Skip to content

5.0.0

Compare
Choose a tag to compare
@github-actions github-actions released this 19 Oct 13:07
· 3095 commits to main since this release

What's Changed

Breaking Changes 🛠

  • fc77b1c chore(stack)!: Temporarily disable Stack in Dockerfile-legacy and tests
  • 8a5fbbe feat(advisor)!: Use the configurable plugin API for advice providers
  • e97c429 feat(fossid)!: Use secret options map
  • 712c448 feat(model)!: Support secret options in the scanner configuration
  • 80a3c25 feat(scanoss)!: Use secret options map
  • c3378e2 refactor(MavenLogger)!: Make MavenLogger internal
  • 57bd6ad refactor(advisor)!: Move advisor configuration classes to advisor module
  • 00d3f6e refactor(clearly-defined)!: Make strings private
  • c29fc64 refactor(clearly-defined)!: Simplify the API taking coordinates

Bug Fixes 🐞

  • ed08381 Poetry: Do not fail if "dev" dependency group is absent
  • f4a8e6d model: Keep the old "options" as a alias for "config"
  • ef2bd7f Revert "build(Docker): Align the python-inspector version on..."

Build 🐘 & CI ⚙️

  • 3df3945 Docker: Align the python-inspector version on 0.9.8
  • 112808a helper-cli: Add an explicit dependency on SLF4J
  • 2e86a54 test-utils: Make logging implementation dependencies runtime only
  • 1708ac3 Do not hard-code dependencies on plugin projects
  • 6587bcd Fix dependencies on the Log4j (non-Kotlin) API
  • 2ab8cef Move common logging dependencies to application conventions
  • b1760ca Move the Log4j Kotlin API dependency to Kotlin conventions
  • 9fb7308 Remove a work-around for older GraalVM releases
  • e9401ca Remove the Log4j Kotlin API as an API dependency
  • c149679 Stop enforcing the Log4j (non-Kotlin) API version

Chores 🔧

  • 012f099 CycloneDxReporterFunTest: Simplify patching code
  • 7250e66 advisor: Remove Jackson annotations from configuration classes
  • 2d18772 plugins: Get all package configuration / curation plugins lazily
  • c2f6cbb scanner: Remove the obsolete filterSecretOptions function

Dependency updates 🚀

  • 68e8e1f Update cyclonedx-core-java to version 8.0.1
  • 5ca852e Update the Jira REST client to version 5.2.7
  • 40645ee update dependency com.github.jmongard.git-semver-plugin to v0.8.1
  • 67ff91a update dependency com.github.jmongard.git-semver-plugin to v0.9.0
  • b55959c update dependency com.squareup.okhttp3:okhttp to v4.12.0
  • 2f0f4b5 update dependency org.jruby:jruby to v9.4.4.0
  • 612f55c update dependency software.amazon.awssdk:s3 to v2.21.2
  • 587fda8 update jackson to v2.15.3
  • 9df7766 update log4japi to v2.21.0

Docs 📖

  • 39c0534 README: Update links
  • f2c7af4 clearly-defined: Add a missing "The"
  • 4591c6a clearly-defined: Remove a superfluous sentence
  • e36a5f8 model: Add SCANOSS configuration to reference.yml
  • 0eb0986 model: Improve docs for ProviderPluginConfiguration

New Features 🎉

  • a5602a2 Storage: Support using AWS S3 as online cache for scan results
  • 889d481 docker: Change the image tagging process
  • f5cc5e8 flutter: Upgrade bootstrapped Flutter version to 3.13.6
  • 08bdef5 scanner: Prefer to use any single scanner

Refactorings 🚜

  • 3b66aa8 helper-cli: Replace ORT's logger extension function with Log4j's
  • 4d2a543 model: Make toString an expression function
  • 2d99fd0 scanner: Do not hard-code the dependency on scanner plugins

Tests ✅

  • c062250 OrtMainFunTest: Use stderr as clues in case of failures
  • abceb78 Poetry: Add a test for analyzing a project without a "dev" group
  • ff77e61 clearly-defined: Fix a typo
  • a88c505 nuget: Limit length of excessive error messages
  • 2f9b34f poetry: Fix-up an expected result
  • 6de1aae pub: Temporarily disable PubFunTest
  • 7085571 spm: Update expected results