33.0.0

What's Changed

Breaking Changes 🛠

• 60ef7c9 feat(advisor)!: Rework VulnerabilityReference semantics
• 01ca824 refactor(model)!: Generalize the scoring system mapping
• 6015cc9 refactor(yarn2)!: Inline YARN_PATH_PROPERTY_NAME
• 630a8db refactor(yarn2)!: Move some vals and funs outside of the companion

Bug Fixes 🐞

• 2ac103a bazel: MODULE.bazel files from a local registry should be ignored
• cb7c914 model: sslmode typo in reference.yml
• e8e9b83 osv: Improve error handling a bit
• 508dbfc spdx-utils: Support reading dashed reference category names

New Features 🎉

• 24656e2 model: Add underscore variants to CVSS names
• 95cba40 vulnerable-code: Add scoring elements to the data model

Build 🐘 & CI ⚙️

• e833172 gradle: Do not set a global duplicatesStrategy anymore
• 9928629 gradle: Replace custom code with the reproducible-builds plugin
• c6523c4 github: Do not configure a custom linter version anymore
• 9f7b625 renovate: Disable NuGet package manager updates

Chores 🔧

• 61eb5c1 evaluator: Remove a few named lambda variables to simplify code
• d29db08 gradle-plugin: Explicitly set a duplicatesStrategy
• ce409f9 helper-cli: Consistently make commands internal
• a577470 helper-cli: Consistently name the help parameter explicitly
• bb0654c node: Add a couple of links to upstream documentation
• c725523 node: Slightly simplify Yarn code to get package details
• f675a32 osv: Improve mapping from OSV to ORT vulnerability references
• 275c2c1 yarn2: Drop an obsolote TODO comment

Dependency Updates 🚀

• a488e05 Update clikt to version 5.0.0 and Mordant to version 3.0.0
• 0b24c91 Update dependency-analysis-gradle-plugin to version 2.0.2
• 0c10c2f Update kotlinx-coroutines to version 1.9.0
• 280d8fb update dependency org.semver4j:semver4j to v5.4.0
• 521bd69 update dependency software.amazon.awssdk:s3 to v2.28.0
• fd28fcf update github/codeql-action digest to 8214744
• 21a3289 update gradle/actions digest to d156388
• 12c8019 update jetbrains/qodana-action action to v2024.1.10
• c750cfd update jetbrains/qodana-action action to v2024.1.11
• 0c540bd update jetbrains/qodana-action action to v2024.2.2

Documentation 📖

• 8a1e42a gradle: Improve the wording of a code comment
• 1b15bfa yarn2: Fix-up a couple of broken KDoc references

Refactorings 🚜

• 5a303ad helper-cli: Introduce an abstract OrtHelperCommand base
• d1fa1f2 model: Extract vulnerability rating code to a function
• 8b45010 npm: Use a simpler return type for two functions
• 5bc030e yarn2: Extract isCorepackEnabled()
• e2bca6b yarn2: Inline DEFAULT_EXECUTABLE_NAME
• da6cc49 yarn2: Move a couple of functions / classes to the file level
• 12c99e1 yarn2: Move some sanity logic into getYarnExecutable()
• 5d0f002 yarn2: Reduce the scope of the version variable
• 098ef99 yarn2: Simplify cleanYarn2VersionString()
• 9db096c yarn2: Use a shorter name for versionFromLocator

Tests ✅

• c17e5c3 bazel: Update expected results
• 52cb0e0 conan: Split out the lockfile case into a dedicated test
• a9e964e conan: Update expected results
• 6123c13 node: Consistently place Npm projects in the npm directory
• 06fe673 node: Drop the README.md for Npm test assets
• c67d544 node: Improve a test case name
• b0bd418 node: Merge NpmVersionUrlFunTest into NpmFunTest
• 8cbbb57 node: Move Yarn test projects into a dedicated yarn directory
• 254a64a node: Slightly improve a project name and metadata
• 49b65dd osv: Update expected results
• 6e181ef bc819cc osv: Update expected results