Releases: oss-review-toolkit/ort
Releases · oss-review-toolkit/ort
22.1.0
What's Changed
Bug Fixes 🐞
- 3d27d61 git: Properly configure
insteadOf
for submodules - bee7613 version-control-systems: Mark the
git
CLI command as a requirement
New Features 🎉
- 5b64b6c model: Allow configuring further PostgreSQL connection parameters
- 7a3732f requirements: Support categorizing objects from bundled plugins
Build 🐘 & CI ⚙️
- 2fcae57 github: Fix the number of CodeCov action calls after which to comment
- ce7d028 github: Stop using the deprecated
arguments
ofsetup-gradle
- 9ef10eb github: Trivially simplify the
always()
condition
Chores 🔧
- 47daa3f model: Add new PostgreSQL connection params to
reference.yml
- eb47587 model: Drop a TODO comment
- 3fc76e7 model: Remove an unused configuration parameter
Dependency Updates 🚀
- ba9803b Update the Maven resolver to version 1.9.19
- ac009c5 update dependency com.github.ajalt.mordant:mordant to v2.5.0
- c544784 update dependency org.wiremock:wiremock to v3.5.4
Documentation 📖
- b296744 website: Fix-up a package curation example
Refactorings 🚜
- d53ac0b DependencyHandler: Consume abstract but generate concrete types
- 3cfe66e version-control-systems: Extract
Git
'sCommandLineTool
Tests ✅
- 6a57057 model: Extract variables for rule violations
- a63e987 model: Fix-up two function names in test case names
- 62cf9cf model: Simplify several assertions via
shouldContainExactly()
- 1b00fae model: Split-up a test case into two
- 136d411 pub: Update expected results
- c091056 reporters: Add three scan issues to
reporter-test-input.yml
- 02b4129 static-html: Make a replace operation less invasive
Other Changes 💡
- 4e73f5a Revert "test(pub): Temporarily disable
PubFunTest
"
22.0.0
What's Changed
Breaking Changes 🛠
- 2db3890 refactor(model)!: Align severity filtering in
getRuleViolations()
Bug Fixes 🐞
- 6c84bba GenerateScopeExcludesCommand: Ensure that an input file is readable
- ac57032 docs: Add the correct
snippet_choices
element in the documentation - 70e15d1 jenkins: Consistenly delete output directories before running tools
- d95c996 jenkins: Quote path-related variables in more places
- 993e98a model: Ensure
getOpenIssues()
returns no duplicates - d39d163 reporter: Correct the how-to-fix element for snippet choices
- b344e09 web-app-template: Auto-resolve eslint issues
- 127968b web-app-template: Fix DOM invalid string error
- ed7fdbe web-app-template: Remove unneeded initial-scale
- 14c9d34 web-app-template: Resolve build warning
New Features 🎉
- e942b66 GenerateScopeExcludesCommand: Do not require the repo config to exist
- 72f0659 jenkins: Expose the report formats and their options as parameters
Build 🐘 & CI ⚙️
- c4c14f2 github: Migrate to the new Gradle actions
- 1237a37 web-app-template: Update Node and Yarn
- 0206c8f github: Add a composite action to free disk space
- edf431a github: Hard-code Ubuntu 22.04 for website deployment
- 3a073cf github: Remove the unused
ortdocker
action - 94ef009 github: Rewrite the Docker build job
- ded860a github: Run functional tests in up-to-date Docker container
- 675694d github: Set infinite fetch depth for
docker-build
Chores 🔧
- 50069be GenerateScopeExcludesCommand: Log the scopes at info level
- 9b97454 commands: Only show once where the results has been written to
- 60ccfdb docker: Replace
--file
with--output
for Syft - f27af07 evaluator: Improve echoing of rule violations
- 4a423b3 reuse: Align formatting of files in the
LICENSES
directory - b6484ef scripting: Leave measuring the duration to the caller
Dependency Updates 🚀
- 2612096 web-app-template: Migrate to Ant Design v5
- 5904758 web-app-template: Various version updates
- 3fd42b2 Update S3 to version 2.25.30
- fb1eecd update dependency ch.qos.logback:logback-classic to v1.5.5
- e337a5c update dependency ch.qos.logback:logback-classic to v1.5.6
- 948e6d6 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.3.1
- c8878bf update dependency org.slf4j:slf4j-api to v2.0.13
- 556310a update dependency org.springframework:spring-core to v5.3.34
- d168a93 update dependency org.wiremock:wiremock to v3.5.3
- db58406 update gradle/wrapper-validation-action action to v3
- 68dc6dd update graphqlplugin to v6.8.0
Documentation 📖
- bdecdaa README: Update copyright end year
- eaf648d commands: Improve the reporter's
--report-formats
description
Performance Enhancements ⚡
- 615ae0a GenerateScopeExcludesCommand: Deduplicate scopes into sets
Refactorings 🚜
- e49b7ec docker: Add ORT to the image at the end of the build
- 2848c22 model: Add
minSeverity
as param togetIssues()
- 2eb66c1 model: Add
omitExcluded
as parameter togetIssues()
- 41e88f1 model: Add
omitResolved
as param togetIssues()
- 3a097bb model: Inline a variable
- 69eb64c model: Simplify
getRuleViolations()
- cbd4e5a web-app-template: Use vite for builds
Tests ✅
- 6f3af0d model: Improve two test case names
- 06fde33 model: Postfix function names in test case names by
()
- dde0365 node: Add another test case for
parseNpmVcsInfo()
- ef22250 node: Consistently create JSON objects from strings
- 9b46c1e node: Format two JSON strings with
jq
- b4d70ad node: Make creating a JSON object more readable
- 2105523 node: Postfix function names in test case names with
()
- e69445a node: Simplify a test setup
- 0b0c108 osv: Update expected results
- fd086f1 python: Update expected results
- 9f04bfa python: Update expected test results
- f5f2b18 web-app-template: Add eslint config
Other Changes 💡
21.0.0
What's Changed
Breaking Changes 🛠
- 6c08226 refactor(model)!: Use a better name for
getIssues()
Bug Fixes 🐞
- adf14d4 cargo: Do not make assumptions about the package ID for hash lookups
- 7522a0c cargo: Do not make assumptions about the package ID for projects
- 0940053 cargo: Improve parsing of lockfile formats
- bef2e95 fossid-webapp: Remove unecessary call to
normalize
- f71f994 schemas: Add missing entries for package managers
New Features 🎉
- 9ef7945 cargo: Add the alternative
deps
to the metadata model - 4771b24 requirements: Add a dedicated version status for unknown versions
Build 🐘 & CI ⚙️
- c7d5c3a renovate: Extend from
config:recommended
Chores 🔧
- cf06ac9 cargo: Move two variables closer to where they are being used
- 303705c cargo: Reorder top-level functions
- e407d11 downloader: Remove the redundant
protected
enum qualifier - f54813e go: Drop the support for the Go dep package manager
- f0121b2 integrations: Re-generate shell completion scripts
- b9481f0 model: Replace a size check with
isNotEmpty()
- 9707529 requirements: Add "!" prefixes for identified problems
- 968f956 Sort
NOTICE
file entries alphabetically
Dependency Updates 🚀
- 65ed107 update dependency ch.qos.logback:logback-classic to v1.5.4
- 9cb8e7c update dependency com.autonomousapps.dependency-analysis to v1.31.0
- 87f2675 update dependency com.opentable.components:otj-pg-embedded to v1.0.3
- f1623e8 update dependency org.semver4j:semver4j to v5.2.3
- 6fca267 update ktor to v2.3.10
Documentation 📖
- c7ed840 cargo: Document
CargoMetadata
members - 67dda33 requirements: Document the
VersionStatus
enum members
Refactorings 🚜
- c1a0c66 cargo: Do not require parsing the manifest
- 5e701a8 cargo: Extract kind names to constants
- e6b84fa cargo: Get project authors and homepage from
projectPkg
- 887fcc2 cargo: Get the project's processed declared licenses directly
- 85c4523 cargo: Inline
processDeclaredLicenses()
- b815e65 cargo: Make fewer assumptions about internal package IDs
- acb18cb cargo: Move serializers to their respective model classes
- c7d24d9 cargo: Turn some functions into extensions for convenience
- 5818de3 go: Move
normalizeModuleVersion()
toGoMod.kt
- 2f8c7b5 model: Simplify filtering resolved issues
- 8b63ffe model: Simplify filtering resolved vulnerabilities
- 03bd194 model: Simplify resolving rule violations
Other Changes 💡
20.1.0
What's Changed
Bug Fixes 🐞
- b73f36b scancode: Filter out non-originary findings that are just references
- b1de439 scancode: Use SPDX expressions for file matches if present
New Features 🎉
- 85ef86a scancode: Support reading
matched_text
fields
Chores 🔧
- 858f29b gradle-plugin: End a log message with a dot for consistency
Dependency Updates 🚀
- 5d61699 Upgrade ScanCode to version 32.1.0
- edb6919 update dependency org.wiremock:wiremock to v3.5.0
- cf19739 update dependency org.wiremock:wiremock to v3.5.1
- 48ae816 update dependency org.wiremock:wiremock to v3.5.2
- 96c5e18 update graphqlplugin to v6.7.0
- 563d91c update retrofit to v2.11.0
- 0cc08fc update wagoid/commitlint-github-action action to v6
Refactorings 🚜
- 747187f Use Kotest's own
tempdir()
in tests
Tests ✅
20.0.0
What's Changed
Breaking Changes 🛠
- 7c0717f chore(model)!: Remove
findPathExcludes()
that is only used in tests
Bug Fixes 🐞
- e9b6d35 fossid: Map to the normalized license on success
- 4f32b50 gradle-plugin: Do not fail with NPE when dependency POMs are missing
- e2dbfc8 version: Add missing Bazel version
New Features 🎉
- 2577dd0 clients: Add Bazel module registry client
- 79f9da0 docker: Add Bazel to runtime image and env path
- d860271 package-manager: Add initial support for Bazel
Build 🐘 & CI ⚙️
- 3126b41 GitHub: Include Bazel in docker-ort workflow
Chores 🔧
- 4578371 fossid: Remove a redundant qualifier
- 5cca282 model: Remove a superfluous conversion via
let
- bb28def model: Remove the unused
transactionAsync()
function
Dependency Updates 🚀
- 0a48698 update dependency com.github.ajalt.clikt:clikt to v4.3.0
- ad24746 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.3.0
- 399665f update dependency gradle to v8.7
- 28f4ae6 update detektplugin to v1.23.6
- d8d70ce update exposed to v0.49.0
- 653f296 update jetbrains/qodana-action action to v2023.3.2
Documentation 📖
- e4af83c model: Explain why the
ConfigurationResolver
filters curations - ed75108 model: Improve
PathExclude
class documentation - 3bf3115 scanner: Add a missing import for
KnownProvenance
- c9c8f49 scanner: Fix scan storage references
Refactorings 🚜
- 9495d54 model: Make an
associateLicensesWithExceptions
overload public
19.1.0
19.0.0
What's Changed
Breaking Changes 🛠
- 85b6df4 refactor(scanner)!: Inline a constant
- 70b1b86 refactor(scanner)!: Merge read functions of package based storage reader
- 7168c9f refactor(scanner)!: Merge read functions of provenance based storage reader
- 9044c4c refactor(scanner)!: Move
ScanResultsStorage
to storage package - f7dd719 refactor(scanner)!: Remove unused function from
ScanResultsStorage
- 160312a refactor(scanner)!: Rename
ScanResultsStorage
- 20df885 refactor(scanner)!: Rename the package based storages
Bug Fixes 🐞
- 0301583 fossid-webapp: Align license mapping for snippets
- e2c09b2 gradle: Add a dedicated work-around for a Gradle 8.5 bug
- 0905a90 gradle: Only register a
ProgressListener
in debug log mode - a9a064c gradle-inspector: Use ORT's fixed-up user home directory
- 986c762 gradle-model: Ensure compatibility by lowering the Java target
- 568465f gradle-plugin: Add a work-around for a regression in Gradle 8.2
- 4bf2ada Make the logger implementation available to
test-utils
consumers
New Features 🎉
- 6279ba7 cli: Use the resolved resolutions in
NotifierCommand
- 829dad7 downloader: Adhere to
Package.sourceCodeOrigins
- 16ee7fd flutter: Upgrade flutter version to 3.19.3
- 118af8a fossid-webapp: Add license findings from snippet choice
- 18b456d fossid-webapp: Retain snippet choice state in FossID
- cadf56a model: Add the property
Package.sourceCodeOrigins
- bf12184 model: Allow to set
sourceCodeOrigins
via package curations - 87f5d32 scanner: Adhere to
Package.sourceCodeOrigins
- 786d3a6 swiftpm: Support lockfile format version 3
Build 🐘 & CI ⚙️
- 494a324 GitHub: Do not set up a specific version of Java anymore
- 04e60c6 GitHub: Reactivate unified test result diffs
- d7af736 Gradle: Switch to the official KxS converter for Retrofit
Chores 🔧
- fe71099 fossid-webapp: Extract license mapping code to a separate function
- e569df9 fossid-webapp: Move
createMarkAsIdentifiedFile
toTestUtils
- 199cc9e scanner: Remove obsolete docs
Dependency Updates 🚀
- 409ddcc spdx-utils: Re-import the SPDX 3.23 list
- e16b6f9 Upgrade the ks3 library to version 0.6.0
- da8bd03 update dependency com.networknt:json-schema-validator to v1.4.0
- b84dcc4 update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.15
- 487c30c update dependency org.jetbrains.gradle.plugin.idea-ext to v1.1.8
- fc5fd10 update dependency org.postgresql:postgresql to v42.7.3
- 8b00730 update dependency org.springframework:spring-core to v5.3.33
- dbbaac8 update retrofit to v2.10.0
Documentation 📖
- f1b3d58 common-utils: Update the link to
AntPathMatcher
- 30849b5 examples: Add an example for setting
sourceCodeOrigins
- 1229292 gradle: Fix a grammar mistake
- 2fefbc1 model: Mention constraints for
sourceCodeOrigins
property - 97ca2ff model: Remove some double dot
- 38f9dde node: Add a missing quote
- ac9e019 scanner: Fix punctuation in
ScannerMatcher
docs - f8b76d7 swiftpm: Add links to the data model of the lockfile
- 433778b website: Explain the new
sourceCodeOrigins
property
Performance Enhancements ⚡
- f3f5366 Disable Kotest's classpath scanning for faster test startup
Refactorings 🚜
- d2583ac gitlab-reporter: Use Ks3 serializers
- e68a7c1 go: Drop an unnecessary data mapping
- 5b0ede1 go: Drop an unnecessary log warning
- c74e1eb go: Factor out
parseGoDepLockfile()
- e536dec model: Extract a function to check source code origins
- e89a499 package-managers: Align on
Lockfile
instead ofLockFile
- 1ddb89b package-managers: Align on lowercase
lockfile
in var names - 3c83d5f scanner: Rename
sourceCodeOriginsPriority
- 6c6ddbf Align on wording "lockfile" as a single word
Tests ✅
- 3c74aa1 scanner: Rename the abstract storage test classes
Other Changes 💡
- 0ddcfe4 style(gradle-plugin): Reformat code fluently to reduce indentation
18.0.0
What's Changed
Breaking Changes 🛠
- 39c0ecb refactor(model)!: Reduce the visibility of two converters
Bug Fixes 🐞
- 0e3cb55 advisors: Use potentially customized PURLs in advisor queries
New Features 🎉
- fad4d5e cli: Print the JDK version ORT was built with
- 3238adb fossid-webapp: Mark files with all qualified snippets as identified
Build 🐘 & CI ⚙️
- f29a5d2 Gradle: Allow to configure the build JDK via toolchains
Chores 🔧
- a5051ae Gradle: Remove an unneeded work-around for KT-48745
- b6defe6 Gradle: Remove unneeded default imports
- d201f9e docker: Upgrade Conan to version 1.63
- d298f52 spdx: Get the scope relationships dynamically
Dependency Updates 🚀
- c81a79a Gradle: Update the gradle-maven-publish-plugin to version 0.28.0
- 40fb4ab update dependency com.github.ajalt.mordant:mordant to v2.4.0
- c129774 update dependency com.github.jmongard.git-semver-plugin to v0.12.6
- c0aa683 update dependency org.apache.commons:commons-compress to v1.26.1
- 9935f31 update dependency org.asciidoctor:asciidoctorj to v2.5.12
- 4590097 update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.14
- 9267b43 update jackson to v2.16.2
- fcddf51 update jackson to v2.17.0
- 5e1af3b update jgit to v6.9.0.202403050737-r
- 287cc39 update kotest to v5.8.1
- 1dafba0 update log4j2 monorepo to v2.23.1
Documentation 📖
- 0b8731e ADOPTERS: Fix typos and improve wording
- 5cbb03c README: Minor wording and punctuation improvements
- d2aca89 development: Add a link to the GitHub discussions
- b427e64 development: Add a section about the used static analysis tools
- e034461 development: Simplify a sentence
- bf37b09 downloader: Fix link to version control systems
- afcad47 snippet-choice: Fix link to
SnippetChoiceReason.kt
- 4c01471 Improve grammar, punctuation, and wording
Refactorings 🚜
- 3112df6 test-utils: Use ORT's
Environment
to patch existing results
Tests ✅
- 534c574 model: Fix a typo
Other Changes 💡
- 4459cfb style(README): Reformat to one sentence per line
- d8529f7 style: Disable line length limit for Markdown files
- ff6a5be style: Enable Markdownlint rule max-one-sentence-per-line
- 2955c0c style: Ignore Markdown files in build directories
- 326a64a style: Reformat all Markdown files to one sentence per line
17.1.0
What's Changed (ORT Community Days Edition)
Bug Fixes 🐞
- d0bfd1b SpdxDocumentFile: Support nested
DEPENDS_ON
relations - 8d33760 pip: Only pass major and minor version to
python-inspector
New Features 🎉
- 62e22bf pip: Detect the Python version from
.python-version
- 82faa95 reporter: Sort license finding paths with localeCompare
Dependency Updates 🚀
17.0.1
What's Changed
Bug Fixes 🐞
- 2d83b35 fossid-webapp: Add missing license category
Build 🐘 & CI ⚙️
- 38e0447 Docker: Remove explicit Cargo version
- dfd784e GitHub: Also release archive as compressed TARs
- b70a60d Gradle: Configure the
distTar
task to use GZIP compression
Dependency Updates 🚀
- 129bb20 docker: Upgrade Python to the latest 3.11.x version
- 2928caf docker: Upgrade
pyenv
to the latest version - 95eeedd update dependency software.amazon.awssdk:s3 to v2.25.0
Other Changes 💡
- 165c210 Revert "deps(Docker): Upgrade
python-inspector
to version 0.11.0"