Releases: oss-review-toolkit/ort
Releases · oss-review-toolkit/ort
62.1.0
What's Changed
🐞 Bug Fixes
- 3ba71e4 fossid: Do not pass a URL with user info to the authenticator
- 543e9ee spdx: Do not discard concluded licenses with value
NONE
🎉 New Features
- 5a776bb python: Add a function to get supported versions from the inspector
- ec4da7f python: Rework supported Python versions
- 1cc6aa8 python: Support a global
requires-python
inpyproject.toml
✅ Tests
- 522e4c2 python: Also check for the default Python version to be supported
- fdb2984 python: Force Python 3.11 to be used for a Poetry project
📖 Documentation
- 4b98f4f python: Trivially improve test names
🔧 Chores
- c5eb3e8 model: Reduce the level of a log message
🚀 Dependency Updates
- 7402d86 docker: Upgrade
python-inspector
to version 0.14.1 - 54e5f3e update net.sf.saxon:saxon-he to v12.8
- 6b5b12a update okhttp monorepo to v5
🚜 Refactorings
62.0.0
What's Changed
🛠 Breaking Changes
- 4170975 chore(model)!: Remove the unused
readJsonTree()
🐞 Bug Fixes
- 21c2767 detekt-rules: Allow safe-access continuation after blocks
- 76f2411 spdx: Do not require concluded / detected license fields
- 13cf566 spdx: Ignore not-present declared licenses
- db93e59 spdx-reporter: Execute
patchSpdx23To22()
only conditionally
🎉 New Features
- 5403507 reporter: Allow to output SPDX 2.3
- ec93c3c spdx: Support SPDX 2.3 in the model while still writing SPDX 2.2
- ef58123 version-catalog: Publish a bundle for all script definitions
✅ Tests
- 0d2c959 chore: Avoid passing several default parameter values
- c233f15 aosd: Factor out JSON schema matching
- 189ce61 aosd: Trivially inline
outputDir
- fd90ca1 conan: Update expected results
- 4ab8a92 spdx: Make the schema validation more strict
- b9107ba spdx-reporter: Make testing
SPDX-2.2
more explicit - 979b517 spdx-reporter: Simplify calling
generateReport()
📖 Documentation
- 3e69705 commitlint: Fix link to the configuration documentation
🔧 Chores
- 6a34f1b evaluated-model: Avoid passing the default parameter value
- 06f742e nuget: Drop an unnecessary
val
- 5817c0a scancode: Do not set the number of processes manually
- 526d9ca spdx: Remove an unneeded annotation
- 075a7ed spdx-document-reporter: Inline
extRefs
- f6d2f91 spdx-reporter: Extract two constants
- b0117cf spdx-reporter: Inline
refCat
- fff2561 spdx-reporter: Turn a constant to upper case
🚀 Dependency Updates
- 442a603 docker: Upgrade ScanCode to version 32.4.0
- f9d8705 spdx: Update the license list to version 3.27
- e564bd2 update aws-java-sdk-v2 monorepo to v2.31.76
- 8f510c5 update com.blackduck.integration:blackduck-common to v67.0.13
- fb70016 update com.charleskorn.kaml:kaml to v0.83.0
- e7abb3e update com.github.jmongard.git-semver-plugin to v0.16.1
- ed8228d update com.networknt:json-schema-validator to v1.5.8
- 8eeda9a update dependency @easyops-cn/docusaurus-search-local to ^0.51.0
- 0353eea update github/codeql-action digest to 181d5ee
- f812090 update github/codeql-action digest to 39edc49
- 457fbfc update kotlinxserialization to v1.9.0
- a9c7b43 update mavenresolver to v1.9.24
- 5a6ea90 update org.metaeffekt.core:ae-security to v0.140.0
- 6ad3d21 update org.semver4j:semver4j to v6
- 1df59c5 update umbrelladocs/action-linkspector digest to 3a951c1
🚜 Refactorings
- ae5045e gradle: Factor out
getGradleProperties()
- 6bd3633 gradle-inspector: Avoid casts when turning objects to string
- 410fb8d gradle-inspector: Slightly restructure some code
- c93c396 spdx: Remove the dedicated
SpdxDocumentParams
- e40b976 spdx-document-reporter: Avoid passing
wantspdx
around - c787de4 spdx-reporter: Factor out
SpdxDocumentReporterConfig.wantSpdx23
61.3.0
61.2.0
What's Changed
🐞 Bug Fixes
- 3aabbca common-utils: Always suppress color when getting the version string
- 34fb3c2 gradle: Use
constraints
instead offorce
to upgrade versions
🎉 New Features
- fe64a6d buildSrc: Make some plugin docs properties configurable
- 8dfe6a3 gradle: Publish a version catalog for ORT
✅ Tests
- 4253426 spdx-document: Mention also the patch level version in test names
- 47cf111 spdx-document: Move the examples into a
v2.2.2
directory - 43fee35 spdx-document: Update examples files to match SPDX's
v2.2.2
tag - 98eb203 Add a comment about the SPDX v2.2.1 examples
🐘 Build & ⚙️ CI
- 8f586c1 fossid: Remove FreeMarker as a direct dependency
- 3db03e0 gradle: Account for Maven Central Portal default publishing
- b0ef535 gradle: Add XZ as an explicit dependency where needed
- 2d60af9 github: Do not fail fast for the (unit) test matrix
- 8ad26bb github: Switch to new property names for publishing
📖 Documentation
- 3137a82 plugins: Clarify how package manager configs are merged
- 9f13927 plugins: Provide examples for
RepositoryAnalyzerConfiguration
🔧 Chores
- 1e07c0d buildSrc: Remove an unused import
- 66d6cdc composer: Remove custom
getVersionArguments()
- cedda39 spdx-utils: Inline simple
consume()
calls
🚀 Dependency Updates
- fa9402c Update Kotlin to version 2.2.0
- f95401e Update the dependency-analysis-gradle-plugin to version 2.19.0
- 71268de update com.blackduck.integration:blackduck-common to v67.0.12
- 3414bcf update com.github.gmazzo.buildconfig to v5.6.7
- c086b3b update com.google.devtools.ksp:symbol-processing-api to v2.2.0-2.0.2
- 3b72c0e update com.vanniktech:gradle-maven-publish-plugin to v0.33.0
- bc32aa6 update graalvm/setup-graalvm digest to e1df20a
- e2ed460 update io.mockk:mockk to v1.14.4
- 32091d9 update org.semver4j:semver4j to v5.8.0
🚜 Refactorings
- 299c3d0 buildSrc: Move code to a local function for later reuse
61.1.0
What's Changed
🐞 Bug Fixes
- dcec0ab cocoapods: Add
--silent
topod ipc spec
to ensure valid JSON - 9830caa cocoapods: Correctly resolve
react_native_pods.rb
script path - b401faa cocoapods: Resolve paths for all pods and dependencies
- 23a177b cocoapods: Resolve podspecs for pods defined via
:path
- d8e2cde cocoapods: Store patched podspec in original podspec directory
🎉 New Features
- 46175c4 scanner: Improve / align error handling for result files
📖 Documentation
- fdfda94 plugins: Mark optional plugin values
- fe4ffed plugins: Mention the type of an optional value
- 360a6b5 Fix README typo
🚀 Dependency Updates
- b71c4d8 docker: Upgrade Rust to latest stable version 1.87.0
- 2a5d430 update aws-java-sdk-v2 monorepo to v2.31.66
- 32df7d0 update com.blackduck.integration:blackduck-common to v67.0.11
- 5753e29 update com.charleskorn.kaml:kaml to v0.82.0
- 8a1d5fe update com.github.gmazzo.buildconfig to v5.6.6
- 0df84a1 update docker/setup-buildx-action digest to 18ce135
- d657fa6 update docker/setup-buildx-action digest to e468171
- 5190f70 update docusaurus monorepo to v3.8.1
- 7b03b52 update jackson monorepo to v2.19.1
- ab5fb1a update log4j2 monorepo to v2.25.0
- e2ee1a7 update org.metaeffekt.core:ae-security to v0.139.0
- 3e4c756 update org.springframework:spring-core to v6.2.8
🚜 Refactorings
61.0.0
What's Changed
🛠 Breaking Changes
- afaab62 feat(cyclonedx)!: Use generic properties for ORT-specific data
🐞 Bug Fixes
- ef58233 model: Stop throwing accidentally from an invariant check
🎉 New Features
- 5d7b086 model: Name sections for specifying plugin options consistently
✅ Tests
- be9a8db model: Slightly shorten two test case names
- 6fe4edf pub: Update expected results
- c7f1dd1 spdx: Improve the test case names
- de97533 spdx: Rename the expected result files for the synthetic input
- 7ef2d6a spdx: Shorten the name of an
OrtResult
test asset - 091e57a spdx: Use a more speaking name for
spdx-schema.json
🐘 Build & ⚙️ CI
- 1b0d27c gradle: Properly set the "Main-Class" attribute for applications
📖 Documentation
- dfa10e3 model: Explain where and how tool configuration is (de-)serialized
- 2afba8a Improve plugin docs to show the full path for global configuration
🔧 Chores
- 31a9055 commands: Generally omit null properties when showing config
- 8224ea6 model: Inline
rangesList
- 7151176 model: Remove
GitHubDefects
leftovers - 2a66893 model: Remove a Jackson annotation from
ReporterConfiguration
- 78c9abd model: Remove an old
JsonAlias
annotation - cd3bc07 model: Use a better name for
getVersionRanges()
- 19ae1db model: Use a better name for
range
- a9488e9 Apply some ordering to generating plugin docs
- fcb5e17 Prefer Kotlin's
in
operator over Java'scontains()
🚀 Dependency Updates
- ef02291 docker: Upgrade Ruby to the latest stable version 3.4.4
- 8fed6c4 update actions/attest-build-provenance digest to e8998f9
- f6fc1f9 update com.blackduck.integration:blackduck-common to v67.0.10
- 446bff8 update com.charleskorn.kaml:kaml to v0.81.0
- 9f757d5 update dependency gradle to v8.14.2
- 2722702 update github/codeql-action digest to ce28f5b
- 7f3fbe3 update gradle/actions digest to ac638b0
- 3acb346 update jgit to v7.3.0.202506031305-r
- a9593e0 update ksp monorepo to v2.1.21-2.0.2
- c6844a4 update maven to v3.9.10
- 45e99b9 update org.jruby:jruby to v9.4.13.0
- c6ae2a8 update org.postgresql:postgresql to v42.7.7
- 6d230df update org.semver4j:semver4j to v5.7.1
- ef99333 update org.wiremock:wiremock to v3.13.1
- 9d8f37b update umbrelladocs/action-linkspector digest to e2ccef5
🚜 Refactorings
60.0.0
What's Changed
🛠 Breaking Changes
- 8c1cdb9 feat(fossid-webapp)!: Add a function to list all projects
- cc214f1 feat(scanoss)!: Re-implement path obfuscation using scanoss.java
🐞 Bug Fixes
- eaf876b bazel: Always run Bazel after the Conan package manager
- 7a77bf7 bazel: Create an issue on dependency version mismatch
- e9411c3 fossid: Increase read timeout for report generation
- 7822f07 licensee: Handle "NOASSERTION" findings
- d86ae71 reporter: Use a shared
Asciidoctor
instance - b53de18 scancode: Extend the
fromFile
-fixup for ScanCode 32.2.0 - afd60b5 scancode: Fix support for output format version 4.0.0
- 0c7c054 utils: Add a missing test to
PackageConfigurationTest
- 785ac36 website: Fix button layout on mobile
- e5f2b45 website: Fix layout of features on mobile devices
- d219f33 website: Fix layout of toolchain on mobile
🎉 New Features
- 8f9c052 bazel: Support local registries for Bazel >= 7.2.0
- fe819ee plugins: Create empty string lists from empty strings
- 1ae5834 scancode: Add the SPDX license expression to the interface
- 260d85d scancode: Add the file-level SPDX license expression to the interface
- 02fb740 utils: Add
sourceCodeOrigin
to the package configuration - 0fdf659 utils: Allow version range for package configuration
- 6d06fcc utils: Make provenance matchers optional
✅ Tests
- e6797ae bazel: Add a test for Bazel 8
- 37ec13a bazel: Fix two typos
- 8155f16 bundler: Update expected results
- 034d082 conan: Update expected results
- b0b2ae1 model: Simplify the test cases for the constructor a bit
- 493f71f spdx: Avoid passing a default value
- 119bfc3 spdx: Extract the test input
OrtResult
totestFixtures
- 02a530d spdx: Fix-up URLs in test input data
- 6e93fc5 spdx: Fix-up the values for
homepageUrl
in test input data - 8af4fc7 spdx: Make the dependency tree of
TestData
a bit deeper - 09c5751 spdx: Re-align a test case name
- c3bdff3 spdx: Turn two constant names into uppercase
- c5547f6 spdx: Use the "official"
example.com
as the domain name
🐘 Build & ⚙️ CI
- 41b982e Gradle: Use the dedicated variable(s) to reference a project
- ea27d4d gradle: Update SCANOSS library to v0.11.0
- 6076c53 gradle-plugin: Prepare for upgrading to Gradle 9
📖 Documentation
- 457adf6 bazel: Add a comment to disambiguate registry services
- 5026252 model: Improve the KDoc for
versionRangeIndicators
- 20ee7da model: Improve the
ScannerDetails.configuration
docs - cfb0d76 model: Re-align the documentation for
id
- 4724cda scancode: Remove comments about missing data properties
- 3e5fa2e scanner: Improve the
details
property description - 6ead807 website: Add a button that shows the GitHub stars
- 94a8629 website: Add an overview of the ORT toolchain
- fabcb45 website: Change layout of the frontpage
- b903b0f website: Improve tool descriptions
- 4f0a115 website: Show a command to run ORT with Docker in the header
- 3cc48c5 website: Use FiraSans and FiraCode on the website
🔧 Chores
- 7df28d8 bazel: Drop redundant logic for filtering
- 9c25894 bazel: Factor out
getRegistryUrlsFromBazelRcFile()
- 70cecbd bundler: Simplify restoring the backup file
- 9ff9634 gradle: Access the application's JAR lazily
- 3f4954b model: Move the
sourceCodeOrigin
further up - 549e513 model: Reformat
PackageConfigurationTest
- 84741cd model: Use a more speaking name for
versionRangeIndicators
- 8c44641 scancode: Document interface design
- 5d00090 scancode: Make
commandLineNonConfig
non-nullable to simplify code - 5a67c8c scancode: Remove an unused parse function
- 26d4b76 scanner: Avoid inspection hints about spread operator usage
- 2ccef49 scanner: Partly avoid the need for custom serial formats
- 581a24c scanner: Remove an explicit type declaration
- ab54d7a scanner: Remove the unused
ScannerMatcher.create()
function - db54102 scanner: Simplify code with a range operator
- 06c5ec2 website: Improve styling of bullet lists in feature descriptions
- 627dce2 Prefer dedicated empty matchers in tests
- 7f36fc3 Revisit the spellings of "FossID"
- eb9d540 Shorten
.also { it.
one-liners withapply
🚀 Dependency Updates
- 142effc docker: Upgrade
python-inspector
to version 0.14.0 - db38d53 gradle: Upgrade the SW360 client to version 19.0.0
- fdb79a5 scanner: Remove unused dependencies
- 3bbe2c0 Update the dependency-analysis-gradle-plugin to version 2.18.0
- 57fd90f update aws-java-sdk-v2 monorepo to v2.31.52
- e1d6601 update aws-java-sdk-v2 monorepo to v2.31.56
- 8b82c4c update aws-java-sdk-v2 monorepo to v2.31.57
- 093d528 update com.blackduck.integration:blackduck-common to v67.0.9
- 4709730 update com.charleskorn.kaml:kaml to v0.79.0
- 50c623d update com.charleskorn.kaml:kaml to v0.80.1
- 7bdac39 update com.networknt:json-schema-validator to v1.5.7
- fb8105b update dependency @easyops-cn/docusaurus-search-local to ^0.50.0
- 571a100 update dependency gradle to v8.14.1
- b06e2ae update docker/build-push-action digest to 2634353
- 6ff76fd update docusaurus monorepo to v3.8.0
- 56c3c95 update github/codeql-action digest to fca7ace
- 119a701 update gradle/actions digest to 8379f6a
- 353252d update org.apache.tika:tika-core to v3.2.0
- 046e121 update org.postgresql:postgresql to v42.7.6
- ee8acb2 update ossf/scorecard-action action to v2.4.2
🚜 Refactorings
- f469d5b bazel: Simplify
getRegistryUrlsFromBazelRcFile()
- 9a0dbe8 bazel: Slightly simplify a case distinction
- 09bf9ca dos: Remove
fetchConcluded
option - 2cd11ea scancode: Inline the
SCANNER_NAME
property - 093b9db scancode: Split the model into classes in a separate package
- dbe12c9 scancode: Use the SPDX license expression via the interface
- 038573a scancode: Use the file-level license via the interface
- 97d1c08 scanner: Introduce a
ScannerMatcherCriteria
interface - 187bd6e scanner: Make
ScannerMatcher.configuration
non-nullable - 34edf22 scanner: Split out config classes for all scanners
- 57864b5 tests: Extract the repository and artifact provenances
- cac25af utils: Extract two inner functions
- 55d4d5c utils: Factor out
Parts.key
- 194b071 utils: Factor out
getGroup()
- aa6b53d utils: Generalize documentation of
isApplicableIvyVersion
- 9a13d67 utils: Inline
toNormalizedOwnerKey()
- 5f5de54 utils: Make
isVersionRange
an extension ofIdentifier
- 2f9bcee utils: Move
Parts
to the top level - 91d540f utils: Move
replaceYears()
further down - 7612d8b utils: Move a couple of functions to the top level
- 2001...
59.3.0
What's Changed
🐞 Bug Fixes
- f865436 scanoss: Display local file path instead of remote path
- bedb564 scanoss: Snippet generation logic to correctly represent match data
- 3f4b2f6 scanoss: Standardize SCANOSS naming in comments and documentation
- b745169 scanoss: snippetFindings use remote file path instead of OSSKB URL
🎉 New Features
- feecb6d model: Detect and exclude binary license files
- 751a8e5 scanoss: Exclude identified snippets from SnippetFindings
- 7812608 spdx: Tolerate invalid SPDX expressions when writing reports
✅ Tests
- 56a6d18 bazel: Run funTests after the Conan package manager ones
- a54eeae python: Update expected results
- 21e9d99 scanoss: Add tests for license handling edge cases
- fee9e96 scanoss: Use relative paths in test resources
🐘 Build & ⚙️ CI
- 620eb63 gradle: Do not publish "funTest" feature variants
- fc55a7b Replace
printVersion
gradle task with an ORT specific version - 0c6934d github: Use the
printVersion
task to retrieve the ORT version
📖 Documentation
- 1457512 analyzer: Fix a broken KDoc reference
- 5607e43 dos: Fix some broken KDoc references
- 9200a57 scanoss: Fix a broken KDoc references
- 2901d30 spdx: Trivially improve the name of a test
🔧 Chores
- 6d3031f bazel: Make use of a default value
- 1c0d990 commands: Drop an unnecessary
@OptIn
- 22fc4b0 maven: Drop a redundant Companion reference
- 4e183ff model: Allow the
vcsPath
receiver to benull
- fa0a975 model: Name a boolean argument
- c830d6f scanoss: Determine the snippet license only once
- 611c2a5 spdx: Simplify two fallback conditions
🚀 Dependency Updates
- 64a9162 update aws-java-sdk-v2 monorepo to v2.31.48
- 8076f0d update org.gradle.toolchains.foojay-resolver-convention to v1
🚜 Refactorings
59.2.0
What's Changed
🐞 Bug Fixes
- 6c09d4f docker: Correct the .NET version being printed
- 434b368 fossid-webapp: Improve failure handling
- ec5f084 fossid-webapp:
creatScan
response can be polymorphic - ebc6fe0 reporter: Fix a performance issue with generating SPDX reports
🎉 New Features
- 7a7c0fd fossid: Extend logging for FossID project access issues
✅ Tests
- 8f6fa62 model: Add a test for
mainLicense()
- f1d6e97 model: Add locations for detected licenses
- 1ae9df9 spdx-utils: Improve test container naming
📖 Documentation
- 7b0a3f7 website: Briefly document the concept of a "Main License"
🔧 Chores
- a2d1413 fossid: Fixup an error log to be lazy
- 2482d1d model: Remove a superfluous parameter name from a test name
- e2b8af4 spdx-utils: Add types to
SpdxSimpleLicenseMapping
properties - ebfa91f Use the
readResource()
utility function in more tests
🚀 Dependency Updates
- 24ab694 update codecov/codecov-action digest to 18283e0
- c7d5fa8 update docker/build-push-action digest to 1dc7386
- 442518a update github/codeql-action digest to ff0a06e
- ca7b528 update io.github.pdvrieze.xmlutil:serialization to v0.91.1
- 12906f5 update kotlinpoet to v2.2.0
- 1c9cb08 update net.sf.saxon:saxon-he to v12.7
- 5162914 update org.metaeffekt.core:ae-security to v0.138.0
- ac40db6 update org.springframework:spring-core to v6.2.7
- 1721cc8 update retrofit monorepo to v2.12.0
- cd61b46 update retrofit monorepo to v3
59.1.0
What's Changed
🎉 New Features
- 90da9a5 cli: Create a stand-alone launcher for functional tests
- 33c8075 scanner: Improve the behavior when storing conflicting results
✅ Tests
- 994d437 scanner: Move assets to resources
🐘 Build & ⚙️ CI
- 899e4be gradle: Add toolchain download URLs for the daemon
📖 Documentation
- b3bfb8a gradle: Correct the comment for the daemon JVM toolchain version
- b71980e website: Use YAML instead of JSON for plugin configs
🔧 Chores
- 1e027dd buildSrc: Remove an unused index
- 0f156a5 commands: Tweak plugin display names
- 8a3e5c6 model: Improve the failure message when checking references
- 89902b9 plugins: Do not repeat the type as part of the display name
🚀 Dependency Updates
- a1343ac update aws-java-sdk-v2 monorepo to v2.31.43
- 2e6e985 update com.charleskorn.kaml:kaml to v0.78.0
- 2269999 update com.opentable.components:otj-pg-embedded to v1.1.1
- 1cefddb update com.vanniktech:gradle-maven-publish-plugin to v0.32.0
- 88015b4 update jgit to v7.2.1.202505142326-r
- 42d32f5 update kotlin monorepo to v2.1.21
- b027fab update ksp monorepo to v2.1.21-2.0.1
- 15ad615 update org.metaeffekt.core:ae-security to v0.137.0
💡 Other Changes
- 647b3bb style(python): Align on adding single map entries as a pair