Releases: oss-review-toolkit/ort
Releases · oss-review-toolkit/ort
38.0.0 (Halloween edition 🎃)
What's Changed
Breaking Changes 🛠
- e01a1f2 refactor(node)!: Move
Pnpm
into its own dedicated package
Bug Fixes 🐞
- a1652ea dos: Edit downloading the source to be scanned
- 3a8812d model: Correctly map
Identifier
namespaces to purl namespaces - b1740ef model: Rework purl conversion according to the specs
- 42f0f33 spdx-reporter: Also check
LicenseRef
exceptions of snippets - fe7d1ef spdx-reporter: Remove a conflicting license validity check
- f1a49b5 utils: Support deleting read-only files on Windows
- 41d1c6f yarn: Fix up the error handling in
getRemotePackageDetails()
New Features 🎉
- c9d2a49 spdx: Deal with cycles in dependency relations
- 2161ffd yarn: Also log warnings output by
yarn info
Chores 🔧
- d2dd061 model: Nest purl tests in preparation for adding more tests
- 2c79d17 model: Remove a few redundant purl tests
- 24f44d8 osv: Remove the work-around for Swift
- 51f5ec6 spdx-reporter: Map to a
Set
for distinct entries - 7cd95a4 spdx-reporter: Remove a default strictness argument
- 4814301 Align on "purl" spelling for Package URLs
Dependency Updates 🚀
- e39a48c Update the dependency-analysis-gradle-plugin to version 2.3.0
- b3c1124 Update the dependency-analysis-gradle-plugin to version 2.4.0
- d2cfce1 update actions/checkout digest to 11bd719
- bc94e33 update actions/setup-java digest to 8df1039
- 17767fb update actions/setup-node digest to 39370e3
- d0cf5be update dependency ch.qos.logback:logback-classic to v1.5.12
- f38c1f4 update dependency com.charleskorn.kaml:kaml to v0.62.0
- 2b4e7fb update dependency com.charleskorn.kaml:kaml to v0.62.1
- 52162c5 update dependency software.amazon.awssdk:s3 to v2.29.0
- 01340ed update exposed to v0.56.0
- cee8a78 update github/codeql-action digest to 6624720
- 69fcc36 update jackson to v2.18.1
- 31edf71 update jetbrains/qodana-action action to v2024.2.5
- 8f00ece update jetbrains/qodana-action action to v2024.2.6
Documentation 📖
- 1219605 model: Clarify in a test what a "clean" purl is supposed to be
- b4d9313 spdx-utils: Clarify that
licenseInfoFromFiles
contains license IDs - 6f3aaa5 spdx-utils: Document each main class with a link to the spec
- 0460948 yarn: Add information about the mentioned network issue
- 02192a3 yarn: Re-align the docs with the function
Refactorings 🚜
- 7f07648 model: Move purl-related tests to
PurlExtensionsTest
- 49c654a model: Turn purl test data assertions into sanity checks
- 771a6a5 npm: Allow
getRemotePackageDetails()
to returnnull
- 6f802f8 npm: Make
getRemotePackageDetails()
handle unsuccessful runs - 1394274 npm: Move
parsePackage()
outside of theNpm
class - 5bff7a2 npm: Move
parseProject()
out of the class - 6999a12 npm: Remove a now unnecessary
runCatching()
- 0223e40 osv: Simplify queries with purls
- 0eb1eea pnpm: Make
Pnpm
separate fromNpm
- 26703f9 yarn: Extract
extractDataNodes()
- 8e90a79 yarn: Use a more speaking name for
output
Tests ✅
- a265d38 model: Add name(space) specific purl tests
- 419b42b model: Test against the official purl test suite data
- bfa893b npm: Re-create the lockfile for the
babel
project - f63b068 osv: Update expected results
- 61c4721 pnpm: Add some more functional test coverage
- db0ec55 python: Update expected results
- b688a9c python: Update expected results
- c535f61 vulnerable-code: Test lookup for a Go package
- 507ee30 yarn: Add some more functional test coverage
- d59b609 yarn2: Move the functional test into the
yarn2
package
37.0.0
What's Changed
Breaking Changes 🛠
- e4e8396 chore(model)!: Remove old plugin config aliases
- d1fa585 refactor(model)!: Rename a
LicenseFilePatterns
property - 131c130 refactor(model)!: Rename a class to
PathLicenseMatcher
Bug Fixes 🐞
- 9ccccf6 gradle-inspector: Optimize memory by caching dependency subtrees
- 1b83831 jenkins: Allow to select DOS as a project and package scanner
- 950624a pub: Support deserializing hosted deps without version constraint
- ad9a363 yarn: Deal with retries when parsing the command output
Chores 🔧
- 7b1c5b9 pub: Handle dependency types in the same order as documented
- 9b9d996 pub: Order dependency classes as in the linked documentation
- 5c27750 pub: Simplify deserializing dependencies
- e612c50 scanner: Give a variable in a test a better name
- d743b8a Align custom kotlinx-serializers to be objects, part 2
Dependency Updates 🚀
- e65ff6b docker: Upgrade Askalono to version 0.5.0
- 622655e Update the dependency-analysis-gradle-plugin to version 2.2.0
- 1106470 update dependency @mdx-js/react to v3.1.0
- ed4bccf update dependency com.github.jmongard.git-semver-plugin to v0.12.11
- 8885a75 update dependency com.squareup:kotlinpoet to v2
- f24b2b3 update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.19
- 65df485 update dependency org.semver4j:semver4j to v5.4.1
- 606c475 update dependency org.wiremock:wiremock to v3.9.2
- 3101aa8 update github/codeql-action digest to f779452
- d169fae update ksp to v2.0.21-1.0.26
Documentation 📖
- 786aba4 model: Improve
LicenseFilePatterns
docs - 89f8422 pub: Add links to dependency types
- 36418b6 pub: Move a comment to the data class docs
Refactorings 🚜
- 6c7a4b1 model: Make
LicenseFilePatterns
properties sets - 1151e95 model: Move
RootLicenseMatcherTest
to the correct package - 7143c32 npm: Drop a slightly misleading log output
- cbdb228 npm: Remove unused parallelization constructs
- 19aaa1c pub: Add a default value for
version
for consistency - 201e0de pub: Only use a single shared YAML instance
- bd745c1 pub: Reduce code by delegating to the default serializer
- 0efd79b pub: Reorder classes into packages
Tests ✅
36.0.0
What's Changed
Breaking Changes 🛠
- 4470675 chore(clearly-defined)!: Make
CoordinatesSerializer
internal
Bug Fixes 🐞
- 03b4ed9 cli: Remove credentials from environment variables
- 47f73b4 gradle-plugin: Guard
dependencyResolutionManagement
usage - acfb440 maven: Correctly convert repositories
- 0d99de2 pub: Properly end the input structure when parsing specs
- 9d0873c spdx-utils: Accept the "no patent" exception
New Features 🎉
- e5c6e0c fossid: Make FossID sensitivity configurable
Build 🐘 & CI ⚙️
- 1d9c188 gradle: Update transitive commons-io versions
- bac154a release: Increase the timeout for creating the staging repository
Chores 🔧
- 9607cd0 Align custom kotlinx-serializers to be objects
Dependency Updates 🚀
- b4523c9 Update the gradle-maven-publish-plugin to version 0.30.0
- d67369d update dependency ch.qos.logback:logback-classic to v1.5.10
- b54962b update dependency ch.qos.logback:logback-classic to v1.5.11
- 06537b2 update dependency io.github.pdvrieze.xmlutil:serialization to v0.90.2
- 8c103c4 update dependency org.cyclonedx:cyclonedx-core-java to v9.1.0
- 89af4ed update kotlin monorepo to v2.0.21
- 0b82618 update ksp to v2.0.21-1.0.25
Refactorings 🚜
- 831b113 pub: Port the lockfile parsing to KxS
Tests ✅
35.0.0
What's Changed
Breaking Changes 🛠
- ab39b4d build(gradle)!: Build with Java 21
Bug Fixes 🐞
- 0092efa Npm: Stop creating dangling packages for non-workspace projects
- 1965e25 bazel: Disable the wrapper script only for the
--version
call - bca9748 gradle: Also check for non-empty resolution alternatives
- c9d114c gradle: Be specific about using Adoptium / Temurin as the JDK
- f272825 gradle-plugin: Build with the lowest supported Java version
- 864d19f node: Represent workspace submodules as Projects
- b9e6b8d Tolerate
LicenseRef-*
exceptions in declared license mappings
New Features 🎉
- 9b9beac bazel: Support
github
in the module metadata JSON file
Build 🐘 & CI ⚙️
- 9e26438 gradle: Make the Java version used for KSP configurable
- 085020f gradle: Remove unused Ktor version catalog entries
Chores 🔧
- c48533b bazel: Output the registry's URL with each error message
- 901aa9d gradle: Omit a default argument when publishing
- 6ab1310 model: Rename "components" variables in
Identifier
- e47d5c8 npm: Move a TODO comment above the function signature
- 23f425c pub: Align the Gradle check with
DependencyGraphNavigator
- 796cd27 scanner: Remove an unused label
Dependency Updates 🚀
- 953a4b6 Update the dependency-analysis-gradle-plugin to version 2.1.3
- 7509ece Update the dependency-analysis-gradle-plugin to version 2.1.4
- 2097810 update actions/checkout digest to eef6144
- c4c2177 update actions/setup-java digest to b36c23c
- 546550e update dependency ch.qos.logback:logback-classic to v1.5.9
- 3087efe update dependency com.github.ajalt.clikt:clikt to v5.0.1
- 58e3c6f update dependency com.icegreen:greenmail to v2.1.0
- 32f0263 update dependency io.foojay.api:discoclient to v21
- 86606ff update dependency io.mockk:mockk to v1.13.13
- 46afc3a update docker/setup-buildx-action digest to c47758b
- 8b030ab update github/codeql-action digest to 6db8d63
- f9ddacb update github/codeql-action digest to c36620d
- a8031bf update jgit to v7
Documentation 📖
- 8369f2a gradle: Add links to the Gradle Java-compatibility matrix
- 175f03a model: Clarify an
Identifier
's project vs. package use
Refactorings 🚜
- 28dce9a node: Use
Set<File>
as the type for submodule directories - dc5fc90 npm: Reduce the amount of
filterTo()
s - 01eaf8f npm: Replace two
!!
withcheckNotNull()
- e4b37aa npm: Use named arguments in a constructor call
Tests ✅
- 1d71126 bazel: Add a missing test for when there is no lockfile
- 6a8a46c cli: Remove a Gradle project analysis
- 973bc59 common-utils: Remove a test that relies on the Security Manager
- 70e0f81 osv: Update expected results
- c6003b8 python: Update expected results
- 8b07534 python: Update expected results
- e34734a Ensure to use a compatible Java version for Gradle projects
- 118fab7 Ensure to use a compatible Java version for Gradle projects
34.0.0
What's Changed
Breaking Changes 🛠
- 1f4d723 chore(advisor)!: Remove the NexusIQ advisor
- baa1fd4 refactor(common-utils)!: Clarify the use of
resolveExecutable()
Bug Fixes 🐞
- 6d576c3 analyzer: Maintain package manager names as keys in the graph
- 83a4465 gradle-inspector: Properly pass through the
managerName
for issues - a3460f3 node: Support deserializing
PackageJson.author
from an array
New Features 🎉
- 6b896c3 common-utils: Stricten a check in
resolveExecutable()
- c180727 gradle: Allow to configure the Java version and / or home
- e18b08e helper-cli: Add an option to override the repository configuration
- e642295 model: Add Git-only VCS host names as Git aliases
- 789f15b ort-utils: Improve the JDK check to not accept a JRE
- 2673ccb ort-utils: Support file URLs in downloads
Build 🐘 & CI ⚙️
Chores 🔧
- 6311935 .ort.yml: Trim trailing whitespace
- 062221e analyzer: Avoid unnecessary mutable maps
- 1e7ec04 analyzer: Slightly optimize a check
- 8b7d02c gradle: Make
managerName
inGradleDependencyHandler
private - 20d7898 gradle-inspector: Improve a log message
- 38d88ab helper-cli: Drop the obsolete command to create analyzer results
- 720a23c node: Remove the unused
parseNpmLicenses()
function - f9a91f9 package-managers: Simplify code to get
javaHome
a bit - 95c604b Simplify mapping of non-empty strings
Dependency Updates 🚀
- ae10e2f Update the dependency-analysis-gradle-plugin to version 2.1.1
- 7bdbcd1 update codecov/codecov-action digest to b9fd7d1
- 90c8fb0 update dependency ubuntu to v24
- fcb93d8 update docker/build-push-action digest to 32945a3
- 7625dae update docker/build-push-action digest to 4f58ea7
- 1811b5f update github/codeql-action digest to e2b3eaf
- a03471c update hoplite to v2.8.2
- cd61f12 update jackson to v2.18.0
- a8bff04 update log4j2 monorepo to v2.24.1
Documentation 📖
- 2c8b259 analyzer: Remove a comma to fix grammar
- d200260 dos: Fix a typo
- 3b0c858 model: Fix a typo in documentation for
addDependency()
- c363749 ort-utils: Align wording of
Environment
property docs - ef8b61c ort.yml: Improve code block titles for examples
- b4922ec scanoss: Fix a typo
- b3e9ddb website: Fix a typo
- e309c3b website: Use the correct property for the description header
Refactorings 🚜
- b5dd8d7 go: Combine
getProjectName()
intogetModuleInfo()
- c03ecf3 model: Extract a
dependenciesAccessor()
function for reuse - 7b4177d model: Inline a
referenceFor()
overload function - ed4a537 model: Inline the
graphForManager()
function - d347153 model: Make
DependencyGraph.edges
non-nullable - e815570 model: Make
DependencyGraph.nodes
non-nullable - 407d287 ort-utils: Introduce a helper to check the JDK version
- 988dd17 ort-utils: Introduce a static Java version property
Tests ✅
Other Changes 💡
- b5723d6 style(analyzer): Use parentheses after functions in test names
33.1.0
What's Changed
Bug Fixes 🐞
- a980b5d bazel: Force the generation of a
MODULE.bazel.lock
file - 3e1a8c4 scanner: Create intermediate nested provenance directories
- 7a1c59d scanner: Properly handle
scanPath()
exceptions
New Features 🎉
- 7f3764e bazel: Add support for the
git_repository
source info type - 0430090 bazel: Add support for the
local_path
source info type - 573b86f bazel: Prepare for other types of module source info
- 0e2a943 sbt: Add back checking the global SBT version as well
- b5efe6f sbt: Allow to configure the SBT version, and Java version / home
- cd70325 scancode: Try to to get more information on failures
- 165b3e6 yarn: Fail in case an update of the lockfile is needed
Build 🐘 & CI ⚙️
- 12d16ab github: Submit the Gradle dependency graph for releases
Chores 🔧
- 9fa1666 scanner: Get the time for a failure summary only once
Dependency Updates 🚀
- 211890e docker: Pin setuptools version to 74.1.3
- 5b9da04 docker: Upgrade Python to 3.11.10
- a58ac50 docker: Upgrade pyenv to 2.4.13
- f17d292 docker: Upgrade the
INCLUDE
-syntax extension - bc92f57 Update the dependency-analysis-gradle-plugin to version 2.1.0
- 93fe4f9 update actions/setup-node digest to 0a44ba7
- 426c04b update dependency com.networknt:json-schema-validator to v1.5.2
- 442b553 update dependency com.zaxxer:hikaricp to v6
- bfe97b1 update dependency gradle to v8.10.2
- f883120 update dependency org.jetbrains.exposed:exposed-java-time to v0.55.0
- 7512eeb update dependency org.jetbrains.gradle.plugin.idea-ext to v1.1.9
- e63a244 update github/codeql-action digest to 294a9d9
- 9e30e9d update github/codeql-action digest to 461ef6c
- ad3b9fb update jetbrains/qodana-action action to v2024.2.3
- 12efc26 update kotlinxserialization to v1.7.3
Documentation 📖
- 062f517 scancode: Move a comment to a more relevant location
Refactorings 🚜
- 047efd1 sbt: Factor code out of
checkConfiguredSbtVersions()
- 922e42f sbt: Only check SBT versions configured in the build
- d9b30a6 sbt: Simplify the definition of default options
- bff2ac8 yarn2: Improve a constant name
Tests ✅
- 837d588 node: Make the naming of expected result files more consistent
- 412a010 node: Move Pnpm test projects into a dedicated
pnpm
directory - 563ce35 node: Move Yarn2 test projects into a dedicated
yarn2
directory - 9860496 node: Move the expected result files into each respective dir
- 9198c5b npm: Stop using
npm-expected-output.yml
for multiple test cases - d346925 c44408f 2308b11 ac771e4 osv: Update expected results
- 10618d5 pnpm: Slightly improve a project name and metadata
- ad1329b pub: Update expected results
- adeb51e python: Update expected results
- 8f4b542 yarn2: Slighly improve a project name and metadata
33.0.0
What's Changed
Breaking Changes 🛠
- 60ef7c9 feat(advisor)!: Rework
VulnerabilityReference
semantics - 01ca824 refactor(model)!: Generalize the scoring system mapping
- 6015cc9 refactor(yarn2)!: Inline
YARN_PATH_PROPERTY_NAME
- 630a8db refactor(yarn2)!: Move some
val
s andfun
s outside of the companion
Bug Fixes 🐞
- 2ac103a bazel:
MODULE.bazel
files from a local registry should be ignored - cb7c914 model: sslmode typo in reference.yml
- e8e9b83 osv: Improve error handling a bit
- 508dbfc spdx-utils: Support reading dashed reference category names
New Features 🎉
- 24656e2 model: Add underscore variants to CVSS names
- 95cba40 vulnerable-code: Add scoring elements to the data model
Build 🐘 & CI ⚙️
- e833172 gradle: Do not set a global
duplicatesStrategy
anymore - 9928629 gradle: Replace custom code with the
reproducible-builds
plugin - c6523c4 github: Do not configure a custom linter version anymore
- 9f7b625 renovate: Disable NuGet package manager updates
Chores 🔧
- 61eb5c1 evaluator: Remove a few named lambda variables to simplify code
- d29db08 gradle-plugin: Explicitly set a
duplicatesStrategy
- ce409f9 helper-cli: Consistently make commands
internal
- a577470 helper-cli: Consistently name the
help
parameter explicitly - bb0654c node: Add a couple of links to upstream documentation
- c725523 node: Slightly simplify Yarn code to get package details
- f675a32 osv: Improve mapping from OSV to ORT vulnerability references
- 275c2c1 yarn2: Drop an obsolote TODO comment
Dependency Updates 🚀
- a488e05 Update clikt to version 5.0.0 and Mordant to version 3.0.0
- 0b24c91 Update dependency-analysis-gradle-plugin to version 2.0.2
- 0c10c2f Update kotlinx-coroutines to version 1.9.0
- 280d8fb update dependency org.semver4j:semver4j to v5.4.0
- 521bd69 update dependency software.amazon.awssdk:s3 to v2.28.0
- fd28fcf update github/codeql-action digest to 8214744
- 21a3289 update gradle/actions digest to d156388
- 12c8019 update jetbrains/qodana-action action to v2024.1.10
- c750cfd update jetbrains/qodana-action action to v2024.1.11
- 0c540bd update jetbrains/qodana-action action to v2024.2.2
Documentation 📖
- 8a1e42a gradle: Improve the wording of a code comment
- 1b15bfa yarn2: Fix-up a couple of broken KDoc references
Refactorings 🚜
- 5a303ad helper-cli: Introduce an abstract
OrtHelperCommand
base - d1fa1f2 model: Extract vulnerability rating code to a function
- 8b45010 npm: Use a simpler return type for two functions
- 5bc030e yarn2: Extract
isCorepackEnabled()
- e2bca6b yarn2: Inline
DEFAULT_EXECUTABLE_NAME
- da6cc49 yarn2: Move a couple of functions / classes to the file level
- 12c99e1 yarn2: Move some sanity logic into
getYarnExecutable()
- 5d0f002 yarn2: Reduce the scope of the version variable
- 098ef99 yarn2: Simplify
cleanYarn2VersionString()
- 9db096c yarn2: Use a shorter name for
versionFromLocator
Tests ✅
- c17e5c3 bazel: Update expected results
- 52cb0e0 conan: Split out the lockfile case into a dedicated test
- a9e964e conan: Update expected results
- 6123c13 node: Consistently place Npm projects in the
npm
directory - 06fe673 node: Drop the
README.md
for Npm test assets - c67d544 node: Improve a test case name
- b0bd418 node: Merge
NpmVersionUrlFunTest
intoNpmFunTest
- 8cbbb57 node: Move Yarn test projects into a dedicated
yarn
directory - 254a64a node: Slightly improve a project name and metadata
- 49b65dd osv: Update expected results
- 6e181ef bc819cc osv: Update expected results
32.1.0
What's Changed
Bug Fixes 🐞
- 023752f dos: Make the
token
a secret config option
New Features 🎉
- fcfab20 gradle-inspector: Add an option to bootstrap a JDK version
Chores 🔧
- f654747 node: Drop the now unused Jackson dependencies
- da5c922 yarn2: Make use of
YARN2_RESOURCE_FILE
in a log message
Documentation 📖
- f2f2f7c ort-utils: Fix environment property descriptions
- 65f58c3 Update link references of ownership
Refactorings 🚜
32.0.0
What's Changed
Breaking Changes 🛠
- 1621941 feat(gradle)!: Make GradleInspector the new default
- c21b31b refactor(reporter)!: Rename the reporter to AOSD2 to avoid confusion
Bug Fixes 🐞
- 2438448 gradle-inspector: Do not assume all POM artifacts to be metadata-only
- 7c421cc gradle-inspector: Handle dependency cycles properly
- 78f0a07 gradle-inspector: Keep the artifact URL on invalid hash values
- 04b0356 model: Add a heuristic to get the manager in dependency graphs
- 7b12e72 osv: Remove an invalid reference type
- 694ac3c pub: Improve
containsFlutterSdk()
- 9cca883 pub: Use the correct key name when replacing options
New Features 🎉
- 8ce9483 gradle-inspector: Allow to customize the Java home for analysis
- af559df jenkins: Allow to configure the list of advisors
- 9bcb485 osv: Add new ecosystem constants for completeness
- 723e003 plugins-api: Allow to manually set the plugin ID
- da7b11f pub: Always use the (one) enabled Gradle package manager
- 94e30b1 scripts: Add a script to generate all CLI completion scripts
- 3a68e61 scripts: Align on more portable
env
shebangs to discoverbash
Build 🐘 & CI ⚙️
- e609a22 refactor: Use the new script to generate CLI completions
Chores 🔧
- 7c52615 analyzer: Remove a too strict assumption in dependency verification
- cc04a19 docker: Update Npm to the latest minor version
- 002b58b docker: Update Pnpm to version 9.9.0
- 45ff021 docker: Update Swift to version 5.10.1
- f2fc447 docker: Upgrade Go to version 1.23.0
- 7373195 gradle-inspector: Rename the
init.gradle
template - 7689ecb yarn2: Fix a typo
- d9eb1da Remove references to JitPack in favor of Maven Central
- 54a2e4e Use
ifEmpty
andifBlank
to simplify code - 714996c Use
ifEmpty
andifBlank
to simplify code - de66c45 Use
singleOrNull
to simplfiy code
Dependency Updates 🚀
- 3a1fbf6 Update the native-gradle-plugin to version 0.10.3
- fbe3ae8 update actions/attest-build-provenance digest to 1c608d1
- f7d2368 update dependency ch.qos.logback:logback-classic to v1.5.8
- d80b9d2 update dependency dev.adamko.dokkatoo:dokkatoo-plugin to v2.4.0
- e20681a update dependency gradle to v8.10.1
- 64828ac update detektplugin to v1.23.7
- 80f62a1 update exposed to v0.54.0
- 8836de6 update ksp to v2.0.20-1.0.25
- 01f3d58 update log4j2 monorepo to v2.24.0
- 7be755c update wagoid/commitlint-github-action digest to 3d28780
Documentation 📖
- a53b7c6 README: Remove the wrapper validation badge
- d06e12e README: Swap OpenSSF Best Practices and Scorecard badges
- 0d1965b gradle-inspector: Fix the link to the init script resource
- eaba79c gradle-inspector: Mention
javaHome
as part of class docs - 9646794 gradle-inspector: Update the list of known limitations
- 5daae47 issues: Limit
ort requirements
output to commands - f5d54b8 model: Improve
VulnerabilityReference
property docs - 15bf4fc osv: Add documentation to all top-level classes
- f57e046 osv: Generalize wording from "list" to "collection"
- f54636e plugins-api: Fix description of
PluginDescriptor.id
- 785514e plugins-api: Improve docs for
OrtPlugin
- 81561d1 Avoid "our" in comments and use passive voice
- 2b2bb87 Avoid "we" in comments and use passive voice
Refactorings 🚜
- b0fc861 model: Inline some default parameters in a test function
- dabcd27 model: Inline the misleading
Project.managerName
property - 8272678 node: Drop the
--fields
option - aa46f27 node: Factor out
mapNpmLicenses()
- b4205ba node: Improve code for parsing
package.json
and beyond - 2cd8fe4 node: Improve the name of
packagesHeaders
- 4e19bbd node: Move Yarn2 into its own dedicated package
- 77590e3 node: Port the parsing of Yarn2 package infos to KxS
- f567582 node: Re-use
getProjectAdditionalData()
also for projects - 9ea65f9 node: Rename
parseNpmAuthors()
to singular form - 3382b5b node: Turn
fixNpmDownloadUrl()
into an extension - 407172e node: Use an object mapper for parsing Yarn2's
info
output - 4d854a7 node: Use the
info
alias for theview
command - 0efc494 npm: Use a more speaking name for
packageFile
- 8553c7f npm: Use a more speaking name for
packageJson
- 6ecdb9e plugins: Fix casing in plugin IDs
- 6c653f1 plugins-api: Rename
OrtPlugin.name
todisplayName
- 399d507 pub: Inline some variables in
parseProject()
- 7ef80e6 pub: Port Pubspec parsing to KxS and use a data class
- f5b8f6d pub: Rename several
manifest
variable - fca5d83 pub: Use a more speaking name for
pubspec
- 34e2339 yarn: Relax strictness in
processAdditionalPackageInfo()
Tests ✅
31.0.0
What's Changed
Breaking Changes 🛠
- 848e666 feat(advisor)!: Migrate the advisor to the new plugin API
- dd90907 refactor!: Move
PackageConfigurationProvider
to API module - 90accbb refactor!: Move
PackageCurationProvider
from model to plugin API - 3c8b32a refactor!: Move config helpers from
model
to newconfig-utils
module - 89467d9 refactor(analyzer)!: Move
PackageManagerDependencyHandler
to the root - 4c7c9fc refactor(analyzer)!: Turn conversion functions into extensions
- bd4e76e refactor(common-utils)!: Remove the
force
argument from delete functions - e785545 refactor(model)!: Remove
PackageConfigurationProvider
fromOrtResult
- 1e5ae99 refactor(ort-utils)!: Remove the fallback to read uncompressed files
- 6636764 refactor(osv-client)!: Remove an unused constructor
- f787654 refactor(osv-client)!: Remove the
Server
enum - 4f870c2 refactor(package-configuration-providers)!: Migrate to new plugin API
- 2a8ca2f refactor(package-configuration-providers)!: Remove unused EMPTY constant
- 934c6aa refactor(package-curation-providers)!: Migrate to the new plugin API
- d782466 refactor(plugins-api)!: Make
PluginDescriptor.id
the first argument - d15eaa1 refactor(plugins-api)!: Rename
PluginDescriptor.className
toid
- 9b13596 refactor(plugins-api)!: Rename
PluginDescriptor.name
todisplayName
Bug Fixes 🐞
- 5d11ab0 advisors: Make configuration properties secrets
- a477ded common-utils: Use the
Path
API to delete files - ed095a6 compiler: Fix an error message
- f991e15 ort-utils: Fix handling of
LocalFileStorage.transformPath()
New Features 🎉
- 29468d0 compiler: Add the descriptor to the factory companion object
- 35d18a6 compiler: Allow multiple plugins of the same type in a project
- e15091c compiler: Remove the parent class name suffix from the plugin id
- 1e0cdfe docker: Replace Syft for Docker own Scout SBOM generator
- 29a108a model: Check if an archive exists before trying to download it
- 71983f1 plugins: Add a new plugin API with symbol processing
- 5804107 plugins-api: Generate a JSON representation of the plugin spec
Build 🐘 & CI ⚙️
- c01b6c8 detekt-rules: Fix the import check for a single dotless import
- 90a570d gradle: Fix applying the dependency analysis plugin
- adbc676 package-managers: Make dependencies on
GitCommand
explicit - b82a5c1 Introduce a convention plugin for plugins
- 1e9ae8a Rename the convention for plugin parent projects
- 3e94f07 github: Remove an unnecessary outdated parameter
- 627296b github: Remove the separate Gradle wrapper validation
Chores 🔧
- 2b8463d package-managers: Make
gradlew
of test projects executable - 954eb96 plugins: Use the companion object
descriptor
s - 97a81dd reuse: Migrate from dep5 to TOML format
Dependency Updates 🚀
- 6be1533 update actions/setup-python digest to f677139
- cf72d14 update dependency com.autonomousapps.dependency-analysis to v2.0.1
- c737daf update dependency prism-react-renderer to v2.4.0
- 0cdbc49 update github/codeql-action digest to 4dd1613
- 43c8a20 update gradle/actions digest to 16bf8bc
Documentation 📖
- a4d249f downloader: Further improve a log message to include the revision
- 4da006b plugins-api: Fix docs for
PluginDescriptor
properties
Refactorings 🚜
- fdd90ca analyzer: Split package manager dependency classes across files
- 01a200e carthage: Trivially port from Jackson to KxS
- 78154d8 common-utils: Move recursive deletion tests to
funTest
- ab12481 common-utils: Move several tests to
funTest
- b67936d compiler: Use
singleOrNull()
to simplify code - cb15705 gradle: Move
OrtDependency
extension functions to the model - fbc786d gradle: Turn extension functions into properties
- 0e3900d gradle-inspector: Make use of
OrtDependency
extensions - 080b303 gradle-inspector: Migrate the code to use the dependency graph
- 814e56e plugins: Move KSP compiler to separate project
- 40e0133 plugins-api: Add default value for
PluginDescriptor.options
- 4dd5a49 plugins-api: Separate plugin analysis from code generation
- 2401bf2 pub: Extract constants for the scope names
- b42f894 pub: Remove a code redundancy from the construction of scopes
- 28c4149 pub: Remove an unnecessary
for
loop and comment - d4fd3f1 pub: Use a data class for parsing the lockfile
- a45bd86 pub: Use a shorter name for
pkgInfoFromLockfile
Tests ✅
- c8f2baa common-utils: Add a test for deleting files with bogus names
- bb012f3 common-utils: Add a test for deleting read-only files
- e0e8465 common-utils: Add a test for deleting with a base directory
- 8e05bcf ort-utils: Add missing tests for
LocalFileStorage
- b68e3b9 ort-utils: Reduce indentation in tests
- af56607 ort-utils: Use function names for test containers
- 535ff62 osv: Update expected results
- b0ae065 pub: Add a
()
to a test case name - bc98102 pub: Consistently use
reader
- b3e173a pub: Remove an unhandled property
- ed29629 pub: Remove an unnecessary code comment
Other Changes 💡
- d0840a6 Revert "test(osv): Update expected results"