7.1.0

What's Changed

Bug Fixes 🐞

• a9bd271 analyzer: Support uppercase-letters in Go module version
• 5334b19 helper-cli: Use the "pluginClasspath" approach to bundle plugins
• acda964 jenkins: Align Java's user.home with HOME
• fced3d8 jenkins: Limit the credentials type to the supported type
• 49b66c9 opossum: Get license texts via the provider
• 45e1e63 spdx: Add the missing OTHER relationship
• 40630f4 spdx: Add the missing snippet ranges
• e8d9c53 spdx: Do not allow the snippet name to be blank
• b9c038e Remove any YAML front matter from ScanCode license files

Build 🐘 & CI ⚙️

• 54f72d9 Align on tools from .versions also for the build / test workflow

Chores 🔧

• b76ae85 adopters: Officially add Cariad to the list
• 0557aeb docker: Extract .NET version to a variable
• a07f3d6 docker: Upgrade Android Command line tools to the latest version
• 0818afb docker: Upgrade Poetry to the latest version
• 6d72e44 github: Remove the duplicate Batect wrapper validation
• 333d1d7 jenkins: Use the name ignored for an ignored exception
• a2d87c6 mailmap: Map to Mikko's Double Open email address
• 0bf2b1a ort-utils: Add a debug log if a netrc file has not been found
• e4b018b ort-utils: Add more environment variables relevant for debugging
• 2ce1460 reporter: Remove unnecessary braces
• 22b5c1f scanner: Trivially improve the wording of log messages
• fb37893 Improve and align the wording for non-SPDX licenses in info fields

Dependency Updates 🚀

• 6bf2206 evaluator: Update the OSADL matrix
• 2f7d381 Update Apache commons-compress to version 1.25.0
• 1a7c848 Update the Maven resolver to version 1.9.17
• 5f43743 update dependency com.github.ben-manes.versions to v0.50.0
• 8884e0f update dependency com.icegreen:greenmail to v2.0.1
• 9222331 update dependency org.postgresql:postgresql to v42.7.0
• ed6b029 update dependency org.springframework:spring-core to v5.3.31
• 5005851 update log4japi to v2.22.0

Documentation 📖

• b89610f jenkins: Clarify that the credentials type should be for HTTP
• 29f9aef Add Double Open to the NOTICE file
• 23a8136 Document setting metadata about a package's authors
• 4b2d663 trim trailing spaces in package-curations.md

New Features 🎉

• c64efc7 docker: Make Android SDK version a build arg in Dockerfile-legacy
• 8e22723 evaluator: Also print the rules used as part of configuration
• 1098569 helper-cli: Add 'annotationProcessor' to scope exclude generation
• ec49977 helper-cli: Add 'lombok' to scope exclude generation
• 1e4a20c jenkins: Allow to specify a VCS path for configuration
• 623b2fa model: Sort the detected license mapping during serialization

Refactorings 🚜

• 8b44818 docker: Rename ANDROID_SDK_VERSION
• f42b72d evaluator: Rename a variable according to its type
• 8880747 reporter: Drop an also
• caedab1 reporter: Simplify computing isRowExcluded
• a8511d9 static-html: Relocate some functions / constant
• bddecf4 utils: Move ORT directory properties to Environment
• adaf89c Move the SPDX <-> Conan resolution test to the SPDX project

Tests ✅

• 5cddcaa cli: Reduce an expected result to the intended scope
• 448a8bb f5c5f7d 67194c5 spm: Update expected results
• a9594cb Fixup the user home directory also when running tests (in Docker)
• 8a50ca7 Run CLI functional tests outside of Docker

Other Changes 💡

• 8bf89ad Revert "chore(stack)!: Temporarily disable Stack in Dockerfile-legacy and tests"
• 04b33b3 style: Omit trailing dots from some NOTICE parties

7.0.0

What's Changed

Breaking Changes 🛠

• a455329 feat(reporter)!: Support secrets in reporter options
• bd03101 feat(scanner)!: Pass properties to configure storage usage to wrappers
• cc7d534 refactor(PackageCurationData)!: Drop support for legacy property name
• 72cbc73 refactor(maven)!: Make some class members private
• a552258 refactor(maven)!: Make the container property private
• 13564f9 refactor(scanner)!: Use ScannerWrapperConfig in factory
• 801948f refactor(vcs)!: Make all WorkingTree implementations internal

Bug Fixes 🐞

• f1c5959 docker: Base image should not refer itself
• bb742aa docker: Bump up The Node.JS version in another place
• 528e5c7 docker: Match docker scripts to upstream image naming
• 6ce0978 docker: No build or publish in pull_request events
• a21905e docker: Stop accidentally skipping component image builds
• 5a21932 helper-cli: Fix an issue with listing licenses
• 05d8acc node: Allow deserializing empty pnpm-workspace.yaml files
• 552b0e2 Add advisor plugins to the plugin classpath for distribution

Build 🐘 & CI ⚙️

• 272b508 git: Explicitly add transitive Jackson dependencies
• c9a730b git: Split out the jgitSshApache dependency
• 400e9ef Move all VCS plugins to separate Gradle projects

Chores 🔧

• 059190d docker: Align the Pip version with Dockerfile
• cec3ec7 docker: Avoid the use of tee if stdout is not needed
• d0f67e2 docker: Rename output of custom Dockerfile
• 343d2ff docker: Upgrade CocoaPods to the latest version
• 5dd26aa docker: Upgrade Conan to the latest 1.x version
• 1599731 docker: Upgrade Pipenv to the latest version
• ccabd1f docker: Upgrade SBT to the latest version
• 16ff51f docker: Upgrade ScanCode to the latest version
• 595261c docker: Upgrade Yarn to the latest 1.x version
• ab87104 docker: Upgrade Pipto the latest version
• cb68cb0 docker: Upgrade pnpm to the latest version
• 876c1d4 docker: Upgrade the Haskell Tool Stack to the latest version
• 9079062 mailmap: Use Thomas's personal email address
• 1223273 maven: Add an import to resolve a KDoc reference

Dependency Updates 🚀

• 6556366 git-repo: Upgrade to the latest stable git-repo release
• 45fbb1a update dependency com.autonomousapps.dependency-analysis to v1.26.0
• d44c243 update jackson to v2.16.0
• ae8e4db update kotlinxserialization to v1.6.1

Documentation 📖

• 1fa6529 README: Fix further broken links
• 551c79f README: Fix the link to version control system implementations
• 551b68b README: Remove a broken link for the Notifier bullet point
• eccf170 scanner: Fix a typo
• bd4e1c7 scanner: Improve logging for packages with incomplete scan results

New Features 🎉

• cd323ab docker: Change naming default and unify docker files
• 8d7b82d docker: Rename images to agreed names
• f06a4ac helper-cli: Extend path exclude generator by a couple of patterns
• 1534d39 helper-cli: Improve the output of list licenses command
• dcd3b19 helper-cli: Re-filter scan summary by VCS path
• 2147b4f osv: Add the missing handling for the Hackage ecosystem
• 4d5b611 reporter: Read FossID credentials from secrets
• 937e4fb scanner: Add a class to hold the common scanner wrapper config
• ab27a19 scanner: Add properties to configure storage usage
• 87db6d4 scanner: Use the new properties that configure scan storage usage

Refactorings 🚜

• 7eb2ffe analyzer: Port Java's walkFileTree() to Kotlin's walk()
• 17f3ad1 maven: Operate on sets of repositories
• 4c940af plugins: Do not hard-code dependencies on Git
• f93e651 scanner: Move ScanResult.filterByVcsPath() to utils

Tests ✅

• 1622397 fossid: Mock the abstract VersionControlSystem instead of Git
• 0a8dcb7 node: Make the empty pnpm-workspace.yaml be well-formed YAML
• a702a3c osv: Fix the assertion for ecosystem support
• 65125cb osv: Improve package list for supported ecosystems
• 150530c 9d29e6d osv: Update expected results
• f514519 scanner: Improve tests for ScannerWrapperConfig
• 4771276 spm: Update expected results
• fc47411 Run analyzer functional tests outside of Docker

Other Changes 💡

• befe8c0 style(scanner): Remove a redundant empty line

6.1.1

What's Changed

Bug Fixes 🐞

• 9725081 Add advisor plugins to the plugin classpath for distribution

6.1.0

What's Changed

Bug Fixes 🐞

• 170db0b FileListResolver: Delete the temporary directory
• 5edbe72 cargo: Allow metadata to be missing again
• 1f2ad1e reporter: Add score and method properties in CycloneDX report
• edafd51 Properly delete parent directories of temporary files

Build 🐘 & CI ⚙️

• df5ede2 Gradle: Move advisors to individual plugin projects
• 53ea4ce Gradle: Move remaining Maven and Sbt package managers to projects
• ced939b renovate: Disable patch-level updates for the AWS S3 dependency

Chores 🔧

• d606322 NpmFunTest: Remove two unused imports
• e04aa88 Use new ORT slack subdomain

Dependency Updates 🚀

• 5ba8629 Gradle: Upgrade to the latest WireMock version 3.2.0
• 0e3e3a1 update dependency com.zaxxer:hikaricp to v5.1.0
• 34095e5 update dependency io.ktor:ktor-client-okhttp to v2.3.6
• b36ec78 update dependency org.jruby:jruby to v9.4.5.0
• df0ba6e update dependency org.wiremock:wiremock to v3.3.0
• b08bc3c update dependency org.wiremock:wiremock to v3.3.1
• c5add7d update kotest to v5.8.0

Documentation 📖

• 3efccf5 ProvenanceDownloader: Clarify the semantics of download()
• f5c556d evaluator: Fix-up the docs for two CLI options
• a701b73 reference: Improve the wording for package curation providers

New Features 🎉

• 7296ec0 analyzer: Log about configured but unavailable package managers
• 91647b2 helper-cli: Extend the scope exclude generation for Poetry
• 1d74f26 model: Add 'DOCUMENTATION_DEPENDENCY_OF` as scope exclude reason
• 2416358 vulnerabilities: Support the CVSS 4 qualitative severity rating scale

Refactorings 🚜

• e2bb20e analyzer: Remove the special exception code for Maven
• 80498cf model: Make tests independent of Maven or SBT package managers
• 7c0ca7c reporter: update the TrustSource data model and the reporter
• 32ed408 Introduce an alsoIfNull convenience extension function

Tests ✅

• 236997c analyzer: Remove the AnalyzerTest
• ae37645 ossindex: Simplify some result assertions
• e4f232a osv: Update expected results
• cb139cc 66eee50 spm: Update expected results
• b26c5bd spm: Update expected results
• ca7424a trustsource: Add a basic functional test for the expected report

Other Changes 💡

• 6c25e2c style(trustsource): Apply some trivial reformatting

6.0.0

What's Changed

Breaking Changes 🛠

• a80c1c7 refactor(analyzer)!: Move some functions out of the GoMod class
• d39c07d refactor(analyzer)!: Reduce the visibility of a constant
• cd40dd1 refactor(model)!: Split vulnerability classes to a separate package

Bug Fixes 🐞

• 7a2b4aa AdvisorRecord: Merge all properties of vulnerabilities
• 0820a7b VulnerabilityReference: Do not deserialize a lazy property
• 593f6ef scanner: Catch archiver exceptions

Chores 🔧

• ebf834b Qodana: Use the non-EAP version of the JVM linter
• f75c00d docker: Fix installing Node.js in the legacy image
• e2ed458 docker: Upgrade Node.js to version 20
• c841f41 docker: Upgrade python-inspector to version 0.10.0
• b3dd03e mailmap: Align on Hanna's lower-case address
• 9c2232c mailmap: Align on Helio's GMail address
• 671e607 mailmap: Align on mentioning François' forename first
• dd33cce mailmap: Map Stefano's GitHub address
• 8cd00c5 mailmap: Merge Christian's addresses
• d557794 mailmap: Merge Daniel's addresses
• b726ba5 mailmap: Spell out Carlos' name
• ad773d8 mailmap: Spell out Quique's name
• 0e3f8c8 mailmap: Use Sebastian's new Double Open address
• 5b42f08 markdown-link: Update an ignore pattern to make the linter pass

Dependency Updates 🚀

• 09ae12b Update detekt to version 1.23.2
• f3511b4 Update detekt to version 1.23.3
• 4ef5598 update dependency com.github.jmongard.git-semver-plugin to v0.10.1
• 4eba5e6 update dependency org.jetbrains.exposed:exposed-jdbc to v0.44.1
• e1fae77 update dependency software.amazon.awssdk:s3 to v2.21.10
• a0b1cf5 update dependency software.amazon.awssdk:s3 to v2.21.11
• c95dd74 update dependency software.amazon.awssdk:s3 to v2.21.12
• be2c5c6 update dependency software.amazon.awssdk:s3 to v2.21.13
• 6bb8315 update dependency software.amazon.awssdk:s3 to v2.21.9
• 10b0bd8 update kotlin monorepo to v1.9.20

Documentation 📖

• 83c6477 Npm: Do not say to implement dedicated support for peer dependencies
• a39a252 RepositoryConfiguration: Improve documentation of two properties
• e48657f analyzer: Fix a typo
• cf269cf configuration: Improve docs for curations in .ort.yml

New Features 🎉

• 6989cd1 VulnerableCode: Fixup wrongly escaped URLs
• 8de8460 cargo: Parse a package's homepage
• d0efc19 reporter: Support the CycloneDX vulnerability extension in Reporter
• b2aebfa scanner: Record the scanner tool versions in the ORT result

Refactorings 🚜

• 7b90df8 GoMod: Re-arrange functions within GoMod
• 561ef19 VulnerableCode: Update two response property names
• 92bfc97 cargo: Inline runMetadata()
• 44523e4 cargo: Migrate from toml4j to tomlkt
• 3f835b3 cargo: Migrate manifest parsing to kotlinx-serialization
• 50c4931 cargo: Migrate parsing of JSON nodes to using data classes
• 4678d88 evaluated-model: Remove the EvaluatedVulnerabilityReference
• fe08372 go: Migrate GoDep TOML parsing to kotlinx-serialization
• 8b6fe4f model: Introduce a lazy severity rating property
• 2f619ac scanner: Move logging into the scan() function
• 0894374 scanner: Remove premature checks for empty scanners
• 90f9993 Move Go package managers to their own plugin project

Tests ✅

• 2d21bf2 SpdxExpressionTest: Test parsing NONE and NOASSERTION
• b330f35 VulnerableCode: Add a template test for the public instance
• fc10c12 VulnerableCode: Improve the funTest template
• 37d2925 conan: Update expected results
• 4b6bc22 go: Consistently use replace pattern for definition file path
• caecbea go: Factor out testDir
• 97eaacc go: Move expected result files
• e64746d go: Move the test project for GoMod under a dedicated directory
• 2c94e3b go: Remove some redundancy with the file paths
• 0a44e54 go: Rename an expected result file
• 1c63cdf go: Use a more speaking name for a test project dir
• e082ad3 node: Relax an assertion
• 320bfc9 osv: Update expected results
• 9da44a3 python: Upgrade markupsafe to version 1.1.0
• d9839fb 5dfe13a 73e5110 spm: Update expected results

5.1.0

What's Changed

Bug Fixes 🐞

• 6dd77a3 fossid: Fix a copy & paste error in a property name
• c172fb6 plugins: Do not crash for enabled plugins that are unavailable

Build 🐘 & CI ⚙️

• d351a59 Gradle: Configure detekt tasks lazily
• 52e90c1 Include platform projects when running from Gradle or the IDE

Chores 🔧

• 0a97f62 analyzer: Add the property ModuleInfo.Dir
• d937ca3 Ensure tests access ALL plugins via getValue()
• d573dcf Prefer also over run if the return value is not needed

Dependency updates 🚀

• ed5b0e6 Update the native-gradle-plugin to version 0.9.28
• 51f0299 update dependency com.github.jmongard.git-semver-plugin to v0.10.0
• 88e15aa update dependency org.cyclonedx:cyclonedx-core-java to v8.0.3
• cb6a186 update dependency software.amazon.awssdk:s3 to v2.21.3
• 3b353f5 update dependency software.amazon.awssdk:s3 to v2.21.4
• baa6e88 update dependency software.amazon.awssdk:s3 to v2.21.5
• 1f34360 update dependency software.amazon.awssdk:s3 to v2.21.6
• 1367f39 update dependency software.amazon.awssdk:s3 to v2.21.7
• 711905c update dependency software.amazon.awssdk:s3 to v2.21.8
• b858cc9 update log4japi to v2.21.1

Docs 📖

• 937c5ea Graph: Fix syntax highlighting of a TODO statement
• 21652d2 analyzer: Fix a type in GoMod's class KDoc
• d0d6f59 analyzer: Fix-up KDoc for ModuleInfoFile
• 0b495bc analyzer: Fix-up the KDoc for toPackageReferences()
• 7a32036 analyzer: Improve the KDoc for getModuleInfos()
• a2dbdde analyzer: Promote a comment to be a function doc

New Features 🎉

• c9f60ce analyzer: Support references to local modules with GoMod

Refactorings 🚜

• 8f7d0ad S3FileStorage: Avoid a superfluous null-safe operator
• f93a9ac S3FileStorage: Consistenly use runCatching
• 124d5b2 analyzer: Eliminate Graph.projectId
• fd9c2cd analyzer: Extend and use ModuleInfo.toId() for projects
• fc6bb00 analyzer: Factor out getMainModuleId()
• bccbe4e analyzer: Generalize Graph to use a generic node type
• 07797c3 analyzer: Move Graph.toPackageReferenceForest()
• 723694d analyzer: Remove a minor code redundancy
• 676b6f5 analyzer: Simplify getModuleInfo()
• 1886e39 analyzer: Simplify applying the replace directive
• 0c92be6 analyzer: Use a more compact name for a function
• 68021a7 analyzer: Use a more speaking name for dependencies()

Tests ✅

• 31bdf3f analyzer: Fix-up an expected result filename
• 1d97f69 analyzer: Make test resilient to change WRT to the issue message
• c045be6 python: Update expected results
• 7311c55 c55ce91 0f1299e spm: Update expected results
• 7c0b17f Prefer the more speaking shouldHaveSize over asserting the size

Other Changes 💡

• 94f5687 style(scanner): Shorten a null check
• 3e63d09 style: Align formatting between configuration and curation providers

5.0.0

What's Changed

Breaking Changes 🛠

• fc77b1c chore(stack)!: Temporarily disable Stack in Dockerfile-legacy and tests
• 8a5fbbe feat(advisor)!: Use the configurable plugin API for advice providers
• e97c429 feat(fossid)!: Use secret options map
• 712c448 feat(model)!: Support secret options in the scanner configuration
• 80a3c25 feat(scanoss)!: Use secret options map
• c3378e2 refactor(MavenLogger)!: Make MavenLogger internal
• 57bd6ad refactor(advisor)!: Move advisor configuration classes to advisor module
• 00d3f6e refactor(clearly-defined)!: Make strings private
• c29fc64 refactor(clearly-defined)!: Simplify the API taking coordinates

Bug Fixes 🐞

• ed08381 Poetry: Do not fail if "dev" dependency group is absent
• f4a8e6d model: Keep the old "options" as a alias for "config"
• ef2bd7f Revert "build(Docker): Align the python-inspector version on..."

Build 🐘 & CI ⚙️

• 3df3945 Docker: Align the python-inspector version on 0.9.8
• 112808a helper-cli: Add an explicit dependency on SLF4J
• 2e86a54 test-utils: Make logging implementation dependencies runtime only
• 1708ac3 Do not hard-code dependencies on plugin projects
• 6587bcd Fix dependencies on the Log4j (non-Kotlin) API
• 2ab8cef Move common logging dependencies to application conventions
• b1760ca Move the Log4j Kotlin API dependency to Kotlin conventions
• 9fb7308 Remove a work-around for older GraalVM releases
• e9401ca Remove the Log4j Kotlin API as an API dependency
• c149679 Stop enforcing the Log4j (non-Kotlin) API version

Chores 🔧

• 012f099 CycloneDxReporterFunTest: Simplify patching code
• 7250e66 advisor: Remove Jackson annotations from configuration classes
• 2d18772 plugins: Get all package configuration / curation plugins lazily
• c2f6cbb scanner: Remove the obsolete filterSecretOptions function

Dependency updates 🚀

• 68e8e1f Update cyclonedx-core-java to version 8.0.1
• 5ca852e Update the Jira REST client to version 5.2.7
• 40645ee update dependency com.github.jmongard.git-semver-plugin to v0.8.1
• 67ff91a update dependency com.github.jmongard.git-semver-plugin to v0.9.0
• b55959c update dependency com.squareup.okhttp3:okhttp to v4.12.0
• 2f0f4b5 update dependency org.jruby:jruby to v9.4.4.0
• 612f55c update dependency software.amazon.awssdk:s3 to v2.21.2
• 587fda8 update jackson to v2.15.3
• 9df7766 update log4japi to v2.21.0

Docs 📖

• 39c0534 README: Update links
• f2c7af4 clearly-defined: Add a missing "The"
• 4591c6a clearly-defined: Remove a superfluous sentence
• e36a5f8 model: Add SCANOSS configuration to reference.yml
• 0eb0986 model: Improve docs for ProviderPluginConfiguration

New Features 🎉

• a5602a2 Storage: Support using AWS S3 as online cache for scan results
• 889d481 docker: Change the image tagging process
• f5cc5e8 flutter: Upgrade bootstrapped Flutter version to 3.13.6
• 08bdef5 scanner: Prefer to use any single scanner

Refactorings 🚜

• 3b66aa8 helper-cli: Replace ORT's logger extension function with Log4j's
• 4d2a543 model: Make toString an expression function
• 2d99fd0 scanner: Do not hard-code the dependency on scanner plugins

Tests ✅

• c062250 OrtMainFunTest: Use stderr as clues in case of failures
• abceb78 Poetry: Add a test for analyzing a project without a "dev" group
• ff77e61 clearly-defined: Fix a typo
• a88c505 nuget: Limit length of excessive error messages
• 2f9b34f poetry: Fix-up an expected result
• 6de1aae pub: Temporarily disable PubFunTest
• 7085571 spm: Update expected results

4.0.0

What's Changed

Breaking Changes 🛠

• 8100dcb chore(clearly-defined)!: Remove an unused extension function

• b15dbb2 feat(docker)!: Upgrade PNPM to version 8.8.0

• 336fa07 feat(plugins)!: Add a separate parameter for plugin secrets

• 247b3de feat(sw360-package-curation-provider)!: Use secret options map

• 6d7ba10 refactor(NestedProvenanceScanResult)!: Inline getProvenances()

• 1c4c0fc refactor(PackageBasedScanStorageReader)!: Make read() take a Package

• 503d410 refactor(plugins)!: Rename parseOptions to parseConfig

• 442670f refactor(poetry)!: Use a better name for the "install" scope

• 1b87f32 refactor(scanner)!: Rename ScannerCriteria to ScannerMatcher

• dc0465b refactor(scanner)!: Use a property that holds all nested provenances

• d04aeb2 refactor(scanner)!: Use the configurable plugin API for scanner wrappers

Bug Fixes 🐞

• 2a30125 ClearlyDefinedStorage: Remove a readInternal() override

• 9dfa198 RequirementsCommand: Account for new scanner constructors

• e1d794c analyzer: Add a test for dangling embed directives / GoMod

• 7a201a2 docker: Enable push on schedule event

• a67915c osv: Make Affected.package optional

Build 🐘 & CI ⚙️

• b6e122f GraalVM: Update classes to initialize at build time

• 138483a cli: Explicitly add implementation dependencies

• 898c9db Drop the build part from the SemVer to get rid of the "+"

Chores 🔧

• 96fca4b ClearlyDefinedStorageTest: Remove an obsolete test

• b785dde ClearlyDefinedStorageTest: Use a more common Maven URL in an asset

• ddd90eb ClearlyDefinedStorageTest: Use properties in declaration order

• bbd7c99 GitLabLicenseModelMapper: Slightly improve a log message

• 89c626e GoMod: Raise the version requirement

• 47e4520 docker: Upgrade Go to the latest version 1.21.1

• 5eaf46d examples: Avoid a redundant string template

• 067854b fossid-webapp: Remove an unused import

• ca9d4e1 model: Remove a duplicate import

• 2db3141 model: Use the logger extension property

• 538ed47 providers: Turn config classes into data classes

• 4b8eb34 reporter: Remove an unused function

• 05f8725 scanner: Remove the unused NoStorage

• 230b550 Make OkHttpClientHelper the first class in the file

Dependency updates 🚀

• fc4cb94 spdx-utils: Upgrade the license list to version 3.22

• 5cef1f8 Upgrade the Log4j Kotlin API to version 1.3.0

• 6010a09 Upgrade the SW360 client to version 17.0.1-m2

• 313d877 update dependency com.autonomousapps.dependency-analysis to v1.25.0

• a7036b4 update dependency com.github.ben-manes.versions to v0.49.0

• d61e509 update dependency com.github.jmongard.git-semver-plugin to v0.8.0

• 8d447d8 update dependency gradle to v8.4

• 0ce3a4f update dependency io.ktor:ktor-client-core to v2.3.5

• 9f983bd update dependency org.apache.maven:maven-model to v3.9.5

• c35d9c6 update dependency org.semver4j:semver4j to v5.2.2

• 5a19998 update jetbrains/qodana-action action to v2023.2.8

Docs 📖

• c7512c4 ClearlyDefinedService: Clarify what an empty revision means

• b5346f8 MavenLogger: Correct a comment about the logger forwarded to

• 14d5a96 ScanResultsStorage: Clarify when to override readInternal()

• 425e84d poetry: Turn a code comment into a function documentation

• 0753d09 scanner: Fix docs for ScannerWrapper.matcher

• 4808ae1 sw360-integration: Clarify which kind of ORT results can be uploaded

• a61d711 sw360-integration: Fix config directory paths

• 59a4404 sw360-integration: Fix the SW360 curation provider configuration

• c0ad448 website: Fix-up several broken links

• 533c54f website: Stick to the AE "afterward"

New Features 🎉

• 27a122e GenerateScopeExcludesCommant: Add the "dev" scope for Poetry

• c19999e fossid-webapp: Support a new API function

• 5f68789 pnpm: Add support for PNPM 8.x

• 07ab9e8 poetry: Analyze also the development dependencies

• ec6ff75 pub: Add support for bootstrapping Flutter on macOS

Refactorings 🚜

• 51204b5 CreateAnalyzerResult: Stop passing a redundant null value

• 6b39660 GoMod: Ignore the version constraint for go earlier

• c0014e7 Poetry: Improve the IDs of projects

• b98668f clearly-defined: Bundle coordinate-related code

• ec843ea clearly-defined: Introduce a strings property

• 804d959 clearly-defined: Simplify the API by using coordinates

• 8114b85 model: Use the Options typealias

• 594568e plugins: Rename config to options

• a9639fd poetry: Eliminate code redundancy for scope handling

• 3632723 poetry: Extend inspectLockfile() to take the scope name

• f9b5537 poetry: Factor out inspectLockfile()

• 463afbe poetry: Rename a function parameter

• 197a1ad poetry: Stop using Pip.resolvedDependencies()

• aad062e poetry: Use a more speaking name for req

• 2de1579 poetry: Write the generated requirements to a temp file

• 29cba89 Avoid the logger to leak into the public API

• 60e611d Stop passing a default value to updateWorkingTree()

Tests ✅

• c146a80 analyzer: Test detecting local module dependencies with GoMod

• fda0088 clearly-defined: Add a test for coordinates

• 45e8365 cli: Remove a redundant string template

• ff9d65a conan: Update an expected result

• cc0865e conan: Update the expected result

• d1ee6ac model: Fix a typo in a test name

• 8aa8704 osv: Update a test assertion

• a6fb373 osv: Update an expected result

• 5cdf8ce 2f5bd6e pub: Update expected results

• ae4d811 requirements: Add a test to verify that classes can be instantiated

• 681df5e 91e32a3 6eb047d e360cf9 spm: Update expected results

3.0.0

What's Changed

Breaking Changes 🛠

• 74f14a6 feat(package-managers/python)!: Support Python 3.11

Bug Fixes 🐞

• 13a9c83 MavenSupport: Improve the logic to fixup project paths in SCM URLs
• 4e81ebd buildSrc: Evaluate the applicationName lazily
• 57054fd docker: Add missing base image context
• 7e3de27 docker: Re-align the Poetry version
• cb18d44 docker: Set correct version for runtime
• cf14991 node: Bring back NodeJS arg to local docker_build script
• b44467d node: Bring back NodeJS version arg to image build

Build 🐘 & CI ⚙️

• 5389da0 Gradle: Fix publishing the gradle-model artifact
• 753ea9a downloader: Exclude Apache MINA's sshd-sftp dependency
• 8b2a62e gradle-inspector: Escape a regex string when renaming files
• 311ab74 version: If on a pre-release, use the SemVer with SHA1 metadata

Chores 🔧

• b72436d buildSrc: Update the list of classes to initialize at build time
• e3bbcdb docker: Adjust build frequency
• f2095d3 docker: Move NODEJS_VERSION arg to correct image
• f705d56 docker: Proper use gradle based ORT_VERSION
• b3fd33a docker: Upgrade python to the latest version
• f386e5a docker: Use more common naming
• 8a3144e notifier: Explain why slf4j-log4j12 is excluded
• acad59b python: Re-create the lock file from pyproject.toml

Dependency updates 🚀

• 0057704 chore(deps): Add libmagic as fallback for typecode-libmagic
• 683ca30 update dependency com.autonomousapps.dependency-analysis to v1.23.1
• 8fa94ab update dependency com.autonomousapps.dependency-analysis to v1.24.0
• 05492c1 update dependency com.github.ajalt.clikt:clikt to v4.2.1
• 49bf674 update docker/setup-buildx-action action to v3

Docs 📖

• 6c0f1dc resolutions: Fix dead link in documentation
• 0f3e8be schemas: Link to official website instead of GitHub markdown files

New Features 🎉

• aef4fe4 PurlUtils: Add optional parameters to toPurl

Other Changes 💡

• e4ad9c0 style(WebApp): Trivially simplify the isResolved functions
• 3207d1e style(detekt): Enable the "MissingPackageDeclaration" rule

Refactorings 🚜

• 94737ae cli: Avoid the need to determine the ORT logo width
• f833fee poetry: Improve the definition file paths
• 576d323 Make use of the simpler new CliktCommand.test(vararg) syntax

Tests ✅

• fbf96b9 cyclonedx: Allow + as part of the version when patching results
• 13a4714 osv: Update expected results
• 7d67ffb pub: Update expected results
• 95db125 python: Update expected results
• f4e0882 spm: Update expected results

2.0.0

What's Changed

Breaking Changes 🛠

• 641f520 feat(model)!: Group snippets by source file matching lines
• 9794da6 feat(scanner)!: Remove unused downloaderConfig parameter
• 6f1976c refactor(fossid)!: Remove the unused options from the constructor
• dd70b72 refactor(scanner)!: Provide only scanner specific options in factory
• ffce6dc refactor(scanner)!: Remove ScannerCriteria.forDetails()
• fd71440 refactor(scanner)!: Remove the unused ScannerConfigMatcher
• 4643638 refactor(scanner)!: Rename fromConfig in ScannerCriteria to create
• a84a1f4 refactor(scanner)!: Use only scanner specific options for criteria
• b5fdb79 refactor(utils)!: Use the Options typealias in PluginManager

Bug Fixes 🐞

• 0d4b1f7 ClearlyDefinedStorage: Properly parse returned VCS URLs
• 18f9be2 CocoaPods: Correctly parse secondary dependencies with versions
• a2fa752 CocoaPods: Correctly resolve the user home directory
• 4bbd26a CocoaPods: Parse external sources from lock files
• c599e39 CocoaPods: Restrict package name matching to full matches
• 69db3b3 CocoaPods: Stop taking pure version constraints as dependencies
• fd4ed1b ScanResultsStorage: Correct debug log output about mismatches
• 0b04df0 Scanner: Apply detectedLicenseMapping to FossId findings
• b7878c0 clearly-defined: Ignore new InnerError fields
• 33d5fd9 docker: Correct a typo
• a4b12df docker: Install Git LFS
• c519398 downloader: Fix updating the Git working tree for a branch
• 2ca66d5 fossid-webapp: Split snippets over non-consecutive source line ranges
• 74ba431 reporter: Fix the creation of first level dependency relationships

Build 🐘 & CI ⚙️

• e40a38d renovate: Disable renovate for the website

Chores 🔧

• 5893bd7 ClearlyDefinedStorageTest: Move private data below the test
• bc3404c SW360: Use Maven Central and update version
• 2282526 ScanResultsStorage: Clarify log output about read results
• 55c1b94 ScannerCommand: Log configured scan storages at info level
• a023e0b SpdxDocumentModelMapper: Remove some magic values
• 2f3708f clearly-defined: Also show the inner error name
• 029f1ca docker: Use consistent naming and descriptions
• 8e6fd16 docker: Use ort namespace
• 58fd9d4 Fix formatting of workflow files
• 66fbc5c Use data objects in sealed hierarchies

Dependency updates 🚀

• 34db1a2 Update maven-resolver to version 1.9.16
• 5b51855 update actions/checkout action to v4
• 0d385b9 update dependency com.github.jmongard.git-semver-plugin to v0.7.0
• 521a725 update dependency io.mockk:mockk to v1.13.8
• 0420946 update dependency org.semver4j:semver4j to v5.2.0
• 9d78178 update dependency org.semver4j:semver4j to v5.2.1
• 114c153 update docker/build-push-action action to v5
• 63d89b4 update docker/login-action action to v3
• cb982b5 update docker/metadata-action action to v5
• 06615c6 update exposed to v0.44.0

Docs 📖

• cb2c560 CocoaPods: Briefly explain the layout of the "PODS" section
• 902bfef cyclonedx: Fix a typo
• 6e245cf scanner: Fix a typo
• ff570dd Add a link to the search page
• 96c520b Enable Algolia search for the website
• e74531f Remove an unused image
• 14cc5f1 Rename the docusaurus directory to website
• 77bb3d6 Update package-lock.json
• f75d200 fix(docs): Mention Apache 2.0 license

New Features 🎉

• 37a0894 OrtResult: Allow getDependencies() to omit excluded IDs
• f55ca2e docker: Provide extended image with all components
• 46061d0 docker: Use jobs over workflow dependency
• 2b813d0 docker: Use per language container strategy
• 19a5ee2 docker: Use runtime to do all the work for binaries
• 0705ede fossid-webapp: Support for comments in marked as identified files
• 12d2bde fossid-webapp: Support two new API functions
• eb2efd6 plugins: Add the TypedConfigurablePluginFactory
• c586a9b reporter: Support grouped snippets in the Snippet Report
• d1492bb scanner: Add detected license mapping to ScanContext

Other Changes 💡

• 236f1e9 Revert "deps: update dependency clsx to v2"

Refactorings 🚜

• cf295f6 CocoaPods: Improve name / version parsing
• 933c3fc CocoaPods: Rename two variables for clarity
• 416c421 CocoaPods: Slightly generalize parsing of dependencies
• 8863163 downloader: Pass the working tree to a private function
• f5e0046 scanner: Consolidate the API for scanner wrapper factories
• a4eadb6 spdx: Add an overload for toSpdxId()
• 9a5d805 Move Options from model to common-utils

Tests ✅

• ab0f931 ClearlyDefinedStorageFunTest: Update expected results
• 4df3094 SpmFunTest: Update expected results
• 19beaed SpmFunTest: Update expected test results
• 2a7d3f5 advisor: Update a NuGet identifier
• 9f7debd clearly-defined: Do not test against the development server
• 0de7894 conan: Update expected results
• f1bb9c8 downloader: Remove unused test data
• 4338904 downloader: Use a dedicated repository for GitWorkingTreeFunTest
• b066399 downloader: Use a temporary directory to test non-working-trees
• eadb556 ort-config-package-curation-provider: Update NuGet identifiers