creadur-rat

Apache Creadur RAT - Release Audit Tool

APACHE-2.0 License

Stars
27
Committers
29
View Code on GitHub Visit Website
Ecosystems: Maven, Groovy, Cordova, Apache Spark, Java, Apache Cassandra

Bot releases are hidden (Show)

creadur-rat - v0.16.1 - 2024-01-24 Latest Release

Published by ottlinger 9 months ago 

          Apache Creadur Rat 0.16.1
              RELEASE NOTES

The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.16.1

Apache Rat is a release audit tool. It improves accuracy and efficiency when checking
releases. It is heuristic in nature: making guesses about possible problems. It
will produce false positives and cannot find every possible issue with a release.
Its reports require interpretation.

In response to demands from project quality tool developers, Rat is available as a
library suitable for inclusion in tools. This POM describes that library.
Note that binary compatibility is not guaranteed between 0.x releases.

Apache Rat is developed by the Apache Creadur project, a language and build
agnostic home for software distribution comprehension and audit tools.

As release 0.16 introduced breaking changes concerning the configurability of the Maven plugin, these configuration options are reintroduced albeit as deprecated elements. You need to adapt your configuration in contrast to pre-0.16 settings: please consult our webpage for more details and examples.
Apart from dependency updates the release contains new features in .gitignore-parser and reduces log spam of RAT.
The most important bugfix relates to performance issues (due to expensive regex scanning) in combination with the Copyright-matcher and SPDX-detection.
All feedback was used to overhaul the homepage to include how to configure custom licenses and matchers.
We migrated to jUnit5 and removed the 'apache-rat-api' module in this release.
Thanks for your patience and all the feedback in the making of this release!

Changes in this version include:

New features:
o RAT-342: Use Maven wrapper (with version 3.9.6) for reproducable local builds and on ASF Jenkins and Github Actions.
o RAT-348: Update gitignore-reader library to 1.3.1 to get latest changes in gitignore parsing. Thanks to Niels Basjes.
o RAT-346: Issue a warning if a user defined License family has the same name as an existing one. Thanks to Claude Warren.
o RAT-346: Migrate to JUnit5 and fix minor issues in tests and javadoc. Thanks to Claude Warren.
o RAT-325: Set log level default for CLI runs to WARN. This applies to test runs as well, as other UIs configure their logging natively. Thanks to Claude Warren.
o RAT-325: Add missing dejavu font in Javadoc, generate MOJO metadata in site and fix broken links in webpage.

Fixed Bugs:
o RAT-343: Reimplement old configuration elements for custom licenses in Maven plugin configurations (and updates to the webpage). Thanks to Claude Warren.
o RAT-343: Add integration test to allow enhanced testing of custom licenses. Thanks to Niels Basjes.
o RAT-349: Fix NPE by falling back to default stylesheet if none was configured before. Thanks to Niels Basjes.
o RAT-325: To improve the performance during SPDX processing a check to skip expensive regex operations was added. Thanks to Claude Warren.
o RAT-325: Internal logging feature enabled for license matching tests to avoid random test failures when manipulating System.out in test runs. Thanks to Claude Warren.
o RAT-325: Do not load fonts via Google/remotely, but use files hosted by ASF only and add privacy link to comply with ASF- and data protection/privacy regulations.
o RAT-344: Fix double output by deleting any existing RAT report before writing a fresh file during plugin runs.

Changes:
o RAT-339: Update mavenPluginPluginVersion from 3.10.2 to 3.11.0 and introduce goalPrefix in plugin configuration. Thanks to dependabot.
o RAT-339: Update junit-platform-runner from 1.8.1 to 1.10.1. Thanks to dependabot.
o RAT-339: Update junit from 5.10.0 to 5.10.1. Thanks to dependabot.
o RAT-339: Update actions/cache from 3.3.2 to 4.0.0. Thanks to dependabot.
o RAT-339: Update maven-surefire-plugin from 3.2.3 to 3.2.5. Thanks to dependabot.
o RAT-339: Update maven-jxr-plugin from 3.3.1 to 3.3.2. Thanks to dependabot.
o RAT-339: Update slf4j-simple from 2.0.9 to 2.0.11. Thanks to dependabot.
o RAT-339: Update assertj-core from 3.24.2 to 3.25.1. Thanks to dependabot.

Removed:
o RAT-346: Remove apache-rat-api module that contains misleading license-related classes. Thanks to Claude Warren.

Historical list of changes: https://creadur.apache.org/rat/changes-report.html

For complete information on Apache Creadur Rat, including instructions on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Creadur Rat website:

https://creadur.apache.org/rat/

creadur-rat - v0.16 - 2023-12-28

Published by ottlinger 9 months ago 

          Apache Creadur Rat 0.16
              RELEASE NOTES

The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.16

Apache Rat is a release audit tool. It improves accuracy and efficiency when checking
releases. It is heuristic in nature: making guesses about possible problems. It
will produce false positives and cannot find every possible issue with a release.
Its reports require interpretation.

In response to demands from project quality tool developers, Rat is available as a
library suitable for inclusion in tools. This POM describes that library.
Note that binary compatibility is not guaranteed between 0.x releases.

Apache Rat is developed by the Apache Creadur project, a language and build
agnostic home for software distribution comprehension and audit tools.

Apart from dependency updates and multiple bugfixes, this release brings the ability to use SPDX license identifiers and enhances the .gitignore-exclusion filterung during RAT runs.
Furthermore new CLI options were added and new file types can be used by default. This release makes RAT a fully Maven3-compatible plugin and removes deprecated Maven2 completely.
Thanks to all new contributors for improving RAT!

Changes in this version include:

New features:
o RAT-338: Update minimal build Maven version to 3.2.5 and maven dependencies to 3.9.6. Remove pre-JDK8 code constructs and minor refactorings. Thanks to Tamás Cservenák.
o RAT-335: Enhance .gitignore handling; support multiple .gitignore files and allow a more complete parsing of Git's ignore files. Thanks to Niels Basjes.
o RAT-322: Add configuration option to scan hidden directories: --scan-hidden-directories on the command line and scanHiddenDirectories as a Maven plugin parameter. Thanks to Jean-Baptiste Onofré.
o RAT-320: Add new command line option -o/--output to write RAT's output to a file. Thanks to Jean-Baptiste Onofré.
o RAT-329: Add markdown (MD) and yaml (YML/YAML) as a recognized extension for file and license processing. Thanks to Claude Warren.
o RAT-316: Add default exclusion of MANIFEST.MF as it must not contain comment lines to include a license.
o RAT-321: Allow text-based XML configuration of RAT. Thanks to Claude Warren.

Fixed Bugs:
o RAT-326: Fix existing javadoc build errors and add javadoc generation to existing GithubActions to not introduce build errors via merge requests.
o RAT-328: Ensure that System.out does not get closed during report generation and updated javadocs. Thanks to Claude Warren.
o RAT-311: Update commons-compress to 1.24.0 in order to circumvent CVE-2023-42503.
o RAT-251: Added SPDX processing for default licenses. Thanks to Claude Warren.
o RAT-315: Fix warnings when using RAT with newer Maven versions as methods from Maven v2 are deprecated. Minimum version of required Maven changed to 3.2.5. Thanks to Guillaume Nodet.
o RAT-317: Change log output level of SCM ignore parser from info to debug in order to produce less log output in RAT runs. Thanks to Gary Gregory.
o RAT-314: Add default recursive exclusion for maven-induced build artifacts in folder .mvn. Thanks to François Guillot.
o RAT-312: Remove Travis build as it is unreliable. Builds with ASF Jenkins and Github Actions remain as before.

Changes:
o RAT-311: Update actions/setup-java from 3.4.1 to 4.0.0. Thanks to dependabot.
o RAT-311: Update actions/cache from 3.0.11 to 3.3.2 Thanks to dependabot.
o RAT-311: Update actions/checkout from 3 to 4. Thanks to dependabot.
o RAT-311: Update mockito-core from 4.7.0 to 4.11.0, newer versions 5.x cannot be applied due to our JDK8-compatibility restriction. Thanks to dependabot.
o RAT-311: Update plexus-utils from 3.4.2 to 3.5.1, versions 4.x are for upcoming Maven4 and must not be applied here. Thanks to dependabot.
o RAT-311: Update maven-plugin-version from 3.6.4 to 3.8.2. Thanks to dependabot.
o RAT-311: Update wagon-ssh from 3.5.2 to 3.5.3. Thanks to dependabot.
o RAT-311: Update Ant from 1.10.12 to 1.10.14. Thanks to dependabot.
o RAT-311: Update ASF parent pom from 27 to 31 and update multiple maven plugin versions implicitly (surefire, release, project-info, enforcer, jxr). Thanks to dependabot.
o RAT-311: Update doxiaVersion from 1.11.1 to 1.12.0. Thanks to dependabot.
o RAT-311: Update maven-shared-utils from 3.3.4 to 3.4.2. Thanks to dependabot.
o RAT-311: Update org.slf4j:slf4j-simple from 1.7.36 to 2.0.9. Thanks to dependabot.
o RAT-311: Update commons-lang3 from 3.5 to 3.14.0. Thanks to dependabot.
o RAT-311: Update commons-compress from 1.21 to 1.25. Thanks to dependabot.
o RAT-311: Update commons-io from 2.11.0 to 2.15.1. Thanks to dependabot.
o RAT-311: Update commons-cli from 1.5.0 to 1.6.0. Thanks to dependabot.
o RAT-311: Update maven-pmd-plugin from 3.18.0 to 3.21.2. Thanks to dependabot.
o RAT-311: Update maven-dependency-plugin from 3.3.0 to 3.6.1. Thanks to dependabot.
o RAT-311: Update maven-compiler-plugin from 3.10.1 to 3.12.1. Thanks to dependabot.
o RAT-311: Update maven-javadoc-plugin from 3.4.1 to 3.6.3. Thanks to dependabot.
o RAT-311: Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot.
o RAT-311: Update maven-enforcer-plugin from 3.1.0 to 3.4.1. Thanks to dependabot.
o RAT-311: Update extra-enforcer-rules from 1.6.1 to 1.7.0 Thanks to dependabot.
o RAT-311: Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot.
o RAT-311: Update animal-sniffer-maven-plugin from 1.22 to 1.23. Thanks to dependabot.
o RAT-311: Update maven-project-info-reports-plugin from 3.4.1 to 3.5.0. Thanks to dependabot.
o RAT-311: Update maven-surefire-plugin from 3.2.2 to 3.2.3. Thanks to dependabot.

Historical list of changes: https://creadur.apache.org/rat/changes-report.html

For complete information on Apache Creadur Rat, including instructions on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Creadur Rat website:

https://creadur.apache.org/rat/

Badges
Extracted from project README
ASF Jenkins Build Status Github Action master branch status Revved up by Develocity
Related Projects
maven-common-artifact-filters

Apache Maven Common Artifact Filters

07 Dec 2017 4
maven-apache-parent

Apache Software Foundation Parent POM

04 Nov 2017 35
creadur-whisker

Apache Creadur Whisker

29 Apr 2013 5
maven-rar-plugin

Apache Maven RAR Plugin

09 Dec 2017 9
maven-script-interpreter

Apache Maven Script Interpreter

07 Dec 2017 10
creadur-site

Apache Creadur website

10 Sep 2016 2
maven-reporting-exec

Apache Maven Reporting Executor

07 Dec 2017 5
maven-acr-plugin

Apache Maven ACR Plugin

09 Dec 2017 3
maven-jar-plugin

Apache Maven JAR Plugin

09 Dec 2017 77
maven-apache-resources

Apache Software Foundation Resource Bundles

11 Mar 2023 6
maven-archiver

Apache Maven Archiver

07 Dec 2017 9
maven-dependency-analyzer

Apache Maven Dependency Analyzer

07 Dec 2017 40
maven-resolver-ant-tasks

Apache Maven Artifact Resolver Ant Tasks

25 Nov 2017 7
maven-release

Apache Maven Release (Plugin)

21 May 2009 115
maven-dependency-tree

Apache Maven Dependency Tree

07 Dec 2017 23