Skip to content

Releases: oss-review-toolkit/ort

62.1.0

04 Jul 09:18
Compare
Choose a tag to compare

What's Changed

🐞 Bug Fixes

  • 3ba71e4 fossid: Do not pass a URL with user info to the authenticator
  • 543e9ee spdx: Do not discard concluded licenses with value NONE

🎉 New Features

  • 5a776bb python: Add a function to get supported versions from the inspector
  • ec4da7f python: Rework supported Python versions
  • 1cc6aa8 python: Support a global requires-python in pyproject.toml

✅ Tests

  • 522e4c2 python: Also check for the default Python version to be supported
  • fdb2984 python: Force Python 3.11 to be used for a Poetry project

📖 Documentation

  • 4b98f4f python: Trivially improve test names

🔧 Chores

  • c5eb3e8 model: Reduce the level of a log message

🚀 Dependency Updates

  • 7402d86 docker: Upgrade python-inspector to version 0.14.1
  • 54e5f3e update net.sf.saxon:saxon-he to v12.8
  • 6b5b12a update okhttp monorepo to v5

🚜 Refactorings

  • 79cea53 model: Change FileArchiver to first apply the matcher
  • 0e14d68 python: Parse pyproject.toml with KxS

62.0.0

03 Jul 07:38
Compare
Choose a tag to compare

What's Changed

🛠 Breaking Changes

  • 4170975 chore(model)!: Remove the unused readJsonTree()

🐞 Bug Fixes

  • 21c2767 detekt-rules: Allow safe-access continuation after blocks
  • 76f2411 spdx: Do not require concluded / detected license fields
  • 13cf566 spdx: Ignore not-present declared licenses
  • db93e59 spdx-reporter: Execute patchSpdx23To22() only conditionally

🎉 New Features

  • 5403507 reporter: Allow to output SPDX 2.3
  • ec93c3c spdx: Support SPDX 2.3 in the model while still writing SPDX 2.2
  • ef58123 version-catalog: Publish a bundle for all script definitions

✅ Tests

  • 0d2c959 chore: Avoid passing several default parameter values
  • c233f15 aosd: Factor out JSON schema matching
  • 189ce61 aosd: Trivially inline outputDir
  • fd90ca1 conan: Update expected results
  • 4ab8a92 spdx: Make the schema validation more strict
  • b9107ba spdx-reporter: Make testing SPDX-2.2 more explicit
  • 979b517 spdx-reporter: Simplify calling generateReport()

📖 Documentation

  • 3e69705 commitlint: Fix link to the configuration documentation

🔧 Chores

  • 6a34f1b evaluated-model: Avoid passing the default parameter value
  • 06f742e nuget: Drop an unnecessary val
  • 5817c0a scancode: Do not set the number of processes manually
  • 526d9ca spdx: Remove an unneeded annotation
  • 075a7ed spdx-document-reporter: Inline extRefs
  • f6d2f91 spdx-reporter: Extract two constants
  • b0117cf spdx-reporter: Inline refCat
  • fff2561 spdx-reporter: Turn a constant to upper case

🚀 Dependency Updates

  • 442a603 docker: Upgrade ScanCode to version 32.4.0
  • f9d8705 spdx: Update the license list to version 3.27
  • e564bd2 update aws-java-sdk-v2 monorepo to v2.31.76
  • 8f510c5 update com.blackduck.integration:blackduck-common to v67.0.13
  • fb70016 update com.charleskorn.kaml:kaml to v0.83.0
  • e7abb3e update com.github.jmongard.git-semver-plugin to v0.16.1
  • ed8228d update com.networknt:json-schema-validator to v1.5.8
  • 8eeda9a update dependency @easyops-cn/docusaurus-search-local to ^0.51.0
  • 0353eea update github/codeql-action digest to 181d5ee
  • f812090 update github/codeql-action digest to 39edc49
  • 457fbfc update kotlinxserialization to v1.9.0
  • a9c7b43 update mavenresolver to v1.9.24
  • 5a6ea90 update org.metaeffekt.core:ae-security to v0.140.0
  • 6ad3d21 update org.semver4j:semver4j to v6
  • 1df59c5 update umbrelladocs/action-linkspector digest to 3a951c1

🚜 Refactorings

  • ae5045e gradle: Factor out getGradleProperties()
  • 6bd3633 gradle-inspector: Avoid casts when turning objects to string
  • 410fb8d gradle-inspector: Slightly restructure some code
  • c93c396 spdx: Remove the dedicated SpdxDocumentParams
  • e40b976 spdx-document-reporter: Avoid passing wantspdx around
  • c787de4 spdx-reporter: Factor out SpdxDocumentReporterConfig.wantSpdx23

61.3.0

26 Jun 11:50
Compare
Choose a tag to compare

What's Changed

🎉 New Features

  • e728927 version-catalog: Only prefix reserved words

61.2.0

26 Jun 07:32
Compare
Choose a tag to compare

What's Changed

🐞 Bug Fixes

  • 3aabbca common-utils: Always suppress color when getting the version string
  • 34fb3c2 gradle: Use constraints instead of force to upgrade versions

🎉 New Features

  • fe64a6d buildSrc: Make some plugin docs properties configurable
  • 8dfe6a3 gradle: Publish a version catalog for ORT

✅ Tests

  • 4253426 spdx-document: Mention also the patch level version in test names
  • 47cf111 spdx-document: Move the examples into a v2.2.2 directory
  • 43fee35 spdx-document: Update examples files to match SPDX's v2.2.2 tag
  • 98eb203 Add a comment about the SPDX v2.2.1 examples

🐘 Build & ⚙️ CI

  • 8f586c1 fossid: Remove FreeMarker as a direct dependency
  • 3db03e0 gradle: Account for Maven Central Portal default publishing
  • b0ef535 gradle: Add XZ as an explicit dependency where needed
  • 2d60af9 github: Do not fail fast for the (unit) test matrix
  • 8ad26bb github: Switch to new property names for publishing

📖 Documentation

  • 3137a82 plugins: Clarify how package manager configs are merged
  • 9f13927 plugins: Provide examples for RepositoryAnalyzerConfiguration

🔧 Chores

  • 1e07c0d buildSrc: Remove an unused import
  • 66d6cdc composer: Remove custom getVersionArguments()
  • cedda39 spdx-utils: Inline simple consume() calls

🚀 Dependency Updates

  • fa9402c Update Kotlin to version 2.2.0
  • f95401e Update the dependency-analysis-gradle-plugin to version 2.19.0
  • 71268de update com.blackduck.integration:blackduck-common to v67.0.12
  • 3414bcf update com.github.gmazzo.buildconfig to v5.6.7
  • c086b3b update com.google.devtools.ksp:symbol-processing-api to v2.2.0-2.0.2
  • 3b72c0e update com.vanniktech:gradle-maven-publish-plugin to v0.33.0
  • bc32aa6 update graalvm/setup-graalvm digest to e1df20a
  • e2ed460 update io.mockk:mockk to v1.14.4
  • 32091d9 update org.semver4j:semver4j to v5.8.0

🚜 Refactorings

  • 299c3d0 buildSrc: Move code to a local function for later reuse

61.1.0

19 Jun 07:45
Compare
Choose a tag to compare

What's Changed

🐞 Bug Fixes

  • dcec0ab cocoapods: Add --silent to pod ipc spec to ensure valid JSON
  • 9830caa cocoapods: Correctly resolve react_native_pods.rb script path
  • b401faa cocoapods: Resolve paths for all pods and dependencies
  • 23a177b cocoapods: Resolve podspecs for pods defined via :path
  • d8e2cde cocoapods: Store patched podspec in original podspec directory

🎉 New Features

  • 46175c4 scanner: Improve / align error handling for result files

📖 Documentation

  • fdfda94 plugins: Mark optional plugin values
  • fe4ffed plugins: Mention the type of an optional value
  • 360a6b5 Fix README typo

🚀 Dependency Updates

  • b71c4d8 docker: Upgrade Rust to latest stable version 1.87.0
  • 2a5d430 update aws-java-sdk-v2 monorepo to v2.31.66
  • 32df7d0 update com.blackduck.integration:blackduck-common to v67.0.11
  • 5753e29 update com.charleskorn.kaml:kaml to v0.82.0
  • 8a1d5fe update com.github.gmazzo.buildconfig to v5.6.6
  • 0df84a1 update docker/setup-buildx-action digest to 18ce135
  • d657fa6 update docker/setup-buildx-action digest to e468171
  • 5190f70 update docusaurus monorepo to v3.8.1
  • 7b03b52 update jackson monorepo to v2.19.1
  • ab5fb1a update log4j2 monorepo to v2.25.0
  • e2ee1a7 update org.metaeffekt.core:ae-security to v0.139.0
  • 3e4c756 update org.springframework:spring-core to v6.2.8

🚜 Refactorings

  • 7833a73 evaluated-model: Add issues that aren't part of scan summaries
  • 9329d3f model: Add issues map for ScannerRun
  • d5401bd scanner: Don't create fake scan results when path scan fails
  • 8ff5e7d Generalize searchUpwardsForSubdirectory() for files

61.0.0

12 Jun 07:38
Compare
Choose a tag to compare

What's Changed

🛠 Breaking Changes

  • afaab62 feat(cyclonedx)!: Use generic properties for ORT-specific data

🐞 Bug Fixes

  • ef58233 model: Stop throwing accidentally from an invariant check

🎉 New Features

  • 5d7b086 model: Name sections for specifying plugin options consistently

✅ Tests

  • be9a8db model: Slightly shorten two test case names
  • 6fe4edf pub: Update expected results
  • c7f1dd1 spdx: Improve the test case names
  • de97533 spdx: Rename the expected result files for the synthetic input
  • 7ef2d6a spdx: Shorten the name of an OrtResult test asset
  • 091e57a spdx: Use a more speaking name for spdx-schema.json

🐘 Build & ⚙️ CI

  • 1b0d27c gradle: Properly set the "Main-Class" attribute for applications

📖 Documentation

  • dfa10e3 model: Explain where and how tool configuration is (de-)serialized
  • 2afba8a Improve plugin docs to show the full path for global configuration

🔧 Chores

  • 31a9055 commands: Generally omit null properties when showing config
  • 8224ea6 model: Inline rangesList
  • 7151176 model: Remove GitHubDefects leftovers
  • 2a66893 model: Remove a Jackson annotation from ReporterConfiguration
  • 78c9abd model: Remove an old JsonAlias annotation
  • cd3bc07 model: Use a better name for getVersionRanges()
  • 19ae1db model: Use a better name for range
  • a9488e9 Apply some ordering to generating plugin docs
  • fcb5e17 Prefer Kotlin's in operator over Java's contains()

🚀 Dependency Updates

  • ef02291 docker: Upgrade Ruby to the latest stable version 3.4.4
  • 8fed6c4 update actions/attest-build-provenance digest to e8998f9
  • f6fc1f9 update com.blackduck.integration:blackduck-common to v67.0.10
  • 446bff8 update com.charleskorn.kaml:kaml to v0.81.0
  • 9f757d5 update dependency gradle to v8.14.2
  • 2722702 update github/codeql-action digest to ce28f5b
  • 7f3fbe3 update gradle/actions digest to ac638b0
  • 3acb346 update jgit to v7.3.0.202506031305-r
  • a9593e0 update ksp monorepo to v2.1.21-2.0.2
  • c6844a4 update maven to v3.9.10
  • 45e99b9 update org.jruby:jruby to v9.4.13.0
  • c6ae2a8 update org.postgresql:postgresql to v42.7.7
  • 6d230df update org.semver4j:semver4j to v5.7.1
  • ef99333 update org.wiremock:wiremock to v3.13.1
  • 9d8f37b update umbrelladocs/action-linkspector digest to e2ccef5

🚜 Refactorings

  • 9af797d model: Factor out getVersionRange()
  • 18c6e39 model: Make JsonSchemaTest independent of Jackson
  • 2b9d208 spdx: Simplify schema validation

60.0.0

05 Jun 07:45
Compare
Choose a tag to compare

What's Changed

🛠 Breaking Changes

  • 8c1cdb9 feat(fossid-webapp)!: Add a function to list all projects
  • cc214f1 feat(scanoss)!: Re-implement path obfuscation using scanoss.java

🐞 Bug Fixes

  • eaf876b bazel: Always run Bazel after the Conan package manager
  • 7a77bf7 bazel: Create an issue on dependency version mismatch
  • e9411c3 fossid: Increase read timeout for report generation
  • 7822f07 licensee: Handle "NOASSERTION" findings
  • d86ae71 reporter: Use a shared Asciidoctor instance
  • b53de18 scancode: Extend the fromFile-fixup for ScanCode 32.2.0
  • afd60b5 scancode: Fix support for output format version 4.0.0
  • 0c7c054 utils: Add a missing test to PackageConfigurationTest
  • 785ac36 website: Fix button layout on mobile
  • e5f2b45 website: Fix layout of features on mobile devices
  • d219f33 website: Fix layout of toolchain on mobile

🎉 New Features

  • 8f9c052 bazel: Support local registries for Bazel >= 7.2.0
  • fe819ee plugins: Create empty string lists from empty strings
  • 1ae5834 scancode: Add the SPDX license expression to the interface
  • 260d85d scancode: Add the file-level SPDX license expression to the interface
  • 02fb740 utils: Add sourceCodeOrigin to the package configuration
  • 0fdf659 utils: Allow version range for package configuration
  • 6d06fcc utils: Make provenance matchers optional

✅ Tests

  • e6797ae bazel: Add a test for Bazel 8
  • 37ec13a bazel: Fix two typos
  • 8155f16 bundler: Update expected results
  • 034d082 conan: Update expected results
  • b0b2ae1 model: Simplify the test cases for the constructor a bit
  • 493f71f spdx: Avoid passing a default value
  • 119bfc3 spdx: Extract the test input OrtResult to testFixtures
  • 02a530d spdx: Fix-up URLs in test input data
  • 6e93fc5 spdx: Fix-up the values for homepageUrl in test input data
  • 8af4fc7 spdx: Make the dependency tree of TestData a bit deeper
  • 09c5751 spdx: Re-align a test case name
  • c3bdff3 spdx: Turn two constant names into uppercase
  • c5547f6 spdx: Use the "official" example.com as the domain name

🐘 Build & ⚙️ CI

  • 41b982e Gradle: Use the dedicated variable(s) to reference a project
  • ea27d4d gradle: Update SCANOSS library to v0.11.0
  • 6076c53 gradle-plugin: Prepare for upgrading to Gradle 9

📖 Documentation

  • 457adf6 bazel: Add a comment to disambiguate registry services
  • 5026252 model: Improve the KDoc for versionRangeIndicators
  • 20ee7da model: Improve the ScannerDetails.configuration docs
  • cfb0d76 model: Re-align the documentation for id
  • 4724cda scancode: Remove comments about missing data properties
  • 3e5fa2e scanner: Improve the details property description
  • 6ead807 website: Add a button that shows the GitHub stars
  • 94a8629 website: Add an overview of the ORT toolchain
  • fabcb45 website: Change layout of the frontpage
  • b903b0f website: Improve tool descriptions
  • 4f0a115 website: Show a command to run ORT with Docker in the header
  • 3cc48c5 website: Use FiraSans and FiraCode on the website

🔧 Chores

  • 7df28d8 bazel: Drop redundant logic for filtering
  • 9c25894 bazel: Factor out getRegistryUrlsFromBazelRcFile()
  • 70cecbd bundler: Simplify restoring the backup file
  • 9ff9634 gradle: Access the application's JAR lazily
  • 3f4954b model: Move the sourceCodeOrigin further up
  • 549e513 model: Reformat PackageConfigurationTest
  • 84741cd model: Use a more speaking name for versionRangeIndicators
  • 8c44641 scancode: Document interface design
  • 5d00090 scancode: Make commandLineNonConfig non-nullable to simplify code
  • 5a67c8c scancode: Remove an unused parse function
  • 26d4b76 scanner: Avoid inspection hints about spread operator usage
  • 2ccef49 scanner: Partly avoid the need for custom serial formats
  • 581a24c scanner: Remove an explicit type declaration
  • ab54d7a scanner: Remove the unused ScannerMatcher.create() function
  • db54102 scanner: Simplify code with a range operator
  • 06c5ec2 website: Improve styling of bullet lists in feature descriptions
  • 627dce2 Prefer dedicated empty matchers in tests
  • 7f36fc3 Revisit the spellings of "FossID"
  • eb9d540 Shorten .also { it. one-liners with apply

🚀 Dependency Updates

  • 142effc docker: Upgrade python-inspector to version 0.14.0
  • db38d53 gradle: Upgrade the SW360 client to version 19.0.0
  • fdb79a5 scanner: Remove unused dependencies
  • 3bbe2c0 Update the dependency-analysis-gradle-plugin to version 2.18.0
  • 57fd90f update aws-java-sdk-v2 monorepo to v2.31.52
  • e1d6601 update aws-java-sdk-v2 monorepo to v2.31.56
  • 8b82c4c update aws-java-sdk-v2 monorepo to v2.31.57
  • 093d528 update com.blackduck.integration:blackduck-common to v67.0.9
  • 4709730 update com.charleskorn.kaml:kaml to v0.79.0
  • 50c623d update com.charleskorn.kaml:kaml to v0.80.1
  • 7bdac39 update com.networknt:json-schema-validator to v1.5.7
  • fb8105b update dependency @easyops-cn/docusaurus-search-local to ^0.50.0
  • 571a100 update dependency gradle to v8.14.1
  • b06e2ae update docker/build-push-action digest to 2634353
  • 6ff76fd update docusaurus monorepo to v3.8.0
  • 56c3c95 update github/codeql-action digest to fca7ace
  • 119a701 update gradle/actions digest to 8379f6a
  • 353252d update org.apache.tika:tika-core to v3.2.0
  • 046e121 update org.postgresql:postgresql to v42.7.6
  • ee8acb2 update ossf/scorecard-action action to v2.4.2

🚜 Refactorings

  • f469d5b bazel: Simplify getRegistryUrlsFromBazelRcFile()
  • 9a0dbe8 bazel: Slightly simplify a case distinction
  • 09bf9ca dos: Remove fetchConcluded option
  • 2cd11ea scancode: Inline the SCANNER_NAME property
  • 093b9db scancode: Split the model into classes in a separate package
  • dbe12c9 scancode: Use the SPDX license expression via the interface
  • 038573a scancode: Use the file-level license via the interface
  • 97d1c08 scanner: Introduce a ScannerMatcherCriteria interface
  • 187bd6e scanner: Make ScannerMatcher.configuration non-nullable
  • 34edf22 scanner: Split out config classes for all scanners
  • 57864b5 tests: Extract the repository and artifact provenances
  • cac25af utils: Extract two inner functions
  • 55d4d5c utils: Factor out Parts.key
  • 194b071 utils: Factor out getGroup()
  • aa6b53d utils: Generalize documentation of isApplicableIvyVersion
  • 9a13d67 utils: Inline toNormalizedOwnerKey()
  • 5f5de54 utils: Make isVersionRange an extension of Identifier
  • 2f9bcee utils: Move Parts to the top level
  • 91d540f utils: Move replaceYears() further down
  • 7612d8b utils: Move a couple of functions to the top level
  • 2001...
Read more

59.3.0

22 May 07:45
Compare
Choose a tag to compare

What's Changed

🐞 Bug Fixes

  • f865436 scanoss: Display local file path instead of remote path
  • bedb564 scanoss: Snippet generation logic to correctly represent match data
  • 3f4b2f6 scanoss: Standardize SCANOSS naming in comments and documentation
  • b745169 scanoss: snippetFindings use remote file path instead of OSSKB URL

🎉 New Features

  • feecb6d model: Detect and exclude binary license files
  • 751a8e5 scanoss: Exclude identified snippets from SnippetFindings
  • 7812608 spdx: Tolerate invalid SPDX expressions when writing reports

✅ Tests

  • 56a6d18 bazel: Run funTests after the Conan package manager ones
  • a54eeae python: Update expected results
  • 21e9d99 scanoss: Add tests for license handling edge cases
  • fee9e96 scanoss: Use relative paths in test resources

🐘 Build & ⚙️ CI

  • 620eb63 gradle: Do not publish "funTest" feature variants
  • fc55a7b Replace printVersion gradle task with an ORT specific version
  • 0c6934d github: Use the printVersion task to retrieve the ORT version

📖 Documentation

  • 1457512 analyzer: Fix a broken KDoc reference
  • 5607e43 dos: Fix some broken KDoc references
  • 9200a57 scanoss: Fix a broken KDoc references
  • 2901d30 spdx: Trivially improve the name of a test

🔧 Chores

  • 6d3031f bazel: Make use of a default value
  • 1c0d990 commands: Drop an unnecessary @OptIn
  • 22fc4b0 maven: Drop a redundant Companion reference
  • 4e183ff model: Allow the vcsPath receiver to be null
  • fa0a975 model: Name a boolean argument
  • c830d6f scanoss: Determine the snippet license only once
  • 611c2a5 spdx: Simplify two fallback conditions

🚀 Dependency Updates

  • 64a9162 update aws-java-sdk-v2 monorepo to v2.31.48
  • 8076f0d update org.gradle.toolchains.foojay-resolver-convention to v1

🚜 Refactorings

  • 918be70 scanoss: Improve snippet location pairing with direct mapping
  • 3c5ead0 scanoss: Rename variables for better path distinction
  • 4b0751c spdx-document: Move data validation to dedicated functions

59.2.0

16 May 17:20
Compare
Choose a tag to compare

What's Changed

🐞 Bug Fixes

  • 6c09d4f docker: Correct the .NET version being printed
  • 434b368 fossid-webapp: Improve failure handling
  • ec5f084 fossid-webapp: creatScan response can be polymorphic
  • ebc6fe0 reporter: Fix a performance issue with generating SPDX reports

🎉 New Features

  • 7a7c0fd fossid: Extend logging for FossID project access issues

✅ Tests

  • 8f6fa62 model: Add a test for mainLicense()
  • f1d6e97 model: Add locations for detected licenses
  • 1ae9df9 spdx-utils: Improve test container naming

📖 Documentation

  • 7b0a3f7 website: Briefly document the concept of a "Main License"

🔧 Chores

  • a2d1413 fossid: Fixup an error log to be lazy
  • 2482d1d model: Remove a superfluous parameter name from a test name
  • e2b8af4 spdx-utils: Add types to SpdxSimpleLicenseMapping properties
  • ebfa91f Use the readResource() utility function in more tests

🚀 Dependency Updates

  • 24ab694 update codecov/codecov-action digest to 18283e0
  • c7d5fa8 update docker/build-push-action digest to 1dc7386
  • 442518a update github/codeql-action digest to ff0a06e
  • ca7b528 update io.github.pdvrieze.xmlutil:serialization to v0.91.1
  • 12906f5 update kotlinpoet to v2.2.0
  • 1c9cb08 update net.sf.saxon:saxon-he to v12.7
  • 5162914 update org.metaeffekt.core:ae-security to v0.138.0
  • ac40db6 update org.springframework:spring-core to v6.2.7
  • 1721cc8 update retrofit monorepo to v2.12.0
  • cd61b46 update retrofit monorepo to v3

59.1.0

15 May 07:31
Compare
Choose a tag to compare

What's Changed

🎉 New Features

  • 90da9a5 cli: Create a stand-alone launcher for functional tests
  • 33c8075 scanner: Improve the behavior when storing conflicting results

✅ Tests

  • 994d437 scanner: Move assets to resources

🐘 Build & ⚙️ CI

  • 899e4be gradle: Add toolchain download URLs for the daemon

📖 Documentation

  • b3bfb8a gradle: Correct the comment for the daemon JVM toolchain version
  • b71980e website: Use YAML instead of JSON for plugin configs

🔧 Chores

  • 1e027dd buildSrc: Remove an unused index
  • 0f156a5 commands: Tweak plugin display names
  • 8a3e5c6 model: Improve the failure message when checking references
  • 89902b9 plugins: Do not repeat the type as part of the display name

🚀 Dependency Updates

  • a1343ac update aws-java-sdk-v2 monorepo to v2.31.43
  • 2e6e985 update com.charleskorn.kaml:kaml to v0.78.0
  • 2269999 update com.opentable.components:otj-pg-embedded to v1.1.1
  • 1cefddb update com.vanniktech:gradle-maven-publish-plugin to v0.32.0
  • 88015b4 update jgit to v7.2.1.202505142326-r
  • 42d32f5 update kotlin monorepo to v2.1.21
  • b027fab update ksp monorepo to v2.1.21-2.0.1
  • 15ad615 update org.metaeffekt.core:ae-security to v0.137.0

💡 Other Changes

  • 647b3bb style(python): Align on adding single map entries as a pair