Releases: oss-review-toolkit/ort
Releases · oss-review-toolkit/ort
34.0.0
What's Changed
Breaking Changes 🛠
- 1f4d723 chore(advisor)!: Remove the NexusIQ advisor
- baa1fd4 refactor(common-utils)!: Clarify the use of
resolveExecutable()
Bug Fixes 🐞
- 6d576c3 analyzer: Maintain package manager names as keys in the graph
- 83a4465 gradle-inspector: Properly pass through the
managerName
for issues - a3460f3 node: Support deserializing
PackageJson.author
from an array
New Features 🎉
- 6b896c3 common-utils: Stricten a check in
resolveExecutable()
- c180727 gradle: Allow to configure the Java version and / or home
- e18b08e helper-cli: Add an option to override the repository configuration
- e642295 model: Add Git-only VCS host names as Git aliases
- 789f15b ort-utils: Improve the JDK check to not accept a JRE
- 2673ccb ort-utils: Support file URLs in downloads
Build 🐘 & CI ⚙️
Chores 🔧
- 6311935 .ort.yml: Trim trailing whitespace
- 062221e analyzer: Avoid unnecessary mutable maps
- 1e7ec04 analyzer: Slightly optimize a check
- 8b7d02c gradle: Make
managerName
inGradleDependencyHandler
private - 20d7898 gradle-inspector: Improve a log message
- 38d88ab helper-cli: Drop the obsolete command to create analyzer results
- 720a23c node: Remove the unused
parseNpmLicenses()
function - f9a91f9 package-managers: Simplify code to get
javaHome
a bit - 95c604b Simplify mapping of non-empty strings
Dependency Updates 🚀
- ae10e2f Update the dependency-analysis-gradle-plugin to version 2.1.1
- 7bdbcd1 update codecov/codecov-action digest to b9fd7d1
- 90c8fb0 update dependency ubuntu to v24
- fcb93d8 update docker/build-push-action digest to 32945a3
- 7625dae update docker/build-push-action digest to 4f58ea7
- 1811b5f update github/codeql-action digest to e2b3eaf
- a03471c update hoplite to v2.8.2
- cd61f12 update jackson to v2.18.0
- a8bff04 update log4j2 monorepo to v2.24.1
Documentation 📖
- 2c8b259 analyzer: Remove a comma to fix grammar
- d200260 dos: Fix a typo
- 3b0c858 model: Fix a typo in documentation for
addDependency()
- c363749 ort-utils: Align wording of
Environment
property docs - ef8b61c ort.yml: Improve code block titles for examples
- b4922ec scanoss: Fix a typo
- b3e9ddb website: Fix a typo
- e309c3b website: Use the correct property for the description header
Refactorings 🚜
- b5dd8d7 go: Combine
getProjectName()
intogetModuleInfo()
- c03ecf3 model: Extract a
dependenciesAccessor()
function for reuse - 7b4177d model: Inline a
referenceFor()
overload function - ed4a537 model: Inline the
graphForManager()
function - d347153 model: Make
DependencyGraph.edges
non-nullable - e815570 model: Make
DependencyGraph.nodes
non-nullable - 407d287 ort-utils: Introduce a helper to check the JDK version
- 988dd17 ort-utils: Introduce a static Java version property
Tests ✅
Other Changes 💡
- b5723d6 style(analyzer): Use parentheses after functions in test names
33.1.0
What's Changed
Bug Fixes 🐞
- a980b5d bazel: Force the generation of a
MODULE.bazel.lock
file - 3e1a8c4 scanner: Create intermediate nested provenance directories
- 7a1c59d scanner: Properly handle
scanPath()
exceptions
New Features 🎉
- 7f3764e bazel: Add support for the
git_repository
source info type - 0430090 bazel: Add support for the
local_path
source info type - 573b86f bazel: Prepare for other types of module source info
- 0e2a943 sbt: Add back checking the global SBT version as well
- b5efe6f sbt: Allow to configure the SBT version, and Java version / home
- cd70325 scancode: Try to to get more information on failures
- 165b3e6 yarn: Fail in case an update of the lockfile is needed
Build 🐘 & CI ⚙️
- 12d16ab github: Submit the Gradle dependency graph for releases
Chores 🔧
- 9fa1666 scanner: Get the time for a failure summary only once
Dependency Updates 🚀
- 211890e docker: Pin setuptools version to 74.1.3
- 5b9da04 docker: Upgrade Python to 3.11.10
- a58ac50 docker: Upgrade pyenv to 2.4.13
- f17d292 docker: Upgrade the
INCLUDE
-syntax extension - bc92f57 Update the dependency-analysis-gradle-plugin to version 2.1.0
- 93fe4f9 update actions/setup-node digest to 0a44ba7
- 426c04b update dependency com.networknt:json-schema-validator to v1.5.2
- 442b553 update dependency com.zaxxer:hikaricp to v6
- bfe97b1 update dependency gradle to v8.10.2
- f883120 update dependency org.jetbrains.exposed:exposed-java-time to v0.55.0
- 7512eeb update dependency org.jetbrains.gradle.plugin.idea-ext to v1.1.9
- e63a244 update github/codeql-action digest to 294a9d9
- 9e30e9d update github/codeql-action digest to 461ef6c
- ad3b9fb update jetbrains/qodana-action action to v2024.2.3
- 12efc26 update kotlinxserialization to v1.7.3
Documentation 📖
- 062f517 scancode: Move a comment to a more relevant location
Refactorings 🚜
- 047efd1 sbt: Factor code out of
checkConfiguredSbtVersions()
- 922e42f sbt: Only check SBT versions configured in the build
- d9b30a6 sbt: Simplify the definition of default options
- bff2ac8 yarn2: Improve a constant name
Tests ✅
- 837d588 node: Make the naming of expected result files more consistent
- 412a010 node: Move Pnpm test projects into a dedicated
pnpm
directory - 563ce35 node: Move Yarn2 test projects into a dedicated
yarn2
directory - 9860496 node: Move the expected result files into each respective dir
- 9198c5b npm: Stop using
npm-expected-output.yml
for multiple test cases - d346925 c44408f 2308b11 ac771e4 osv: Update expected results
- 10618d5 pnpm: Slightly improve a project name and metadata
- ad1329b pub: Update expected results
- adeb51e python: Update expected results
- 8f4b542 yarn2: Slighly improve a project name and metadata
33.0.0
What's Changed
Breaking Changes 🛠
- 60ef7c9 feat(advisor)!: Rework
VulnerabilityReference
semantics - 01ca824 refactor(model)!: Generalize the scoring system mapping
- 6015cc9 refactor(yarn2)!: Inline
YARN_PATH_PROPERTY_NAME
- 630a8db refactor(yarn2)!: Move some
val
s andfun
s outside of the companion
Bug Fixes 🐞
- 2ac103a bazel:
MODULE.bazel
files from a local registry should be ignored - cb7c914 model: sslmode typo in reference.yml
- e8e9b83 osv: Improve error handling a bit
- 508dbfc spdx-utils: Support reading dashed reference category names
New Features 🎉
- 24656e2 model: Add underscore variants to CVSS names
- 95cba40 vulnerable-code: Add scoring elements to the data model
Build 🐘 & CI ⚙️
- e833172 gradle: Do not set a global
duplicatesStrategy
anymore - 9928629 gradle: Replace custom code with the
reproducible-builds
plugin - c6523c4 github: Do not configure a custom linter version anymore
- 9f7b625 renovate: Disable NuGet package manager updates
Chores 🔧
- 61eb5c1 evaluator: Remove a few named lambda variables to simplify code
- d29db08 gradle-plugin: Explicitly set a
duplicatesStrategy
- ce409f9 helper-cli: Consistently make commands
internal
- a577470 helper-cli: Consistently name the
help
parameter explicitly - bb0654c node: Add a couple of links to upstream documentation
- c725523 node: Slightly simplify Yarn code to get package details
- f675a32 osv: Improve mapping from OSV to ORT vulnerability references
- 275c2c1 yarn2: Drop an obsolote TODO comment
Dependency Updates 🚀
- a488e05 Update clikt to version 5.0.0 and Mordant to version 3.0.0
- 0b24c91 Update dependency-analysis-gradle-plugin to version 2.0.2
- 0c10c2f Update kotlinx-coroutines to version 1.9.0
- 280d8fb update dependency org.semver4j:semver4j to v5.4.0
- 521bd69 update dependency software.amazon.awssdk:s3 to v2.28.0
- fd28fcf update github/codeql-action digest to 8214744
- 21a3289 update gradle/actions digest to d156388
- 12c8019 update jetbrains/qodana-action action to v2024.1.10
- c750cfd update jetbrains/qodana-action action to v2024.1.11
- 0c540bd update jetbrains/qodana-action action to v2024.2.2
Documentation 📖
- 8a1e42a gradle: Improve the wording of a code comment
- 1b15bfa yarn2: Fix-up a couple of broken KDoc references
Refactorings 🚜
- 5a303ad helper-cli: Introduce an abstract
OrtHelperCommand
base - d1fa1f2 model: Extract vulnerability rating code to a function
- 8b45010 npm: Use a simpler return type for two functions
- 5bc030e yarn2: Extract
isCorepackEnabled()
- e2bca6b yarn2: Inline
DEFAULT_EXECUTABLE_NAME
- da6cc49 yarn2: Move a couple of functions / classes to the file level
- 12c99e1 yarn2: Move some sanity logic into
getYarnExecutable()
- 5d0f002 yarn2: Reduce the scope of the version variable
- 098ef99 yarn2: Simplify
cleanYarn2VersionString()
- 9db096c yarn2: Use a shorter name for
versionFromLocator
Tests ✅
- c17e5c3 bazel: Update expected results
- 52cb0e0 conan: Split out the lockfile case into a dedicated test
- a9e964e conan: Update expected results
- 6123c13 node: Consistently place Npm projects in the
npm
directory - 06fe673 node: Drop the
README.md
for Npm test assets - c67d544 node: Improve a test case name
- b0bd418 node: Merge
NpmVersionUrlFunTest
intoNpmFunTest
- 8cbbb57 node: Move Yarn test projects into a dedicated
yarn
directory - 254a64a node: Slightly improve a project name and metadata
- 49b65dd osv: Update expected results
- 6e181ef bc819cc osv: Update expected results
32.1.0
What's Changed
Bug Fixes 🐞
- 023752f dos: Make the
token
a secret config option
New Features 🎉
- fcfab20 gradle-inspector: Add an option to bootstrap a JDK version
Chores 🔧
- f654747 node: Drop the now unused Jackson dependencies
- da5c922 yarn2: Make use of
YARN2_RESOURCE_FILE
in a log message
Documentation 📖
- f2f2f7c ort-utils: Fix environment property descriptions
- 65f58c3 Update link references of ownership
Refactorings 🚜
32.0.0
What's Changed
Breaking Changes 🛠
- 1621941 feat(gradle)!: Make GradleInspector the new default
- c21b31b refactor(reporter)!: Rename the reporter to AOSD2 to avoid confusion
Bug Fixes 🐞
- 2438448 gradle-inspector: Do not assume all POM artifacts to be metadata-only
- 7c421cc gradle-inspector: Handle dependency cycles properly
- 78f0a07 gradle-inspector: Keep the artifact URL on invalid hash values
- 04b0356 model: Add a heuristic to get the manager in dependency graphs
- 7b12e72 osv: Remove an invalid reference type
- 694ac3c pub: Improve
containsFlutterSdk()
- 9cca883 pub: Use the correct key name when replacing options
New Features 🎉
- 8ce9483 gradle-inspector: Allow to customize the Java home for analysis
- af559df jenkins: Allow to configure the list of advisors
- 9bcb485 osv: Add new ecosystem constants for completeness
- 723e003 plugins-api: Allow to manually set the plugin ID
- da7b11f pub: Always use the (one) enabled Gradle package manager
- 94e30b1 scripts: Add a script to generate all CLI completion scripts
- 3a68e61 scripts: Align on more portable
env
shebangs to discoverbash
Build 🐘 & CI ⚙️
- e609a22 refactor: Use the new script to generate CLI completions
Chores 🔧
- 7c52615 analyzer: Remove a too strict assumption in dependency verification
- cc04a19 docker: Update Npm to the latest minor version
- 002b58b docker: Update Pnpm to version 9.9.0
- 45ff021 docker: Update Swift to version 5.10.1
- f2fc447 docker: Upgrade Go to version 1.23.0
- 7373195 gradle-inspector: Rename the
init.gradle
template - 7689ecb yarn2: Fix a typo
- d9eb1da Remove references to JitPack in favor of Maven Central
- 54a2e4e Use
ifEmpty
andifBlank
to simplify code - 714996c Use
ifEmpty
andifBlank
to simplify code - de66c45 Use
singleOrNull
to simplfiy code
Dependency Updates 🚀
- 3a1fbf6 Update the native-gradle-plugin to version 0.10.3
- fbe3ae8 update actions/attest-build-provenance digest to 1c608d1
- f7d2368 update dependency ch.qos.logback:logback-classic to v1.5.8
- d80b9d2 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.4.0
- e20681a update dependency gradle to v8.10.1
- 64828ac update detektplugin to v1.23.7
- 80f62a1 update exposed to v0.54.0
- 8836de6 update ksp to v2.0.20-1.0.25
- 01f3d58 update log4j2 monorepo to v2.24.0
- 7be755c update wagoid/commitlint-github-action digest to 3d28780
Documentation 📖
- a53b7c6 README: Remove the wrapper validation badge
- d06e12e README: Swap OpenSSF Best Practices and Scorecard badges
- 0d1965b gradle-inspector: Fix the link to the init script resource
- eaba79c gradle-inspector: Mention
javaHome
as part of class docs - 9646794 gradle-inspector: Update the list of known limitations
- 5daae47 issues: Limit
ort requirements
output to commands - f5d54b8 model: Improve
VulnerabilityReference
property docs - 15bf4fc osv: Add documentation to all top-level classes
- f57e046 osv: Generalize wording from "list" to "collection"
- f54636e plugins-api: Fix description of
PluginDescriptor.id
- 785514e plugins-api: Improve docs for
OrtPlugin
- 81561d1 Avoid "our" in comments and use passive voice
- 2b2bb87 Avoid "we" in comments and use passive voice
Refactorings 🚜
- b0fc861 model: Inline some default parameters in a test function
- dabcd27 model: Inline the misleading
Project.managerName
property - 8272678 node: Drop the
--fields
option - aa46f27 node: Factor out
mapNpmLicenses()
- b4205ba node: Improve code for parsing
package.json
and beyond - 2cd8fe4 node: Improve the name of
packagesHeaders
- 4e19bbd node: Move Yarn2 into its own dedicated package
- 77590e3 node: Port the parsing of Yarn2 package infos to KxS
- f567582 node: Re-use
getProjectAdditionalData()
also for projects - 9ea65f9 node: Rename
parseNpmAuthors()
to singular form - 3382b5b node: Turn
fixNpmDownloadUrl()
into an extension - 407172e node: Use an object mapper for parsing Yarn2's
info
output - 4d854a7 node: Use the
info
alias for theview
command - 0efc494 npm: Use a more speaking name for
packageFile
- 8553c7f npm: Use a more speaking name for
packageJson
- 6ecdb9e plugins: Fix casing in plugin IDs
- 6c653f1 plugins-api: Rename
OrtPlugin.name
todisplayName
- 399d507 pub: Inline some variables in
parseProject()
- 7ef80e6 pub: Port Pubspec parsing to KxS and use a data class
- f5b8f6d pub: Rename several
manifest
variable - fca5d83 pub: Use a more speaking name for
pubspec
- 34e2339 yarn: Relax strictness in
processAdditionalPackageInfo()
Tests ✅
31.0.0
What's Changed
Breaking Changes 🛠
- 848e666 feat(advisor)!: Migrate the advisor to the new plugin API
- dd90907 refactor!: Move
PackageConfigurationProvider
to API module - 90accbb refactor!: Move
PackageCurationProvider
from model to plugin API - 3c8b32a refactor!: Move config helpers from
model
to newconfig-utils
module - 89467d9 refactor(analyzer)!: Move
PackageManagerDependencyHandler
to the root - 4c7c9fc refactor(analyzer)!: Turn conversion functions into extensions
- bd4e76e refactor(common-utils)!: Remove the
force
argument from delete functions - e785545 refactor(model)!: Remove
PackageConfigurationProvider
fromOrtResult
- 1e5ae99 refactor(ort-utils)!: Remove the fallback to read uncompressed files
- 6636764 refactor(osv-client)!: Remove an unused constructor
- f787654 refactor(osv-client)!: Remove the
Server
enum - 4f870c2 refactor(package-configuration-providers)!: Migrate to new plugin API
- 2a8ca2f refactor(package-configuration-providers)!: Remove unused EMPTY constant
- 934c6aa refactor(package-curation-providers)!: Migrate to the new plugin API
- d782466 refactor(plugins-api)!: Make
PluginDescriptor.id
the first argument - d15eaa1 refactor(plugins-api)!: Rename
PluginDescriptor.className
toid
- 9b13596 refactor(plugins-api)!: Rename
PluginDescriptor.name
todisplayName
Bug Fixes 🐞
- 5d11ab0 advisors: Make configuration properties secrets
- a477ded common-utils: Use the
Path
API to delete files - ed095a6 compiler: Fix an error message
- f991e15 ort-utils: Fix handling of
LocalFileStorage.transformPath()
New Features 🎉
- 29468d0 compiler: Add the descriptor to the factory companion object
- 35d18a6 compiler: Allow multiple plugins of the same type in a project
- e15091c compiler: Remove the parent class name suffix from the plugin id
- 1e0cdfe docker: Replace Syft for Docker own Scout SBOM generator
- 29a108a model: Check if an archive exists before trying to download it
- 71983f1 plugins: Add a new plugin API with symbol processing
- 5804107 plugins-api: Generate a JSON representation of the plugin spec
Build 🐘 & CI ⚙️
- c01b6c8 detekt-rules: Fix the import check for a single dotless import
- 90a570d gradle: Fix applying the dependency analysis plugin
- adbc676 package-managers: Make dependencies on
GitCommand
explicit - b82a5c1 Introduce a convention plugin for plugins
- 1e9ae8a Rename the convention for plugin parent projects
- 3e94f07 github: Remove an unnecessary outdated parameter
- 627296b github: Remove the separate Gradle wrapper validation
Chores 🔧
- 2b8463d package-managers: Make
gradlew
of test projects executable - 954eb96 plugins: Use the companion object
descriptor
s - 97a81dd reuse: Migrate from dep5 to TOML format
Dependency Updates 🚀
- 6be1533 update actions/setup-python digest to f677139
- cf72d14 update dependency com.autonomousapps.dependency-analysis to v2.0.1
- c737daf update dependency prism-react-renderer to v2.4.0
- 0cdbc49 update github/codeql-action digest to 4dd1613
- 43c8a20 update gradle/actions digest to 16bf8bc
Documentation 📖
- a4d249f downloader: Further improve a log message to include the revision
- 4da006b plugins-api: Fix docs for
PluginDescriptor
properties
Refactorings 🚜
- fdd90ca analyzer: Split package manager dependency classes across files
- 01a200e carthage: Trivially port from Jackson to KxS
- 78154d8 common-utils: Move recursive deletion tests to
funTest
- ab12481 common-utils: Move several tests to
funTest
- b67936d compiler: Use
singleOrNull()
to simplify code - cb15705 gradle: Move
OrtDependency
extension functions to the model - fbc786d gradle: Turn extension functions into properties
- 0e3900d gradle-inspector: Make use of
OrtDependency
extensions - 080b303 gradle-inspector: Migrate the code to use the dependency graph
- 814e56e plugins: Move KSP compiler to separate project
- 40e0133 plugins-api: Add default value for
PluginDescriptor.options
- 4dd5a49 plugins-api: Separate plugin analysis from code generation
- 2401bf2 pub: Extract constants for the scope names
- b42f894 pub: Remove a code redundancy from the construction of scopes
- 28c4149 pub: Remove an unnecessary
for
loop and comment - d4fd3f1 pub: Use a data class for parsing the lockfile
- a45bd86 pub: Use a shorter name for
pkgInfoFromLockfile
Tests ✅
- c8f2baa common-utils: Add a test for deleting files with bogus names
- bb012f3 common-utils: Add a test for deleting read-only files
- e0e8465 common-utils: Add a test for deleting with a base directory
- 8e05bcf ort-utils: Add missing tests for
LocalFileStorage
- b68e3b9 ort-utils: Reduce indentation in tests
- af56607 ort-utils: Use function names for test containers
- 535ff62 osv: Update expected results
- b0ae065 pub: Add a
()
to a test case name - bc98102 pub: Consistently use
reader
- b3e173a pub: Remove an unhandled property
- ed29629 pub: Remove an unnecessary code comment
Other Changes 💡
- d0840a6 Revert "test(osv): Update expected results"
30.0.0
What's Changed
Breaking Changes 🛠
- c8e87e7 refactor(vcs)!: Make the
aliases
property private
Bug Fixes 🐞
- 34a222e bazel: Apply name and version overrides earlier
- eb8d2c8 bazel: Change
metadata.json
's model to comply with schema - 4e887f2 bazel: Maintain the version also in case of archive overrides
- 16a121c helper-cli: Fix-up the exclude
reason
for ChangeLog files - 456e3fc scancode: Make path comparisons separator-agnostic
- e72fd2a scanoss: Support multiple line ranges per snippet
New Features 🎉
- 26a0401 advisor: Add resolution reason for incorrect vulnerabilities
- 1ec14b5 bazel: Add support for
archive_override
- 05d9658 bazel: Treat a package with archive override and patches as modified
Build 🐘 & CI ⚙️
- c6701f8 gradle: Enable consistent
copy()
visibility - 7ad4bfe Ensure that the generated shell completion scripts are up-to-date
Chores 🔧
- 93ea5b3 bazel: Do not quote URLs in logs for visual simplicity
- d95b8b2 bazel: Improve archive override URL logging
- a85e0d6 clearly-defined: Do not pass a default value
- 61ad183 integrations: Regenerate shell completion scripts
- e951d63 web-app-template: Simplify adding to a map
Dependency Updates 🚀
- f87f923 spdx-utils: Update the SPDX license list version to 3.25.0
- 135b287 update actions/attest-build-provenance digest to 6149ea5
- f9a5452 update dependency com.autonomousapps.dependency-analysis to v2
- 0aad2f2 update dependency org.asciidoctor:asciidoctorj to v3
- 0d3b21e update dependency org.postgresql:postgresql to v42.7.4
- fe0a41c update github/codeql-action digest to 2c779ab
- 15c1031 update kotlin monorepo to v2.0.20
- ae29ff7 update kotlinxserialization to v1.7.2
Documentation 📖
- ebdc21f README: Remove the broken TODO badge
- 4841e02 analyzer: Clarify the input directory to be version-controlled
- 38c9efd analyzer: Explain that the analyzer is required to run
- a82f01c analyzer: Name precondition for analysis to work
- 99cd187 cli: Explain SLF4J API usage in addition to Log4j API usage
- e191061 model: Slightly improve
LicenseFinding.license
docs - ddc0757 website: Fix the full AOSD reporter name
- 0ded5f8 website: Improve FossId report documentation
- f0b7b79 website: Make Opossum report documentation more compact
Refactorings 🚜
- b91c8ff clearly-defined: Rename a (so far unused) enum property
- 7ecf85d composer: Inline
parseScope()
- a28a503 scanners: Rename a snippet's
license
to singular - c309ada Port remaining code to
kotlin.io.encoding.Base64
- 5228030 Use hex coding from Kotlin's stdlib
Tests ✅
29.1.0
What's Changed
Bug Fixes 🐞
- 4813be3 conan: Ensure that Conan is running in non-interactive mode
New Features 🎉
- 3660ce0 downloader: Allow to specify parallel downloads on the CLI
- c64cc83 downloader: Display progress info for parallel downloads in the CLI
Chores 🔧
- 9932ab7 downloader: Say "verifying" in case of a dry run
Dependency Updates 🚀
- 549a0dd update github/codeql-action digest to f0f3afe
- eff9a93 update wagoid/commitlint-github-action digest to a2bc521
- 4261d1a update wagoid/commitlint-github-action digest to dbd4ecd
Tests ✅
- fe81e49 pub: Update expected results
29.0.0
What's Changed
Breaking Changes 🛠
- fb36bec chore(advisor)!: Remove the GitHub defects advisor
Bug Fixes 🐞
- 110f2e3 scanoss: Improve parsing of VCS URLs
- 5fff408 scanoss: Properly deal with empty licenses for snippets
New Features 🎉
- 88f4548 bazel: Add support for
local_path_override
- a53082f docker: Add Buildozer to the Docker image
- dcc41df spdx: Allow to set creator person and organization
- d4d17d0 utils: Add
runBlocking
that preserves Log4j's MDC context
Chores 🔧
- 58deae0 scanoss: Directly map to sets
- e5303d7 scanoss: Make skipping of "none" file details explicit
- b1caae2 scanoss: Remove a superfluous
distinct()
call - 97ece6d scanoss: Throw on unsupported line ranges in
convertLines()
- f261664 web-app: Trivially change a variable in a test to be plural
Dependency Updates 🚀
- 161ea45 update dependency ch.qos.logback:logback-classic to v1.5.7
- f75bc26 update dependency org.apache.commons:commons-compress to v1.27.1
- 947f855 update docusaurus monorepo to v3.5.2
- 74557ba update github/codeql-action digest to 883d858
- 52ea6ca update maven to v3.9.9
Documentation 📖
- fe5a27f gradle: Add descriptions to tasks so they show up without
--all
- aaf9012 spdx: Deep link to a nested property from reporter options
Refactorings 🚜
- ba9f17f clearly-defined: Make functions suspending
- dbc3fc5 clearly-defined: Remove the
callBlocking
function - a061b06 fossid-webapp: Make factory functions suspending
- 9b3cb85 fossid-webapp: Rename
instance
function tocreate
- f04cb07 scanner: Make
resolveNestedProvenance
suspending - 4e19363 scanner: Make
resolveProvenance
suspending - ee3c33b Use the new
runBlocking
function
Tests ✅
- d1ee3dd pub: Update expected results
Other Changes 💡
- 17d1ff2 style(detekt): Forbid usage of
kotlinx.coroutines.runBlocking
28.0.0
What's Changed
Breaking Changes 🛠
- 0137bde refactor!: Replace
is{False,True}()
withtoBooleanStrictOrNull()
- d03abd4 refactor(bazel)!: Align create function and parameter naming
- fa35e72 refactor(bazel)!: Rework collection use for URLs
- 37ea3e6 refactor(bazel)!: Simplify code with an
url
not being nullable - 56e2fb7 refactor(model)!: Use a secondary
Hash
constructor instead ofcreate()
- 506ef31 refactor(reporter)!: Change to return per-file-format results
Bug Fixes 🐞
- c43047a Bazel: Fix BazelTest
- d6b7404 Bazel: Force a Bazel version for BazelTest
- 7d6a7e9 Bazel: Recreate the test data for the test with local registry
- b1dd96a bazel: Distict registry URLs by their normalized form
- 6160df2 compose: Ignore definition files from vendor directories
- 471a65d compose: Stash any present "vendor" directory
- 37e0e5c composer: Do not use the
managerName
for packages - b579f88 composer: Support the license field to be a primitive string
- ae14f3f conan: Properly inspect null values
- 46aa773 ctrlx-reporter: Make the
$schema
field non-nullable - b194374 ctrlx-reporter: Only use real SPDX IDs
- af556b0 downloader: Correctly get the repository root path
- 743873a scanoss: Ignore the logging provider from `scanoss'
New Features 🎉
- b4e4156 Bazel: Support Bazel 7.2.0
- ebd6454 bazel: Add
MultiBazelModuleRegistryService
class - 378f6e2 bazel: Support multiple registry services
- e8e3416 reporter: Add a reporter for the AOSD 2 format
Build 🐘 & CI ⚙️
- bb0a326 gradle: Remove the unused
scanoss
client project - a603d3d github: Use latest instead of linked CodeQL tooling
- 5092c18 renovate: Enable Renovate for the website
- 0b94998 renovate: Update NPM only once a week
Chores 🔧
- fb15bb1 Bazel: replace the test done by
BazelTest
by a functional test - 48f4128 bazel: Omit a default argument
- 4e86921 bower: Remove the now unnecessary inspection hint suppressions
- b9f521e composer: Make top-level data classes internal
- fcc91b7 composer: Reduce the visibility of two constants
- 0454248 composer: Remove an uncessary log warning
- d2a1434 composer: Simplify
associateBy
toassociate
- 949b5de docker: Replace Bazel by Bazelisk
- 727705f docker: Upgrade PHP to the latest active version
- b694901 docker: Upgrade composer to the latest version
- dfa843c downloader: Add a debug log when deleting working tree caches
- 977707d evaluated-model: Remove a superfluous file format case
- 400e0f4 gradle: Sort compiler options alphabetically
- 1ba1116 model: Consistently use HTTPS for
example.com
URLs - df82c97 node: Use curly-brace-syntax for logging
- 2839a76 package-manager: Force a Bazel version for the existing test
- f8dc4e3 scanoss: Do not apply the
BlacklistRules
- bdbc11d Align code and wording of either-or property checks
- f6ba8bc Do not used the named
with
parameter for@Serializable
- 424dfcb Use the recommended function to get serializers for a type
Dependency Updates 🚀
- 7aec1fb website: Upgrade to Docusaurus 3.4.0
- 4c3ed0b website: Upgrade transitive dependencies
- c8cf639 pin dependencies
- ce116dd update actions/attest-build-provenance digest to 210c191
- 090c43c update actions/attest-build-provenance digest to 310b0a4
- 7a297b5 update actions/deploy-pages action to v4
- 223676b update actions/setup-node action to v4
- aee9f08 update actions/upload-pages-artifact action to v3
- b2acb25 update dependency com.autonomousapps.dependency-analysis to v1.33.0
- f7c54c6 update dependency com.charleskorn.kaml:kaml to v0.61.0
- a469c1d update dependency com.github.ajalt.mordant:mordant to v2.7.2
- 9391fd1 update dependency com.networknt:json-schema-validator to v1.5.1
- 0621a90 update dependency gradle to v8.10
- dc6db0f update dependency org.apache.commons:commons-compress to v1.27.0
- 7f4903c update dependency org.apache.logging.log4j:log4j-api-kotlin to v1.5.0
- 897298d update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.18
- 56d5421 update dependency org.cyclonedx:cyclonedx-core-java to v9.0.5
- 3e819a0 update dependency org.slf4j:slf4j-api to v2.0.14
- a0cbc63 update dependency org.slf4j:slf4j-api to v2.0.15
- 4f3af43 update dependency org.slf4j:slf4j-api to v2.0.16
- 93907bc update dependency org.springframework:spring-core to v5.3.39
- f891232 update dependency org.tukaani:xz to v1.10
- fd2290f update dependency org.wiremock:wiremock to v3.9.0
- a60d045 update dependency org.wiremock:wiremock to v3.9.1
- c1f1795 update dependency software.amazon.awssdk:s3 to v2.27.1
- ee94143 update docker/build-push-action digest to 16ebe77
- 85936e7 update docker/build-push-action digest to 5176d81
- e3087af update docker/build-push-action digest to 5cd11c3
- 39a638e update docker/login-action digest to 9780b0c
- 7faea4d update docker/setup-buildx-action digest to 988b5a0
- 5d4985b update docker/setup-buildx-action digest to aa33708
- dc9a0dc update docusaurus monorepo to v3.5.1
- 3b079c4 update exposed to v0.53.0
- 8853da4 update github/codeql-action digest to 29d86d2
- 5fdc763 update github/codeql-action digest to 2d79040
- 17ed779 update github/codeql-action digest to 429e197
- 942d706 update github/codeql-action digest to 5cf07d8
- b2ee73b update github/codeql-action digest to afb54ba
- eb64faa update github/codeql-action digest to eb055d7
- b0bddf9 update gradle/actions action to v4
- 1741aff update jetbrains/qodana-action action to v2024.1.9
- f9d3bd0 update kotlin monorepo to v2.0.10
- af4c8b1 update mavenresolver to v1.9.22
- 942539a update ossf/scorecard-action action to v2.4.0
- 691c31e update wagoid/commitlint-github-action digest to baa1b23
Documentation 📖
- 48bb017 README: Add a Repobeats contribution statistics image
- a98f22b README: Add a sentence aboout the governance model
- 2d8257c README: Reword the contribution section
- 742b393 bazel: Quote a file name in fluent text
- a7d5987 conan: Explain why a temporary file is required for
inspect
- 1c0713d github: Add icons to the issue workflow
- b7ae659 reporter: Update the link to Ctrl-X Automation FOSS information
- f19c276 Add Volkswagen AG to the list of adopters
Refactorings 🚜
- 2c18272 bazel: Create an issue instead of throwing on no registry
- c2ff612 bazel: Map directly to a set
- 2274638 bazel: Nest an internal data class for better grouping
- 5dd19ff bazel: Simplify creating Bazel module registries
- 1cca35a bower: Also take the
authors
from the project package - 1a00466 bower: Factor out
getProjectPackageInfo()
- c8e47f2...