62.1.0

What's Changed

🐞 Bug Fixes

• 3ba71e4 fossid: Do not pass a URL with user info to the authenticator
• 543e9ee spdx: Do not discard concluded licenses with value NONE

🎉 New Features

• 5a776bb python: Add a function to get supported versions from the inspector
• ec4da7f python: Rework supported Python versions
• 1cc6aa8 python: Support a global requires-python in pyproject.toml

✅ Tests

• 522e4c2 python: Also check for the default Python version to be supported
• fdb2984 python: Force Python 3.11 to be used for a Poetry project

📖 Documentation

• 4b98f4f python: Trivially improve test names

🔧 Chores

• c5eb3e8 model: Reduce the level of a log message

🚀 Dependency Updates

• 7402d86 docker: Upgrade python-inspector to version 0.14.1
• 54e5f3e update net.sf.saxon:saxon-he to v12.8
• 6b5b12a update okhttp monorepo to v5

🚜 Refactorings

• 79cea53 model: Change FileArchiver to first apply the matcher
• 0e14d68 python: Parse pyproject.toml with KxS

62.0.0

What's Changed

🛠 Breaking Changes

• 4170975 chore(model)!: Remove the unused readJsonTree()

🐞 Bug Fixes

• 21c2767 detekt-rules: Allow safe-access continuation after blocks
• 76f2411 spdx: Do not require concluded / detected license fields
• 13cf566 spdx: Ignore not-present declared licenses
• db93e59 spdx-reporter: Execute patchSpdx23To22() only conditionally

🎉 New Features

• 5403507 reporter: Allow to output SPDX 2.3
• ec93c3c spdx: Support SPDX 2.3 in the model while still writing SPDX 2.2
• ef58123 version-catalog: Publish a bundle for all script definitions

✅ Tests

• 0d2c959 chore: Avoid passing several default parameter values
• c233f15 aosd: Factor out JSON schema matching
• 189ce61 aosd: Trivially inline outputDir
• fd90ca1 conan: Update expected results
• 4ab8a92 spdx: Make the schema validation more strict
• b9107ba spdx-reporter: Make testing SPDX-2.2 more explicit
• 979b517 spdx-reporter: Simplify calling generateReport()

📖 Documentation

• 3e69705 commitlint: Fix link to the configuration documentation

🔧 Chores

• 6a34f1b evaluated-model: Avoid passing the default parameter value
• 06f742e nuget: Drop an unnecessary val
• 5817c0a scancode: Do not set the number of processes manually
• 526d9ca spdx: Remove an unneeded annotation
• 075a7ed spdx-document-reporter: Inline extRefs
• f6d2f91 spdx-reporter: Extract two constants
• b0117cf spdx-reporter: Inline refCat
• fff2561 spdx-reporter: Turn a constant to upper case

🚀 Dependency Updates

• 442a603 docker: Upgrade ScanCode to version 32.4.0
• f9d8705 spdx: Update the license list to version 3.27
• e564bd2 update aws-java-sdk-v2 monorepo to v2.31.76
• 8f510c5 update com.blackduck.integration:blackduck-common to v67.0.13
• fb70016 update com.charleskorn.kaml:kaml to v0.83.0
• e7abb3e update com.github.jmongard.git-semver-plugin to v0.16.1
• ed8228d update com.networknt:json-schema-validator to v1.5.8
• 8eeda9a update dependency @easyops-cn/docusaurus-search-local to ^0.51.0
• 0353eea update github/codeql-action digest to 181d5ee
• f812090 update github/codeql-action digest to 39edc49
• 457fbfc update kotlinxserialization to v1.9.0
• a9c7b43 update mavenresolver to v1.9.24
• 5a6ea90 update org.metaeffekt.core:ae-security to v0.140.0
• 6ad3d21 update org.semver4j:semver4j to v6
• 1df59c5 update umbrelladocs/action-linkspector digest to 3a951c1

🚜 Refactorings

• ae5045e gradle: Factor out getGradleProperties()
• 6bd3633 gradle-inspector: Avoid casts when turning objects to string
• 410fb8d gradle-inspector: Slightly restructure some code
• c93c396 spdx: Remove the dedicated SpdxDocumentParams
• e40b976 spdx-document-reporter: Avoid passing wantspdx around
• c787de4 spdx-reporter: Factor out SpdxDocumentReporterConfig.wantSpdx23

61.3.0

What's Changed

🎉 New Features

• e728927 version-catalog: Only prefix reserved words

61.2.0

What's Changed

🐞 Bug Fixes

• 3aabbca common-utils: Always suppress color when getting the version string
• 34fb3c2 gradle: Use constraints instead of force to upgrade versions

🎉 New Features

• fe64a6d buildSrc: Make some plugin docs properties configurable
• 8dfe6a3 gradle: Publish a version catalog for ORT

✅ Tests

• 4253426 spdx-document: Mention also the patch level version in test names
• 47cf111 spdx-document: Move the examples into a v2.2.2 directory
• 43fee35 spdx-document: Update examples files to match SPDX's v2.2.2 tag
• 98eb203 Add a comment about the SPDX v2.2.1 examples

🐘 Build & ⚙️ CI

• 8f586c1 fossid: Remove FreeMarker as a direct dependency
• 3db03e0 gradle: Account for Maven Central Portal default publishing
• b0ef535 gradle: Add XZ as an explicit dependency where needed
• 2d60af9 github: Do not fail fast for the (unit) test matrix
• 8ad26bb github: Switch to new property names for publishing

📖 Documentation

• 3137a82 plugins: Clarify how package manager configs are merged
• 9f13927 plugins: Provide examples for RepositoryAnalyzerConfiguration

🔧 Chores

• 1e07c0d buildSrc: Remove an unused import
• 66d6cdc composer: Remove custom getVersionArguments()
• cedda39 spdx-utils: Inline simple consume() calls

🚀 Dependency Updates

• fa9402c Update Kotlin to version 2.2.0
• f95401e Update the dependency-analysis-gradle-plugin to version 2.19.0
• 71268de update com.blackduck.integration:blackduck-common to v67.0.12
• 3414bcf update com.github.gmazzo.buildconfig to v5.6.7
• c086b3b update com.google.devtools.ksp:symbol-processing-api to v2.2.0-2.0.2
• 3b72c0e update com.vanniktech:gradle-maven-publish-plugin to v0.33.0
• bc32aa6 update graalvm/setup-graalvm digest to e1df20a
• e2ed460 update io.mockk:mockk to v1.14.4
• 32091d9 update org.semver4j:semver4j to v5.8.0

🚜 Refactorings

• 299c3d0 buildSrc: Move code to a local function for later reuse

61.1.0

What's Changed

🐞 Bug Fixes

• dcec0ab cocoapods: Add --silent to pod ipc spec to ensure valid JSON
• 9830caa cocoapods: Correctly resolve react_native_pods.rb script path
• b401faa cocoapods: Resolve paths for all pods and dependencies
• 23a177b cocoapods: Resolve podspecs for pods defined via :path
• d8e2cde cocoapods: Store patched podspec in original podspec directory

🎉 New Features

• 46175c4 scanner: Improve / align error handling for result files

📖 Documentation

• fdfda94 plugins: Mark optional plugin values
• fe4ffed plugins: Mention the type of an optional value
• 360a6b5 Fix README typo

🚀 Dependency Updates

• b71c4d8 docker: Upgrade Rust to latest stable version 1.87.0
• 2a5d430 update aws-java-sdk-v2 monorepo to v2.31.66
• 32df7d0 update com.blackduck.integration:blackduck-common to v67.0.11
• 5753e29 update com.charleskorn.kaml:kaml to v0.82.0
• 8a1d5fe update com.github.gmazzo.buildconfig to v5.6.6
• 0df84a1 update docker/setup-buildx-action digest to 18ce135
• d657fa6 update docker/setup-buildx-action digest to e468171
• 5190f70 update docusaurus monorepo to v3.8.1
• 7b03b52 update jackson monorepo to v2.19.1
• ab5fb1a update log4j2 monorepo to v2.25.0
• e2ee1a7 update org.metaeffekt.core:ae-security to v0.139.0
• 3e4c756 update org.springframework:spring-core to v6.2.8

🚜 Refactorings

• 7833a73 evaluated-model: Add issues that aren't part of scan summaries
• 9329d3f model: Add issues map for ScannerRun
• d5401bd scanner: Don't create fake scan results when path scan fails
• 8ff5e7d Generalize searchUpwardsForSubdirectory() for files

61.0.0

What's Changed

🛠 Breaking Changes

• afaab62 feat(cyclonedx)!: Use generic properties for ORT-specific data

🐞 Bug Fixes

• ef58233 model: Stop throwing accidentally from an invariant check

🎉 New Features

• 5d7b086 model: Name sections for specifying plugin options consistently

✅ Tests

• be9a8db model: Slightly shorten two test case names
• 6fe4edf pub: Update expected results
• c7f1dd1 spdx: Improve the test case names
• de97533 spdx: Rename the expected result files for the synthetic input
• 7ef2d6a spdx: Shorten the name of an OrtResult test asset
• 091e57a spdx: Use a more speaking name for spdx-schema.json

🐘 Build & ⚙️ CI

• 1b0d27c gradle: Properly set the "Main-Class" attribute for applications

📖 Documentation

• dfa10e3 model: Explain where and how tool configuration is (de-)serialized
• 2afba8a Improve plugin docs to show the full path for global configuration

🔧 Chores

• 31a9055 commands: Generally omit null properties when showing config
• 8224ea6 model: Inline rangesList
• 7151176 model: Remove GitHubDefects leftovers
• 2a66893 model: Remove a Jackson annotation from ReporterConfiguration
• 78c9abd model: Remove an old JsonAlias annotation
• cd3bc07 model: Use a better name for getVersionRanges()
• 19ae1db model: Use a better name for range
• a9488e9 Apply some ordering to generating plugin docs
• fcb5e17 Prefer Kotlin's in operator over Java's contains()

🚀 Dependency Updates

• ef02291 docker: Upgrade Ruby to the latest stable version 3.4.4
• 8fed6c4 update actions/attest-build-provenance digest to e8998f9
• f6fc1f9 update com.blackduck.integration:blackduck-common to v67.0.10
• 446bff8 update com.charleskorn.kaml:kaml to v0.81.0
• 9f757d5 update dependency gradle to v8.14.2
• 2722702 update github/codeql-action digest to ce28f5b
• 7f3fbe3 update gradle/actions digest to ac638b0
• 3acb346 update jgit to v7.3.0.202506031305-r
• a9593e0 update ksp monorepo to v2.1.21-2.0.2
• c6844a4 update maven to v3.9.10
• 45e99b9 update org.jruby:jruby to v9.4.13.0
• c6ae2a8 update org.postgresql:postgresql to v42.7.7
• 6d230df update org.semver4j:semver4j to v5.7.1
• ef99333 update org.wiremock:wiremock to v3.13.1
• 9d8f37b update umbrelladocs/action-linkspector digest to e2ccef5

🚜 Refactorings

• 9af797d model: Factor out getVersionRange()
• 18c6e39 model: Make JsonSchemaTest independent of Jackson
• 2b9d208 spdx: Simplify schema validation

60.0.0

What's Changed

🛠 Breaking Changes

• 8c1cdb9 feat(fossid-webapp)!: Add a function to list all projects
• cc214f1 feat(scanoss)!: Re-implement path obfuscation using scanoss.java

🐞 Bug Fixes

• eaf876b bazel: Always run Bazel after the Conan package manager
• 7a77bf7 bazel: Create an issue on dependency version mismatch
• e9411c3 fossid: Increase read timeout for report generation
• 7822f07 licensee: Handle "NOASSERTION" findings
• d86ae71 reporter: Use a shared Asciidoctor instance
• b53de18 scancode: Extend the fromFile-fixup for ScanCode 32.2.0
• afd60b5 scancode: Fix support for output format version 4.0.0
• 0c7c054 utils: Add a missing test to PackageConfigurationTest
• 785ac36 website: Fix button layout on mobile
• e5f2b45 website: Fix layout of features on mobile devices
• d219f33 website: Fix layout of toolchain on mobile

🎉 New Features

• 8f9c052 bazel: Support local registries for Bazel >= 7.2.0
• fe819ee plugins: Create empty string lists from empty strings
• 1ae5834 scancode: Add the SPDX license expression to the interface
• 260d85d scancode: Add the file-level SPDX license expression to the interface
• 02fb740 utils: Add sourceCodeOrigin to the package configuration
• 0fdf659 utils: Allow version range for package configuration
• 6d06fcc utils: Make provenance matchers optional

✅ Tests

• e6797ae bazel: Add a test for Bazel 8
• 37ec13a bazel: Fix two typos
• 8155f16 bundler: Update expected results
• 034d082 conan: Update expected results
• b0b2ae1 model: Simplify the test cases for the constructor a bit
• 493f71f spdx: Avoid passing a default value
• 119bfc3 spdx: Extract the test input OrtResult to testFixtures
• 02a530d spdx: Fix-up URLs in test input data
• 6e93fc5 spdx: Fix-up the values for homepageUrl in test input data
• 8af4fc7 spdx: Make the dependency tree of TestData a bit deeper
• 09c5751 spdx: Re-align a test case name
• c3bdff3 spdx: Turn two constant names into uppercase
• c5547f6 spdx: Use the "official" example.com as the domain name

🐘 Build & ⚙️ CI

• 41b982e Gradle: Use the dedicated variable(s) to reference a project
• ea27d4d gradle: Update SCANOSS library to v0.11.0
• 6076c53 gradle-plugin: Prepare for upgrading to Gradle 9

📖 Documentation

• 457adf6 bazel: Add a comment to disambiguate registry services
• 5026252 model: Improve the KDoc for versionRangeIndicators
• 20ee7da model: Improve the ScannerDetails.configuration docs
• cfb0d76 model: Re-align the documentation for id
• 4724cda scancode: Remove comments about missing data properties
• 3e5fa2e scanner: Improve the details property description
• 6ead807 website: Add a button that shows the GitHub stars
• 94a8629 website: Add an overview of the ORT toolchain
• fabcb45 website: Change layout of the frontpage
• b903b0f website: Improve tool descriptions
• 4f0a115 website: Show a command to run ORT with Docker in the header
• 3cc48c5 website: Use FiraSans and FiraCode on the website

🔧 Chores

• 7df28d8 bazel: Drop redundant logic for filtering
• 9c25894 bazel: Factor out getRegistryUrlsFromBazelRcFile()
• 70cecbd bundler: Simplify restoring the backup file
• 9ff9634 gradle: Access the application's JAR lazily
• 3f4954b model: Move the sourceCodeOrigin further up
• 549e513 model: Reformat PackageConfigurationTest
• 84741cd model: Use a more speaking name for versionRangeIndicators
• 8c44641 scancode: Document interface design
• 5d00090 scancode: Make commandLineNonConfig non-nullable to simplify code
• 5a67c8c scancode: Remove an unused parse function
• 26d4b76 scanner: Avoid inspection hints about spread operator usage
• 2ccef49 scanner: Partly avoid the need for custom serial formats
• 581a24c scanner: Remove an explicit type declaration
• ab54d7a scanner: Remove the unused ScannerMatcher.create() function
• db54102 scanner: Simplify code with a range operator
• 06c5ec2 website: Improve styling of bullet lists in feature descriptions
• 627dce2 Prefer dedicated empty matchers in tests
• 7f36fc3 Revisit the spellings of "FossID"
• eb9d540 Shorten .also { it. one-liners with apply

🚀 Dependency Updates

• 142effc docker: Upgrade python-inspector to version 0.14.0
• db38d53 gradle: Upgrade the SW360 client to version 19.0.0
• fdb79a5 scanner: Remove unused dependencies
• 3bbe2c0 Update the dependency-analysis-gradle-plugin to version 2.18.0
• 57fd90f update aws-java-sdk-v2 monorepo to v2.31.52
• e1d6601 update aws-java-sdk-v2 monorepo to v2.31.56
• 8b82c4c update aws-java-sdk-v2 monorepo to v2.31.57
• 093d528 update com.blackduck.integration:blackduck-common to v67.0.9
• 4709730 update com.charleskorn.kaml:kaml to v0.79.0
• 50c623d update com.charleskorn.kaml:kaml to v0.80.1
• 7bdac39 update com.networknt:json-schema-validator to v1.5.7
• fb8105b update dependency @easyops-cn/docusaurus-search-local to ^0.50.0
• 571a100 update dependency gradle to v8.14.1
• b06e2ae update docker/build-push-action digest to 2634353
• 6ff76fd update docusaurus monorepo to v3.8.0
• 56c3c95 update github/codeql-action digest to fca7ace
• 119a701 update gradle/actions digest to 8379f6a
• 353252d update org.apache.tika:tika-core to v3.2.0
• 046e121 update org.postgresql:postgresql to v42.7.6
• ee8acb2 update ossf/scorecard-action action to v2.4.2

🚜 Refactorings

• f469d5b bazel: Simplify getRegistryUrlsFromBazelRcFile()
• 9a0dbe8 bazel: Slightly simplify a case distinction
• 09bf9ca dos: Remove fetchConcluded option
• 2cd11ea scancode: Inline the SCANNER_NAME property
• 093b9db scancode: Split the model into classes in a separate package
• dbe12c9 scancode: Use the SPDX license expression via the interface
• 038573a scancode: Use the file-level license via the interface
• 97d1c08 scanner: Introduce a ScannerMatcherCriteria interface
• 187bd6e scanner: Make ScannerMatcher.configuration non-nullable
• 34edf22 scanner: Split out config classes for all scanners
• 57864b5 tests: Extract the repository and artifact provenances
• cac25af utils: Extract two inner functions
• 55d4d5c utils: Factor out Parts.key
• 194b071 utils: Factor out getGroup()
• aa6b53d utils: Generalize documentation of isApplicableIvyVersion
• 9a13d67 utils: Inline toNormalizedOwnerKey()
• 5f5de54 utils: Make isVersionRange an extension of Identifier
• 2f9bcee utils: Move Parts to the top level
• 91d540f utils: Move replaceYears() further down
• 7612d8b utils: Move a couple of functions to the top level
• 2001...

59.3.0

What's Changed

🐞 Bug Fixes

• f865436 scanoss: Display local file path instead of remote path
• bedb564 scanoss: Snippet generation logic to correctly represent match data
• 3f4b2f6 scanoss: Standardize SCANOSS naming in comments and documentation
• b745169 scanoss: snippetFindings use remote file path instead of OSSKB URL

🎉 New Features

• feecb6d model: Detect and exclude binary license files
• 751a8e5 scanoss: Exclude identified snippets from SnippetFindings
• 7812608 spdx: Tolerate invalid SPDX expressions when writing reports

✅ Tests

• 56a6d18 bazel: Run funTests after the Conan package manager ones
• a54eeae python: Update expected results
• 21e9d99 scanoss: Add tests for license handling edge cases
• fee9e96 scanoss: Use relative paths in test resources

🐘 Build & ⚙️ CI

• 620eb63 gradle: Do not publish "funTest" feature variants
• fc55a7b Replace printVersion gradle task with an ORT specific version
• 0c6934d github: Use the printVersion task to retrieve the ORT version

📖 Documentation

• 1457512 analyzer: Fix a broken KDoc reference
• 5607e43 dos: Fix some broken KDoc references
• 9200a57 scanoss: Fix a broken KDoc references
• 2901d30 spdx: Trivially improve the name of a test

🔧 Chores

• 6d3031f bazel: Make use of a default value
• 1c0d990 commands: Drop an unnecessary @OptIn
• 22fc4b0 maven: Drop a redundant Companion reference
• 4e183ff model: Allow the vcsPath receiver to be null
• fa0a975 model: Name a boolean argument
• c830d6f scanoss: Determine the snippet license only once
• 611c2a5 spdx: Simplify two fallback conditions

🚀 Dependency Updates

• 64a9162 update aws-java-sdk-v2 monorepo to v2.31.48
• 8076f0d update org.gradle.toolchains.foojay-resolver-convention to v1

🚜 Refactorings

• 918be70 scanoss: Improve snippet location pairing with direct mapping
• 3c5ead0 scanoss: Rename variables for better path distinction
• 4b0751c spdx-document: Move data validation to dedicated functions

59.2.0

What's Changed

🐞 Bug Fixes

• 6c09d4f docker: Correct the .NET version being printed
• 434b368 fossid-webapp: Improve failure handling
• ec5f084 fossid-webapp: creatScan response can be polymorphic
• ebc6fe0 reporter: Fix a performance issue with generating SPDX reports

🎉 New Features

• 7a7c0fd fossid: Extend logging for FossID project access issues

✅ Tests

• 8f6fa62 model: Add a test for mainLicense()
• f1d6e97 model: Add locations for detected licenses
• 1ae9df9 spdx-utils: Improve test container naming

📖 Documentation

• 7b0a3f7 website: Briefly document the concept of a "Main License"

🔧 Chores

• a2d1413 fossid: Fixup an error log to be lazy
• 2482d1d model: Remove a superfluous parameter name from a test name
• e2b8af4 spdx-utils: Add types to SpdxSimpleLicenseMapping properties
• ebfa91f Use the readResource() utility function in more tests

🚀 Dependency Updates

• 24ab694 update codecov/codecov-action digest to 18283e0
• c7d5fa8 update docker/build-push-action digest to 1dc7386
• 442518a update github/codeql-action digest to ff0a06e
• ca7b528 update io.github.pdvrieze.xmlutil:serialization to v0.91.1
• 12906f5 update kotlinpoet to v2.2.0
• 1c9cb08 update net.sf.saxon:saxon-he to v12.7
• 5162914 update org.metaeffekt.core:ae-security to v0.138.0
• ac40db6 update org.springframework:spring-core to v6.2.7
• 1721cc8 update retrofit monorepo to v2.12.0
• cd61b46 update retrofit monorepo to v3

59.1.0

What's Changed

🎉 New Features

• 90da9a5 cli: Create a stand-alone launcher for functional tests
• 33c8075 scanner: Improve the behavior when storing conflicting results

✅ Tests

• 994d437 scanner: Move assets to resources

🐘 Build & ⚙️ CI

• 899e4be gradle: Add toolchain download URLs for the daemon

📖 Documentation

• b3bfb8a gradle: Correct the comment for the daemon JVM toolchain version
• b71980e website: Use YAML instead of JSON for plugin configs

🔧 Chores

• 1e027dd buildSrc: Remove an unused index
• 0f156a5 commands: Tweak plugin display names
• 8a3e5c6 model: Improve the failure message when checking references
• 89902b9 plugins: Do not repeat the type as part of the display name

🚀 Dependency Updates

• a1343ac update aws-java-sdk-v2 monorepo to v2.31.43
• 2e6e985 update com.charleskorn.kaml:kaml to v0.78.0
• 2269999 update com.opentable.components:otj-pg-embedded to v1.1.1
• 1cefddb update com.vanniktech:gradle-maven-publish-plugin to v0.32.0
• 88015b4 update jgit to v7.2.1.202505142326-r
• 42d32f5 update kotlin monorepo to v2.1.21
• b027fab update ksp monorepo to v2.1.21-2.0.1
• 15ad615 update org.metaeffekt.core:ae-security to v0.137.0

💡 Other Changes

• 647b3bb style(python): Align on adding single map entries as a pair