4.0.0

What's Changed

Breaking Changes 🛠

• 8100dcb chore(clearly-defined)!: Remove an unused extension function

• b15dbb2 feat(docker)!: Upgrade PNPM to version 8.8.0

• 336fa07 feat(plugins)!: Add a separate parameter for plugin secrets

• 247b3de feat(sw360-package-curation-provider)!: Use secret options map

• 6d7ba10 refactor(NestedProvenanceScanResult)!: Inline getProvenances()

• 1c4c0fc refactor(PackageBasedScanStorageReader)!: Make read() take a Package

• 503d410 refactor(plugins)!: Rename parseOptions to parseConfig

• 442670f refactor(poetry)!: Use a better name for the "install" scope

• 1b87f32 refactor(scanner)!: Rename ScannerCriteria to ScannerMatcher

• dc0465b refactor(scanner)!: Use a property that holds all nested provenances

• d04aeb2 refactor(scanner)!: Use the configurable plugin API for scanner wrappers

Bug Fixes 🐞

• 2a30125 ClearlyDefinedStorage: Remove a readInternal() override

• 9dfa198 RequirementsCommand: Account for new scanner constructors

• e1d794c analyzer: Add a test for dangling embed directives / GoMod

• 7a201a2 docker: Enable push on schedule event

• a67915c osv: Make Affected.package optional

Build 🐘 & CI ⚙️

• b6e122f GraalVM: Update classes to initialize at build time

• 138483a cli: Explicitly add implementation dependencies

• 898c9db Drop the build part from the SemVer to get rid of the "+"

Chores 🔧

• 96fca4b ClearlyDefinedStorageTest: Remove an obsolete test

• b785dde ClearlyDefinedStorageTest: Use a more common Maven URL in an asset

• ddd90eb ClearlyDefinedStorageTest: Use properties in declaration order

• bbd7c99 GitLabLicenseModelMapper: Slightly improve a log message

• 89c626e GoMod: Raise the version requirement

• 47e4520 docker: Upgrade Go to the latest version 1.21.1

• 5eaf46d examples: Avoid a redundant string template

• 067854b fossid-webapp: Remove an unused import

• ca9d4e1 model: Remove a duplicate import

• 2db3141 model: Use the logger extension property

• 538ed47 providers: Turn config classes into data classes

• 4b8eb34 reporter: Remove an unused function

• 05f8725 scanner: Remove the unused NoStorage

• 230b550 Make OkHttpClientHelper the first class in the file

Dependency updates 🚀

• fc4cb94 spdx-utils: Upgrade the license list to version 3.22

• 5cef1f8 Upgrade the Log4j Kotlin API to version 1.3.0

• 6010a09 Upgrade the SW360 client to version 17.0.1-m2

• 313d877 update dependency com.autonomousapps.dependency-analysis to v1.25.0

• a7036b4 update dependency com.github.ben-manes.versions to v0.49.0

• d61e509 update dependency com.github.jmongard.git-semver-plugin to v0.8.0

• 8d447d8 update dependency gradle to v8.4

• 0ce3a4f update dependency io.ktor:ktor-client-core to v2.3.5

• 9f983bd update dependency org.apache.maven:maven-model to v3.9.5

• c35d9c6 update dependency org.semver4j:semver4j to v5.2.2

• 5a19998 update jetbrains/qodana-action action to v2023.2.8

Docs 📖

• c7512c4 ClearlyDefinedService: Clarify what an empty revision means

• b5346f8 MavenLogger: Correct a comment about the logger forwarded to

• 14d5a96 ScanResultsStorage: Clarify when to override readInternal()

• 425e84d poetry: Turn a code comment into a function documentation

• 0753d09 scanner: Fix docs for ScannerWrapper.matcher

• 4808ae1 sw360-integration: Clarify which kind of ORT results can be uploaded

• a61d711 sw360-integration: Fix config directory paths

• 59a4404 sw360-integration: Fix the SW360 curation provider configuration

• c0ad448 website: Fix-up several broken links

• 533c54f website: Stick to the AE "afterward"

New Features 🎉

• 27a122e GenerateScopeExcludesCommant: Add the "dev" scope for Poetry

• c19999e fossid-webapp: Support a new API function

• 5f68789 pnpm: Add support for PNPM 8.x

• 07ab9e8 poetry: Analyze also the development dependencies

• ec6ff75 pub: Add support for bootstrapping Flutter on macOS

Refactorings 🚜

• 51204b5 CreateAnalyzerResult: Stop passing a redundant null value

• 6b39660 GoMod: Ignore the version constraint for go earlier

• c0014e7 Poetry: Improve the IDs of projects

• b98668f clearly-defined: Bundle coordinate-related code

• ec843ea clearly-defined: Introduce a strings property

• 804d959 clearly-defined: Simplify the API by using coordinates

• 8114b85 model: Use the Options typealias

• 594568e plugins: Rename config to options

• a9639fd poetry: Eliminate code redundancy for scope handling

• 3632723 poetry: Extend inspectLockfile() to take the scope name

• f9b5537 poetry: Factor out inspectLockfile()

• 463afbe poetry: Rename a function parameter

• 197a1ad poetry: Stop using Pip.resolvedDependencies()

• aad062e poetry: Use a more speaking name for req

• 2de1579 poetry: Write the generated requirements to a temp file

• 29cba89 Avoid the logger to leak into the public API

• 60e611d Stop passing a default value to updateWorkingTree()

Tests ✅

• c146a80 analyzer: Test detecting local module dependencies with GoMod

• fda0088 clearly-defined: Add a test for coordinates

• 45e8365 cli: Remove a redundant string template

• ff9d65a conan: Update an expected result

• cc0865e conan: Update the expected result

• d1ee6ac model: Fix a typo in a test name

• 8aa8704 osv: Update a test assertion

• a6fb373 osv: Update an expected result

• 5cdf8ce 2f5bd6e pub: Update expected results

• ae4d811 requirements: Add a test to verify that classes can be instantiated

• 681df5e 91e32a3 6eb047d e360cf9 spm: Update expected results

3.0.0

What's Changed

Breaking Changes 🛠

• 74f14a6 feat(package-managers/python)!: Support Python 3.11

Bug Fixes 🐞

• 13a9c83 MavenSupport: Improve the logic to fixup project paths in SCM URLs
• 4e81ebd buildSrc: Evaluate the applicationName lazily
• 57054fd docker: Add missing base image context
• 7e3de27 docker: Re-align the Poetry version
• cb18d44 docker: Set correct version for runtime
• cf14991 node: Bring back NodeJS arg to local docker_build script
• b44467d node: Bring back NodeJS version arg to image build

Build 🐘 & CI ⚙️

• 5389da0 Gradle: Fix publishing the gradle-model artifact
• 753ea9a downloader: Exclude Apache MINA's sshd-sftp dependency
• 8b2a62e gradle-inspector: Escape a regex string when renaming files
• 311ab74 version: If on a pre-release, use the SemVer with SHA1 metadata

Chores 🔧

• b72436d buildSrc: Update the list of classes to initialize at build time
• e3bbcdb docker: Adjust build frequency
• f2095d3 docker: Move NODEJS_VERSION arg to correct image
• f705d56 docker: Proper use gradle based ORT_VERSION
• b3fd33a docker: Upgrade python to the latest version
• f386e5a docker: Use more common naming
• 8a3144e notifier: Explain why slf4j-log4j12 is excluded
• acad59b python: Re-create the lock file from pyproject.toml

Dependency updates 🚀

• 0057704 chore(deps): Add libmagic as fallback for typecode-libmagic
• 683ca30 update dependency com.autonomousapps.dependency-analysis to v1.23.1
• 8fa94ab update dependency com.autonomousapps.dependency-analysis to v1.24.0
• 05492c1 update dependency com.github.ajalt.clikt:clikt to v4.2.1
• 49bf674 update docker/setup-buildx-action action to v3

Docs 📖

• 6c0f1dc resolutions: Fix dead link in documentation
• 0f3e8be schemas: Link to official website instead of GitHub markdown files

New Features 🎉

• aef4fe4 PurlUtils: Add optional parameters to toPurl

Other Changes 💡

• e4ad9c0 style(WebApp): Trivially simplify the isResolved functions
• 3207d1e style(detekt): Enable the "MissingPackageDeclaration" rule

Refactorings 🚜

• 94737ae cli: Avoid the need to determine the ORT logo width
• f833fee poetry: Improve the definition file paths
• 576d323 Make use of the simpler new CliktCommand.test(vararg) syntax

Tests ✅

• fbf96b9 cyclonedx: Allow + as part of the version when patching results
• 13a4714 osv: Update expected results
• 7d67ffb pub: Update expected results
• 95db125 python: Update expected results
• f4e0882 spm: Update expected results

2.0.0

What's Changed

Breaking Changes 🛠

• 641f520 feat(model)!: Group snippets by source file matching lines
• 9794da6 feat(scanner)!: Remove unused downloaderConfig parameter
• 6f1976c refactor(fossid)!: Remove the unused options from the constructor
• dd70b72 refactor(scanner)!: Provide only scanner specific options in factory
• ffce6dc refactor(scanner)!: Remove ScannerCriteria.forDetails()
• fd71440 refactor(scanner)!: Remove the unused ScannerConfigMatcher
• 4643638 refactor(scanner)!: Rename fromConfig in ScannerCriteria to create
• a84a1f4 refactor(scanner)!: Use only scanner specific options for criteria
• b5fdb79 refactor(utils)!: Use the Options typealias in PluginManager

Bug Fixes 🐞

• 0d4b1f7 ClearlyDefinedStorage: Properly parse returned VCS URLs
• 18f9be2 CocoaPods: Correctly parse secondary dependencies with versions
• a2fa752 CocoaPods: Correctly resolve the user home directory
• 4bbd26a CocoaPods: Parse external sources from lock files
• c599e39 CocoaPods: Restrict package name matching to full matches
• 69db3b3 CocoaPods: Stop taking pure version constraints as dependencies
• fd4ed1b ScanResultsStorage: Correct debug log output about mismatches
• 0b04df0 Scanner: Apply detectedLicenseMapping to FossId findings
• b7878c0 clearly-defined: Ignore new InnerError fields
• 33d5fd9 docker: Correct a typo
• a4b12df docker: Install Git LFS
• c519398 downloader: Fix updating the Git working tree for a branch
• 2ca66d5 fossid-webapp: Split snippets over non-consecutive source line ranges
• 74ba431 reporter: Fix the creation of first level dependency relationships

Build 🐘 & CI ⚙️

• e40a38d renovate: Disable renovate for the website

Chores 🔧

• 5893bd7 ClearlyDefinedStorageTest: Move private data below the test
• bc3404c SW360: Use Maven Central and update version
• 2282526 ScanResultsStorage: Clarify log output about read results
• 55c1b94 ScannerCommand: Log configured scan storages at info level
• a023e0b SpdxDocumentModelMapper: Remove some magic values
• 2f3708f clearly-defined: Also show the inner error name
• 029f1ca docker: Use consistent naming and descriptions
• 8e6fd16 docker: Use ort namespace
• 58fd9d4 Fix formatting of workflow files
• 66fbc5c Use data objects in sealed hierarchies

Dependency updates 🚀

• 34db1a2 Update maven-resolver to version 1.9.16
• 5b51855 update actions/checkout action to v4
• 0d385b9 update dependency com.github.jmongard.git-semver-plugin to v0.7.0
• 521a725 update dependency io.mockk:mockk to v1.13.8
• 0420946 update dependency org.semver4j:semver4j to v5.2.0
• 9d78178 update dependency org.semver4j:semver4j to v5.2.1
• 114c153 update docker/build-push-action action to v5
• 63d89b4 update docker/login-action action to v3
• cb982b5 update docker/metadata-action action to v5
• 06615c6 update exposed to v0.44.0

Docs 📖

• cb2c560 CocoaPods: Briefly explain the layout of the "PODS" section
• 902bfef cyclonedx: Fix a typo
• 6e245cf scanner: Fix a typo
• ff570dd Add a link to the search page
• 96c520b Enable Algolia search for the website
• e74531f Remove an unused image
• 14cc5f1 Rename the docusaurus directory to website
• 77bb3d6 Update package-lock.json
• f75d200 fix(docs): Mention Apache 2.0 license

New Features 🎉

• 37a0894 OrtResult: Allow getDependencies() to omit excluded IDs
• f55ca2e docker: Provide extended image with all components
• 46061d0 docker: Use jobs over workflow dependency
• 2b813d0 docker: Use per language container strategy
• 19a5ee2 docker: Use runtime to do all the work for binaries
• 0705ede fossid-webapp: Support for comments in marked as identified files
• 12d2bde fossid-webapp: Support two new API functions
• eb2efd6 plugins: Add the TypedConfigurablePluginFactory
• c586a9b reporter: Support grouped snippets in the Snippet Report
• d1492bb scanner: Add detected license mapping to ScanContext

Other Changes 💡

• 236f1e9 Revert "deps: update dependency clsx to v2"

Refactorings 🚜

• cf295f6 CocoaPods: Improve name / version parsing
• 933c3fc CocoaPods: Rename two variables for clarity
• 416c421 CocoaPods: Slightly generalize parsing of dependencies
• 8863163 downloader: Pass the working tree to a private function
• f5e0046 scanner: Consolidate the API for scanner wrapper factories
• a4eadb6 spdx: Add an overload for toSpdxId()
• 9a5d805 Move Options from model to common-utils

Tests ✅

• ab0f931 ClearlyDefinedStorageFunTest: Update expected results
• 4df3094 SpmFunTest: Update expected results
• 19beaed SpmFunTest: Update expected test results
• 2a7d3f5 advisor: Update a NuGet identifier
• 9f7debd clearly-defined: Do not test against the development server
• 0de7894 conan: Update expected results
• f1bb9c8 downloader: Remove unused test data
• 4338904 downloader: Use a dedicated repository for GitWorkingTreeFunTest
• b066399 downloader: Use a temporary directory to test non-working-trees
• eadb556 ort-config-package-curation-provider: Update NuGet identifiers

1.1.0

What's Changed

Bug Fixes 🐞

• 31ec26a Osv: Fix-up two (error) log messages
• 6b8ba89 dockerignore: Add Batect to the Docker-related directories to ignore
• 6bdde31 dockerignore: Add configuration files that to not impact ORT's build
• 802b8a1 dockerignore: Ignore GitHub configuration, esp. workflows
• 3092dc2 osv: Align Reference.Type with spec version 1.6.0
• 5a92da8 reporter: Align setting licenseInfoFromFiles with the spec v2.2

Build 🐘 & CI ⚙️

• b8d2712 GitHub: Add a step to create release notes
• 13fd59d GitHub: Create a GitHub release with distributions attached
• 28b6e71 GitHub: Introduce an environment variable for the ORT version
• d980f4a clients: Add OkHttp as an explicit API dependency
• 0b70cc5 Add "ico" to the excluded extensions for the copyright check
• 89056b8 Exclude Docusaurus config files from copyright check
• 9a72a03 GitHub: Use npm ci instead of npm install
• 13efe5d Exclude a URL link in Markdown from the link check
• 269e00d Update reuse configuration for Docusaurus

Chores

• f11076a GitHub: Also clean-up the Gradle home for funTest-docker
• 127e606 GitHub: Give a job step a more general name
• be7ded2 Gradle: Remove forcing the OkHttp version
• 924dd15 batect: Remove the telemetry setting
• 2ce373d osv: Improve the failure case of getVulnerabilitiesForIds()
• 868b1a2 osv: Re-align the model with latest OSV JSON schema version
• 968a82e osv: Update a comment after updating the model to v1.6.0

Dependency updates 🚀

• b3cf8b8 Update the native-gradle-plugin to version 0.9.27
• 10fd8a7 update actions/checkout action to v4
• 1f37f99 update batect to v0.85.0
• 62a0e5b update davidanson/markdownlint-cli2-action action to v13
• f6d9972 update dependency clsx to v2
• af1cbfc update dependency com.github.jmongard.git-semver-plugin to v0.6.4
• c5b710d update dependency com.github.jmongard.git-semver-plugin to v0.6.5
• 3b6b8d5 update dependency com.opentable.components:otj-pg-embedded to v1.0.2
• dc6d4a9 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2
• 3932dda update docusaurus monorepo to v2.4.3
• 6cc2f5f update graphqlplugin to v6.5.6
• 0dfdaca update graphqlplugin to v7

Docs 📖

• aaf34fe dockerignore: Reword some comments
• 9b7f834 Adapt Docusaurus configuration for ORT
• c64c241 Add an introduction button
• 45ab644 Add missing copyright statements to JavaScript files
• 3899558 Add workflows to test and deploy Docusaurus
• 226d795 Create a Docusaurus page using the classic template
• f7cf606 Enable support for Kotlin syntax highlighting
• d26fb77 Fix all Markdownlint issues in Docusaurus
• f6cf4c5 Fix all links in Docusaurus
• b589752 Import Getting Started guide as tutorial to Docusaurus
• 67c7a62 Import docs folder to Docusaurus
• f35117f Install the raw-loader NPM package
• ed0df5f Make the tool icons on the homepage links
• 2c47029 Remove the Docusaurus Markdown example page
• 21bf3d3 Remove the Docusaurus blog plugin
• 3367a4b Remove the old "docs" directory
• 1b83df0 Rename tutorial to docs
• 9266ed7 Replace Docusaurus logos
• d8b2d4b Replace Docusaurus template content with ORT content
• 0352b52 Replace the template docs with the README contents
• 5c6434b Update Docusaurus README
• 8c80e7a Use a color scheme based on the ORT logo

New Features 🎉

• 293ebc4 migrate: Add an option to convert NuGet IDs to the namespace format
• 2f6e9b8 migrate: Add path conventions for package configuration files

Other Changes 💡

• e40c142 Revert "deps: update graphqlplugin to v7"
• 42b06ae revert(codecov): Go back to action v3 from v4

Refactorings

• fec42d9 GitHub: Setup Gradle only once
• 02205f8 MigrateCommand: Only call safeMkdirs() if needed
• dc32462 commands: Move configuration migration to a dedicated command
• 7d5b279 package-curation-providers: Make toCurationPath() public

Tests ✅

• 750cee3 SpmFunTest: Update expected results
• da42b93 SpmFunTest: Update expected test results

1.0.1

What's Changed

• deps: update codecov/codecov-action action to v4 by @renovate in #7504
• Fix the publication of platform modules by @sschuberth in #7505

Full Changelog: 1.0.0...1.0.1

1.0.0 (initial release)

No release notes available for this initial release.