6.0.0

What's Changed

Breaking Changes 🛠

• a80c1c7 refactor(analyzer)!: Move some functions out of the GoMod class
• d39c07d refactor(analyzer)!: Reduce the visibility of a constant
• cd40dd1 refactor(model)!: Split vulnerability classes to a separate package

Bug Fixes 🐞

• 7a2b4aa AdvisorRecord: Merge all properties of vulnerabilities
• 0820a7b VulnerabilityReference: Do not deserialize a lazy property
• 593f6ef scanner: Catch archiver exceptions

Chores 🔧

• ebf834b Qodana: Use the non-EAP version of the JVM linter
• f75c00d docker: Fix installing Node.js in the legacy image
• e2ed458 docker: Upgrade Node.js to version 20
• c841f41 docker: Upgrade python-inspector to version 0.10.0
• b3dd03e mailmap: Align on Hanna's lower-case address
• 9c2232c mailmap: Align on Helio's GMail address
• 671e607 mailmap: Align on mentioning François' forename first
• dd33cce mailmap: Map Stefano's GitHub address
• 8cd00c5 mailmap: Merge Christian's addresses
• d557794 mailmap: Merge Daniel's addresses
• b726ba5 mailmap: Spell out Carlos' name
• ad773d8 mailmap: Spell out Quique's name
• 0e3f8c8 mailmap: Use Sebastian's new Double Open address
• 5b42f08 markdown-link: Update an ignore pattern to make the linter pass

Dependency Updates 🚀

• 09ae12b Update detekt to version 1.23.2
• f3511b4 Update detekt to version 1.23.3
• 4ef5598 update dependency com.github.jmongard.git-semver-plugin to v0.10.1
• 4eba5e6 update dependency org.jetbrains.exposed:exposed-jdbc to v0.44.1
• e1fae77 update dependency software.amazon.awssdk:s3 to v2.21.10
• a0b1cf5 update dependency software.amazon.awssdk:s3 to v2.21.11
• c95dd74 update dependency software.amazon.awssdk:s3 to v2.21.12
• be2c5c6 update dependency software.amazon.awssdk:s3 to v2.21.13
• 6bb8315 update dependency software.amazon.awssdk:s3 to v2.21.9
• 10b0bd8 update kotlin monorepo to v1.9.20

Documentation 📖

• 83c6477 Npm: Do not say to implement dedicated support for peer dependencies
• a39a252 RepositoryConfiguration: Improve documentation of two properties
• e48657f analyzer: Fix a typo
• cf269cf configuration: Improve docs for curations in .ort.yml

New Features 🎉

• 6989cd1 VulnerableCode: Fixup wrongly escaped URLs
• 8de8460 cargo: Parse a package's homepage
• d0efc19 reporter: Support the CycloneDX vulnerability extension in Reporter
• b2aebfa scanner: Record the scanner tool versions in the ORT result

Refactorings 🚜

• 7b90df8 GoMod: Re-arrange functions within GoMod
• 561ef19 VulnerableCode: Update two response property names
• 92bfc97 cargo: Inline runMetadata()
• 44523e4 cargo: Migrate from toml4j to tomlkt
• 3f835b3 cargo: Migrate manifest parsing to kotlinx-serialization
• 50c4931 cargo: Migrate parsing of JSON nodes to using data classes
• 4678d88 evaluated-model: Remove the EvaluatedVulnerabilityReference
• fe08372 go: Migrate GoDep TOML parsing to kotlinx-serialization
• 8b6fe4f model: Introduce a lazy severity rating property
• 2f619ac scanner: Move logging into the scan() function
• 0894374 scanner: Remove premature checks for empty scanners
• 90f9993 Move Go package managers to their own plugin project

Tests ✅

• 2d21bf2 SpdxExpressionTest: Test parsing NONE and NOASSERTION
• b330f35 VulnerableCode: Add a template test for the public instance
• fc10c12 VulnerableCode: Improve the funTest template
• 37d2925 conan: Update expected results
• 4b6bc22 go: Consistently use replace pattern for definition file path
• caecbea go: Factor out testDir
• 97eaacc go: Move expected result files
• e64746d go: Move the test project for GoMod under a dedicated directory
• 2c94e3b go: Remove some redundancy with the file paths
• 0a44e54 go: Rename an expected result file
• 1c63cdf go: Use a more speaking name for a test project dir
• e082ad3 node: Relax an assertion
• 320bfc9 osv: Update expected results
• 9da44a3 python: Upgrade markupsafe to version 1.1.0
• d9839fb 5dfe13a 73e5110 spm: Update expected results