logging in place to replace any lost functionality from the removed New Relic integration.

c. logger.go

• Change: Minor changes; the file seems to be in progress.
• Feedback:
  • Ensure that the imports and functionality align with the overall logging strategy of your application.
  • If there are additional changes planned for this file, consider completing them before committing to provide a clearer context for reviewers.

General Recommendations

• Documentation: It’s important to document significant changes, especially when removing integrations or altering CI/CD processes.
• Testing: After making these changes, ensure that you run your CI/CD pipeline to verify that everything works as expected and that no critical functionality has been lost.
• Version Control: When removing or commenting out large sections of code, consider using feature flags or branches to safely manage changes without disrupting the main codebase.

Overall, the changes appear to be significant, particularly the removal of the New Relic integration. Ensure that all team members are aware of these changes and that they align with the project goals.