22.1.0

What's Changed

Bug Fixes 🐞

• 3d27d61 git: Properly configure insteadOf for submodules
• bee7613 version-control-systems: Mark the git CLI command as a requirement

New Features 🎉

• 5b64b6c model: Allow configuring further PostgreSQL connection parameters
• 7a3732f requirements: Support categorizing objects from bundled plugins

Build 🐘 & CI ⚙️

• 2fcae57 github: Fix the number of CodeCov action calls after which to comment
• ce7d028 github: Stop using the deprecated arguments of setup-gradle
• 9ef10eb github: Trivially simplify the always() condition

Chores 🔧

• 47daa3f model: Add new PostgreSQL connection params to reference.yml
• eb47587 model: Drop a TODO comment
• 3fc76e7 model: Remove an unused configuration parameter

Dependency Updates 🚀

• ba9803b Update the Maven resolver to version 1.9.19
• ac009c5 update dependency com.github.ajalt.mordant:mordant to v2.5.0
• c544784 update dependency org.wiremock:wiremock to v3.5.4

Documentation 📖

• b296744 website: Fix-up a package curation example

Refactorings 🚜

• d53ac0b DependencyHandler: Consume abstract but generate concrete types
• 3cfe66e version-control-systems: Extract Git's CommandLineTool

Tests ✅

• 6a57057 model: Extract variables for rule violations
• a63e987 model: Fix-up two function names in test case names
• 62cf9cf model: Simplify several assertions via shouldContainExactly()
• 1b00fae model: Split-up a test case into two
• 136d411 pub: Update expected results
• c091056 reporters: Add three scan issues to reporter-test-input.yml
• 02b4129 static-html: Make a replace operation less invasive

Other Changes 💡

• 4e73f5a Revert "test(pub): Temporarily disable PubFunTest"

22.0.0

What's Changed

Breaking Changes 🛠

• 2db3890 refactor(model)!: Align severity filtering in getRuleViolations()

Bug Fixes 🐞

• 6c84bba GenerateScopeExcludesCommand: Ensure that an input file is readable
• ac57032 docs: Add the correct snippet_choices element in the documentation
• 70e15d1 jenkins: Consistenly delete output directories before running tools
• d95c996 jenkins: Quote path-related variables in more places
• 993e98a model: Ensure getOpenIssues() returns no duplicates
• d39d163 reporter: Correct the how-to-fix element for snippet choices
• b344e09 web-app-template: Auto-resolve eslint issues
• 127968b web-app-template: Fix DOM invalid string error
• ed7fdbe web-app-template: Remove unneeded initial-scale
• 14c9d34 web-app-template: Resolve build warning

New Features 🎉

• e942b66 GenerateScopeExcludesCommand: Do not require the repo config to exist
• 72f0659 jenkins: Expose the report formats and their options as parameters

Build 🐘 & CI ⚙️

• c4c14f2 github: Migrate to the new Gradle actions
• 1237a37 web-app-template: Update Node and Yarn
• 0206c8f github: Add a composite action to free disk space
• edf431a github: Hard-code Ubuntu 22.04 for website deployment
• 3a073cf github: Remove the unused ortdocker action
• 94ef009 github: Rewrite the Docker build job
• ded860a github: Run functional tests in up-to-date Docker container
• 675694d github: Set infinite fetch depth for docker-build

Chores 🔧

• 50069be GenerateScopeExcludesCommand: Log the scopes at info level
• 9b97454 commands: Only show once where the results has been written to
• 60ccfdb docker: Replace --file with --output for Syft
• f27af07 evaluator: Improve echoing of rule violations
• 4a423b3 reuse: Align formatting of files in the LICENSES directory
• b6484ef scripting: Leave measuring the duration to the caller

Dependency Updates 🚀

• 2612096 web-app-template: Migrate to Ant Design v5
• 5904758 web-app-template: Various version updates
• 3fd42b2 Update S3 to version 2.25.30
• fb1eecd update dependency ch.qos.logback:logback-classic to v1.5.5
• e337a5c update dependency ch.qos.logback:logback-classic to v1.5.6
• 948e6d6 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.3.1
• c8878bf update dependency org.slf4j:slf4j-api to v2.0.13
• 556310a update dependency org.springframework:spring-core to v5.3.34
• d168a93 update dependency org.wiremock:wiremock to v3.5.3
• db58406 update gradle/wrapper-validation-action action to v3
• 68dc6dd update graphqlplugin to v6.8.0

Documentation 📖

• bdecdaa README: Update copyright end year
• eaf648d commands: Improve the reporter's --report-formats description

Performance Enhancements ⚡

• 615ae0a GenerateScopeExcludesCommand: Deduplicate scopes into sets

Refactorings 🚜

• e49b7ec docker: Add ORT to the image at the end of the build
• 2848c22 model: Add minSeverity as param to getIssues()
• 2eb66c1 model: Add omitExcluded as parameter to getIssues()
• 41e88f1 model: Add omitResolved as param to getIssues()
• 3a097bb model: Inline a variable
• 69eb64c model: Simplify getRuleViolations()
• cbd4e5a web-app-template: Use vite for builds

Tests ✅

• 6f3af0d model: Improve two test case names
• 06fde33 model: Postfix function names in test case names by ()
• dde0365 node: Add another test case for parseNpmVcsInfo()
• ef22250 node: Consistently create JSON objects from strings
• 9b46c1e node: Format two JSON strings with jq
• b4d70ad node: Make creating a JSON object more readable
• 2105523 node: Postfix function names in test case names with ()
• e69445a node: Simplify a test setup
• 0b0c108 osv: Update expected results
• fd086f1 python: Update expected results
• 9f04bfa python: Update expected test results
• f5f2b18 web-app-template: Add eslint config

Other Changes 💡

• 7833ace style(web-app-template): Add an .editorconfig file
• 63da5d8 style(web-app-template): Reformat JSON

21.0.0

What's Changed

Breaking Changes 🛠

• 6c08226 refactor(model)!: Use a better name for getIssues()

Bug Fixes 🐞

• adf14d4 cargo: Do not make assumptions about the package ID for hash lookups
• 7522a0c cargo: Do not make assumptions about the package ID for projects
• 0940053 cargo: Improve parsing of lockfile formats
• bef2e95 fossid-webapp: Remove unecessary call to normalize
• f71f994 schemas: Add missing entries for package managers

New Features 🎉

• 9ef7945 cargo: Add the alternative deps to the metadata model
• 4771b24 requirements: Add a dedicated version status for unknown versions

Build 🐘 & CI ⚙️

• c7d5c3a renovate: Extend from config:recommended

Chores 🔧

• cf06ac9 cargo: Move two variables closer to where they are being used
• 303705c cargo: Reorder top-level functions
• e407d11 downloader: Remove the redundant protected enum qualifier
• f54813e go: Drop the support for the Go dep package manager
• f0121b2 integrations: Re-generate shell completion scripts
• b9481f0 model: Replace a size check with isNotEmpty()
• 9707529 requirements: Add "!" prefixes for identified problems
• 968f956 Sort NOTICE file entries alphabetically

Dependency Updates 🚀

• 65ed107 update dependency ch.qos.logback:logback-classic to v1.5.4
• 9cb8e7c update dependency com.autonomousapps.dependency-analysis to v1.31.0
• 87f2675 update dependency com.opentable.components:otj-pg-embedded to v1.0.3
• f1623e8 update dependency org.semver4j:semver4j to v5.2.3
• 6fca267 update ktor to v2.3.10

Documentation 📖

• c7ed840 cargo: Document CargoMetadata members
• 67dda33 requirements: Document the VersionStatus enum members

Refactorings 🚜

• c1a0c66 cargo: Do not require parsing the manifest
• 5e701a8 cargo: Extract kind names to constants
• e6b84fa cargo: Get project authors and homepage from projectPkg
• 887fcc2 cargo: Get the project's processed declared licenses directly
• 85c4523 cargo: Inline processDeclaredLicenses()
• b815e65 cargo: Make fewer assumptions about internal package IDs
• acb18cb cargo: Move serializers to their respective model classes
• c7d24d9 cargo: Turn some functions into extensions for convenience
• 5818de3 go: Move normalizeModuleVersion() to GoMod.kt
• 2f8c7b5 model: Simplify filtering resolved issues
• 8b63ffe model: Simplify filtering resolved vulnerabilities
• 03bd194 model: Simplify resolving rule violations

Other Changes 💡

• 3ce77c7 revert(docker): Revert "Revert Upgrade Go to version 1.22.0"
• 1a10da7 style(Gradle): Adhere to const naming conventions
• 3876ec7 style: Prefer equality checks over Elvis operator use

20.1.0

What's Changed

Bug Fixes 🐞

• b73f36b scancode: Filter out non-originary findings that are just references
• b1de439 scancode: Use SPDX expressions for file matches if present

New Features 🎉

• 85ef86a scancode: Support reading matched_text fields

Chores 🔧

• 858f29b gradle-plugin: End a log message with a dot for consistency

Dependency Updates 🚀

• 5d61699 Upgrade ScanCode to version 32.1.0
• edb6919 update dependency org.wiremock:wiremock to v3.5.0
• cf19739 update dependency org.wiremock:wiremock to v3.5.1
• 48ae816 update dependency org.wiremock:wiremock to v3.5.2
• 96c5e18 update graphqlplugin to v6.7.0
• 563d91c update retrofit to v2.11.0
• 0cc08fc update wagoid/commitlint-github-action action to v6

Refactorings 🚜

• 747187f Use Kotest's own tempdir() in tests

Tests ✅

• 71d6375 python: Update expected test results
• 3e929b6 scancode: Add a test for findings from other files

20.0.0

What's Changed

Breaking Changes 🛠

• 7c0717f chore(model)!: Remove findPathExcludes() that is only used in tests

Bug Fixes 🐞

• e9b6d35 fossid: Map to the normalized license on success
• 4f32b50 gradle-plugin: Do not fail with NPE when dependency POMs are missing
• e2dbfc8 version: Add missing Bazel version

New Features 🎉

• 2577dd0 clients: Add Bazel module registry client
• 79f9da0 docker: Add Bazel to runtime image and env path
• d860271 package-manager: Add initial support for Bazel

Build 🐘 & CI ⚙️

• 3126b41 GitHub: Include Bazel in docker-ort workflow

Chores 🔧

• 4578371 fossid: Remove a redundant qualifier
• 5cca282 model: Remove a superfluous conversion via let
• bb28def model: Remove the unused transactionAsync() function

Dependency Updates 🚀

• 0a48698 update dependency com.github.ajalt.clikt:clikt to v4.3.0
• ad24746 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.3.0
• 399665f update dependency gradle to v8.7
• 28f4ae6 update detektplugin to v1.23.6
• d8d70ce update exposed to v0.49.0
• 653f296 update jetbrains/qodana-action action to v2023.3.2

Documentation 📖

• e4af83c model: Explain why the ConfigurationResolver filters curations
• ed75108 model: Improve PathExclude class documentation
• 3bf3115 scanner: Add a missing import for KnownProvenance
• c9c8f49 scanner: Fix scan storage references

Refactorings 🚜

• 9495d54 model: Make an associateLicensesWithExceptions overload public

19.1.0

What's Changed

New Features 🎉

• a23c650 fossid-webapp: Identify snippet choice entries that have been removed

19.0.0

What's Changed

Breaking Changes 🛠

• 85b6df4 refactor(scanner)!: Inline a constant
• 70b1b86 refactor(scanner)!: Merge read functions of package based storage reader
• 7168c9f refactor(scanner)!: Merge read functions of provenance based storage reader
• 9044c4c refactor(scanner)!: Move ScanResultsStorage to storage package
• f7dd719 refactor(scanner)!: Remove unused function from ScanResultsStorage
• 160312a refactor(scanner)!: Rename ScanResultsStorage
• 20df885 refactor(scanner)!: Rename the package based storages

Bug Fixes 🐞

• 0301583 fossid-webapp: Align license mapping for snippets
• e2c09b2 gradle: Add a dedicated work-around for a Gradle 8.5 bug
• 0905a90 gradle: Only register a ProgressListener in debug log mode
• a9a064c gradle-inspector: Use ORT's fixed-up user home directory
• 986c762 gradle-model: Ensure compatibility by lowering the Java target
• 568465f gradle-plugin: Add a work-around for a regression in Gradle 8.2
• 4bf2ada Make the logger implementation available to test-utils consumers

New Features 🎉

• 6279ba7 cli: Use the resolved resolutions in NotifierCommand
• 829dad7 downloader: Adhere to Package.sourceCodeOrigins
• 16ee7fd flutter: Upgrade flutter version to 3.19.3
• 118af8a fossid-webapp: Add license findings from snippet choice
• 18b456d fossid-webapp: Retain snippet choice state in FossID
• cadf56a model: Add the property Package.sourceCodeOrigins
• bf12184 model: Allow to set sourceCodeOrigins via package curations
• 87f5d32 scanner: Adhere to Package.sourceCodeOrigins
• 786d3a6 swiftpm: Support lockfile format version 3

Build 🐘 & CI ⚙️

• 494a324 GitHub: Do not set up a specific version of Java anymore
• 04e60c6 GitHub: Reactivate unified test result diffs
• d7af736 Gradle: Switch to the official KxS converter for Retrofit

Chores 🔧

• fe71099 fossid-webapp: Extract license mapping code to a separate function
• e569df9 fossid-webapp: Move createMarkAsIdentifiedFile to TestUtils
• 199cc9e scanner: Remove obsolete docs

Dependency Updates 🚀

• 409ddcc spdx-utils: Re-import the SPDX 3.23 list
• e16b6f9 Upgrade the ks3 library to version 0.6.0
• da8bd03 update dependency com.networknt:json-schema-validator to v1.4.0
• b84dcc4 update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.15
• 487c30c update dependency org.jetbrains.gradle.plugin.idea-ext to v1.1.8
• fc5fd10 update dependency org.postgresql:postgresql to v42.7.3
• 8b00730 update dependency org.springframework:spring-core to v5.3.33
• dbbaac8 update retrofit to v2.10.0

Documentation 📖

• f1b3d58 common-utils: Update the link to AntPathMatcher
• 30849b5 examples: Add an example for setting sourceCodeOrigins
• 1229292 gradle: Fix a grammar mistake
• 2fefbc1 model: Mention constraints for sourceCodeOrigins property
• 97ca2ff model: Remove some double dot
• 38f9dde node: Add a missing quote
• ac9e019 scanner: Fix punctuation in ScannerMatcher docs
• f8b76d7 swiftpm: Add links to the data model of the lockfile
• 433778b website: Explain the new sourceCodeOrigins property

Performance Enhancements ⚡

• f3f5366 Disable Kotest's classpath scanning for faster test startup

Refactorings 🚜

• d2583ac gitlab-reporter: Use Ks3 serializers
• e68a7c1 go: Drop an unnecessary data mapping
• 5b0ede1 go: Drop an unnecessary log warning
• c74e1eb go: Factor out parseGoDepLockfile()
• e536dec model: Extract a function to check source code origins
• e89a499 package-managers: Align on Lockfile instead of LockFile
• 1ddb89b package-managers: Align on lowercase lockfile in var names
• 3c83d5f scanner: Rename sourceCodeOriginsPriority
• 6c6ddbf Align on wording "lockfile" as a single word

Tests ✅

• 3c74aa1 scanner: Rename the abstract storage test classes

Other Changes 💡

• 0ddcfe4 style(gradle-plugin): Reformat code fluently to reduce indentation

18.0.0

What's Changed

Breaking Changes 🛠

• 39c0ecb refactor(model)!: Reduce the visibility of two converters

Bug Fixes 🐞

• 0e3cb55 advisors: Use potentially customized PURLs in advisor queries

New Features 🎉

• fad4d5e cli: Print the JDK version ORT was built with
• 3238adb fossid-webapp: Mark files with all qualified snippets as identified

Build 🐘 & CI ⚙️

• f29a5d2 Gradle: Allow to configure the build JDK via toolchains

Chores 🔧

• a5051ae Gradle: Remove an unneeded work-around for KT-48745
• b6defe6 Gradle: Remove unneeded default imports
• d201f9e docker: Upgrade Conan to version 1.63
• d298f52 spdx: Get the scope relationships dynamically

Dependency Updates 🚀

• c81a79a Gradle: Update the gradle-maven-publish-plugin to version 0.28.0
• 40fb4ab update dependency com.github.ajalt.mordant:mordant to v2.4.0
• c129774 update dependency com.github.jmongard.git-semver-plugin to v0.12.6
• c0aa683 update dependency org.apache.commons:commons-compress to v1.26.1
• 9935f31 update dependency org.asciidoctor:asciidoctorj to v2.5.12
• 4590097 update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.14
• 9267b43 update jackson to v2.16.2
• fcddf51 update jackson to v2.17.0
• 5e1af3b update jgit to v6.9.0.202403050737-r
• 287cc39 update kotest to v5.8.1
• 1dafba0 update log4j2 monorepo to v2.23.1

Documentation 📖

• 0b8731e ADOPTERS: Fix typos and improve wording
• 5cbb03c README: Minor wording and punctuation improvements
• d2aca89 development: Add a link to the GitHub discussions
• b427e64 development: Add a section about the used static analysis tools
• e034461 development: Simplify a sentence
• bf37b09 downloader: Fix link to version control systems
• afcad47 snippet-choice: Fix link to SnippetChoiceReason.kt
• 4c01471 Improve grammar, punctuation, and wording

Refactorings 🚜

• 3112df6 test-utils: Use ORT's Environment to patch existing results

Tests ✅

• 534c574 model: Fix a typo

Other Changes 💡

• 4459cfb style(README): Reformat to one sentence per line
• d8529f7 style: Disable line length limit for Markdown files
• ff6a5be style: Enable Markdownlint rule max-one-sentence-per-line
• 2955c0c style: Ignore Markdown files in build directories
• 326a64a style: Reformat all Markdown files to one sentence per line

17.1.0

What's Changed (ORT Community Days Edition)

Bug Fixes 🐞

• d0bfd1b SpdxDocumentFile: Support nested DEPENDS_ON relations
• 8d33760 pip: Only pass major and minor version to python-inspector

New Features 🎉

• 62e22bf pip: Detect the Python version from .python-version
• 82faa95 reporter: Sort license finding paths with localeCompare

Dependency Updates 🚀

• 13b39ef update dependency ch.qos.logback:logback-classic to v1.5.2
• c926941 update dependency ch.qos.logback:logback-classic to v1.5.3
• 4eaf96c update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.2.0
• 2b80e63 update kotlin monorepo to v1.9.23
• 4cfddd3 update ktor to v2.3.9

17.0.1

What's Changed

Bug Fixes 🐞

• 2d83b35 fossid-webapp: Add missing license category

Build 🐘 & CI ⚙️

• 38e0447 Docker: Remove explicit Cargo version
• dfd784e GitHub: Also release archive as compressed TARs
• b70a60d Gradle: Configure the distTar task to use GZIP compression

Dependency Updates 🚀

• 129bb20 docker: Upgrade Python to the latest 3.11.x version
• 2928caf docker: Upgrade pyenv to the latest version
• 95eeedd update dependency software.amazon.awssdk:s3 to v2.25.0

Other Changes 💡

• 165c210 Revert "deps(Docker): Upgrade python-inspector to version 0.11.0"