ort

What's Changed

Breaking Changes 🛠

• 1be48b43beb8d35541f79d5368e4140bb9b6ecd1 chore(reporter)!: Reduce the visibility of ReportTableModel
• eb0e6f15873433db35ba52669bbf795d05d18700 chore(reporter)!: Remove the unused SummaryTable
• b76b7a7f8a83427cb75db3c2d087cf10fe7cd8e3 refactor(plugins)!: Move all ALL properties to Plugin implementations
• 89aaf0c417ce33b9d9e66c884dc9d0fb09d82511 refactor(reporter)!: Move ReportTableModel to the static HTML plugin

Bug Fixes 🐞

• a1ea6116cb8d7384942710142594463d65ed5f93 compare-command: Fix the program exit codes
• f1abea143f04b146ba0388973675279b54897941 helper-cli: Fix two issues with listing licenses
• eadf828001f8da5e499e5c2a9612ad8f2093038a helper-cli: Remove package.json from path exclude generator

Chores 🔧

• 62a3bc5c921b4b6bc733b3d5dda066f689a98e13 mailmap: Add another email to map list
• 94defb1a051d3fafa99f873d5ccadb97136f937a node: Improve formatting of a code comment
• e4d894b9f30a586b1ee3cd608f75e913359b9d9a node: Remove an unnecessary capturing group

Dependency Updates 🚀

• d785b4f7f8e911df13d7ca895595da5bc4b5aca0 Dockerfile-legacy: Update the the available Cargo version
• 4503fcca33f781e81e1b406e7b2e1347f3f8dab1 Gradle: Update the detekt plugin to version 1.23.4
• bd2d37d96567e1a69321ff7b0edae4b0a4cae110 docker: Upgrade Cargo to the version available in Ubuntu Jammy
• 2bdec8f92b404db14936195ccdb05cbb6ec127bb Update the Maven resolver to version 1.9.18
• 123984a491c422e575c85dd9f4eb124c2557cae4 update actions/setup-java action to v4
• c73f351ccfd8056a9b8cdbe88f49467fdc488297 update davidanson/markdownlint-cli2-action action to v14
• 5bb6a681f18454b93bc26eacb9eba4af9f2e6548 update dependency ch.qos.logback:logback-classic to v1.4.12
• 52985f694e9c452e1406203893a09e29e3507602 update dependency ch.qos.logback:logback-classic to v1.4.13
• a66bf0e9961c5eb6a3208be2c5045506a1a9f13d update dependency com.github.jmongard.git-semver-plugin to v0.11.0
• 956d12e4ec820c39a5fc0931d30e0e3a3d692407 update dependency gradle to v8.5
• 5fca7952af42596a1c7e93df5e4d805d9f27334e update dependency org.jetbrains.exposed:exposed-dao to v0.45.0
• 6d43649a7ff4f5ae65491f61293c71d2f53a7f33 update kotlin monorepo to v1.9.21

Documentation 📖

• 4a1e0b2f3211e37b00219869b0b856958f7aefb6 ADOPTERS: Slightly improve the wording for Cariad
• b742da76dfd087d47fe919e437f048dbac0b69f5 compare-command: Add / improve some code comments
• 77d88045409503a88a643d4dd70a57239946f1ea plugins: Align documentation for the ALL properties

New Features 🎉

• aff351977fbb9751df039310deed4483ef62df83 CompareCommand: Add the SEMANTIC_DIFF as a new compare method
• 4cfab70030bf9ed90944caf2b4d71fefeb2c739e CompareCommand: Implement custom deserializer
• d591aec683df36350c123e1eafa7c461d31ab26c compare-command: Make the context size configurable via an option
• 21076575960036236ae7ba01d0bb53b20a6feb19 helper-cli: Extend path exclude generator by a couple of patterns
• 738790cf31f32825b6698ccb9992f857ce6705bf jenkins: Allow to set arbitrary environment variables
• 7ad4e319f6a54e4170bca762ce5bae9e44244f2c requirements: Add an option to toggle listing plugins and commands
• 1dcb1ff7cef45ca58bb98fdee2411c486039584f requirements: Also list all found ORT plugin implementations
• eb6e82f8e0dc516d92214f243501edcf729f3338 scanner: Teach package scanners about all packages covered by a scan

Other Changes 💡

• a1ccc6d3bc5d85c99fc83200f28026240dea27d0 CompareCommand: Move the deserialization out of the when
• 19bfbe05b8cc5c6b3cae6c9b24d025db4c21ad1f VersionControlSystem: Implement the Plugin interface
• 777b1ff638cb2c0bc25201efb3c8b244177d0047 compare-command: Move an enum classs closer to its use
• a1bb32da16482a437cac2043cb25fcd70dbe8b3f compare-command: Rename deserializer to mapper
• 1dbed2ea4ec3adc0cac2fa9149c5608d47b499c0 helper-cli: Adjust return type of getScannedProvenance()
• f8871339c332d977077a1a52dc98d6ccaff03da0 helper-cli: Use a more speaking name for getProvenance()
• de5027e19098f5151f5c055f637f11079139f1c4 node: Split out code to detect the right Node package manager
• 5d2fb19944757b1dbb9856fffc7ab9e60ae1c5c2 reporter: Make map() take ReporterInput as param
• 1d2d88ac56fa43e64ff2e609418e57f64c1d4def reporter: Simplify obtaining a package or project
• 6bc8c31683279a25a9ad0426017b0f7844e134ed requirements: Factor out getting plugins by type
• 8c9186475bf31ec8c98d3e2c09d3df61ef9582ad requirements: Further separate detecting from printing versions
• 805a6e77b17b2a961bda0908c96a4ba0a173c7cd requirements: Split out long code to functions

Performance Enhancements ⚡

• a176fc543b08525239e6be5e917f9309fc3b061b requirements: Limit scanning to sub-types

Tests ✅

• 6eeb7291e117b6b71fa63aa52c3d4ea23323fad1 compare-command: Add a functional test for the text diff method
• 6c90a2e60be74372ecdca442a5c1493ffeea9e3b conan: Update expected results
• 18f931845a58518794dfc4fd64b34a9789fedc72 node: Add tests for remaining support functions
• 89c3ed63763f31a246bac127d44a97234e084c8a osv: Update expected results
• 665aa8751ae7b55b0a9e931bd9e921d4c27bf9f6 requirements: Add a test for core plugins to be found

Other Changes 💡

• f563d2a032ee632ef86832692a3ab82884a84ae8 style(Jenkinsfile): Fix a string parameter's indentation
• 1fe0eb5b24213f208387ae66c4335666543a5247 style(fossid): Remove some named arguments
• cdd399345078b06ba7102fec0b322c47750e43c9 style(reporter): Use a shorter name for packageforId

What's Changed

Bug Fixes 🐞

• a9bd271f53cbbd9fc1d20a290eff1d77c7231349 analyzer: Support uppercase-letters in Go module version
• 5334b19d313307673ce61768340b27bbbb6a722c helper-cli: Use the "pluginClasspath" approach to bundle plugins
• acda9643a2966b9596d89689864a83a607d3e0ac jenkins: Align Java's user.home with HOME
• fced3d83acd16fb2a0dea0773b969e104bb2bbe7 jenkins: Limit the credentials type to the supported type
• 49b66c952734b23d4303870cec03d4666e15ea6c opossum: Get license texts via the provider
• 45e1e63ad5b7eb918deeb2150d69f7d83ca70a48 spdx: Add the missing OTHER relationship
• 40630f4f8831f2b84f3faf8152e90ab62a751e0a spdx: Add the missing snippet ranges
• e8d9c53f59d40297169ab3b1f9983829c9edd210 spdx: Do not allow the snippet name to be blank
• b9c038ea3c6ca376481f41fde4d4bb7ee39fb451 Remove any YAML front matter from ScanCode license files

Build 🐘 & CI ⚙️

• 54f72d981889a1ae0506539298dae0d14c0f6def Align on tools from .versions also for the build / test workflow

Chores 🔧

• b76ae858ea9c6b894cc03e54bd9aa1d548c2b1c9 adopters: Officially add Cariad to the list
• 0557aebbc5cb3c1e6b86c8e1ad74e452a4f193aa docker: Extract .NET version to a variable
• a07f3d60ee4263e78446444fe708bfc09ed03baa docker: Upgrade Android Command line tools to the latest version
• 0818afb39d06c85bec414abe49cd3b5e9c00f96d docker: Upgrade Poetry to the latest version
• 6d72e443970a38d32984b03964ce63c5937ede62 github: Remove the duplicate Batect wrapper validation
• 333d1d7ff81dfa2fd0b67918b6be4e9912fe1766 jenkins: Use the name ignored for an ignored exception
• a2d87c6885cff9124ba463de2c34df4dd8aee0b5 mailmap: Map to Mikko's Double Open email address
• 0bf2b1af62697c24013d3abf7c1257f6bfdb1277 ort-utils: Add a debug log if a netrc file has not been found
• e4b018b871f31fa97846cd96a6025ceb8a99c25c ort-utils: Add more environment variables relevant for debugging
• 2ce1460797d293b0c1fd519e5caee08acab46403 reporter: Remove unnecessary braces
• 22b5c1fd54893c1aa2b1d94a56ebc1ca2a5facec scanner: Trivially improve the wording of log messages
• fb3789388c841755d1a174eeeff08435597daa36 Improve and align the wording for non-SPDX licenses in info fields

Dependency Updates 🚀

• 6bf2206fd4a8d22b8bcc87c9010754f02d93f391 evaluator: Update the OSADL matrix
• 2f7d3810e319a2d3ff9461957a464b303cd6ff82 Update Apache commons-compress to version 1.25.0
• 1a7c848b5297431bd34ab3b4d847190690ba5a40 Update the Maven resolver to version 1.9.17
• 5f437436f441157fa358f8a80d61841c3b87436c update dependency com.github.ben-manes.versions to v0.50.0
• 8884e0f89a7d49cb89a12673e5d1436e334ed68d update dependency com.icegreen:greenmail to v2.0.1
• 9222331b077dfee31059a8f0b587afa223e94802 update dependency org.postgresql:postgresql to v42.7.0
• ed6b0298bc4847cc7d759b743c033652b16a54de update dependency org.springframework:spring-core to v5.3.31
• 5005851bae01b1950058f824b39dab3f6dc7cb02 update log4japi to v2.22.0

Documentation 📖

• b89610fe09a543fd75bc8902c894eae0557ea3c7 jenkins: Clarify that the credentials type should be for HTTP
• 29f9aefb74ddad36cd556de4020670b60fb1ceac Add Double Open to the NOTICE file
• 23a81369586f248645e61189df69c9b73bf010c5 Document setting metadata about a package's authors
• 4b2d663e78721de86cab4f436296139d2aa4ba6f trim trailing spaces in package-curations.md

New Features 🎉

• c64efc7c2341293d4eeeac933e6cd8685a9b0365 docker: Make Android SDK version a build arg in Dockerfile-legacy
• 8e227231aa79adbd63971f55fe4a3b7b1b12fb5a evaluator: Also print the rules used as part of configuration
• 1098569fe384f89b10a855f47291bb42e548caad helper-cli: Add 'annotationProcessor' to scope exclude generation
• ec499772b63c6985ca6da102c385d52d3a2a5ede helper-cli: Add 'lombok' to scope exclude generation
• 1e4a20cf64fd9044de01887fd0c3b93dd32677e4 jenkins: Allow to specify a VCS path for configuration
• 623b2fa00ddb585cd36b4937015e474df76ecee6 model: Sort the detected license mapping during serialization

Refactorings 🚜

• 8b44818c9f2952f88409858cc89e281472d8eea0 docker: Rename ANDROID_SDK_VERSION
• f42b72df11e10748fca9b46e19791803113663eb evaluator: Rename a variable according to its type
• 8880747db306afbdb84fc9c2fc627dcc9c008799 reporter: Drop an also
• caedab1456bf3dd051f0bd0ac311fc151f72ca0d reporter: Simplify computing isRowExcluded
• a8511d9f89a7621407770dee86116c80a7541b86 static-html: Relocate some functions / constant
• bddecf4ec0f9357120abf955e9db0f1608b0f5a4 utils: Move ORT directory properties to Environment
• adaf89cbb64c18fbb327a03b0b2d05d7dbca3c77 Move the SPDX <-> Conan resolution test to the SPDX project

Tests ✅

• 5cddcaaefc84ea5043f43bcfc4298d643dc7a987 cli: Reduce an expected result to the intended scope
• 448a8bb172c24715a423fa60807afc45f851c2fe f5c5f7d82ef050a97d400fc578c27bc12e929d12 67194c50b8bd4241095f3933ff38f21a6c3fc112 spm: Update expected results
• a9594cbde6b7647d9988659f902a1a1875c9421f Fixup the user home directory also when running tests (in Docker)
• 8a50ca76fbe3ff2ddcc2e6c112ef152a18864cab Run CLI functional tests outside of Docker

Other Changes 💡

• 8bf89ad8e47990cbc051ab12514ee7665ef1504b Revert "chore(stack)!: Temporarily disable Stack in Dockerfile-legacy and tests"
• 04b33b391a2814562da79b90f0706d8cf88dbb30 style: Omit trailing dots from some NOTICE parties

What's Changed

Breaking Changes 🛠

• a45532988bd4953b2b3631add095986c3eccf3df feat(reporter)!: Support secrets in reporter options
• bd0310160f84770924a8113df15a8c6e7c788ab3 feat(scanner)!: Pass properties to configure storage usage to wrappers
• cc7d53490a6cf2bf12bc8288e0143cb8cd415aa7 refactor(PackageCurationData)!: Drop support for legacy property name
• 72cbc73062fe77fecc077b1a58cae6f97d9624b7 refactor(maven)!: Make some class members private
• a55225808c148c83f7cea6b5822d16079080744c refactor(maven)!: Make the container property private
• 13564f97ff54d3253822f3757af69c46181b2d82 refactor(scanner)!: Use ScannerWrapperConfig in factory
• 801948f0a01791223325d5b4584f3f5e67950dc9 refactor(vcs)!: Make all WorkingTree implementations internal

Bug Fixes 🐞

• f1c59590594f1e27ef64013f5cd18ddebac3cb94 docker: Base image should not refer itself
• bb742aa3cd8c47fd33ca47a282b883b09522283f docker: Bump up The Node.JS version in another place
• 528e5c752dc27fa4f7764cae825a4ba428c38935 docker: Match docker scripts to upstream image naming
• 6ce0978ecf1b92bb5cfa58488b546be5dbc2b726 docker: No build or publish in pull_request events
• a21905e0b9fac176bf427a99f25333dad6fe8d67 docker: Stop accidentally skipping component image builds
• 5a2193202c09fb1ba91c2ad65838aed4a9a5161a helper-cli: Fix an issue with listing licenses
• 05d8acce5efd8688466769ea4e263bb7ad072e23 node: Allow deserializing empty pnpm-workspace.yaml files
• 552b0e2aa444dcbe2af153547beeaa03139650fa Add advisor plugins to the plugin classpath for distribution

Build 🐘 & CI ⚙️

• 272b5088afd2f630b6f9979d61c20e79fb4774e6 git: Explicitly add transitive Jackson dependencies
• c9a730b2ca5ce7a5c79dba4180052b0c638afa44 git: Split out the jgitSshApache dependency
• 400e9efc4b6dd8bfba6c4cad37ec85b11f693b50 Move all VCS plugins to separate Gradle projects

Chores 🔧

• 059190d104e64ae2b60a5730423fbaf6cdc75ccb docker: Align the Pip version with Dockerfile
• cec3ec70619b3539ab053e06c6ee12f762f3bbd1 docker: Avoid the use of tee if stdout is not needed
• d0f67e27488a0976836902d05e0a70521b48f801 docker: Rename output of custom Dockerfile
• 343d2ffcbc8de77c15e266b84329cd9f9b4379a9 docker: Upgrade CocoaPods to the latest version
• 5dd26aaba0cb5a960bc9fc75312a7b18d87a8d0e docker: Upgrade Conan to the latest 1.x version
• 15997312f972c7785ddaa01021f6b55fc4cc4247 docker: Upgrade Pipenv to the latest version
• ccabd1f23872f408d1a508a797f0999e27af464f docker: Upgrade SBT to the latest version
• 16ff51f6f44e7f7540d58ac7465dc4ea81ae2261 docker: Upgrade ScanCode to the latest version
• 595261c9e0a55d62069bdc67ebc930dbc36fb2d4 docker: Upgrade Yarn to the latest 1.x version
• ab87104d83ca7fd27a71190d57129797120e0e9a docker: Upgrade Pipto the latest version
• cb68cb0d21efc3b1805e039cb6a4d2eaee64003d docker: Upgrade pnpm to the latest version
• 876c1d41cc0618254a0bcfacc202dedc66b0c13d docker: Upgrade the Haskell Tool Stack to the latest version
• 907906246f497f86f67f746abf19da52512c147f mailmap: Use Thomas's personal email address
• 1223273043fd5cb6fa1b67e6dc1676ef71fa89ce maven: Add an import to resolve a KDoc reference

Dependency Updates 🚀

• 655636650eb08f760377cf559ebc154a7fd06613 git-repo: Upgrade to the latest stable git-repo release
• 45fbb1ab28afcaa1d34dae0418fa1735b786fdae update dependency com.autonomousapps.dependency-analysis to v1.26.0
• d44c243b7a4fc2ae3b23652489e8a6f72deffb9b update jackson to v2.16.0
• ae8e4db9ab98879f3421af499174a0c1d3325145 update kotlinxserialization to v1.6.1

Documentation 📖

• 1fa65291d93eb5f8317c9aeeb57e100f7eec6d25 README: Fix further broken links
• 551c79fe5a6c4c51eda0dd30659b7ecd19dc0edf README: Fix the link to version control system implementations
• 551b68b63cea08b2e1758f015df67d9add7d1779 README: Remove a broken link for the Notifier bullet point
• eccf170367637f56a3628bf49f2ed89c5a775da6 scanner: Fix a typo
• bd4e1c78b413dd8aecb8277ce1859de4360d9f21 scanner: Improve logging for packages with incomplete scan results

New Features 🎉

• cd323ab55b660edf66d289ff91027afcb4a9723d docker: Change naming default and unify docker files
• 8d7b82d299a6455bda83a6d4c50ceb6f9d09f876 docker: Rename images to agreed names
• f06a4ac8e53c1fc728a0e6c90716bd6bab4a9671 helper-cli: Extend path exclude generator by a couple of patterns
• 1534d3990b31202dc71f375a8213168141010ab2 helper-cli: Improve the output of list licenses command
• dcd3b192646c4bbf89c128b9334e1c03523201be helper-cli: Re-filter scan summary by VCS path
• 2147b4fee9d6897f86139315e8e6e82f2818879d osv: Add the missing handling for the Hackage ecosystem
• 4d5b611668f83b5c92d7cb8bca7408e0b5f0ba64 reporter: Read FossID credentials from secrets
• 937e4fb88c4743ee75e41da21565ec86f795dee5 scanner: Add a class to hold the common scanner wrapper config
• ab27a19cf00a6b93e9b00d3184d7a403a4ccda7b scanner: Add properties to configure storage usage
• 87db6d4cf922abfc995a5168c325e6f17a1ae92e scanner: Use the new properties that configure scan storage usage

Refactorings 🚜

• 7eb2ffe49fe9ab1664b272e346278f1195e99c94 analyzer: Port Java's walkFileTree() to Kotlin's walk()
• 17f3ad103edfbe03a1d4b2189524de89ba0c5ef1 maven: Operate on sets of repositories
• 4c940af63e3c6c14363a6df5f51e22ac77414134 plugins: Do not hard-code dependencies on Git
• f93e651b1f6d9d333c82ba5c6d7cb66ddbf8993d scanner: Move ScanResult.filterByVcsPath() to utils

Tests ✅

• 16223977dffd05f7b920eab7735ecda7af43b140 fossid: Mock the abstract VersionControlSystem instead of Git
• 0a8dcb7b35a2d48ff9cbb38d5b248bf0fa2fed39 node: Make the empty pnpm-workspace.yaml be well-formed YAML
• a702a3c63ccf632a04e787a473ae862607239cbf osv: Fix the assertion for ecosystem support
• 65125cb5e5b5397c27f3e1d52a5957b24e63a50c osv: Improve package list for supported ecosystems
• 150530cd287204b8e66beb8a3e6d1c0412317b5f 9d29e6d1fa72381866494bc5ac2a9e3c1830a021 osv: Update expected results
• f514519813864823541ab9121f8a6215c8d25123 scanner: Improve tests for ScannerWrapperConfig
• 477127620a0b7a760461320e0c9b59da48a88766 spm: Update expected results
• fc47411f4b00bf62f6ca4a2e1d81ed446a30e099 Run analyzer functional tests outside of Docker

Other Changes 💡

• befe8c09585d25cd2fb22fcc6e84a4c41f294562 style(scanner): Remove a redundant empty line

What's Changed

Bug Fixes 🐞

• 9725081b068f52c505960186706a6fc15731c569 Add advisor plugins to the plugin classpath for distribution

What's Changed

Bug Fixes 🐞

• 170db0bd1b65e70f9eb1bbb625a4c0c814abbcb4 FileListResolver: Delete the temporary directory
• 5edbe723f92b1598bb2d64d3ffecedffb6f7fc66 cargo: Allow metadata to be missing again
• 1f2ad1efed2f5be16d43d321fe16ed8527ee2a6f reporter: Add score and method properties in CycloneDX report
• edafd510b3681e5e62ca205dd4c9d22a01b7ef68 Properly delete parent directories of temporary files

Build 🐘 & CI ⚙️

• df5ede2e3f87f9c819ce09fd7e6cf2daf25a20f2 Gradle: Move advisors to individual plugin projects
• 53ea4ceba1dd7e6f6b500a1d471ad377ad9ba461 Gradle: Move remaining Maven and Sbt package managers to projects
• ced939b3c20615eb2bfbfb606b50f20b2e1ff413 renovate: Disable patch-level updates for the AWS S3 dependency

Chores 🔧

• d6063227ae72ac4bbb4c08d05f43394d33800799 NpmFunTest: Remove two unused imports
• e04aa888868a2c8c491629dcaf8710c283e67885 Use new ORT slack subdomain

Dependency Updates 🚀

• 5ba86295c3da208db5ceb3ae3b74a01e1cf4ea90 Gradle: Upgrade to the latest WireMock version 3.2.0
• 0e3e3a1860eb6b0a3cc72523e669b86f550bc4e5 update dependency com.zaxxer:hikaricp to v5.1.0
• 34095e58c6772e35ec9dd5ae43f5757bd2d065ef update dependency io.ktor:ktor-client-okhttp to v2.3.6
• b36ec788de179a367cc40ab693b78067ed0cabf3 update dependency org.jruby:jruby to v9.4.5.0
• df0ba6ef63ff770aea52720babfbb64cfc6af802 update dependency org.wiremock:wiremock to v3.3.0
• b08bc3ca8be7db39c8418a46fc531ee43b21356a update dependency org.wiremock:wiremock to v3.3.1
• c5add7dca499b7692fa606117780a68058237221 update kotest to v5.8.0

Documentation 📖

• 3efccf53eeee26b76bc0af790b25c973e0f4f629 ProvenanceDownloader: Clarify the semantics of download()
• f5c556d207b7b3cdbecfb7c8cfb489ba4d5050a4 evaluator: Fix-up the docs for two CLI options
• a701b73f7c67bda42c1afbca25425fd3e26af8c8 reference: Improve the wording for package curation providers

New Features 🎉

• 7296ec052198f68676e31afdb87d3f3b1d155936 analyzer: Log about configured but unavailable package managers
• 91647b22299d97bed05c97412b54f8dcc900ce4b helper-cli: Extend the scope exclude generation for Poetry
• 1d74f26915da556a8617b62e75d97d33e096d770 model: Add 'DOCUMENTATION_DEPENDENCY_OF` as scope exclude reason
• 2416358a574d85a053438c1d8746478086f47f26 vulnerabilities: Support the CVSS 4 qualitative severity rating scale

Refactorings 🚜

• e2bb20eecdaf7417ebf56dc2598be92d517b21c0 analyzer: Remove the special exception code for Maven
• 80498cff26979b0c7fbe4134bfdf370e29e1c79f model: Make tests independent of Maven or SBT package managers
• 7c0ca7cf3956f7bd0b6afebde15a4a216a2d5eff reporter: update the TrustSource data model and the reporter
• 32ed4081d2b4ad2bc1e0e1028e41b7d6fd0cad5d Introduce an alsoIfNull convenience extension function

Tests ✅

• 236997c406efc0c7f8536d74f5577305761d739d analyzer: Remove the AnalyzerTest
• ae37645131ce059075a28ac6211b4126c48e202f ossindex: Simplify some result assertions
• e4f232a1a840d868c8a410b1173a40b6d2c46cb3 osv: Update expected results
• cb139cce537044969dcc2fb293be02598e075b32 66eee50430f44893b3e37814f157c35db141c3cf spm: Update expected results
• b26c5bd216792665752b79a32ad1a26971ac3687 spm: Update expected results
• ca7424a8dafb0e5ce4a9c466f82d504140e1ff17 trustsource: Add a basic functional test for the expected report

Other Changes 💡

• 6c25e2caa6f16ae3c5b262e4f3f1cd4a29c26c91 style(trustsource): Apply some trivial reformatting

What's Changed

Breaking Changes 🛠

• a80c1c7bae9f1caa105873fb70aab2d2e06093ee refactor(analyzer)!: Move some functions out of the GoMod class
• d39c07d53d95d372eb404950be7ec4446adc8d30 refactor(analyzer)!: Reduce the visibility of a constant
• cd40dd1f6c51bd6978fdb9cbe00173a5e1b62a11 refactor(model)!: Split vulnerability classes to a separate package

Bug Fixes 🐞

• 7a2b4aaf7bce3eda908e2b94ec1da1c0cbb073ec AdvisorRecord: Merge all properties of vulnerabilities
• 0820a7b83a9a4e112c0a06a8c9115b08ad8af484 VulnerabilityReference: Do not deserialize a lazy property
• 593f6ef94c3e9728721144a151e1d9705c162142 scanner: Catch archiver exceptions

Chores 🔧

• ebf834b333853a9b0b0cbecf13f833a8fbf92e76 Qodana: Use the non-EAP version of the JVM linter
• f75c00dfbf5f87243e02e65760d3cc86a95e744a docker: Fix installing Node.js in the legacy image
• e2ed4580f33ce68ebcdb38b132f08a3ff68c7ef5 docker: Upgrade Node.js to version 20
• c841f41d26c8ffe5fbe6127d935546ea94795043 docker: Upgrade python-inspector to version 0.10.0
• b3dd03e485f2cd957f6f15bbee9447b50754b154 mailmap: Align on Hanna's lower-case address
• 9c2232c51bf6aa72d99facf8977616071deea0c9 mailmap: Align on Helio's GMail address
• 671e607b9c99ae880bc90a7821f1fe35fe8ed4e7 mailmap: Align on mentioning François' forename first
• dd33cce76c3acdc993d6797737c0754a8ff08644 mailmap: Map Stefano's GitHub address
• 8cd00c53b23d55830a7a08e0104fb6101ce3299f mailmap: Merge Christian's addresses
• d557794778f2744f9302e87c0fed8e155161334b mailmap: Merge Daniel's addresses
• b726ba5deac83439e8cd4561414a2dd62b254f65 mailmap: Spell out Carlos' name
• ad773d88025d37f6e7bc52cf7d5c4469e0a8dbb5 mailmap: Spell out Quique's name
• 0e3f8c88502170f9631c1e07b3a8bb8dd0859f65 mailmap: Use Sebastian's new Double Open address
• 5b42f08eae0a7ad8c16c61bfdade5844a6af14d2 markdown-link: Update an ignore pattern to make the linter pass

Dependency Updates 🚀

• 09ae12b4077983070ffc75049a1991e1db957dc2 Update detekt to version 1.23.2
• f3511b4a28780111b4af08376f148bad16cb547e Update detekt to version 1.23.3
• 4ef559814d40047b7e04b6a535962974ab0b02df update dependency com.github.jmongard.git-semver-plugin to v0.10.1
• 4eba5e6985fd64a200c72fd1fae10d201556c487 update dependency org.jetbrains.exposed:exposed-jdbc to v0.44.1
• e1fae7767897bec5f6e683ff28dd2da3be55f5ca update dependency software.amazon.awssdk:s3 to v2.21.10
• a0b1cf59f0ea3d62f9da54dbd45890c6aa5afd62 update dependency software.amazon.awssdk:s3 to v2.21.11
• c95dd74e2c56725a4a6e1870ec4cef9326bc15b6 update dependency software.amazon.awssdk:s3 to v2.21.12
• be2c5c6a0a9e58b4451d44006be93a582514945f update dependency software.amazon.awssdk:s3 to v2.21.13
• 6bb8315a9257864e88d6cc8ae7fe7f6099dbbb0c update dependency software.amazon.awssdk:s3 to v2.21.9
• 10b0bd85e2db866561952500400114d1c7f26e40 update kotlin monorepo to v1.9.20

Documentation 📖

• 83c64770aefb3dd08f620aaa925846bc30d74f8f Npm: Do not say to implement dedicated support for peer dependencies
• a39a2520e6dc5df045b815495ba65c325a1bbb71 RepositoryConfiguration: Improve documentation of two properties
• e48657f4d42e905171c762e1bb6baca33ab64bdd analyzer: Fix a typo
• cf269cfc35f056c5dabd14952b45f7d42dc2e2f8 configuration: Improve docs for curations in .ort.yml

New Features 🎉

• 6989cd1bb39a3f400cc19404e86861f668948f56 VulnerableCode: Fixup wrongly escaped URLs
• 8de846081575f46b5416704d38730b8977c879d9 cargo: Parse a package's homepage
• d0efc19f0728f8a61257ec6690efcb72f63d466b reporter: Support the CycloneDX vulnerability extension in Reporter
• b2aebfa7490e1919e67fe9d848bffc948ebf8f7b scanner: Record the scanner tool versions in the ORT result

Refactorings 🚜

• 7b90df8a96d47dabec437aebf1b5090a7ed42027 GoMod: Re-arrange functions within GoMod
• 561ef19a27cd8eb006c1999369d8e9d7916cd40b VulnerableCode: Update two response property names
• 92bfc97d40a662e902aea61442355cd345164c34 cargo: Inline runMetadata()
• 44523e412a504651cfad2f2617653818df7cc4a8 cargo: Migrate from toml4j to tomlkt
• 3f835b364a907a18106792c3cfd9bee53b871a92 cargo: Migrate manifest parsing to kotlinx-serialization
• 50c4931c39407e978cd1ad729e40914bc56ffabd cargo: Migrate parsing of JSON nodes to using data classes
• 4678d88b389be3812997bdf2f51af28cf22f9249 evaluated-model: Remove the EvaluatedVulnerabilityReference
• fe0837241ed1f376424805434b0e65c0f4b840ec go: Migrate GoDep TOML parsing to kotlinx-serialization
• 8b6fe4fc3d4ec58b159a705d5763aed299c760b1 model: Introduce a lazy severity rating property
• 2f619ac7b41ce6a720980f57d558a0d96b76a0e5 scanner: Move logging into the scan() function
• 0894374358d5adf9f9b1af1e30a62cbd45d97210 scanner: Remove premature checks for empty scanners
• 90f99939d1fcc970f716e9518d9b81e30e63024b Move Go package managers to their own plugin project

Tests ✅

• 2d21bf298ec4f20d5d9e4a5c6b21b6d2614c53d1 SpdxExpressionTest: Test parsing NONE and NOASSERTION
• b330f359486d8834ef190ba468a0e06c83a95392 VulnerableCode: Add a template test for the public instance
• fc10c12768935964beef6d71c914ba79d4a90fac VulnerableCode: Improve the funTest template
• 37d2925cf7a0688bb5691049e13a6df6c887192f conan: Update expected results
• 4b6bc22f64e5bff10797989a205b39ee5f3cf409 go: Consistently use replace pattern for definition file path
• caecbeae4731eac5969facfd2b90ff6a9b5e73c9 go: Factor out testDir
• 97eaaccd2497ef1a68af831480592fe3a3856d53 go: Move expected result files
• e64746d1d0bf9b7c0671ce1e8d32e16df2644f12 go: Move the test project for GoMod under a dedicated directory
• 2c94e3b55299fc2a8a5e80536f6e070c000c5231 go: Remove some redundancy with the file paths
• 0a44e545df1f602739f3c8ca4ef35ac90731e086 go: Rename an expected result file
• 1c63cdf42a13789a992a5c034ae38022f9f5d1f3 go: Use a more speaking name for a test project dir
• e082ad359690eeffaa0d156aa706fb064d0736a7 node: Relax an assertion
• 320bfc9142afb351fb9c0e19e34e2981430aa434 osv: Update expected results
• 9da44a3487a70d27997b3c9461dc23e1e8b0cfc6 python: Upgrade markupsafe to version 1.1.0
• d9839fbcf5a24ab744425f6a13740f1dfa2b2722 5dfe13a2ac0ccba4a80b909fbb47283efd569953 73e5110e305d425b410becbc8773bfe8c247874a spm: Update expected results

What's Changed

Bug Fixes 🐞

• 6dd77a3440bdcfc2992f984ceeada30dad87dbe3 fossid: Fix a copy & paste error in a property name
• c172fb6063e87f95a4685888aa1562dc06e52d8f plugins: Do not crash for enabled plugins that are unavailable

Build 🐘 & CI ⚙️

• d351a596f2770cc3610d356f36b51e99b71f5734 Gradle: Configure detekt tasks lazily
• 52e90c108f363677e8ccdee54dfefe6860f8f80c Include platform projects when running from Gradle or the IDE

Chores 🔧

• 0a97f62bddf6d5a96707aff7b85b4c5ee7e57c57 analyzer: Add the property ModuleInfo.Dir
• d937ca34fd5229d8efd16230feb0d194f81e59bc Ensure tests access ALL plugins via getValue()
• d573dcf952b4d44c88e532d1014ecf754d234050 Prefer also over run if the return value is not needed

Dependency updates 🚀

• ed5b0e6d7841afd9c68161e8114a835a560719f6 Update the native-gradle-plugin to version 0.9.28
• 51f029923fe029bd4f0f1c50464fc4d867913020 update dependency com.github.jmongard.git-semver-plugin to v0.10.0
• 88e15aa6a38ce8194f6917bdc92b6c9f6a0ca7e3 update dependency org.cyclonedx:cyclonedx-core-java to v8.0.3
• cb6a1861fe0260ad23e32e6a954092ece0746287 update dependency software.amazon.awssdk:s3 to v2.21.3
• 3b353f5735a767d33318a8efe8e87c1bca2eeb2c update dependency software.amazon.awssdk:s3 to v2.21.4
• baa6e88fc74b8a56b0ff35971a6b125a5b4e9018 update dependency software.amazon.awssdk:s3 to v2.21.5
• 1f34360dad8b070dea99c640f49dc5d9de536861 update dependency software.amazon.awssdk:s3 to v2.21.6
• 1367f39e8565b6ab8b722ab6c8f604792274bb5b update dependency software.amazon.awssdk:s3 to v2.21.7
• 711905cb71ff21fbfb6b9d8043c5d63659c66085 update dependency software.amazon.awssdk:s3 to v2.21.8
• b858cc9524d26b636123182ea3fe9b88b815053e update log4japi to v2.21.1

Docs 📖

• 937c5ea40141a3af5cbbd7338a18343e23cde53f Graph: Fix syntax highlighting of a TODO statement
• 21652d285a78c5890d1a8c3011c751da26051014 analyzer: Fix a type in GoMod's class KDoc
• d0d6f5901f9c172e2d11840e738310dce90246b4 analyzer: Fix-up KDoc for ModuleInfoFile
• 0b495bcfa7f480cc0689babf947bff79db15aaf3 analyzer: Fix-up the KDoc for toPackageReferences()
• 7a32036a3ee5efa0b38054246748821c7123a51c analyzer: Improve the KDoc for getModuleInfos()
• a2dbddede8a494e7915ad490536b5833a9db5e1b analyzer: Promote a comment to be a function doc

New Features 🎉

• c9f60ce41f8d58dbbe34366d4268b540ba92a4de analyzer: Support references to local modules with GoMod

Refactorings 🚜

• 8f7d0ad0bf4b3b8e06b2c5ea293c94348e8f72da S3FileStorage: Avoid a superfluous null-safe operator
• f93a9ac2f6cd8e4e709612fcee62090ba08d2019 S3FileStorage: Consistenly use runCatching
• 124d5b2b2e84830f61dc2594ac0396f02bb0a8ae analyzer: Eliminate Graph.projectId
• fd9c2cd954b2d23f4c6c3e29b819815e2c656498 analyzer: Extend and use ModuleInfo.toId() for projects
• fc6bb00bb6dea07804eafec5698f344ffcfeaad1 analyzer: Factor out getMainModuleId()
• bccbe4e041bfaede12a7b7167776a03662775d70 analyzer: Generalize Graph to use a generic node type
• 07797c3b73fc7412900f10edfdc188ec11f42846 analyzer: Move Graph.toPackageReferenceForest()
• 723694d10028a356919db5cfb439d5d2427e4ae6 analyzer: Remove a minor code redundancy
• 676b6f57a401d9963d134bec62369f165589625d analyzer: Simplify getModuleInfo()
• 1886e39cdec2182794890b6e9ff22126327b0c1d analyzer: Simplify applying the replace directive
• 0c92be64a29dc2fba85ce6b836c0e0ae77f71f55 analyzer: Use a more compact name for a function
• 68021a773f9d8e75a886a6238644a05d7a3e00bb analyzer: Use a more speaking name for dependencies()

Tests ✅

• 31bdf3fcf2b06f1ed17060ce97859834bec40bec analyzer: Fix-up an expected result filename
• 1d97f698910b9fc9c10735318ad7b673561aa2ea analyzer: Make test resilient to change WRT to the issue message
• c045be6dd94e8d48b15575b7eb7090856bdda2cf python: Update expected results
• 7311c556f8e8a3099cf4c94110b450cc9ca826ad c55ce91b38d410a0615317ed54284060b9351357 0f1299e46bee81cd528de4f2e5ff08814db2ac52 spm: Update expected results
• 7c0b17f67f4fd21179b62dbb122dbb9ede96c9be Prefer the more speaking shouldHaveSize over asserting the size

Other Changes 💡

• 94f56870572a59020ca1cf2481db903e30190f33 style(scanner): Shorten a null check
• 3e63d09eaeffa16cc0e29f5801acd46acbdaafbc style: Align formatting between configuration and curation providers

What's Changed

Breaking Changes 🛠

• fc77b1cbdf51b8d93775bdf784751f8fbe84212a chore(stack)!: Temporarily disable Stack in Dockerfile-legacy and tests
• 8a5fbbe35d600b361cc2e29e279f5c0dcaa25467 feat(advisor)!: Use the configurable plugin API for advice providers
• e97c4299d9c38fc6ea2ec844f56929b33b1dd660 feat(fossid)!: Use secret options map
• 712c4488e77911a8971912a9c0b8cb8012b3fa0c feat(model)!: Support secret options in the scanner configuration
• 80a3c259a9920ab90a31753176264e8a5af74a48 feat(scanoss)!: Use secret options map
• c3378e2bd41177ffce89d4935d0b25185096ffb9 refactor(MavenLogger)!: Make MavenLogger internal
• 57bd6ad3b5b689b5ac62718e7cf5282ea4d266da refactor(advisor)!: Move advisor configuration classes to advisor module
• 00d3f6e3dc4943458614222e900145c6a7676637 refactor(clearly-defined)!: Make strings private
• c29fc6451c739e6b900da72cb6f27dea446cd5bb refactor(clearly-defined)!: Simplify the API taking coordinates

Bug Fixes 🐞

• ed0838125c562d171f48b1d2df0077e09e866cc6 Poetry: Do not fail if "dev" dependency group is absent
• f4a8e6d4481fb4034daf61c335f308e4553bedac model: Keep the old "options" as a alias for "config"
• ef2bd7fc82bcddd035ed7cdbc4e099c1d7c4be2c Revert "build(Docker): Align the python-inspector version on..."

Build 🐘 & CI ⚙️

• 3df3945ce444acf73bea62503f2e3e9ba8bd6a2c Docker: Align the python-inspector version on 0.9.8
• 112808ac36838dfb1739c528f76547cfe873eef0 helper-cli: Add an explicit dependency on SLF4J
• 2e86a5408f74bc1bc5d08b91c0a489fac9742e6e test-utils: Make logging implementation dependencies runtime only
• 1708ac378db9b66d427aa268bc7ad99bb29ac9b2 Do not hard-code dependencies on plugin projects
• 6587bcdb54fa8b22032d60b77b53c28264adea11 Fix dependencies on the Log4j (non-Kotlin) API
• 2ab8cefcf066d678ae08c7b980ecdb83e8721e9c Move common logging dependencies to application conventions
• b1760ca09d6cfeebac04f2af99d0f75834626eec Move the Log4j Kotlin API dependency to Kotlin conventions
• 9fb7308fe7b793f8f6ccbbb24f436b43eb8a0321 Remove a work-around for older GraalVM releases
• e9401cafe00cb578fbc4b5b50cc61896390c3e0f Remove the Log4j Kotlin API as an API dependency
• c149679da1b9241e537d8d943f14545c3294b139 Stop enforcing the Log4j (non-Kotlin) API version

Chores 🔧

• 012f09956b8773e5f603b28a352f9bea305fa03b CycloneDxReporterFunTest: Simplify patching code
• 7250e669b057786afd499df68cc29879830017c0 advisor: Remove Jackson annotations from configuration classes
• 2d187728efa08bf35db92bb5cd344b2d5d6e14e0 plugins: Get all package configuration / curation plugins lazily
• c2f6cbbd477c08d4d4ab9c82faded178beb99c76 scanner: Remove the obsolete filterSecretOptions function

Dependency updates 🚀

• 68e8e1fc37f4cdf75551ccf0ae12a085aa594284 Update cyclonedx-core-java to version 8.0.1
• 5ca852e3e3295576290483615d7de61e76ae6446 Update the Jira REST client to version 5.2.7
• 40645eedfc28e60c8dbd3575b358b51c1bd78c96 update dependency com.github.jmongard.git-semver-plugin to v0.8.1
• 67ff91afd89ec303fd0c8520611b6a17bc1f6e6f update dependency com.github.jmongard.git-semver-plugin to v0.9.0
• b55959cef6cef58ae4f96dbed68b0e2af4841033 update dependency com.squareup.okhttp3:okhttp to v4.12.0
• 2f0f4b56d4f381e0d336c5076ff7cab5e016b1ec update dependency org.jruby:jruby to v9.4.4.0
• 612f55c6fd0160a742a4e76caedda21dbf6539c0 update dependency software.amazon.awssdk:s3 to v2.21.2
• 587fda84f7258adea4ba2b3ce70fd0cf910656eb update jackson to v2.15.3
• 9df7766a9bf96b7019fec99dbc01e42b78592d8f update log4japi to v2.21.0

Docs 📖

• 39c0534f5f8f18c3f95848ebabda10bb988ba790 README: Update links
• f2c7af47b86ede75311cb3bbe1d6578d97f06534 clearly-defined: Add a missing "The"
• 4591c6aa3677593cf0ec20a8163d45b56f4fd1c6 clearly-defined: Remove a superfluous sentence
• e36a5f8c1d1a89de5332239aea7fc16c468ccddc model: Add SCANOSS configuration to reference.yml
• 0eb09865ffb34dd793503ae601bfa481434e724f model: Improve docs for ProviderPluginConfiguration

New Features 🎉

• a5602a2730bbc1cc2da6de40fd8086386a06c6f1 Storage: Support using AWS S3 as online cache for scan results
• 889d4815d97731f2ff9110e9ec0bbc8715d745ee docker: Change the image tagging process
• f5cc5e860f101dc1f6896e8a250bcc65c8b8c488 flutter: Upgrade bootstrapped Flutter version to 3.13.6
• 08bdef5adb7255f3bcd8c45ae7cd9931d11deb13 scanner: Prefer to use any single scanner

Refactorings 🚜

• 3b66aa8cb422eaf725242d75b1000b25456bd89e helper-cli: Replace ORT's logger extension function with Log4j's
• 4d2a5430b17598fc1c1cb5608858a68fc3486860 model: Make toString an expression function
• 2d99fd09051544ad3ad36b3e63362f681bb13c05 scanner: Do not hard-code the dependency on scanner plugins

Tests ✅

• c0622507c27ec021cb3974799f1b703e698ac5d5 OrtMainFunTest: Use stderr as clues in case of failures
• abceb78c183a92f672d8305c9dd309ce46a41cab Poetry: Add a test for analyzing a project without a "dev" group
• ff77e61ee719a46d9638dd67ec0cd8b69519c1ae clearly-defined: Fix a typo
• a88c505b2ddb1f27abf2dec5ed1e5defea59fce8 nuget: Limit length of excessive error messages
• 2f9b34f0b2cb1bd03ad56bcc0c1a8371681b075a poetry: Fix-up an expected result
• 6de1aae851d75799589c1a70397f32c0ca1cba25 pub: Temporarily disable PubFunTest
• 7085571e015bfae14e61702241e59d969e3e98a4 spm: Update expected results

What's Changed

Breaking Changes 🛠

• 8100dcb74f3e520b7b0a56eb5fafda11a4a37c71 chore(clearly-defined)!: Remove an unused extension function

• b15dbb25c8c1bcad79c0d394328502435206e609 feat(docker)!: Upgrade PNPM to version 8.8.0

• 336fa07f51d605363f64894603bcdd0f85cff66b feat(plugins)!: Add a separate parameter for plugin secrets

• 247b3de0112d2bb7fc089536d712a677c1bd12ad feat(sw360-package-curation-provider)!: Use secret options map

• 6d7ba10c3b34795dd2a269eca1279531e398c3af refactor(NestedProvenanceScanResult)!: Inline getProvenances()

• 1c4c0fc2ec0eca2aea1a6a4ad51dea8a19da98d0 refactor(PackageBasedScanStorageReader)!: Make read() take a Package

• 503d4103881b4ce8b82d5a69d57c7158aff7f51c refactor(plugins)!: Rename parseOptions to parseConfig

• 442670fb399fad18b2f92225c3f0b86c6abef7d5 refactor(poetry)!: Use a better name for the "install" scope

• 1b87f32adcb78a3d2201876884051c1f763341a1 refactor(scanner)!: Rename ScannerCriteria to ScannerMatcher

• dc0465bd1c67e0aac42c3ae739e6017577f0665a refactor(scanner)!: Use a property that holds all nested provenances

• d04aeb2d35af30f474091495cb17b113d52e5983 refactor(scanner)!: Use the configurable plugin API for scanner wrappers

Bug Fixes 🐞

• 2a301259513620fe2bbeef425eed9fef48f85c37 ClearlyDefinedStorage: Remove a readInternal() override

• 9dfa1982fce802169e3c67a7eadf8e48f4eee35a RequirementsCommand: Account for new scanner constructors

• e1d794c7f364fa3a1767048eff15b0b4bb98c697 analyzer: Add a test for dangling embed directives / GoMod

• 7a201a2e96bd82b87e4178972088bda8c2af66fc docker: Enable push on schedule event

• a67915cf997649ddfc3efd463f08c3d419be1c7c osv: Make Affected.package optional

Build 🐘 & CI ⚙️

• b6e122fae59be76cf41be5d2cb13641582d18ffc GraalVM: Update classes to initialize at build time

• 138483acdbcf6bbadec47170b0e557b057748681 cli: Explicitly add implementation dependencies

• 898c9db7d24aa781c03d3d8db510a4868985e68a Drop the build part from the SemVer to get rid of the "+"

Chores 🔧

• 96fca4bb5a625eb6c46bc3d22b097b5de8e12b7c ClearlyDefinedStorageTest: Remove an obsolete test

• b785dde6b2d48a0b7ef137a4535f430903b156fa ClearlyDefinedStorageTest: Use a more common Maven URL in an asset

• ddd90eb0976d3b1dd5a9e621de664444238b730c ClearlyDefinedStorageTest: Use properties in declaration order

• bbd7c99e14bdb5001f1f0b260a6c84075d77ad28 GitLabLicenseModelMapper: Slightly improve a log message

• 89c626ed4cf659d50f2f0d9c9a4e37c49740b1c1 GoMod: Raise the version requirement

• 47e45202a2cd04396fe929b8ac856c98f1b94649 docker: Upgrade Go to the latest version 1.21.1

• 5eaf46de005c6f7b201bd530edbd26efd1bb5fed examples: Avoid a redundant string template

• 067854b857e8f582beb517e0d5a63f4627012c34 fossid-webapp: Remove an unused import

• ca9d4e1e981017addde7608874c7679085ab85cc model: Remove a duplicate import

• 2db3141bf2e7b3345284dd341e1e829897e14177 model: Use the logger extension property

• 538ed47d7765d13b09f0f2eecd1324762b919a1e providers: Turn config classes into data classes

• 4b8eb34732084dd3d45044cb7118c41cba905df3 reporter: Remove an unused function

• 05f87254f323e0563c4174c36a0a1aab37f86e87 scanner: Remove the unused NoStorage

• 230b5500ca5578ddb94c7ee4019503c3f81de363 Make OkHttpClientHelper the first class in the file

Dependency updates 🚀

• fc4cb9480d5476028c5130b4b251def4946ae16d spdx-utils: Upgrade the license list to version 3.22

• 5cef1f8995c0e65d4f49197712f8a9130dd2a1e7 Upgrade the Log4j Kotlin API to version 1.3.0

• 6010a09dcc88127cd89705240728fb26896cdae1 Upgrade the SW360 client to version 17.0.1-m2

• 313d877ee58719f7e35c543f938b8cadb554859f update dependency com.autonomousapps.dependency-analysis to v1.25.0

• a7036b4fa02f1129bddfe34a1eb8617885ff1053 update dependency com.github.ben-manes.versions to v0.49.0

• d61e509ae4c1a551cfaf9eb9fc69b74548309b56 update dependency com.github.jmongard.git-semver-plugin to v0.8.0

• 8d447d81f4fb27c78269dadd6886e8bcc0d1a290 update dependency gradle to v8.4

• 0ce3a4fe02f769727c4ec47706bdb98688f3941b update dependency io.ktor:ktor-client-core to v2.3.5

• 9f983bdcaa242551b191d77f964ba612f61d1fc1 update dependency org.apache.maven:maven-model to v3.9.5

• c35d9c606753322c1bdc27bfdbff86ff4c477f77 update dependency org.semver4j:semver4j to v5.2.2

• 5a199985e5230d85927603e1b99897b7e9051e70 update jetbrains/qodana-action action to v2023.2.8

Docs 📖

• c7512c419721d7582341b17b2f1f3a2c7d184f01 ClearlyDefinedService: Clarify what an empty revision means

• b5346f8bd063601b4aec290a2d0903073d06d719 MavenLogger: Correct a comment about the logger forwarded to

• 14d5a9638b848ac99888a96a4310fd6ad1624ec2 ScanResultsStorage: Clarify when to override readInternal()

• 425e84df828dd169af80393aef7f8727d780c832 poetry: Turn a code comment into a function documentation

• 0753d09f8c9eb41930c63bdea8d5d551b10ec70d scanner: Fix docs for ScannerWrapper.matcher

• 4808ae134daf860cfbbc74e9768924b361ff4001 sw360-integration: Clarify which kind of ORT results can be uploaded

• a61d7113128c942c245a3d4dfd217ba06b80bb0c sw360-integration: Fix config directory paths

• 59a4404f1f01434336635e6c6495f407bd6108a0 sw360-integration: Fix the SW360 curation provider configuration

• c0ad4486b66ab1fecb9d0e484f0ab4a5a2e70e2f website: Fix-up several broken links

• 533c54f6eeab93c9a2de19bc566066620d084aea website: Stick to the AE "afterward"

New Features 🎉

• 27a122e352da4a6ce94c60fc8b9f391e0b827dae GenerateScopeExcludesCommant: Add the "dev" scope for Poetry

• c19999ef7efb6dc0a5e762441f69d1100227ec2a fossid-webapp: Support a new API function

• 5f687897535975fa0448ea916fdb8e0c41d20d60 pnpm: Add support for PNPM 8.x

• 07ab9e8118e87e3e5da4364c71e134be002936fc poetry: Analyze also the development dependencies

• ec6ff750b1a5b50bed9d24d5d0f479ecb0ef98bb pub: Add support for bootstrapping Flutter on macOS

Refactorings 🚜

• 51204b520b5d5b93281d0d576867c502348ba72f CreateAnalyzerResult: Stop passing a redundant null value

• 6b396606f23a2b0d9e593c9d0a62d3c6a01bc81a GoMod: Ignore the version constraint for go earlier

• c0014e75647dd0364fb1c55152fe1aa243a28151 Poetry: Improve the IDs of projects

• b98668fb440eaee3359204b48c6a0a84ad6128fe clearly-defined: Bundle coordinate-related code

• ec843ea329d2cf03658825d7b8166081a4a7184c clearly-defined: Introduce a strings property

• 804d9593a1c9927bbcdc21e5db583350309582b1 clearly-defined: Simplify the API by using coordinates

• 8114b85219aa59209218527e899b7f10d67fef1c model: Use the Options typealias

• 594568ebbcc61f6101ff2635c7ee07fc6f574397 plugins: Rename config to options

• a9639fdeaad6f95deaab3cd5be3d01c6e572426a poetry: Eliminate code redundancy for scope handling

• 36327230b7bffb58c185293b1d357004770d50ee poetry: Extend inspectLockfile() to take the scope name

• f9b5537d5bc795009d7b420427ab97881ffae46d poetry: Factor out inspectLockfile()

• 463afbeac97259a3f022c6b7288f4d4cd651a921 poetry: Rename a function parameter

• 197a1adcd5aa63e4e460b17f4cfb963179cccec4 poetry: Stop using Pip.resolvedDependencies()

• aad062ed46eb6166de5a4224ff27a199eb5b4ee2 poetry: Use a more speaking name for req

• 2de1579fef67477856f346449dbdc60ae037cfcd poetry: Write the generated requirements to a temp file

• 29cba897a48122462549eaf5300b39e5053f8ed1 Avoid the logger to leak into the public API

• 60e611d1f870d2e818a6affbff84483a27340f6f Stop passing a default value to updateWorkingTree()

Tests ✅

• c146a808925387e65ae16f59e9fbb1ea14dac9cd analyzer: Test detecting local module dependencies with GoMod

• fda0088b0e81928fd2e7c00b7a9b8c98fb810fd6 clearly-defined: Add a test for coordinates

• 45e836588083ae1bf12049e35bc80ba8079c56b7 cli: Remove a redundant string template

• ff9d65aeff4dca78fdaa2d9efe66a03d3821748a conan: Update an expected result

• cc0865e310470706aef0b93f9b62d58052639d68 conan: Update the expected result

• d1ee6aca4b23981fbe9540ff9ee224ba881bf1e6 model: Fix a typo in a test name

• 8aa8704e9218f5beb5fbdeea0cd6aa33a8d53368 osv: Update a test assertion

• a6fb373f4292457be859aaf0448e95a076f3b4a8 osv: Update an expected result

• 5cdf8ce01406c70ab16e5efdd4c7ff86c6ec64e8 2f5bd6ebc4094039d2b627abbc87b7c3a8bf5e4b pub: Update expected results

• ae4d8110eecd1d691ec75e6820a834f6a6e0a4c5 requirements: Add a test to verify that classes can be instantiated

• 681df5e2e5392d11901bfa6d40c0cbc821fe5005 91e32a3029418b6931218df4895e201f700094eb 6eb047d6fbe65962a0e5bb06d66de830e1af3c07 e360cf947a0f91f42df1c3a9523a1509bafb6c65 spm: Update expected results

What's Changed

Breaking Changes 🛠

• 74f14a6c9d7766aea0f167c9f5eb663611345fef feat(package-managers/python)!: Support Python 3.11

Bug Fixes 🐞

• 13a9c83de95b1783d9c31b0686aa099e0eed6017 MavenSupport: Improve the logic to fixup project paths in SCM URLs
• 4e81ebd018daa11ca5d575768d5f676cea1e0526 buildSrc: Evaluate the applicationName lazily
• 57054fdc37e3a828a0ed390843cae90999250478 docker: Add missing base image context
• 7e3de277072a11229e825036b1bdaf1165910c6d docker: Re-align the Poetry version
• cb18d44dafa125e51e37a6e349ff371588b9d221 docker: Set correct version for runtime
• cf14991c823202431d5e3c30d4271c6dbd07b009 node: Bring back NodeJS arg to local docker_build script
• b44467d08e5cba2913ac56678c1b7371fa2a6c52 node: Bring back NodeJS version arg to image build

Build 🐘 & CI ⚙️

• 5389da0cb1432af3e4bfbb336201950102f4fa1a Gradle: Fix publishing the gradle-model artifact
• 753ea9a82ea6678bfe86f4807e7e22acf801e463 downloader: Exclude Apache MINA's sshd-sftp dependency
• 8b2a62e2d4d40c3404fc0da843e03b388590818c gradle-inspector: Escape a regex string when renaming files
• 311ab74142ecd908b3ad81a0911b31a1ee0887a1 version: If on a pre-release, use the SemVer with SHA1 metadata

Chores 🔧

• b72436dd3166398d57dc2aa7b0f32245da422e1f buildSrc: Update the list of classes to initialize at build time
• e3bbcdbf1bce1580282f7c16fb936dbdbca7130e docker: Adjust build frequency
• f2095d36849e5344a20e14955e6b62ffc1536d03 docker: Move NODEJS_VERSION arg to correct image
• f705d56e8e9124ac1833fd7f85bf74f7573cc968 docker: Proper use gradle based ORT_VERSION
• b3fd33a8c371d670be37c81249d5633d8f79e966 docker: Upgrade python to the latest version
• f386e5a98668ddf44ca38f5fde896ebfcc161e76 docker: Use more common naming
• 8a3144e136a2814fe3f85cc88461279c1415f38e notifier: Explain why slf4j-log4j12 is excluded
• acad59b7268e65f448838ef3561c45b7e0409e23 python: Re-create the lock file from pyproject.toml

Dependency updates 🚀

• 0057704a635540e7265dc4da0bf6d16610557cae chore(deps): Add libmagic as fallback for typecode-libmagic
• 683ca30f1ddc423b2702a86dc8c5074172883a9f update dependency com.autonomousapps.dependency-analysis to v1.23.1
• 8fa94ab114a6a0e46ce49fb02ac62e674d25db8b update dependency com.autonomousapps.dependency-analysis to v1.24.0
• 05492c196ae78cb45a4e9e025f450b96fbfc2160 update dependency com.github.ajalt.clikt:clikt to v4.2.1
• 49bf674e6db1ead79e13d4669fca1bdea92770e0 update docker/setup-buildx-action action to v3

Docs 📖

• 6c0f1dce907527768eb0287a6313a6e6b78f6edd resolutions: Fix dead link in documentation
• 0f3e8be2d7d72ea8a65a3206ad50f5b2b6ae84a4 schemas: Link to official website instead of GitHub markdown files

New Features 🎉

• aef4fe41d30b3e2ec2396350c278f40f44b2743c PurlUtils: Add optional parameters to toPurl

Other Changes 💡

• e4ad9c0568c105bcc72fc9af5029a444c35fb351 style(WebApp): Trivially simplify the isResolved functions
• 3207d1ed7f5ce11ad5ee37499b488d885edfc272 style(detekt): Enable the "MissingPackageDeclaration" rule

Refactorings 🚜

• 94737ae8a7a6b32f01133af9791127069c5f5b08 cli: Avoid the need to determine the ORT logo width
• f833fee1a5d9c705af5b9f9e3af4a4a83fd0863d poetry: Improve the definition file paths
• 576d3236bda97730282b9d1124db2b80215333e7 Make use of the simpler new CliktCommand.test(vararg) syntax

Tests ✅

• fbf96b9f2af0798a52ac537d4441e08d122e3d27 cyclonedx: Allow + as part of the version when patching results
• 13a4714dd29bc4c7e1dba7d607fb577a98ab2ab9 osv: Update expected results
• 7d67ffb7795968222ebef5f2be7e0961183dba59 pub: Update expected results
• 95db125f3a3cfbadc4a5980649211bc43605c086 python: Update expected results
• f4e088227cfc37117efe5ec2701d81d6d6d6cb55 spm: Update expected results

What's Changed

Breaking Changes 🛠

• 641f5204148c13af617d5ccea2b5c938e94a5b3a feat(model)!: Group snippets by source file matching lines
• 9794da6a66bb9c73417e721884c2e8adca198fb5 feat(scanner)!: Remove unused downloaderConfig parameter
• 6f1976c6427c815b9f62b84a6f706b9128ea01e5 refactor(fossid)!: Remove the unused options from the constructor
• dd70b7285726aa6043883ecd21ab4c3f3864739f refactor(scanner)!: Provide only scanner specific options in factory
• ffce6dc9256afd5ffbefa0d5b9ec53fac88de80a refactor(scanner)!: Remove ScannerCriteria.forDetails()
• fd71440289264fa6245fbe85fcf07b8588e8c0f4 refactor(scanner)!: Remove the unused ScannerConfigMatcher
• 464363834e3420b650e0e497365e748b969a1ec7 refactor(scanner)!: Rename fromConfig in ScannerCriteria to create
• a84a1f43e66f2862b4acefd40ef7b760d23edbc5 refactor(scanner)!: Use only scanner specific options for criteria
• b5fdb7974d042ec92942f6a5af8be8175d044499 refactor(utils)!: Use the Options typealias in PluginManager

Bug Fixes 🐞

• 0d4b1f75932d3a6666d599dbf6359f7e8fcebdff ClearlyDefinedStorage: Properly parse returned VCS URLs
• 18f9be2d73a7c834b5fcb2e410fcd2693272f8bb CocoaPods: Correctly parse secondary dependencies with versions
• a2fa7527c81ccedf3dee6c30d7f1a8546198c9b0 CocoaPods: Correctly resolve the user home directory
• 4bbd26a8a4dde135054d4ceace5c90750882a3a0 CocoaPods: Parse external sources from lock files
• c599e3932c706a191271c84be029c02b9b40f1a5 CocoaPods: Restrict package name matching to full matches
• 69db3b319080a13e8cef5b7c9bef9ebaa4bc66d8 CocoaPods: Stop taking pure version constraints as dependencies
• fd4ed1bb0c1f6432cfa9d6b227ef7b74e0f93af1 ScanResultsStorage: Correct debug log output about mismatches
• 0b04df09df13c136dd28cd21e02579e5072b4cca Scanner: Apply detectedLicenseMapping to FossId findings
• b7878c0bdc5ff6c297eda50a6b7b3ab45e1f53e5 clearly-defined: Ignore new InnerError fields
• 33d5fd936e6bea7144225e9eefc51f1063cbf5bd docker: Correct a typo
• a4b12df0acc6329cc164712e189d2c865c4280b2 docker: Install Git LFS
• c51939831ef44d2f9eae57662f04121755f0ef69 downloader: Fix updating the Git working tree for a branch
• 2ca66d5db4baf10959abbba3ee23214d0c8197dd fossid-webapp: Split snippets over non-consecutive source line ranges
• 74ba431e301be2b42d6500584c139e388f984017 reporter: Fix the creation of first level dependency relationships

Build 🐘 & CI ⚙️

• e40a38d09b97ab1e171844b254c40fbbe001a8df renovate: Disable renovate for the website

Chores 🔧

• 5893bd7840585f0a8d1ad6d5ec7f4d1ae20e1e05 ClearlyDefinedStorageTest: Move private data below the test
• bc3404ca95cd44b3db9640e9b9a638bf55e3d649 SW360: Use Maven Central and update version
• 2282526d23d7ed45f3c6e6fc1c5d04ab465427f5 ScanResultsStorage: Clarify log output about read results
• 55c1b94c26cf7539ef0355354cd0dc38c1d2b37d ScannerCommand: Log configured scan storages at info level
• a023e0be4d9bde8924ab03aecc1c64b75ad439cb SpdxDocumentModelMapper: Remove some magic values
• 2f3708f483bb9925e2b922383efaf2c829c2a174 clearly-defined: Also show the inner error name
• 029f1cabe2849cc4a1cec7a6bdc9be8aa2284cc1 docker: Use consistent naming and descriptions
• 8e6fd16ed53ac7a499ddf86c8c64c793c583eaa0 docker: Use ort namespace
• 58fd9d4ff358c6d2425f4c17ef0ef0bdccf383cc Fix formatting of workflow files
• 66fbc5c128fbad9f1482fd59744df9971fcf1ea0 Use data objects in sealed hierarchies

Dependency updates 🚀

• 34db1a2d3139cafd5f356bd85a48a3cb9061c117 Update maven-resolver to version 1.9.16
• 5b518559142d2dd4e71dd9aaeaa2d0101e035045 update actions/checkout action to v4
• 0d385b9f6517ee2c62ea080ef19b7fc41913e5ce update dependency com.github.jmongard.git-semver-plugin to v0.7.0
• 521a72563795bd96e9f0548f37eb7b1822ba6359 update dependency io.mockk:mockk to v1.13.8
• 0420946b922dfc5e72f50eb28aaca8dca1a7b31c update dependency org.semver4j:semver4j to v5.2.0
• 9d7817897c30eba2081c885bafe8c362b2e02468 update dependency org.semver4j:semver4j to v5.2.1
• 114c1539a9be10ead521ee46b3e8a5986efe863a update docker/build-push-action action to v5
• 63d89b41dc8a10a969a383783d6dc7cabc20ba28 update docker/login-action action to v3
• cb982b5cc8a2b1fc83843a37567b0b5ce3d5ac83 update docker/metadata-action action to v5
• 06615c6a6a6941b911ccc6291792bc994b375b41 update exposed to v0.44.0

Docs 📖

• cb2c560ce7970111e692cddfa157c0797cf1ee35 CocoaPods: Briefly explain the layout of the "PODS" section
• 902bfef1dc2fbfed35a2ce156c1f2007e124d9bd cyclonedx: Fix a typo
• 6e245cf79520be313a3b994555b7ebfa827640a7 scanner: Fix a typo
• ff570dd31f0dc129cdb54ad8e8a7990cc0d1e091 Add a link to the search page
• 96c520b76a66c891d3df2066e314929b1e14e49b Enable Algolia search for the website
• e74531f7ceb94393b53ac61dfb57222d30c4aece Remove an unused image
• 14cc5f1212895f91202248badacf0e4de9ed8127 Rename the docusaurus directory to website
• 77bb3d64c449b4d933d5b424eafe4b94d5c17497 Update package-lock.json
• f75d2003e8e6065a7791d1d8134bf346faa7ad0b fix(docs): Mention Apache 2.0 license

New Features 🎉

• 37a0894488ea5ba9fb7884e1b44b9464b79b2e06 OrtResult: Allow getDependencies() to omit excluded IDs
• f55ca2eab9df13a86563b9db43dddda8400a842d docker: Provide extended image with all components
• 46061d053abd7693983a6d03a6eb88bd27375e4d docker: Use jobs over workflow dependency
• 2b813d0c1e42432c05f03858906b4165f7ddd803 docker: Use per language container strategy
• 19a5ee27310d42b64d452686e898e1f93e8cbdd2 docker: Use runtime to do all the work for binaries
• 0705edea31e398a0860a00253e251df2ec3f57a1 fossid-webapp: Support for comments in marked as identified files
• 12d2bdeaf20e179bde09225586bfa404076507c9 fossid-webapp: Support two new API functions
• eb2efd6b99660ed9d43a3d32aba893c5c6427be4 plugins: Add the TypedConfigurablePluginFactory
• c586a9ba3ead4c1107afb8940e097b9ece65f719 reporter: Support grouped snippets in the Snippet Report
• d1492bb92034bce940a8460d166966135dc53bdb scanner: Add detected license mapping to ScanContext

Other Changes 💡

• 236f1e90967ac0065a256783cb4f64fa31f6de15 Revert "deps: update dependency clsx to v2"

Refactorings 🚜

• cf295f6fd522b330091553339b5944cb29d0c547 CocoaPods: Improve name / version parsing
• 933c3fccd235c2ec98a5250b99eae36b45be9a0f CocoaPods: Rename two variables for clarity
• 416c421f1b2bd1df383586b48bcb8753a62fb24f CocoaPods: Slightly generalize parsing of dependencies
• 886316397630bca1fbd2d8c71b4acf83faa03d4c downloader: Pass the working tree to a private function
• f5e00467be97a438ec27036ce8819bb76f265b76 scanner: Consolidate the API for scanner wrapper factories
• a4eadb606e54cdad67bd254c7ca501b8ff997e81 spdx: Add an overload for toSpdxId()
• 9a5d8059e5f8a3c3cf916c6f2c0cbe90b69b5e62 Move Options from model to common-utils

Tests ✅

• ab0f931a0879309eb1d9ab773e7dd3a3276a61ac ClearlyDefinedStorageFunTest: Update expected results
• 4df30940dfd1c7000d21d4c65fb6d73f40594c13 SpmFunTest: Update expected results
• 19beaedcc92ed1472231a5ad09a1c610f92e871d SpmFunTest: Update expected test results
• 2a7d3f5e11d594dc598b62fec00ef67de458b69f advisor: Update a NuGet identifier
• 9f7debdbb538480d5ee1fd24d524082b5c183a59 clearly-defined: Do not test against the development server
• 0de789481b0017b5eff7ef0a4d2985bd467a9b0d conan: Update expected results
• f1bb9c8fea481de418dd566cea3b5eac8c84f091 downloader: Remove unused test data
• 4338904e67b2b5ea061e2d8e7226021914e7628e downloader: Use a dedicated repository for GitWorkingTreeFunTest
• b066399640824b25c362075b7c2de123c01f77c4 downloader: Use a temporary directory to test non-working-trees
• eadb55628c0a589cf901dafe43072ff460db4b89 ort-config-package-curation-provider: Update NuGet identifiers

What's Changed

Bug Fixes 🐞

• 31ec26a Osv: Fix-up two (error) log messages
• 6b8ba89 dockerignore: Add Batect to the Docker-related directories to ignore
• 6bdde31 dockerignore: Add configuration files that to not impact ORT's build
• 802b8a1 dockerignore: Ignore GitHub configuration, esp. workflows
• 3092dc2 osv: Align Reference.Type with spec version 1.6.0
• 5a92da8 reporter: Align setting licenseInfoFromFiles with the spec v2.2

Build 🐘 & CI ⚙️

• b8d2712 GitHub: Add a step to create release notes
• 13fd59d GitHub: Create a GitHub release with distributions attached
• 28b6e71 GitHub: Introduce an environment variable for the ORT version
• d980f4a clients: Add OkHttp as an explicit API dependency
• 0b70cc5 Add "ico" to the excluded extensions for the copyright check
• 89056b8 Exclude Docusaurus config files from copyright check
• 9a72a03 GitHub: Use npm ci instead of npm install
• 13efe5d Exclude a URL link in Markdown from the link check
• 269e00d Update reuse configuration for Docusaurus

Chores

• f11076a GitHub: Also clean-up the Gradle home for funTest-docker
• 127e606 GitHub: Give a job step a more general name
• be7ded2 Gradle: Remove forcing the OkHttp version
• 924dd15 batect: Remove the telemetry setting
• 2ce373d osv: Improve the failure case of getVulnerabilitiesForIds()
• 868b1a2 osv: Re-align the model with latest OSV JSON schema version
• 968a82e osv: Update a comment after updating the model to v1.6.0

Dependency updates 🚀

• b3cf8b8 Update the native-gradle-plugin to version 0.9.27
• 10fd8a7 update actions/checkout action to v4
• 1f37f99 update batect to v0.85.0
• 62a0e5b update davidanson/markdownlint-cli2-action action to v13
• f6d9972 update dependency clsx to v2
• af1cbfc update dependency com.github.jmongard.git-semver-plugin to v0.6.4
• c5b710d update dependency com.github.jmongard.git-semver-plugin to v0.6.5
• 3b6b8d5 update dependency com.opentable.components:otj-pg-embedded to v1.0.2
• dc6d4a9 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2
• 3932dda update docusaurus monorepo to v2.4.3
• 6cc2f5f update graphqlplugin to v6.5.6
• 0dfdaca update graphqlplugin to v7

Docs 📖

• aaf34fe dockerignore: Reword some comments
• 9b7f834 Adapt Docusaurus configuration for ORT
• c64c241 Add an introduction button
• 45ab644 Add missing copyright statements to JavaScript files
• 3899558 Add workflows to test and deploy Docusaurus
• 226d795 Create a Docusaurus page using the classic template
• f7cf606 Enable support for Kotlin syntax highlighting
• d26fb77 Fix all Markdownlint issues in Docusaurus
• f6cf4c5 Fix all links in Docusaurus
• b589752 Import Getting Started guide as tutorial to Docusaurus
• 67c7a62 Import docs folder to Docusaurus
• f35117f Install the raw-loader NPM package
• ed0df5f Make the tool icons on the homepage links
• 2c47029 Remove the Docusaurus Markdown example page
• 21bf3d3 Remove the Docusaurus blog plugin
• 3367a4b Remove the old "docs" directory
• 1b83df0 Rename tutorial to docs
• 9266ed7 Replace Docusaurus logos
• d8b2d4b Replace Docusaurus template content with ORT content
• 0352b52 Replace the template docs with the README contents
• 5c6434b Update Docusaurus README
• 8c80e7a Use a color scheme based on the ORT logo

New Features 🎉

• 293ebc4 migrate: Add an option to convert NuGet IDs to the namespace format
• 2f6e9b8 migrate: Add path conventions for package configuration files

Other Changes 💡

• e40c142 Revert "deps: update graphqlplugin to v7"
• 42b06ae revert(codecov): Go back to action v3 from v4

Refactorings

• fec42d9 GitHub: Setup Gradle only once
• 02205f8 MigrateCommand: Only call safeMkdirs() if needed
• dc32462 commands: Move configuration migration to a dedicated command
• 7d5b279 package-curation-providers: Make toCurationPath() public

Tests ✅

• 750cee3 SpmFunTest: Update expected results
• da42b93 SpmFunTest: Update expected test results

What's Changed

• deps: update codecov/codecov-action action to v4 by @renovate in https://github.com/oss-review-toolkit/ort/pull/7504
• Fix the publication of platform modules by @sschuberth in https://github.com/oss-review-toolkit/ort/pull/7505

Full Changelog: https://github.com/oss-review-toolkit/ort/compare/1.0.0...1.0.1

No release notes available for this initial release.