fix: Add missing @Deprecated Java annotations

- AndroidStudio complained about methods not found linked in JavaDoc for the class CordovaInterface: requestPermission(), requestPermissions() and hasPermission(). The parameter types were missing and were added.
- Removing unused imports

.asf.yaml

@@ -39,21 +39,8 @@ github:
     merge: false
     rebase: false
 
-  rulesets:
-    - name: "Default Branch Protection"
-      type: branch
-      branches:
-        includes:
-          - "~DEFAULT_BRANCH"
-          - "release/*"
-          - "rel/*"
-        excludes: []
-      bypass_teams:
-        - root
-      restrict_deletion: true
-      restrict_force_push: true
 notifications:
-  commits: commits@cordova.apache.org
-  issues: issues@cordova.apache.org
-  pullrequests_status: issues@cordova.apache.org
+  commits:              commits@cordova.apache.org
+  issues:               issues@cordova.apache.org
+  pullrequests_status:  issues@cordova.apache.org
   pullrequests_comment: issues@cordova.apache.org

.github/dependabot.yml

@@ -1,32 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    cooldown:
-      default-days: 4
-    schedule:
-      interval: "daily" # Every weekday, Monday to Friday
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    cooldown:
-      default-days: 4
-    schedule:
-      interval: "weekly" # By default on a Monday

.github/workflows/ci.yml

@@ -41,15 +41,12 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-15]
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          fetch-depth: 1
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node-version }}
 
-      - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
+      - uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '17'
@@ -64,7 +61,7 @@ jobs:
       # It contains mixed content from the npm package "cordova-js" and "./cordova-js-src".
       # The report might not be resolvable because of the external package.
       # If the report is related to this repository, it would be detected when scanning "./cordova-js-src".
-      - uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+      - uses: github/codeql-action/init@v4
         with:
           languages: javascript, java-kotlin
           queries: security-and-quality
@@ -77,11 +74,12 @@ jobs:
 
       - name: npm install and test
         run: |
-          npm cit
+          npm i
+          npm t
         env:
           CI: true
 
-      - uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+      - uses: github/codeql-action/analyze@v4
 
       # v4.6.0
       - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238

.github/workflows/draft-release.yml

@@ -31,15 +31,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          fetch-depth: 1
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
-          package-manager-cache: false
-          cache: ''
 
       - name: Setup environment variables
         run: |
@@ -73,14 +68,14 @@ jobs:
       - name: Verify Target Release Version
         run: |
           PACKAGE_VERSION=$(jq -r '.version' package.json)
-          if [ "$PACKAGE_VERSION" != "$TARGET_RELEASE_VERSION" ]; then
+          if [ $PACKAGE_VERSION != "$TARGET_RELEASE_VERSION" ]; then
             echo "Mismatch version detected between tag version ($TARGET_RELEASE_VERSION) and package version ($PACKAGE_VERSION)"
             exit 1
           fi
 
           if [ -f "plugin.xml" ]; then
-            PLUGIN_VERSION=$(yq -p=xml -o=json '.plugin.+@version' plugin.xml | jq -r .)
-            if [ "$PLUGIN_VERSION" != "$TARGET_RELEASE_VERSION" ]; then
+            PLUGIN_VERSION=$(yq -p=xml -o=json '.plugin.+@version' plugin.xml)
+            if [ $PLUGIN_VERSION != "$TARGET_RELEASE_VERSION" ]; then
               echo "Mismatch version detected between tag version ($TARGET_RELEASE_VERSION) and plugin version ($PLUGIN_VERSION)"
               exit 1
             fi
@@ -88,7 +83,7 @@ jobs:
 
       - name: Generate "tgz" npm convenience package
         run: |-
-          npm ci
+          npm install
           NPM_PKG_NAME=$(npm pack --json | jq -r '.[0].filename')
           mv ./.asf-release/$NPM_PKG_NAME ./.asf-release/${NPM_PACKAGE_NAME}.tgz
         env:
@@ -147,7 +142,7 @@ jobs:
           CORDOVA_GPG_SECRET_KEY: ${{ secrets.CORDOVA_GPG_SECRET_KEY }}
 
       - name: Upload to Apache Trusted Release (ATR)
-        uses: apache/tooling-actions/upload-to-atr@f5f4c0e7ddfbde6b1f8288cef36324c6def68051
+        uses: apache/tooling-actions/upload-to-atr@b7e972c11790ee16eca101900af1b3c7fd1b106e
         with:
           project: ${{ env.REPO_NAME }}
           version: ${{ env.TARGET_RELEASE_VERSION }}

.github/workflows/release-audit.yml

@@ -34,16 +34,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Checkout project
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          fetch-depth: 1
+      - uses: actions/checkout@v6
 
       # Check license headers (v2.0.0)
       - uses: erisu/apache-rat-action@46fb01ce7d8f76bdcd7ab10e7af46e1ea95ca01c
 
       # Setup environment with node
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
 

framework/src/org/apache/cordova/PermissionHelper.java

@@ -18,12 +18,6 @@
 */
 package org.apache.cordova;
 
-import java.util.Arrays;
-
-import org.json.JSONException;
-
-import android.content.pm.PackageManager;
-
 /**
  * This class is permission helper class when compiling against older versions of cordova-android pre 5.0.0
  * and provides reflective methods for permission requesting and checking so that plugins
@@ -38,6 +32,7 @@ import android.content.pm.PackageManager;
  * @deprecated As of cordova-android 5.0.0, this class is no longer needed and will be removed in a future release.
  * You can call directly into {@link CordovaInterface} methods instead with {@link CordovaPlugin#cordova}.
  */
+@Deprecated
 public class PermissionHelper {
     /**
      * Requests a "dangerous" permission for the application at runtime. This is a helper method
@@ -48,8 +43,9 @@ public class PermissionHelper {
      * @param requestCode   A requestCode to be passed to the plugin's onRequestPermissionResult()
      *                      along with the result of the permission request
      * @param permission    The permission to be requested
-     * @deprecated As of cordova-android 5.0.0, use {@link CordovaInterface#requestPermission()} instead.
+     * @deprecated As of cordova-android 5.0.0, use {@link CordovaInterface#requestPermission(CordovaPlugin, int, String)} instead.
      */
+    @Deprecated
     public static void requestPermission(CordovaPlugin plugin, int requestCode, String permission) {
         PermissionHelper.requestPermissions(plugin, requestCode, new String[] {permission});
     }
@@ -63,8 +59,9 @@ public class PermissionHelper {
      * @param requestCode   A requestCode to be passed to the plugin's onRequestPermissionResult()
      *                      along with the result of the permissions request
      * @param permissions   The permissions to be requested
-     * @deprecated As of cordova-android 5.0.0, use {@link CordovaInterface#requestPermissions()} instead.
+     * @deprecated As of cordova-android 5.0.0, use {@link CordovaInterface#requestPermissions(CordovaPlugin, int, String[])} instead.
      */
+    @Deprecated
     public static void requestPermissions(CordovaPlugin plugin, int requestCode, String[] permissions) {
         plugin.cordova.requestPermissions(plugin, requestCode, permissions);
     }
@@ -77,8 +74,9 @@ public class PermissionHelper {
      * @param plugin        The plugin the permission is being checked against
      * @param permission    The permission to be checked
      * @return              True if the permission has already been granted and false otherwise
-     * @deprecated As of cordova-android 5.0.0, use {@link CordovaInterface#hasPermission()} instead.
+     * @deprecated As of cordova-android 5.0.0, use {@link CordovaInterface#hasPermission(String)} instead.
      */
+    @Deprecated
     public static boolean hasPermission(CordovaPlugin plugin, String permission) {
         return plugin.cordova.hasPermission(permission);
     }

package-lock.json

@@ -14,7 +14,7 @@
         "dedent": "^1.7.1",
         "execa": "^5.1.1",
         "fast-glob": "^3.3.3",
-        "is-path-inside": "^4.0.0",
+        "is-path-inside": "^3.0.3",
         "nopt": "^9.0.0",
         "properties-parser": "^0.6.0",
         "semver": "^7.7.4",
@@ -2790,15 +2790,12 @@
       }
     },
     "node_modules/is-path-inside": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-4.0.0.tgz",
-      "integrity": "sha512-lJJV/5dYS+RcL8uQdBDW9c9uWFLLBNRyFhnAKXw5tVqLlKZ4RMGZKv+YQ/IA3OhD+RpbJa1LLFM1FQPGyIXvOA==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz",
+      "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==",
       "license": "MIT",
       "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
+        "node": ">=8"
       }
     },
     "node_modules/is-regex": {

package.json

@@ -29,7 +29,7 @@
     "dedent": "^1.7.1",
     "execa": "^5.1.1",
     "fast-glob": "^3.3.3",
-    "is-path-inside": "^4.0.0",
+    "is-path-inside": "^3.0.3",
     "nopt": "^9.0.0",
     "properties-parser": "^0.6.0",
     "semver": "^7.7.4",