Ort Versions Save

What's Changed

Bug Fixes 🐞

• 4dd1612c2c2ed5d15b4db4a058dc6c272405ae47 cargo: Treat projects outside the analyzer root as packages
• c3c6325a9ef6494c878186aed8e42f9857e3a9c2 evaluated-model: Fix inconsistency with path exclude serialization
• addff4ecdec16263fe6b1bac6e200b62e1f5f5e4 github: Forward GRADLE_OPTS to Docker for unified diffs in funTests
• 456167b207884e9b202fd27ae835f3e9bfae686c reporter: Fix-up determining the worst severity
• e7d781f43aa7774739f157df7a92cd7126d69c82 subversion: Make the peg revision newer than the operative revision
• f8540b2131202f45056d2d2c2f2ccd36c86a933a subversion: Return the actual revision instead of the requested one

New Features 🎉

• 50a242819f576ce17732716e801d4d4e68023a9b github: Create issue templates
• bd76214ab5ca60e7c4efaf7608b97cc84edc6643 github: Mark new issues as 'to triage'
• c91f2488f39b84a00558669815d972c0419fb199 model: Add OrtResult.isExcluded(Issue,Identifier)
• e64bcbda25c4ac3a0658ec0abae502e65d9db34f model: Add isExcluded to EvaluatedIssue
• 7887428ab844c238095c21a4133f05600eb0b69e model: Add the param omitExcluded to getProjectsAndPackages()
• 6a84fa24c583c080f769fee6a4424bd39ab9bfe3 model: Handle excluded affected paths in OrtResult.getIssues()
• 378795cc044d20bc2efb3fa28e31741fc94f1100 reporters: Extend license statistics by effective license
• 237f3e2555959451e292addeef8b0473c5f2f9de static-html: Add an advisor issue summary table
• e844f82f2a0a13e8e0e96ee76c7285aa12f4a7c4 static-html: Order issues by their severity
• 9c6b867f466313e81381f065ecc8325564549cd1 static-html: Re-design the summary of issues
• ba7c817e20e16a1e560107c9033a137b104087c4 web-app-template: Add is_excluded to WebAppOrtIssue
• 4c334aa7db95d30b0608bb296c5bd7b874e3b3b7 web-app-template: Add effective stats in models
• 7c74524b764924fe0422b3094708955ed7cf1f10 web-app-template: Make use of WebAppIssue.isExcluded

Build 🐘 & CI ⚙️

• d30054037f41721f6e01785e4ea193d98c17cdcb Gradle: Work on tasks instead of their providers to simplify code
• 0370fd6f3c29cc78d526a5669fbdb7ece2c9b82a github: Disable Gradle build scans for non-test jobs
• cfee6f122c8f223d5fda363d730fecdf0e68bb6d github: Disable expensive tests for PR and main builds
• f51b2a560d2f7cf4931db44a1c60cd3fdb1b502e github: Do not build the web-app reporter separately anymore
• d3ddb4d6abaaf42b1fb293afd5670ba6f0e3e030 github: Do not push Docker images for pull requests
• 12a9f4d88e56bd18e362a41fb99614744000eda5 github: Enable Qodana for PRs only
• 28c41787f09579003b45e013a59f60dfb81a1b8c github: Make host users and groups available in the container
• b9b43f7824aef39b83f7ec6899a4a1b7e2454985 github: Move the workspace mount closer to the -w option
• 1852c30773e802b53b224a31461a5003b3923e5a github: Remove the superfluous --entrypoint argument
• 69bdfd9bb7869249bf1bde5980b3f04931105453 github: Run Docker as the GitHub user to simplify code
• c5fcc9b8a645567d3686fc0f93b5c5e96aa9c76a github: Set an environment variable for Docker via the -e option

Chores 🔧

• 7ec5fa9545679c85c8be63ee3db5782dc253f48a Gradle: Sort dependency tasks for really deterministic output
• 90f5f75b0aa6e1446de661bca59449099462bd5f analyzer: Filter directly to a list
• 424b3710cf61e38512b0f9ad8e751ab02435ade4 analyzer: Make it explicit that project paths are directories
• d7ae28e289576bfe4d004439eace41ff76f57753 cargo: Do not even try to parse a null repository
• 34af1e8abf8dc2b30b097318e069b54c43058da2 cargo: Make a Git SHA1 Regex pattern a bit more strict
• 3d0510d7b614af6819d6813fb64eaa7d6812abb7 docker: Upgrade Go to version 1.22.2
• 7a46ed5c6d53e70d478fadf6097df5cf7c195762 downloader: Generalize VCS directory filtering in tests
• 8942c43947c33d5e5c084c7f9b90549b34c7f529 jenkins: Use the non-legacy Dockerfile
• d6d5ceaeadc320a4c601a477694a5cdd38dc5537 node: Make directory walking a bit more safe
• 25515fb7855d6d63a82f9ead214a0c8379908840 reporter: Remove a redundant toMap() call
• 2d3d710986cc5478882846cb6df963db4c5bdbac sbt: Make it explicit that POMs are expected to be files
• 0e561438a32f64c4d3213da228ee6cef14c9cefb subversion: Align test code for comparing files
• 1d129ceb88cea11d01c78a072cba518475c8b23b subversion: Set isIgnoreExternals only once
• 9dfd3526b5f81094a62df791f499b61325d3bced vcs: Remove some redundant failure logging
• 16a8501bef4831156966e76fc8bafa84718c3e9c web-app-template: Alphabetically order functions
• d61323ca69956aa42936280daaecd2f686ed0efe web-app-template: Remove unused variable
• 168394bd1de311adaea0f32f05b4833e172f2535 Remove the unused Dockerfile-legacy

Dependency Updates 🚀

• 239db45b85001df7bffdb52432bffba62bb11eef Update maven-resolver to version 1.9.20
• 044358a1c723c06467711c935db5874e730c4b21 update dependency com.github.ajalt.clikt:clikt to v4.4.0
• 17d14cdcd654861cd78871188f7f5434472c86d2 update dependency org.jruby:jruby to v9.4.7.0
• 872ba5d4f9f39735550069ccf9f3762263d41364 update dependency org.semver4j:semver4j to v5.3.0
• 92d2be590053cecffe86370b805681a828ae5cfa update exposed to v0.50.0
• 0cec7d66a2c0bcf7974d842b42abeb1d6b07bf58 update jetbrains/qodana-action action to v2024

Documentation 📖

• 8f945e9f97104fffb6c0bdda9b18d352c2417907 evaluated-model: Fix a KDoc reference to Excludes
• e098d4292f1fc2640c2a82025e8b83f88693ff30 evaluated-model: Fix a typo
• 328d0f250d71bb0365578e51305fb5c1893a4f8d spdx: Simplify a function's documentation
• c94ae6b187be6e16be6a41a42a2b0030f49387aa static-html: Fix a typo
• 2c1d3757363b8a9e5f3cbb60d446f19b6fd981cf Add Double Open to the list of adopters

Performance Enhancements ⚡

• 04ff787ec7e3690dd641456ea14d40fdc78cb0c9 evaluator: Turn a list into a sequence to address an inspection hint

Refactorings 🚜

• b47b7ffcc84cedaa11b57d75a83f5eb51cbd4745 Gradle: Avoid the use of {all,sub}projects altogether
• 40b1e97ed36ab986335dbf583d07ef49dc1dee46 model: Expose sparate getIssues() for related ORT stages
• 37c81f13c6403ee893b547b19b4c9c0bd130e445 model: Factor out filterIssues()
• 446f77c5da5cc7e50adf7f1f967eccdac3319737 model: Inline two variables
• 9fea65a2465262f2a37925a7f5fe62d3c681eec9 model: Simplify getProjectsAndPackages()
• f6d808f2c61461938c87fd80881be6d2f8fe767e reporter: Make a local function more specific
• c27f794037134b56b3c2f92b79e3c0f4bbbddf35 reporter: Rewrite countLicenses() to be more flexible
• 56285389931ab5c087e896dd473f6afa7979a791 static-html: Align on the term "rule violation"
• a313d424c16c84556142a5946cb82f0e5db143e8 static-html: Extract constant for the rule violation table ID
• b1de2678f42e338589d5388f0d9884ac8085bda2 static-html: Move the p tag out of issueDescription()
• 32b0b1b164192a24d52e26559ffafbbfa311df70 subversion: Unify code paths for (non-)numeric revisions
• 1eb0c8b21db4fa4ce948b48ad0a4e3ea1a8b23de web-app-template: Construct some columns arrays via push only
• ff053f39e2b35ec9a1d07de8255318b7a8796746 web-app-template: Swap two columns in summary views
• 2f57ea040a1c6a82f49cdcc15e581e5956240eeb Migrate remaining list(Files) calls to walk

Tests ✅

• 1981a4e84111c6393e567a1579a76a732cc873c0 carthage: Fix the GitHub organization replacement
• 572431155088a8509de936056f8df5e41fa68ba0 model: Improve a test case name
• 0577f85529f336ad1a12d19c2a33c7ea5fe24608 model: Make use of an EMPTY constant in a couple of places
• 002d238c5452fe52d8de7f39ae8445c760e0235f reporters: Add analyzer issues to package references
• eec0fa74b4740619cdc50a922f66c1a971ac7f6d reporters: Consistently make the severity explicit
• 34c7ee740d9c87ad855b13e5cb1af76661db1431 reporters: Extend test assets by further issues
• 3ba6e2587a7632c576c90de5b498bac6c5c2abad reporters: Fix-up an inconsistent scan issue
• bf3cb5e0283c4f84b4628cdd81d75d923f50251e reports: Add a couple of advisor issues to reporter test assets
• eeeb5e33fe836c650019924541d6d8f82780632c scanner: Enable a Subversion test that works now
• 95b82fab74c9a9057c0752787674d6dcf228db3e static-html: Fixup an expected result
• fc68834ca33b4f16bff09b0effa27f356f76610b web-app-template: Add effective licenses
• 8fc715a7b7d1cd5d1ac9d6f57239396595350684 web-app-template: Use orthw example
• ce47e72228eacc349ee89d849ffcb4d37688b1b3 Remove all but one ExpensiveTag

Other Changes 💡

• 974b0020c65129667db1bc36a20d0da024eeed87 Revert "helper-cli: Add command to delete entries from postgres scan storage"
• efa25babfe97df9364800f0e00efb5311a8ee68a style(github): Align to use spaces inside variable interpolation

What's Changed

Bug Fixes 🐞

• 3d27d61542495d8b51848861652bf1b31ef82e49 git: Properly configure insteadOf for submodules
• bee7613adb63859463a92082184ad35dd02c9142 version-control-systems: Mark the git CLI command as a requirement

New Features 🎉

• 5b64b6c07ee33146e419d2c4730df03d4f1b8b9c model: Allow configuring further PostgreSQL connection parameters
• 7a3732f9f2bdfdb2cc5b59c073289b3a22cb16fa requirements: Support categorizing objects from bundled plugins

Build 🐘 & CI ⚙️

• 2fcae578cfa3b5b6e451e7ab0300699c2b4d7982 github: Fix the number of CodeCov action calls after which to comment
• ce7d028ad8344c29a955072bd2705bcfe1bef0f8 github: Stop using the deprecated arguments of setup-gradle
• 9ef10eb8875794a81699447fed4eace703decdb3 github: Trivially simplify the always() condition

Chores 🔧

• 47daa3fad2c4fa74e500df6410668393e3fce931 model: Add new PostgreSQL connection params to reference.yml
• eb47587109205bf6e92bc489b281f4ee8d137441 model: Drop a TODO comment
• 3fc76e78079a2b69fb74e1aba647906fc090169b model: Remove an unused configuration parameter

Dependency Updates 🚀

• ba9803b7253e833193605aa0cc39ad0e204e8c1c Update the Maven resolver to version 1.9.19
• ac009c533967e9a8a34b82d4b8e0a333c60cdb2e update dependency com.github.ajalt.mordant:mordant to v2.5.0
• c54478403ddeef8c1ea363eedd97ff9387cfd47c update dependency org.wiremock:wiremock to v3.5.4

Documentation 📖

• b296744d56a509f423ff8f0706f46539218677e2 website: Fix-up a package curation example

Refactorings 🚜

• d53ac0b25d6861dd204ae72ef77d504bbb072f96 DependencyHandler: Consume abstract but generate concrete types
• 3cfe66e58608181c83025fa5721fdf1027bd52f1 version-control-systems: Extract Git's CommandLineTool

Tests ✅

• 6a570579cbd8d6ff48acd3d8d2c52b57e48f95a3 model: Extract variables for rule violations
• a63e98796c8cfa9c10f93508cb1338427a56d76e model: Fix-up two function names in test case names
• 62cf9cf5e342270ccdca75dcabd0fed7bd4e70cc model: Simplify several assertions via shouldContainExactly()
• 1b00faeaeef3648d5d4c8e2c1f17a3c259c0e2a9 model: Split-up a test case into two
• 136d4113f05831b1e52c097f097c77ec326e2793 pub: Update expected results
• c091056116c07dc4ce2611b192139a34de7b672d reporters: Add three scan issues to reporter-test-input.yml
• 02b41293bb9724bf724c957d7ae2f39ad24cf7ca static-html: Make a replace operation less invasive

Other Changes 💡

• 4e73f5af19e2270e21545f77ef61f1a4a54b17f0 Revert "test(pub): Temporarily disable PubFunTest"

What's Changed

Breaking Changes 🛠

• 2db3890ca2e772559a699e5743512bd4a6544318 refactor(model)!: Align severity filtering in getRuleViolations()

Bug Fixes 🐞

• 6c84bba5340f9879e2631d68e51a011064fb9ae4 GenerateScopeExcludesCommand: Ensure that an input file is readable
• ac5703265af0c09da22dd8eba7b1271472a553f4 docs: Add the correct snippet_choices element in the documentation
• 70e15d1469d7f902962e2c807c89169526a7240c jenkins: Consistenly delete output directories before running tools
• d95c996f2be9c5c4c856205e91d6a5f547adc5a6 jenkins: Quote path-related variables in more places
• 993e98aa04ffd9883b731fb86690c19ba6fc4580 model: Ensure getOpenIssues() returns no duplicates
• d39d163d136ddd9d8661f5c1350f2a3644ccde16 reporter: Correct the how-to-fix element for snippet choices
• b344e09a38dddd5dc47f7f804e4cc06152287d5d web-app-template: Auto-resolve eslint issues
• 127968b8ecbd8f84bcc078a5f1bb82461736d1a5 web-app-template: Fix DOM invalid string error
• ed7fdbe276b91221f01673c01390db186b65ae7a web-app-template: Remove unneeded initial-scale
• 14c9d341224dc0f7ec1314385d10cb043afe521a web-app-template: Resolve build warning

New Features 🎉

• e942b66f1499657446767e813feb91d4e976e94c GenerateScopeExcludesCommand: Do not require the repo config to exist
• 72f0659ed18d075ea9efa600e996f6e8543a4e85 jenkins: Expose the report formats and their options as parameters

Build 🐘 & CI ⚙️

• c4c14f2cb29a166c6b0d5410c9cc11f6660a05d8 github: Migrate to the new Gradle actions
• 1237a37e93ea68d34f27fcd116e7f80f83d54d1b web-app-template: Update Node and Yarn
• 0206c8f0615b1afe7dc79fff3c84416428e8c35f github: Add a composite action to free disk space
• edf431a8fdde0a957e58157ff687224815aeb444 github: Hard-code Ubuntu 22.04 for website deployment
• 3a073cfcc073f00b563efdf55d3031a22ce6c088 github: Remove the unused ortdocker action
• 94ef00983b12d0a6d9665bbf7569dced2bc14a52 github: Rewrite the Docker build job
• ded860a9040094250591797a986ac90efd5c3123 github: Run functional tests in up-to-date Docker container
• 675694d3bb20d90a48e5c041970c62af81267fd7 github: Set infinite fetch depth for docker-build

Chores 🔧

• 50069be351cfebef497f81b209af29f8108e834a GenerateScopeExcludesCommand: Log the scopes at info level
• 9b9745466d9fe977e28ac22ca76c344772c77cc5 commands: Only show once where the results has been written to
• 60ccfdb8af42984f68fdd43177dbb26b6488a412 docker: Replace --file with --output for Syft
• f27af078256b9255f6be43d62e941877039da6af evaluator: Improve echoing of rule violations
• 4a423b3556826931ed80d4a056ed2026bf8e4b22 reuse: Align formatting of files in the LICENSES directory
• b6484ef035423538617459cdabcd16508ef581ca scripting: Leave measuring the duration to the caller

Dependency Updates 🚀

• 26120960ba2e6f3d547aa930abb1622676475720 web-app-template: Migrate to Ant Design v5
• 5904758beb0337d5e9be29746044084f8a06a3e4 web-app-template: Various version updates
• 3fd42b2dcb226e63030e2bc16bff3f3bf493d868 Update S3 to version 2.25.30
• fb1eecdd9c7b57b2d86630f207436921640bad9f update dependency ch.qos.logback:logback-classic to v1.5.5
• e337a5cd218b2bc0ae4173d3076b4621924ede6e update dependency ch.qos.logback:logback-classic to v1.5.6
• 948e6d637001ef76f24660456642d6f645b40771 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.3.1
• c8878bfadf997414d6b38cb4522eccdf787e1d68 update dependency org.slf4j:slf4j-api to v2.0.13
• 556310ac4b34e59f9f3f61b4a8ade5a49928bf0e update dependency org.springframework:spring-core to v5.3.34
• d168a936fa65c9f245ed28d26dfa34128d79dec7 update dependency org.wiremock:wiremock to v3.5.3
• db58406be8d63a04c0cf31317712f1660d596260 update gradle/wrapper-validation-action action to v3
• 68dc6dd1b2f57d6b2e935f57d071641a28eafcf3 update graphqlplugin to v6.8.0

Documentation 📖

• bdecdaa02de85746d80d9cde76666a61ff2845e8 README: Update copyright end year
• eaf648d5a806f2ecaa2cc44725a24ef868f198d1 commands: Improve the reporter's --report-formats description

Performance Enhancements ⚡

• 615ae0a2da9f67f0c8eea397264330182fd2e867 GenerateScopeExcludesCommand: Deduplicate scopes into sets

Refactorings 🚜

• e49b7ec5a5144ebb1cb4673badb0af99fff006fd docker: Add ORT to the image at the end of the build
• 2848c22903a5def7578c0e8650c396f205de4df1 model: Add minSeverity as param to getIssues()
• 2eb66c109431542d53e6dfc4a92a1a147208325b model: Add omitExcluded as parameter to getIssues()
• 41e88f1157547c09bb682d51f911e540f8caea55 model: Add omitResolved as param to getIssues()
• 3a097bbab3c96390a4f85bfea52656d2575b40c7 model: Inline a variable
• 69eb64c98471e2e1acc108ace6e3d390a52c7c98 model: Simplify getRuleViolations()
• cbd4e5a35d55e291c41cf468c0b33afc470bd8f0 web-app-template: Use vite for builds

Tests ✅

• 6f3af0df4eae0cf3909ca35a71c274c2d5737fdc model: Improve two test case names
• 06fde339a6bf543eb8b548675bcd34d6b93d5fad model: Postfix function names in test case names by ()
• dde03656f154e70045f892b4137f8803edc15564 node: Add another test case for parseNpmVcsInfo()
• ef2225006be7b710d94e6c03fb33ad5a5860acd1 node: Consistently create JSON objects from strings
• 9b46c1e4a699e682191f56597e50dd341d1cd9bd node: Format two JSON strings with jq
• b4d70ade5abd9e8727664302d0f270bc6d89006f node: Make creating a JSON object more readable
• 2105523b20607599c9c295c1350f03388c29dfb2 node: Postfix function names in test case names with ()
• e69445a9b0ef7b2b56edc603424baedfe413f6de node: Simplify a test setup
• 0b0c1083594516ee9425bcfef2ee5e609d75c81b osv: Update expected results
• fd086f168a00fea29e87f618aed56be283b2bee3 python: Update expected results
• 9f04bfa74e5949a413d8ccd224240ae908c47cbc python: Update expected test results
• f5f2b184b3251c3f7d3ba1e8ff7aa2f15e649ad6 web-app-template: Add eslint config

Other Changes 💡

• 7833acee28c5bfb209ed516ccc3e3213ecdc609d style(web-app-template): Add an .editorconfig file
• 63da5d8ef7b725821379b133e4795695abe71da7 style(web-app-template): Reformat JSON

What's Changed

Breaking Changes 🛠

• 6c082264d630b717efb5a0a9a85b9a8ed52900e1 refactor(model)!: Use a better name for getIssues()

Bug Fixes 🐞

• adf14d48ec85fab9ab0ef6ec8250f644e1e29814 cargo: Do not make assumptions about the package ID for hash lookups
• 7522a0c3e9051a7bb8961ae56e7ce35f063a673f cargo: Do not make assumptions about the package ID for projects
• 09400533f74d02446f497554145caa2aafaa78e5 cargo: Improve parsing of lockfile formats
• bef2e95546fcc59f9ad7958d859ae4e1e9f88804 fossid-webapp: Remove unecessary call to normalize
• f71f994c15e489d3e6bdfd6fc32d53be703a19b0 schemas: Add missing entries for package managers

New Features 🎉

• 9ef7945f138acaff68863e5fe5a10e87aeb3a26f cargo: Add the alternative deps to the metadata model
• 4771b24aa11e946ce91558e53d428806ea1da2f2 requirements: Add a dedicated version status for unknown versions

Build 🐘 & CI ⚙️

• c7d5c3a4d2c247bc0f3a411edeea118086e15d37 renovate: Extend from config:recommended

Chores 🔧

• cf06ac9457af8b2dac9c011573c26bef5df39c7d cargo: Move two variables closer to where they are being used
• 303705ce9c3dcb0270f6f09af54dc6af3b80f591 cargo: Reorder top-level functions
• e407d11ea350c55c6fd7701f3b8d0404085cf8b0 downloader: Remove the redundant protected enum qualifier
• f54813ef1b04cbeb75bfc9e92b5f81a91cdc41f2 go: Drop the support for the Go dep package manager
• f0121b2fbdbdb93b4d7d11b1a9063bdb05e1b63e integrations: Re-generate shell completion scripts
• b9481f0bbf2c92f53ad0f6171309048f0f5bc494 model: Replace a size check with isNotEmpty()
• 9707529209dc423fe334c2e14694f7993a9c0c60 requirements: Add "!" prefixes for identified problems
• 968f956962301538b5e99c82a58f2da2a8cd72d9 Sort NOTICE file entries alphabetically

Dependency Updates 🚀

• 65ed1079484b213b744275580a3f9a6244f0e46d update dependency ch.qos.logback:logback-classic to v1.5.4
• 9cb8e7cec64c6302a35200102741818e84a8b583 update dependency com.autonomousapps.dependency-analysis to v1.31.0
• 87f2675b1aa59cb970c90f4f87aad4054a56061a update dependency com.opentable.components:otj-pg-embedded to v1.0.3
• f1623e83ee072534a993721da5a4328f5af3a5e4 update dependency org.semver4j:semver4j to v5.2.3
• 6fca2678dc7bb9ddcd93244a46e3655b24ed519b update ktor to v2.3.10

Documentation 📖

• c7ed840d503fd1ab8196e92e2157919abdfc5100 cargo: Document CargoMetadata members
• 67dda3387117b804bb82ed6c322b6e04a582bfca requirements: Document the VersionStatus enum members

Refactorings 🚜

• c1a0c66c7cafa39a82d753ef67503944eea065ca cargo: Do not require parsing the manifest
• 5e701a8f623d09182785e3e832b4dbc137a82a3f cargo: Extract kind names to constants
• e6b84fa771607dc18c1918213acfc7e0396cee44 cargo: Get project authors and homepage from projectPkg
• 887fcc25ec70e3cce43779812a5de25f93aa22db cargo: Get the project's processed declared licenses directly
• 85c452316467f3cf27d12e8e8c8e1065e759947a cargo: Inline processDeclaredLicenses()
• b815e659a7add85e270660d088f0c72521303623 cargo: Make fewer assumptions about internal package IDs
• acb18cbd7f709690f93f9b6af01d1e61a7a76b39 cargo: Move serializers to their respective model classes
• c7d24d9ed360da2ba8493b1e26e61fcabdcd6adc cargo: Turn some functions into extensions for convenience
• 5818de3573c18fd45fc6aa5337ff251dd5e5ba51 go: Move normalizeModuleVersion() to GoMod.kt
• 2f8c7b58e77a056d50a0495cf5bdc2bd9c4d0a17 model: Simplify filtering resolved issues
• 8b63ffe61474147de4afbd0944900b23a0c71605 model: Simplify filtering resolved vulnerabilities
• 03bd19473cbe04794fa5705dca52cfcd0da9e249 model: Simplify resolving rule violations

Other Changes 💡

• 3ce77c798770ff3980736ed0fb32e00ffc93d68f revert(docker): Revert "Revert Upgrade Go to version 1.22.0"
• 1a10da7bfe155e67a7c51e0d1b7295dc6b2295aa style(Gradle): Adhere to const naming conventions
• 3876ec71e2f1eadabef03ac7e928be8526042cf2 style: Prefer equality checks over Elvis operator use

What's Changed

Bug Fixes 🐞

• b73f36b083365772bcbbbc56de14717095952122 scancode: Filter out non-originary findings that are just references
• b1de4395eafe92c339079a9208588ec3acbd54c8 scancode: Use SPDX expressions for file matches if present

New Features 🎉

• 85ef86adfef09554546fe1ef9eb0cf87de6bbb82 scancode: Support reading matched_text fields

Chores 🔧

• 858f29bed8f11224b5cc491494feb54f51031a32 gradle-plugin: End a log message with a dot for consistency

Dependency Updates 🚀

• 5d61699c008112dab5b6a8fd213e433fdbfa621f Upgrade ScanCode to version 32.1.0
• edb691989de65f5b43f4895a410e1de265a4ae12 update dependency org.wiremock:wiremock to v3.5.0
• cf19739d8c73133ca85d5dd703d0e7623e3ef3af update dependency org.wiremock:wiremock to v3.5.1
• 48ae81634c5a3bd4d55e89d2474dc05825a5ae03 update dependency org.wiremock:wiremock to v3.5.2
• 96c5e1809336e261b3880675e05218dac5e972bf update graphqlplugin to v6.7.0
• 563d91ce171487618908ac09df4b68d04d01ca5e update retrofit to v2.11.0
• 0cc08fcfb099ccd43b952b61a126676dd81d0fe0 update wagoid/commitlint-github-action action to v6

Refactorings 🚜

• 747187fc7c25aac993cb5a4628f985e9daa5dfb6 Use Kotest's own tempdir() in tests

Tests ✅

• 71d637569abfa81cce3b33b73d53daeb6952e560 python: Update expected test results
• 3e929b61112aff5f224b0287045fd0c4b1953cde scancode: Add a test for findings from other files

What's Changed

Breaking Changes 🛠

• 7c0717f5e1e07ebbd2b432c0c8f78e7a7392f04f chore(model)!: Remove findPathExcludes() that is only used in tests

Bug Fixes 🐞

• e9b6d35777076858e16ee1d5ef51a4b2c7b7214f fossid: Map to the normalized license on success
• 4f32b500b2d29404d2260c191f25f4aea09d5fa3 gradle-plugin: Do not fail with NPE when dependency POMs are missing
• e2dbfc8951efbbdef1b23b396509ae957db1e3df version: Add missing Bazel version

New Features 🎉

• 2577dd0ce19ddfc7f70f1c929097552b27b06738 clients: Add Bazel module registry client
• 79f9da07322fbc0e2145dbabebc61788608cf179 docker: Add Bazel to runtime image and env path
• d860271705f81a344ccd0a0cfe064a70fcf52eaa package-manager: Add initial support for Bazel

Build 🐘 & CI ⚙️

• 3126b410fc41eabc2e162f91e79e17e940becf8a GitHub: Include Bazel in docker-ort workflow

Chores 🔧

• 4578371937aebdc1c4a60faf2ff9f807e76081d1 fossid: Remove a redundant qualifier
• 5cca2828cf5e55e9ad9233cf62e8d2e82ce49fc1 model: Remove a superfluous conversion via let
• bb28def2cebb2758649dfb22c603a4f33487340a model: Remove the unused transactionAsync() function

Dependency Updates 🚀

• 0a486983c433053cd742ec1bf5392a1bc11336fb update dependency com.github.ajalt.clikt:clikt to v4.3.0
• ad247469bdd08bb8eb0f78b5d174034e5c56426e update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.3.0
• 399665fd01a817cc57ab017ded2fdbaa813ec460 update dependency gradle to v8.7
• 28f4ae65dfbd931580db2d29a0c3b2d08e5b5f10 update detektplugin to v1.23.6
• d8d70ce1c0e195082ab3da7d6e080663adec5692 update exposed to v0.49.0
• 653f29684b1e705dc248350df54ab55f9474e91b update jetbrains/qodana-action action to v2023.3.2

Documentation 📖

• e4af83c3f24f032d3c021cab7cfc4109100b3082 model: Explain why the ConfigurationResolver filters curations
• ed751085e04453416b384fbe4cb1d36b14665484 model: Improve PathExclude class documentation
• 3bf311584813d6ddf15f7ee18da393aed5604375 scanner: Add a missing import for KnownProvenance
• c9c8f49bbb0bd31e37399195d1121ac0dd60a4bb scanner: Fix scan storage references

Refactorings 🚜

• 9495d548c6e74cef9342ee1b9b028c1a0268277b model: Make an associateLicensesWithExceptions overload public

What's Changed

New Features 🎉

• a23c65023a6b29687a958d5413cac8aba69270a2 fossid-webapp: Identify snippet choice entries that have been removed

What's Changed

Breaking Changes 🛠

• 85b6df49960b58bc0818504d0181bfcd18039384 refactor(scanner)!: Inline a constant
• 70b1b869815ae1ff4fbdf53828939e25ad98d829 refactor(scanner)!: Merge read functions of package based storage reader
• 7168c9f0b75d2c71e32798e82fe2c2df43a812c4 refactor(scanner)!: Merge read functions of provenance based storage reader
• 9044c4c44e1ed1dd7815269917f927998be120d8 refactor(scanner)!: Move ScanResultsStorage to storage package
• f7dd71961496b92f293a97ef39bc9b9cfba68da9 refactor(scanner)!: Remove unused function from ScanResultsStorage
• 160312af9e2cb2578c2f791702e0459914543626 refactor(scanner)!: Rename ScanResultsStorage
• 20df88537df986ee74227dd8152924aedd38707a refactor(scanner)!: Rename the package based storages

Bug Fixes 🐞

• 0301583c14ec97c4f5e4c6d0e0f10b788bf7e3ad fossid-webapp: Align license mapping for snippets
• e2c09b2bdbc1be8577b148f497a5a4fc20ff35b6 gradle: Add a dedicated work-around for a Gradle 8.5 bug
• 0905a9053862402b34e0ff326b20c36d8b94d55c gradle: Only register a ProgressListener in debug log mode
• a9a064c0572ffa03a7f75c307f15318cc94fd329 gradle-inspector: Use ORT's fixed-up user home directory
• 986c7623f75ba28c12fd2fdae8fda34a8b5dfdae gradle-model: Ensure compatibility by lowering the Java target
• 568465f8645531a84976954daf508e0533ce4fc8 gradle-plugin: Add a work-around for a regression in Gradle 8.2
• 4bf2ada0bf6dc8da937b1f1b5d4b70f8f3715c51 Make the logger implementation available to test-utils consumers

New Features 🎉

• 6279ba7d04aae6406bf33dd9be9ecd27ed2f7c96 cli: Use the resolved resolutions in NotifierCommand
• 829dad7fb3513b1054684dca836341483a207432 downloader: Adhere to Package.sourceCodeOrigins
• 16ee7fd9f0a1ecd9b547b2616db64aa0cf9cf24b flutter: Upgrade flutter version to 3.19.3
• 118af8ae791043ba407eb3a0184b63e353aa70ea fossid-webapp: Add license findings from snippet choice
• 18b456d60d438e00513530d7ac6a31ef4f7ce423 fossid-webapp: Retain snippet choice state in FossID
• cadf56aa09c2ce1f771ebf48ccdaaaf3fe404cd0 model: Add the property Package.sourceCodeOrigins
• bf1218430e7c827af5adddc3b55b8695fdf2dcea model: Allow to set sourceCodeOrigins via package curations
• 87f5d32488e8424a001450d8ec17d267f1ab5c5e scanner: Adhere to Package.sourceCodeOrigins
• 786d3a645fbf56363966e09389357a96a948a703 swiftpm: Support lockfile format version 3

Build 🐘 & CI ⚙️

• 494a32434823a3f0190db4e8e128b2efb223a14a GitHub: Do not set up a specific version of Java anymore
• 04e60c6098c5778c4fab84389670c9e7d8f0d755 GitHub: Reactivate unified test result diffs
• d7af7364be933aef0b9af20c66c58c7c03867b95 Gradle: Switch to the official KxS converter for Retrofit

Chores 🔧

• fe710995b3ffa83c520f807793d29648f0739e5f fossid-webapp: Extract license mapping code to a separate function
• e569df9a5aa9d94399454fea6e927ac6a383a313 fossid-webapp: Move createMarkAsIdentifiedFile to TestUtils
• 199cc9ecc25c7e6a380c17e8cdc774c627ca098b scanner: Remove obsolete docs

Dependency Updates 🚀

• 409ddccf172b28b21f71109b5346de979cda0da2 spdx-utils: Re-import the SPDX 3.23 list
• e16b6f9c14d8119892ab4fb0da2dcae204bf8551 Upgrade the ks3 library to version 0.6.0
• da8bd03e5c572fa4d27e94cabca9cc89af362aae update dependency com.networknt:json-schema-validator to v1.4.0
• b84dcc438a9b57da55275d5d233506d5bc31895d update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.15
• 487c30cdf52eb9f8d8ed26734941a2137328d6f5 update dependency org.jetbrains.gradle.plugin.idea-ext to v1.1.8
• fc5fd10c697f4d525ce839ecc28815df649dd0ea update dependency org.postgresql:postgresql to v42.7.3
• 8b007307189cae1f8dd9942c6363c29d961e92e1 update dependency org.springframework:spring-core to v5.3.33
• dbbaac816440b059511341866bbbdb9fb2517a72 update retrofit to v2.10.0

Documentation 📖

• f1b3d58cd6517b0a68b3752f7b8f4764fd022f6d common-utils: Update the link to AntPathMatcher
• 30849b5ed0cdad2b0f499aa9c13bec8b1147ea0c examples: Add an example for setting sourceCodeOrigins
• 12292928a01ff0a29b538c76b7b124c96833b9f0 gradle: Fix a grammar mistake
• 2fefbc19f6d49521d9c87a56c4e5f941b6a080f9 model: Mention constraints for sourceCodeOrigins property
• 97ca2ff95b79d265ea7b88066f21a0dd16e2c1b8 model: Remove some double dot
• 38f9ddead5d4827c74f3348286f5137503a8b3e5 node: Add a missing quote
• ac9e019a66f9593cdcdc73620a161c63d93ed5d7 scanner: Fix punctuation in ScannerMatcher docs
• f8b76d72888c213c440553fcea48105340c8b44f swiftpm: Add links to the data model of the lockfile
• 433778b8183a78000b79ca2298b55e4b7e05a0bc website: Explain the new sourceCodeOrigins property

Performance Enhancements ⚡

• f3f536626e5da0c46850f67cd501b9682b27da33 Disable Kotest's classpath scanning for faster test startup

Refactorings 🚜

• d2583acc141c9342a5badddf2778406f8ec826f6 gitlab-reporter: Use Ks3 serializers
• e68a7c1aaa483b24653823bb31e77ed3719881f3 go: Drop an unnecessary data mapping
• 5b0ede14952b8f8eb2776f54e6a3ed65b70c3eb2 go: Drop an unnecessary log warning
• c74e1ebf07fb703e49b6d7171fca6468e0b6a808 go: Factor out parseGoDepLockfile()
• e536dec933f8d7c5ca364cd569c490e1eca358d2 model: Extract a function to check source code origins
• e89a4997218d0b28fe00b8ea7080e23fc87979fb package-managers: Align on Lockfile instead of LockFile
• 1ddb89bb2cbe78588e199c29fc0b2554228f78fb package-managers: Align on lowercase lockfile in var names
• 3c83d5fa0b035485e73e86fe0c5eebeef736deeb scanner: Rename sourceCodeOriginsPriority
• 6c6ddbf21deff5a573dd2622ea20208614b2d688 Align on wording "lockfile" as a single word

Tests ✅

• 3c74aa17afd2c90e041cad0fc35005e379a23559 scanner: Rename the abstract storage test classes

Other Changes 💡

• 0ddcfe4875df7f3d91715375d47cf1765b709e2f style(gradle-plugin): Reformat code fluently to reduce indentation

What's Changed

Breaking Changes 🛠

• 39c0ecb4fa357c7b5b123c7f7de15fed6194190f refactor(model)!: Reduce the visibility of two converters

Bug Fixes 🐞

• 0e3cb55e5f5f7be1e0da16bd6305185b75a3a506 advisors: Use potentially customized PURLs in advisor queries

New Features 🎉

• fad4d5e724bad288fad6077ef8f821d9023d924a cli: Print the JDK version ORT was built with
• 3238adb9559432c21179d1b4e45b8edf38d5a12c fossid-webapp: Mark files with all qualified snippets as identified

Build 🐘 & CI ⚙️

• f29a5d25fdaf55b07c139153a195e72d67819b71 Gradle: Allow to configure the build JDK via toolchains

Chores 🔧

• a5051ae8ad36e488fcf2c906e83d1fd09400e1bc Gradle: Remove an unneeded work-around for KT-48745
• b6defe6b1d009e9593d2e042e6e4026f3eebc617 Gradle: Remove unneeded default imports
• d201f9ebed4bf9aa40b957140b8d32eaa511615a docker: Upgrade Conan to version 1.63
• d298f52819e40006d048f39c2ca296034a2a6746 spdx: Get the scope relationships dynamically

Dependency Updates 🚀

• c81a79aa4cc72b0c7a45f8bc2a5a269df4355910 Gradle: Update the gradle-maven-publish-plugin to version 0.28.0
• 40fb4abafd7cff51c20adfb406ff65eed3874e5a update dependency com.github.ajalt.mordant:mordant to v2.4.0
• c1297741f5375a564127011bc4a88ae743275ce2 update dependency com.github.jmongard.git-semver-plugin to v0.12.6
• c0aa6833d326ce4a822a6ff6fe2149942a6a5f3f update dependency org.apache.commons:commons-compress to v1.26.1
• 9935f319314b063a76df2eb2d3f2cbfeb6cd882b update dependency org.asciidoctor:asciidoctorj to v2.5.12
• 4590097d0bc6f8e7432bcba8716b3aeb429c4087 update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.14
• 9267b43bc573217d273923edc126299015e246fe update jackson to v2.16.2
• fcddf518b5d17aef6c3b0158d34583ee0dadf8d0 update jackson to v2.17.0
• 5e1af3bac0c3b3de571223181230f6f03b383937 update jgit to v6.9.0.202403050737-r
• 287cc399d9f965df209bcba41ebf283ec3251eef update kotest to v5.8.1
• 1dafba07a29d844960fc497bf1b44cfafc197187 update log4j2 monorepo to v2.23.1

Documentation 📖

• 0b8731e2d2566cdafec80c551d22b2b8133383ba ADOPTERS: Fix typos and improve wording
• 5cbb03ce31740d16b6aa961ec8db1f2330cbba09 README: Minor wording and punctuation improvements
• d2aca89f9edeb5d013e043c9c341159e0eacd383 development: Add a link to the GitHub discussions
• b427e64f5c405a62a51344fcf69d580f435589fe development: Add a section about the used static analysis tools
• e034461901982095a05735407942f808266c396b development: Simplify a sentence
• bf37b09f236397ccb0158783a9c85308c230b0da downloader: Fix link to version control systems
• afcad4785f2f36674c0d784811ac52aed6f11c96 snippet-choice: Fix link to SnippetChoiceReason.kt
• 4c0147142116e65c6677df0695e552d9bbe37c91 Improve grammar, punctuation, and wording

Refactorings 🚜

• 3112df6080a56872c72ac3df1f41dad48bb9385b test-utils: Use ORT's Environment to patch existing results

Tests ✅

• 534c5746d756b132fab4006d342cd5869a6e6630 model: Fix a typo

Other Changes 💡

• 4459cfb920352f3b457c9a684b6cfcc5133ffadb style(README): Reformat to one sentence per line
• d8529f7fa3e2c83a2785308b2f12006745966da9 style: Disable line length limit for Markdown files
• ff6a5beb04d3a8fbaa8f465eae23b38fc047b22d style: Enable Markdownlint rule max-one-sentence-per-line
• 2955c0ccc8f403bfabd069a10b3a51f737599cfe style: Ignore Markdown files in build directories
• 326a64a66d77c1057a8312e446fce734d4a38163 style: Reformat all Markdown files to one sentence per line

What's Changed (ORT Community Days Edition)

Bug Fixes 🐞

• d0bfd1b758f866caa065049dd3cb8b57d81648b2 SpdxDocumentFile: Support nested DEPENDS_ON relations
• 8d3376057fbcb0dab35b75b6dcd8f872f1562e21 pip: Only pass major and minor version to python-inspector

New Features 🎉

• 62e22bf174dd320e1fab935f8aef7111adfce743 pip: Detect the Python version from .python-version
• 82faa95198423dc974bea26277fb549da26eb5c2 reporter: Sort license finding paths with localeCompare

Dependency Updates 🚀

• 13b39eff8462a566a23926c2c3c1404546d35057 update dependency ch.qos.logback:logback-classic to v1.5.2
• c9269415f2c66d94a7a28fca52c991ca54fd44c6 update dependency ch.qos.logback:logback-classic to v1.5.3
• 4eaf96c864751e91ada041480d3120bae3b97b7c update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.2.0
• 2b80e63c6298d31498599fb231aa2ea8dc450866 update kotlin monorepo to v1.9.23
• 4cfddd3bcbadaaf3f7359cc8612f4434d495ad2c update ktor to v2.3.9