10.0.0

What's Changed

Breaking Changes 🛠

• ce6839d refactor(reporter)!: Use default interface implementations to reduce code

Bug Fixes 🐞

• 7aa4895 GoMod: Stop crashing with NoSuchElementException
• 5e82e20 asciidoc-reporter: Use monospaced text without "nested formatting"
• e5e0f3f evaluator: Apply excludes before lookups in the OSADL matrix
• fed0cd3 evaluator: Apply repository license choices to the project
• 6a7d63d reporter: Do not take blank license texts
• 57f85f0 reporter: Fix a potential failure in the FossID snippet report
• 686f953 reporter: Process only valid scancodes in FossIdReporter

Chores 🔧

• 41e559c asciidoc-reporter: Remove an unused test asset
• e6adeec docker: Upgrade Swift to the latest version
• 7092afb scancode: Align JSON assets to have a trailing newline

Dependency Updates 🚀

• ab808c9 update dependency com.autonomousapps.dependency-analysis to v1.28.0
• 25361dd update dependency com.networknt:json-schema-validator to v1.0.88
• 064cf50 update github/codeql-action action to v3
• 664e89c update jetbrains/qodana-action action to v2023.3.0
• 9b3349d update ktor to v2.3.7

Documentation 📖

• 4111605 cli: Distribute a README.md to show where to put plugins
• 3d78d64 go: Fix an obsolete code comment
• 706ee15 model: Improve the wording of IssueListConverter's documentation
• 221cad8 Clarify that repository license choices also apply to projects
• c63f489 Fix-up the KDoc for DefaultResolutionProvider.create()
• f7406d9 Improve the KDoc for getOpenIssues()

New Features 🎉

• 7e1f3a8 Fossid-webapp: Increase the read timeout for listMatchedLines
• eaa29e5 fossid-webapp: Make the comment of a project optional
• 1109a7a jenkins: Allow to mix OSADL matrix and configured rules
• bf1b032 model: Associate licenses and exceptions from the same expression
• d5548c3 scancode: Get the key to ID mapping without --license-references

Other Changes 💡

• 4ad17d3 go: Align a function name with upstream terminology
• 4aa865f go: Drop some unused obsolete code
• c04c3ee model: Make a function signature a bit more speaking
• e0e02ce Use SPDX constants in more places

Tests ✅

• b7f5a38 go: Add () to function names in test case names
• 81aee12 scancode: Test license mapping without license references

9.0.0

What's Changed

Breaking Changes 🛠

• 247b046 refactor(scancode)!: Make parseScanResult(JsonElement) private

Bug Fixes 🐞

• 374b4a0 command: Drop an obsolete scanner command option
• ba66567 commands: Avoid a duplicate plural "s" in the summary sentence
• 281a854 integrations: Re-generate shell completions
• f16bf59 integrations: Re-generate shell completions
• 849f987 node: Default to NPM if there is no indication for any Node manager
• 8e1ec1d node: Do not crash on projects that do not set a version
• f99e2ed node: Rewrite manager detection to solve issues
• b6f6bc5 scancode: Fix the broken file paths in mapped timeout errors

Build 🐘 & CI ⚙️

• a951533 github: Disable parallelization when publishing

Chores 🔧

• a464678 Jenkinsfile: Remove the VULNERABLE_CODE_API_KEY parameter
• bec02fd cli: Make properties come before functions and classes
• 161acdd detekt: Remove an exception for an unused wildcard import
• 7aac204 jenkins: Omit empty string default values
• f9d1124 reporters: Improve log wording about the generated (temporary) file
• ff9e1cf scancode: Make the internal timeout constant private
• b3c98bb spdx: Give more context in require checks

Dependency Updates 🚀

• 7fbd47f gradle-inspector: Again use current Gradle's tooling API version
• e86a1b9 Update kotlinx-serialization to version 1.6.2
• fd8fc8e update actions/setup-python action to v5
• 5af7043 update dependency ch.qos.logback:logback-classic to v1.4.14
• 99b0f86 update dependency com.autonomousapps.dependency-analysis to v1.27.0
• 33be29a update dependency net.sf.saxon:saxon-he to v12.4
• 36e8138 update dependency org.jetbrains.kotlinx:kotlinx-html-jvm to v0.10.1
• 894a29e update dependency org.postgresql:postgresql to v42.7.1
• 8c4879c update jetbrains/qodana-action action to v2023.2.9
• f898d75 update jgit to v6.8.0.202311291450-r
• bff2d01 update maven to v3.9.6

New Features 🎉

• 53a8dd3 helper-cli: Add two patterns to path exclude generation
• eb93dd5 jenkins: Allow to use a custom scanner from a plugin
• 81b3130 jenkins: Show the active configuration to ease debugging
• 521640b model: Add the property Issue.affectedPath
• 5839604 model: Adhere to Issue.affectedPath when filtering a summary
• 4d532d8 model: Enable Issue.affectedPath also for older scan results
• 0033123 scancode: Relax precondition for mapping timeout issues
• 27bc117 scancode: Set Issue.affectedPath for timeout errors

Other Changes 💡

• 67297b2 config: Align on setting "skip excluded" in the config
• e14dc23 scancode: Move toSummary() to ScanCodeResultModelMapper
• da463b8 scancode: Move mapping of scan errors into toSummary()
• d6f39ce scancode: Use a more generic name for ScanCodeErrorMappers

Tests ✅

• f073323 conan: Update expected results
• 69ab754 model: Add a test for ScanSummary.filterByPaths()
• 91d07c2 scancode: Factor out getAssetFile()
• 97c121e scancode: Include timeout errors in the assets for output formats
• 51d7faf scancode: Remove some redundant variable definitions
• 7cc5e49 scanner: Never read or write stored results for the "Dummy" scanner
• d9b1f8d scanner: Simplify filtering files
• 9b26515 scanner: Use NOASSERTION instead of NONE for dummy findings
• 84d2f6d 46816a5 0a2ca2c cc92894 spm: Update expected results
• 55e226f vulnerable-code: Also assert issues to be empty
• 4bf0241 vulnerable-code: Always enable the test, even without an API key

Other Changes 💡

• bd6d9ec Revert "chore(jenkins): Omit empty string default values"
• 58f1155 style(vulnerable-code): Unwrap lines that do not need wrapping

8.0.0

What's Changed

Breaking Changes 🛠

• 1be48b4 chore(reporter)!: Reduce the visibility of ReportTableModel
• eb0e6f1 chore(reporter)!: Remove the unused SummaryTable
• b76b7a7 refactor(plugins)!: Move all ALL properties to Plugin implementations
• 89aaf0c refactor(reporter)!: Move ReportTableModel to the static HTML plugin

Bug Fixes 🐞

• a1ea611 compare-command: Fix the program exit codes
• f1abea1 helper-cli: Fix two issues with listing licenses
• eadf828 helper-cli: Remove package.json from path exclude generator

Chores 🔧

• 62a3bc5 mailmap: Add another email to map list
• 94defb1 node: Improve formatting of a code comment
• e4d894b node: Remove an unnecessary capturing group

Dependency Updates 🚀

• d785b4f Dockerfile-legacy: Update the the available Cargo version
• 4503fcc Gradle: Update the detekt plugin to version 1.23.4
• bd2d37d docker: Upgrade Cargo to the version available in Ubuntu Jammy
• 2bdec8f Update the Maven resolver to version 1.9.18
• 123984a update actions/setup-java action to v4
• c73f351 update davidanson/markdownlint-cli2-action action to v14
• 5bb6a68 update dependency ch.qos.logback:logback-classic to v1.4.12
• 52985f6 update dependency ch.qos.logback:logback-classic to v1.4.13
• a66bf0e update dependency com.github.jmongard.git-semver-plugin to v0.11.0
• 956d12e update dependency gradle to v8.5
• 5fca795 update dependency org.jetbrains.exposed:exposed-dao to v0.45.0
• 6d43649 update kotlin monorepo to v1.9.21

Documentation 📖

• 4a1e0b2 ADOPTERS: Slightly improve the wording for Cariad
• b742da7 compare-command: Add / improve some code comments
• 77d8804 plugins: Align documentation for the ALL properties

New Features 🎉

• aff3519 CompareCommand: Add the SEMANTIC_DIFF as a new compare method
• 4cfab70 CompareCommand: Implement custom deserializer
• d591aec compare-command: Make the context size configurable via an option
• 2107657 helper-cli: Extend path exclude generator by a couple of patterns
• 738790c jenkins: Allow to set arbitrary environment variables
• 7ad4e31 requirements: Add an option to toggle listing plugins and commands
• 1dcb1ff requirements: Also list all found ORT plugin implementations
• eb6e82f scanner: Teach package scanners about all packages covered by a scan

Other Changes 💡

• a1ccc6d CompareCommand: Move the deserialization out of the when
• 19bfbe0 VersionControlSystem: Implement the Plugin interface
• 777b1ff compare-command: Move an enum classs closer to its use
• a1bb32d compare-command: Rename deserializer to mapper
• 1dbed2e helper-cli: Adjust return type of getScannedProvenance()
• f887133 helper-cli: Use a more speaking name for getProvenance()
• de5027e node: Split out code to detect the right Node package manager
• 5d2fb19 reporter: Make map() take ReporterInput as param
• 1d2d88a reporter: Simplify obtaining a package or project
• 6bc8c31 requirements: Factor out getting plugins by type
• 8c91864 requirements: Further separate detecting from printing versions
• 805a6e7 requirements: Split out long code to functions

Performance Enhancements ⚡

• a176fc5 requirements: Limit scanning to sub-types

Tests ✅

• 6eeb729 compare-command: Add a functional test for the text diff method
• 6c90a2e conan: Update expected results
• 18f9318 node: Add tests for remaining support functions
• 89c3ed6 osv: Update expected results
• 665aa87 requirements: Add a test for core plugins to be found

Other Changes 💡

• f563d2a style(Jenkinsfile): Fix a string parameter's indentation
• 1fe0eb5 style(fossid): Remove some named arguments
• cdd3993 style(reporter): Use a shorter name for packageforId

7.1.0

What's Changed

Bug Fixes 🐞

• a9bd271 analyzer: Support uppercase-letters in Go module version
• 5334b19 helper-cli: Use the "pluginClasspath" approach to bundle plugins
• acda964 jenkins: Align Java's user.home with HOME
• fced3d8 jenkins: Limit the credentials type to the supported type
• 49b66c9 opossum: Get license texts via the provider
• 45e1e63 spdx: Add the missing OTHER relationship
• 40630f4 spdx: Add the missing snippet ranges
• e8d9c53 spdx: Do not allow the snippet name to be blank
• b9c038e Remove any YAML front matter from ScanCode license files

Build 🐘 & CI ⚙️

• 54f72d9 Align on tools from .versions also for the build / test workflow

Chores 🔧

• b76ae85 adopters: Officially add Cariad to the list
• 0557aeb docker: Extract .NET version to a variable
• a07f3d6 docker: Upgrade Android Command line tools to the latest version
• 0818afb docker: Upgrade Poetry to the latest version
• 6d72e44 github: Remove the duplicate Batect wrapper validation
• 333d1d7 jenkins: Use the name ignored for an ignored exception
• a2d87c6 mailmap: Map to Mikko's Double Open email address
• 0bf2b1a ort-utils: Add a debug log if a netrc file has not been found
• e4b018b ort-utils: Add more environment variables relevant for debugging
• 2ce1460 reporter: Remove unnecessary braces
• 22b5c1f scanner: Trivially improve the wording of log messages
• fb37893 Improve and align the wording for non-SPDX licenses in info fields

Dependency Updates 🚀

• 6bf2206 evaluator: Update the OSADL matrix
• 2f7d381 Update Apache commons-compress to version 1.25.0
• 1a7c848 Update the Maven resolver to version 1.9.17
• 5f43743 update dependency com.github.ben-manes.versions to v0.50.0
• 8884e0f update dependency com.icegreen:greenmail to v2.0.1
• 9222331 update dependency org.postgresql:postgresql to v42.7.0
• ed6b029 update dependency org.springframework:spring-core to v5.3.31
• 5005851 update log4japi to v2.22.0

Documentation 📖

• b89610f jenkins: Clarify that the credentials type should be for HTTP
• 29f9aef Add Double Open to the NOTICE file
• 23a8136 Document setting metadata about a package's authors
• 4b2d663 trim trailing spaces in package-curations.md

New Features 🎉

• c64efc7 docker: Make Android SDK version a build arg in Dockerfile-legacy
• 8e22723 evaluator: Also print the rules used as part of configuration
• 1098569 helper-cli: Add 'annotationProcessor' to scope exclude generation
• ec49977 helper-cli: Add 'lombok' to scope exclude generation
• 1e4a20c jenkins: Allow to specify a VCS path for configuration
• 623b2fa model: Sort the detected license mapping during serialization

Refactorings 🚜

• 8b44818 docker: Rename ANDROID_SDK_VERSION
• f42b72d evaluator: Rename a variable according to its type
• 8880747 reporter: Drop an also
• caedab1 reporter: Simplify computing isRowExcluded
• a8511d9 static-html: Relocate some functions / constant
• bddecf4 utils: Move ORT directory properties to Environment
• adaf89c Move the SPDX <-> Conan resolution test to the SPDX project

Tests ✅

• 5cddcaa cli: Reduce an expected result to the intended scope
• 448a8bb f5c5f7d 67194c5 spm: Update expected results
• a9594cb Fixup the user home directory also when running tests (in Docker)
• 8a50ca7 Run CLI functional tests outside of Docker

Other Changes 💡

• 8bf89ad Revert "chore(stack)!: Temporarily disable Stack in Dockerfile-legacy and tests"
• 04b33b3 style: Omit trailing dots from some NOTICE parties

7.0.0

What's Changed

Breaking Changes 🛠

• a455329 feat(reporter)!: Support secrets in reporter options
• bd03101 feat(scanner)!: Pass properties to configure storage usage to wrappers
• cc7d534 refactor(PackageCurationData)!: Drop support for legacy property name
• 72cbc73 refactor(maven)!: Make some class members private
• a552258 refactor(maven)!: Make the container property private
• 13564f9 refactor(scanner)!: Use ScannerWrapperConfig in factory
• 801948f refactor(vcs)!: Make all WorkingTree implementations internal

Bug Fixes 🐞

• f1c5959 docker: Base image should not refer itself
• bb742aa docker: Bump up The Node.JS version in another place
• 528e5c7 docker: Match docker scripts to upstream image naming
• 6ce0978 docker: No build or publish in pull_request events
• a21905e docker: Stop accidentally skipping component image builds
• 5a21932 helper-cli: Fix an issue with listing licenses
• 05d8acc node: Allow deserializing empty pnpm-workspace.yaml files
• 552b0e2 Add advisor plugins to the plugin classpath for distribution

Build 🐘 & CI ⚙️

• 272b508 git: Explicitly add transitive Jackson dependencies
• c9a730b git: Split out the jgitSshApache dependency
• 400e9ef Move all VCS plugins to separate Gradle projects

Chores 🔧

• 059190d docker: Align the Pip version with Dockerfile
• cec3ec7 docker: Avoid the use of tee if stdout is not needed
• d0f67e2 docker: Rename output of custom Dockerfile
• 343d2ff docker: Upgrade CocoaPods to the latest version
• 5dd26aa docker: Upgrade Conan to the latest 1.x version
• 1599731 docker: Upgrade Pipenv to the latest version
• ccabd1f docker: Upgrade SBT to the latest version
• 16ff51f docker: Upgrade ScanCode to the latest version
• 595261c docker: Upgrade Yarn to the latest 1.x version
• ab87104 docker: Upgrade Pipto the latest version
• cb68cb0 docker: Upgrade pnpm to the latest version
• 876c1d4 docker: Upgrade the Haskell Tool Stack to the latest version
• 9079062 mailmap: Use Thomas's personal email address
• 1223273 maven: Add an import to resolve a KDoc reference

Dependency Updates 🚀

• 6556366 git-repo: Upgrade to the latest stable git-repo release
• 45fbb1a update dependency com.autonomousapps.dependency-analysis to v1.26.0
• d44c243 update jackson to v2.16.0
• ae8e4db update kotlinxserialization to v1.6.1

Documentation 📖

• 1fa6529 README: Fix further broken links
• 551c79f README: Fix the link to version control system implementations
• 551b68b README: Remove a broken link for the Notifier bullet point
• eccf170 scanner: Fix a typo
• bd4e1c7 scanner: Improve logging for packages with incomplete scan results

New Features 🎉

• cd323ab docker: Change naming default and unify docker files
• 8d7b82d docker: Rename images to agreed names
• f06a4ac helper-cli: Extend path exclude generator by a couple of patterns
• 1534d39 helper-cli: Improve the output of list licenses command
• dcd3b19 helper-cli: Re-filter scan summary by VCS path
• 2147b4f osv: Add the missing handling for the Hackage ecosystem
• 4d5b611 reporter: Read FossID credentials from secrets
• 937e4fb scanner: Add a class to hold the common scanner wrapper config
• ab27a19 scanner: Add properties to configure storage usage
• 87db6d4 scanner: Use the new properties that configure scan storage usage

Refactorings 🚜

• 7eb2ffe analyzer: Port Java's walkFileTree() to Kotlin's walk()
• 17f3ad1 maven: Operate on sets of repositories
• 4c940af plugins: Do not hard-code dependencies on Git
• f93e651 scanner: Move ScanResult.filterByVcsPath() to utils

Tests ✅

• 1622397 fossid: Mock the abstract VersionControlSystem instead of Git
• 0a8dcb7 node: Make the empty pnpm-workspace.yaml be well-formed YAML
• a702a3c osv: Fix the assertion for ecosystem support
• 65125cb osv: Improve package list for supported ecosystems
• 150530c 9d29e6d osv: Update expected results
• f514519 scanner: Improve tests for ScannerWrapperConfig
• 4771276 spm: Update expected results
• fc47411 Run analyzer functional tests outside of Docker

Other Changes 💡

• befe8c0 style(scanner): Remove a redundant empty line

6.1.1

What's Changed

Bug Fixes 🐞

• 9725081 Add advisor plugins to the plugin classpath for distribution

6.1.0

What's Changed

Bug Fixes 🐞

• 170db0b FileListResolver: Delete the temporary directory
• 5edbe72 cargo: Allow metadata to be missing again
• 1f2ad1e reporter: Add score and method properties in CycloneDX report
• edafd51 Properly delete parent directories of temporary files

Build 🐘 & CI ⚙️

• df5ede2 Gradle: Move advisors to individual plugin projects
• 53ea4ce Gradle: Move remaining Maven and Sbt package managers to projects
• ced939b renovate: Disable patch-level updates for the AWS S3 dependency

Chores 🔧

• d606322 NpmFunTest: Remove two unused imports
• e04aa88 Use new ORT slack subdomain

Dependency Updates 🚀

• 5ba8629 Gradle: Upgrade to the latest WireMock version 3.2.0
• 0e3e3a1 update dependency com.zaxxer:hikaricp to v5.1.0
• 34095e5 update dependency io.ktor:ktor-client-okhttp to v2.3.6
• b36ec78 update dependency org.jruby:jruby to v9.4.5.0
• df0ba6e update dependency org.wiremock:wiremock to v3.3.0
• b08bc3c update dependency org.wiremock:wiremock to v3.3.1
• c5add7d update kotest to v5.8.0

Documentation 📖

• 3efccf5 ProvenanceDownloader: Clarify the semantics of download()
• f5c556d evaluator: Fix-up the docs for two CLI options
• a701b73 reference: Improve the wording for package curation providers

New Features 🎉

• 7296ec0 analyzer: Log about configured but unavailable package managers
• 91647b2 helper-cli: Extend the scope exclude generation for Poetry
• 1d74f26 model: Add 'DOCUMENTATION_DEPENDENCY_OF` as scope exclude reason
• 2416358 vulnerabilities: Support the CVSS 4 qualitative severity rating scale

Refactorings 🚜

• e2bb20e analyzer: Remove the special exception code for Maven
• 80498cf model: Make tests independent of Maven or SBT package managers
• 7c0ca7c reporter: update the TrustSource data model and the reporter
• 32ed408 Introduce an alsoIfNull convenience extension function

Tests ✅

• 236997c analyzer: Remove the AnalyzerTest
• ae37645 ossindex: Simplify some result assertions
• e4f232a osv: Update expected results
• cb139cc 66eee50 spm: Update expected results
• b26c5bd spm: Update expected results
• ca7424a trustsource: Add a basic functional test for the expected report

Other Changes 💡

• 6c25e2c style(trustsource): Apply some trivial reformatting

6.0.0

What's Changed

Breaking Changes 🛠

• a80c1c7 refactor(analyzer)!: Move some functions out of the GoMod class
• d39c07d refactor(analyzer)!: Reduce the visibility of a constant
• cd40dd1 refactor(model)!: Split vulnerability classes to a separate package

Bug Fixes 🐞

• 7a2b4aa AdvisorRecord: Merge all properties of vulnerabilities
• 0820a7b VulnerabilityReference: Do not deserialize a lazy property
• 593f6ef scanner: Catch archiver exceptions

Chores 🔧

• ebf834b Qodana: Use the non-EAP version of the JVM linter
• f75c00d docker: Fix installing Node.js in the legacy image
• e2ed458 docker: Upgrade Node.js to version 20
• c841f41 docker: Upgrade python-inspector to version 0.10.0
• b3dd03e mailmap: Align on Hanna's lower-case address
• 9c2232c mailmap: Align on Helio's GMail address
• 671e607 mailmap: Align on mentioning François' forename first
• dd33cce mailmap: Map Stefano's GitHub address
• 8cd00c5 mailmap: Merge Christian's addresses
• d557794 mailmap: Merge Daniel's addresses
• b726ba5 mailmap: Spell out Carlos' name
• ad773d8 mailmap: Spell out Quique's name
• 0e3f8c8 mailmap: Use Sebastian's new Double Open address
• 5b42f08 markdown-link: Update an ignore pattern to make the linter pass

Dependency Updates 🚀

• 09ae12b Update detekt to version 1.23.2
• f3511b4 Update detekt to version 1.23.3
• 4ef5598 update dependency com.github.jmongard.git-semver-plugin to v0.10.1
• 4eba5e6 update dependency org.jetbrains.exposed:exposed-jdbc to v0.44.1
• e1fae77 update dependency software.amazon.awssdk:s3 to v2.21.10
• a0b1cf5 update dependency software.amazon.awssdk:s3 to v2.21.11
• c95dd74 update dependency software.amazon.awssdk:s3 to v2.21.12
• be2c5c6 update dependency software.amazon.awssdk:s3 to v2.21.13
• 6bb8315 update dependency software.amazon.awssdk:s3 to v2.21.9
• 10b0bd8 update kotlin monorepo to v1.9.20

Documentation 📖

• 83c6477 Npm: Do not say to implement dedicated support for peer dependencies
• a39a252 RepositoryConfiguration: Improve documentation of two properties
• e48657f analyzer: Fix a typo
• cf269cf configuration: Improve docs for curations in .ort.yml

New Features 🎉

• 6989cd1 VulnerableCode: Fixup wrongly escaped URLs
• 8de8460 cargo: Parse a package's homepage
• d0efc19 reporter: Support the CycloneDX vulnerability extension in Reporter
• b2aebfa scanner: Record the scanner tool versions in the ORT result

Refactorings 🚜

• 7b90df8 GoMod: Re-arrange functions within GoMod
• 561ef19 VulnerableCode: Update two response property names
• 92bfc97 cargo: Inline runMetadata()
• 44523e4 cargo: Migrate from toml4j to tomlkt
• 3f835b3 cargo: Migrate manifest parsing to kotlinx-serialization
• 50c4931 cargo: Migrate parsing of JSON nodes to using data classes
• 4678d88 evaluated-model: Remove the EvaluatedVulnerabilityReference
• fe08372 go: Migrate GoDep TOML parsing to kotlinx-serialization
• 8b6fe4f model: Introduce a lazy severity rating property
• 2f619ac scanner: Move logging into the scan() function
• 0894374 scanner: Remove premature checks for empty scanners
• 90f9993 Move Go package managers to their own plugin project

Tests ✅

• 2d21bf2 SpdxExpressionTest: Test parsing NONE and NOASSERTION
• b330f35 VulnerableCode: Add a template test for the public instance
• fc10c12 VulnerableCode: Improve the funTest template
• 37d2925 conan: Update expected results
• 4b6bc22 go: Consistently use replace pattern for definition file path
• caecbea go: Factor out testDir
• 97eaacc go: Move expected result files
• e64746d go: Move the test project for GoMod under a dedicated directory
• 2c94e3b go: Remove some redundancy with the file paths
• 0a44e54 go: Rename an expected result file
• 1c63cdf go: Use a more speaking name for a test project dir
• e082ad3 node: Relax an assertion
• 320bfc9 osv: Update expected results
• 9da44a3 python: Upgrade markupsafe to version 1.1.0
• d9839fb 5dfe13a 73e5110 spm: Update expected results

5.1.0

What's Changed

Bug Fixes 🐞

• 6dd77a3 fossid: Fix a copy & paste error in a property name
• c172fb6 plugins: Do not crash for enabled plugins that are unavailable

Build 🐘 & CI ⚙️

• d351a59 Gradle: Configure detekt tasks lazily
• 52e90c1 Include platform projects when running from Gradle or the IDE

Chores 🔧

• 0a97f62 analyzer: Add the property ModuleInfo.Dir
• d937ca3 Ensure tests access ALL plugins via getValue()
• d573dcf Prefer also over run if the return value is not needed

Dependency updates 🚀

• ed5b0e6 Update the native-gradle-plugin to version 0.9.28
• 51f0299 update dependency com.github.jmongard.git-semver-plugin to v0.10.0
• 88e15aa update dependency org.cyclonedx:cyclonedx-core-java to v8.0.3
• cb6a186 update dependency software.amazon.awssdk:s3 to v2.21.3
• 3b353f5 update dependency software.amazon.awssdk:s3 to v2.21.4
• baa6e88 update dependency software.amazon.awssdk:s3 to v2.21.5
• 1f34360 update dependency software.amazon.awssdk:s3 to v2.21.6
• 1367f39 update dependency software.amazon.awssdk:s3 to v2.21.7
• 711905c update dependency software.amazon.awssdk:s3 to v2.21.8
• b858cc9 update log4japi to v2.21.1

Docs 📖

• 937c5ea Graph: Fix syntax highlighting of a TODO statement
• 21652d2 analyzer: Fix a type in GoMod's class KDoc
• d0d6f59 analyzer: Fix-up KDoc for ModuleInfoFile
• 0b495bc analyzer: Fix-up the KDoc for toPackageReferences()
• 7a32036 analyzer: Improve the KDoc for getModuleInfos()
• a2dbdde analyzer: Promote a comment to be a function doc

New Features 🎉

• c9f60ce analyzer: Support references to local modules with GoMod

Refactorings 🚜

• 8f7d0ad S3FileStorage: Avoid a superfluous null-safe operator
• f93a9ac S3FileStorage: Consistenly use runCatching
• 124d5b2 analyzer: Eliminate Graph.projectId
• fd9c2cd analyzer: Extend and use ModuleInfo.toId() for projects
• fc6bb00 analyzer: Factor out getMainModuleId()
• bccbe4e analyzer: Generalize Graph to use a generic node type
• 07797c3 analyzer: Move Graph.toPackageReferenceForest()
• 723694d analyzer: Remove a minor code redundancy
• 676b6f5 analyzer: Simplify getModuleInfo()
• 1886e39 analyzer: Simplify applying the replace directive
• 0c92be6 analyzer: Use a more compact name for a function
• 68021a7 analyzer: Use a more speaking name for dependencies()

Tests ✅

• 31bdf3f analyzer: Fix-up an expected result filename
• 1d97f69 analyzer: Make test resilient to change WRT to the issue message
• c045be6 python: Update expected results
• 7311c55 c55ce91 0f1299e spm: Update expected results
• 7c0b17f Prefer the more speaking shouldHaveSize over asserting the size

Other Changes 💡

• 94f5687 style(scanner): Shorten a null check
• 3e63d09 style: Align formatting between configuration and curation providers

5.0.0

What's Changed

Breaking Changes 🛠

• fc77b1c chore(stack)!: Temporarily disable Stack in Dockerfile-legacy and tests
• 8a5fbbe feat(advisor)!: Use the configurable plugin API for advice providers
• e97c429 feat(fossid)!: Use secret options map
• 712c448 feat(model)!: Support secret options in the scanner configuration
• 80a3c25 feat(scanoss)!: Use secret options map
• c3378e2 refactor(MavenLogger)!: Make MavenLogger internal
• 57bd6ad refactor(advisor)!: Move advisor configuration classes to advisor module
• 00d3f6e refactor(clearly-defined)!: Make strings private
• c29fc64 refactor(clearly-defined)!: Simplify the API taking coordinates

Bug Fixes 🐞

• ed08381 Poetry: Do not fail if "dev" dependency group is absent
• f4a8e6d model: Keep the old "options" as a alias for "config"
• ef2bd7f Revert "build(Docker): Align the python-inspector version on..."

Build 🐘 & CI ⚙️

• 3df3945 Docker: Align the python-inspector version on 0.9.8
• 112808a helper-cli: Add an explicit dependency on SLF4J
• 2e86a54 test-utils: Make logging implementation dependencies runtime only
• 1708ac3 Do not hard-code dependencies on plugin projects
• 6587bcd Fix dependencies on the Log4j (non-Kotlin) API
• 2ab8cef Move common logging dependencies to application conventions
• b1760ca Move the Log4j Kotlin API dependency to Kotlin conventions
• 9fb7308 Remove a work-around for older GraalVM releases
• e9401ca Remove the Log4j Kotlin API as an API dependency
• c149679 Stop enforcing the Log4j (non-Kotlin) API version

Chores 🔧

• 012f099 CycloneDxReporterFunTest: Simplify patching code
• 7250e66 advisor: Remove Jackson annotations from configuration classes
• 2d18772 plugins: Get all package configuration / curation plugins lazily
• c2f6cbb scanner: Remove the obsolete filterSecretOptions function

Dependency updates 🚀

• 68e8e1f Update cyclonedx-core-java to version 8.0.1
• 5ca852e Update the Jira REST client to version 5.2.7
• 40645ee update dependency com.github.jmongard.git-semver-plugin to v0.8.1
• 67ff91a update dependency com.github.jmongard.git-semver-plugin to v0.9.0
• b55959c update dependency com.squareup.okhttp3:okhttp to v4.12.0
• 2f0f4b5 update dependency org.jruby:jruby to v9.4.4.0
• 612f55c update dependency software.amazon.awssdk:s3 to v2.21.2
• 587fda8 update jackson to v2.15.3
• 9df7766 update log4japi to v2.21.0

Docs 📖

• 39c0534 README: Update links
• f2c7af4 clearly-defined: Add a missing "The"
• 4591c6a clearly-defined: Remove a superfluous sentence
• e36a5f8 model: Add SCANOSS configuration to reference.yml
• 0eb0986 model: Improve docs for ProviderPluginConfiguration

New Features 🎉

• a5602a2 Storage: Support using AWS S3 as online cache for scan results
• 889d481 docker: Change the image tagging process
• f5cc5e8 flutter: Upgrade bootstrapped Flutter version to 3.13.6
• 08bdef5 scanner: Prefer to use any single scanner

Refactorings 🚜

• 3b66aa8 helper-cli: Replace ORT's logger extension function with Log4j's
• 4d2a543 model: Make toString an expression function
• 2d99fd0 scanner: Do not hard-code the dependency on scanner plugins

Tests ✅

• c062250 OrtMainFunTest: Use stderr as clues in case of failures
• abceb78 Poetry: Add a test for analyzing a project without a "dev" group
• ff77e61 clearly-defined: Fix a typo
• a88c505 nuget: Limit length of excessive error messages
• 2f9b34f poetry: Fix-up an expected result
• 6de1aae pub: Temporarily disable PubFunTest
• 7085571 spm: Update expected results