30.0.0

What's Changed

Breaking Changes 🛠

• c8e87e7 refactor(vcs)!: Make the aliases property private

Bug Fixes 🐞

• 34a222e bazel: Apply name and version overrides earlier
• eb8d2c8 bazel: Change metadata.json's model to comply with schema
• 4e887f2 bazel: Maintain the version also in case of archive overrides
• 16a121c helper-cli: Fix-up the exclude reason for ChangeLog files
• 456e3fc scancode: Make path comparisons separator-agnostic
• e72fd2a scanoss: Support multiple line ranges per snippet

New Features 🎉

• 26a0401 advisor: Add resolution reason for incorrect vulnerabilities
• 1ec14b5 bazel: Add support for archive_override
• 05d9658 bazel: Treat a package with archive override and patches as modified

Build 🐘 & CI ⚙️

• c6701f8 gradle: Enable consistent copy() visibility
• 7ad4bfe Ensure that the generated shell completion scripts are up-to-date

Chores 🔧

• 93ea5b3 bazel: Do not quote URLs in logs for visual simplicity
• d95b8b2 bazel: Improve archive override URL logging
• a85e0d6 clearly-defined: Do not pass a default value
• 61ad183 integrations: Regenerate shell completion scripts
• e951d63 web-app-template: Simplify adding to a map

Dependency Updates 🚀

• f87f923 spdx-utils: Update the SPDX license list version to 3.25.0
• 135b287 update actions/attest-build-provenance digest to 6149ea5
• f9a5452 update dependency com.autonomousapps.dependency-analysis to v2
• 0aad2f2 update dependency org.asciidoctor:asciidoctorj to v3
• 0d3b21e update dependency org.postgresql:postgresql to v42.7.4
• fe0a41c update github/codeql-action digest to 2c779ab
• 15c1031 update kotlin monorepo to v2.0.20
• ae29ff7 update kotlinxserialization to v1.7.2

Documentation 📖

• ebdc21f README: Remove the broken TODO badge
• 4841e02 analyzer: Clarify the input directory to be version-controlled
• 38c9efd analyzer: Explain that the analyzer is required to run
• a82f01c analyzer: Name precondition for analysis to work
• 99cd187 cli: Explain SLF4J API usage in addition to Log4j API usage
• e191061 model: Slightly improve LicenseFinding.license docs
• ddc0757 website: Fix the full AOSD reporter name
• 0ded5f8 website: Improve FossId report documentation
• f0b7b79 website: Make Opossum report documentation more compact

Refactorings 🚜

• b91c8ff clearly-defined: Rename a (so far unused) enum property
• 7ecf85d composer: Inline parseScope()
• a28a503 scanners: Rename a snippet's license to singular
• c309ada Port remaining code to kotlin.io.encoding.Base64
• 5228030 Use hex coding from Kotlin's stdlib

Tests ✅

• 32dfe21 bazel: Add another archive override with dev_dependency=True
• 1cd9699 clearly-defined: Make use of the projectUrl property
• 602ab3c pub: Update expected results
• 9e01f50 python: Update expected results

29.1.0

What's Changed

Bug Fixes 🐞

• 4813be3 conan: Ensure that Conan is running in non-interactive mode

New Features 🎉

• 3660ce0 downloader: Allow to specify parallel downloads on the CLI
• c64cc83 downloader: Display progress info for parallel downloads in the CLI

Chores 🔧

• 9932ab7 downloader: Say "verifying" in case of a dry run

Dependency Updates 🚀

• 549a0dd update github/codeql-action digest to f0f3afe
• eff9a93 update wagoid/commitlint-github-action digest to a2bc521
• 4261d1a update wagoid/commitlint-github-action digest to dbd4ecd

Tests ✅

• fe81e49 pub: Update expected results

29.0.0

What's Changed

Breaking Changes 🛠

• fb36bec chore(advisor)!: Remove the GitHub defects advisor

Bug Fixes 🐞

• 110f2e3 scanoss: Improve parsing of VCS URLs
• 5fff408 scanoss: Properly deal with empty licenses for snippets

New Features 🎉

• 88f4548 bazel: Add support for local_path_override
• a53082f docker: Add Buildozer to the Docker image
• dcc41df spdx: Allow to set creator person and organization
• d4d17d0 utils: Add runBlocking that preserves Log4j's MDC context

Chores 🔧

• 58deae0 scanoss: Directly map to sets
• e5303d7 scanoss: Make skipping of "none" file details explicit
• b1caae2 scanoss: Remove a superfluous distinct() call
• 97ece6d scanoss: Throw on unsupported line ranges in convertLines()
• f261664 web-app: Trivially change a variable in a test to be plural

Dependency Updates 🚀

• 161ea45 update dependency ch.qos.logback:logback-classic to v1.5.7
• f75bc26 update dependency org.apache.commons:commons-compress to v1.27.1
• 947f855 update docusaurus monorepo to v3.5.2
• 74557ba update github/codeql-action digest to 883d858
• 52ea6ca update maven to v3.9.9

Documentation 📖

• fe5a27f gradle: Add descriptions to tasks so they show up without --all
• aaf9012 spdx: Deep link to a nested property from reporter options

Refactorings 🚜

• ba9f17f clearly-defined: Make functions suspending
• dbc3fc5 clearly-defined: Remove the callBlocking function
• a061b06 fossid-webapp: Make factory functions suspending
• 9b3cb85 fossid-webapp: Rename instance function to create
• f04cb07 scanner: Make resolveNestedProvenance suspending
• 4e19363 scanner: Make resolveProvenance suspending
• ee3c33b Use the new runBlocking function

Tests ✅

• d1ee3dd pub: Update expected results

Other Changes 💡

• 17d1ff2 style(detekt): Forbid usage of kotlinx.coroutines.runBlocking

28.0.0

What's Changed

Breaking Changes 🛠

• 0137bde refactor!: Replace is{False,True}() with toBooleanStrictOrNull()
• d03abd4 refactor(bazel)!: Align create function and parameter naming
• fa35e72 refactor(bazel)!: Rework collection use for URLs
• 37ea3e6 refactor(bazel)!: Simplify code with an url not being nullable
• 56e2fb7 refactor(model)!: Use a secondary Hash constructor instead of create()
• 506ef31 refactor(reporter)!: Change to return per-file-format results

Bug Fixes 🐞

• c43047a Bazel: Fix BazelTest
• d6b7404 Bazel: Force a Bazel version for BazelTest
• 7d6a7e9 Bazel: Recreate the test data for the test with local registry
• b1dd96a bazel: Distict registry URLs by their normalized form
• 6160df2 compose: Ignore definition files from vendor directories
• 471a65d compose: Stash any present "vendor" directory
• 37e0e5c composer: Do not use the managerName for packages
• b579f88 composer: Support the license field to be a primitive string
• ae14f3f conan: Properly inspect null values
• 46aa773 ctrlx-reporter: Make the $schema field non-nullable
• b194374 ctrlx-reporter: Only use real SPDX IDs
• af556b0 downloader: Correctly get the repository root path
• 743873a scanoss: Ignore the logging provider from `scanoss'

New Features 🎉

• b4e4156 Bazel: Support Bazel 7.2.0
• ebd6454 bazel: Add MultiBazelModuleRegistryService class
• 378f6e2 bazel: Support multiple registry services
• e8e3416 reporter: Add a reporter for the AOSD 2 format

Build 🐘 & CI ⚙️

• bb0a326 gradle: Remove the unused scanoss client project
• a603d3d github: Use latest instead of linked CodeQL tooling
• 5092c18 renovate: Enable Renovate for the website
• 0b94998 renovate: Update NPM only once a week

Chores 🔧

• fb15bb1 Bazel: replace the test done by BazelTest by a functional test
• 48f4128 bazel: Omit a default argument
• 4e86921 bower: Remove the now unnecessary inspection hint suppressions
• b9f521e composer: Make top-level data classes internal
• fcc91b7 composer: Reduce the visibility of two constants
• 0454248 composer: Remove an uncessary log warning
• d2a1434 composer: Simplify associateBy to associate
• 949b5de docker: Replace Bazel by Bazelisk
• 727705f docker: Upgrade PHP to the latest active version
• b694901 docker: Upgrade composer to the latest version
• dfa843c downloader: Add a debug log when deleting working tree caches
• 977707d evaluated-model: Remove a superfluous file format case
• 400e0f4 gradle: Sort compiler options alphabetically
• 1ba1116 model: Consistently use HTTPS for example.com URLs
• df82c97 node: Use curly-brace-syntax for logging
• 2839a76 package-manager: Force a Bazel version for the existing test
• f8dc4e3 scanoss: Do not apply the BlacklistRules
• bdbc11d Align code and wording of either-or property checks
• f6ba8bc Do not used the named with parameter for @Serializable
• 424dfcb Use the recommended function to get serializers for a type

Dependency Updates 🚀

• 7aec1fb website: Upgrade to Docusaurus 3.4.0
• 4c3ed0b website: Upgrade transitive dependencies
• c8cf639 pin dependencies
• ce116dd update actions/attest-build-provenance digest to 210c191
• 090c43c update actions/attest-build-provenance digest to 310b0a4
• 7a297b5 update actions/deploy-pages action to v4
• 223676b update actions/setup-node action to v4
• aee9f08 update actions/upload-pages-artifact action to v3
• b2acb25 update dependency com.autonomousapps.dependency-analysis to v1.33.0
• f7c54c6 update dependency com.charleskorn.kaml:kaml to v0.61.0
• a469c1d update dependency com.github.ajalt.mordant:mordant to v2.7.2
• 9391fd1 update dependency com.networknt:json-schema-validator to v1.5.1
• 0621a90 update dependency gradle to v8.10
• dc6db0f update dependency org.apache.commons:commons-compress to v1.27.0
• 7f4903c update dependency org.apache.logging.log4j:log4j-api-kotlin to v1.5.0
• 897298d update dependency org.asciidoctor:asciidoctorj-pdf to v2.3.18
• 56d5421 update dependency org.cyclonedx:cyclonedx-core-java to v9.0.5
• 3e819a0 update dependency org.slf4j:slf4j-api to v2.0.14
• a0cbc63 update dependency org.slf4j:slf4j-api to v2.0.15
• 4f3af43 update dependency org.slf4j:slf4j-api to v2.0.16
• 93907bc update dependency org.springframework:spring-core to v5.3.39
• f891232 update dependency org.tukaani:xz to v1.10
• fd2290f update dependency org.wiremock:wiremock to v3.9.0
• a60d045 update dependency org.wiremock:wiremock to v3.9.1
• c1f1795 update dependency software.amazon.awssdk:s3 to v2.27.1
• ee94143 update docker/build-push-action digest to 16ebe77
• 85936e7 update docker/build-push-action digest to 5176d81
• e3087af update docker/build-push-action digest to 5cd11c3
• 39a638e update docker/login-action digest to 9780b0c
• 7faea4d update docker/setup-buildx-action digest to 988b5a0
• 5d4985b update docker/setup-buildx-action digest to aa33708
• dc9a0dc update docusaurus monorepo to v3.5.1
• 3b079c4 update exposed to v0.53.0
• 8853da4 update github/codeql-action digest to 29d86d2
• 5fdc763 update github/codeql-action digest to 2d79040
• 17ed779 update github/codeql-action digest to 429e197
• 942d706 update github/codeql-action digest to 5cf07d8
• b2ee73b update github/codeql-action digest to afb54ba
• eb64faa update github/codeql-action digest to eb055d7
• b0bddf9 update gradle/actions action to v4
• 1741aff update jetbrains/qodana-action action to v2024.1.9
• f9d3bd0 update kotlin monorepo to v2.0.10
• af4c8b1 update mavenresolver to v1.9.22
• 942539a update ossf/scorecard-action action to v2.4.0
• 691c31e update wagoid/commitlint-github-action digest to baa1b23

Documentation 📖

• 48bb017 README: Add a Repobeats contribution statistics image
• a98f22b README: Add a sentence aboout the governance model
• 2d8257c README: Reword the contribution section
• 742b393 bazel: Quote a file name in fluent text
• a7d5987 conan: Explain why a temporary file is required for inspect
• 1c0713d github: Add icons to the issue workflow
• b7ae659 reporter: Update the link to Ctrl-X Automation FOSS information
• f19c276 Add Volkswagen AG to the list of adopters

Refactorings 🚜

• 2c18272 bazel: Create an issue instead of throwing on no registry
• c2ff612 bazel: Map directly to a set
• 2274638 bazel: Nest an internal data class for better grouping
• 5dd19ff bazel: Simplify creating Bazel module registries
• 1cca35a bower: Also take the authors from the project package
• 1a00466 bower: Factor out getProjectPackageInfo()
• c8e47f2...

27.0.0

What's Changed

Breaking Changes 🛠

• 192736f refactor(model)!: Inline AdvisorRecord with AdvisorRun

Bug Fixes 🐞

• 89fe68d SpdxDocumentFile: Add created issues to the PackageReference
• c8eb52a SpdxDocumentFile: Ensure to collect issues from external doc refs
• d686957 cyclonedx: Avoid a NPE when clearing extensibleTypes
• 023dfb6 cyclonedx: Only set licenses at all if they are not empty
• b0b1f7c downloader: Support Git URLs with '.git' in domain
• fb1f601 gradle: Ignore dependencySources configurations during resolution
• 90226f2 sbt: Filter out garbage from sbt projects command

New Features 🎉

• 2d3847e analyzer: Add option to skip setup.py analysis of PIP dependencies
• 57911fe helper-cli: Add a command to show insights into scan issues
• b37ac5e helper-cli: Allow to omit the version when listing packages
• ed44b6a model: Add a constant for an empty AdvisorRun

Build 🐘 & CI ⚙️

• b3ae3d0 gradle: Add a "detektAll" convenience task
• 67c4807 gradle: Prepare for eventually using atlassian.io artifacts
• 82396bd github: Move Scorecard analysis to a separate workflow
• 113a44d github: Run OpenSSF Scorecard analysis
• d881059 renovate: Automatically pin GitHub action digests

Chores 🔧

• 3e2eb12 cocoapods: Add a bit fault tolerance for PODS / DEPENDENCIES
• 28c53b9 cocoapods: Fix-up an unnecessary mapNotNull
• dfb014d cocoapods: Generalize mapping IDs to packages
• f7ff51a conan: Replace a get() with an indexing operator
• 4aad014 cyclonedx: Remove an unneeded cast to Any
• 262d966 cyclonedx: Say for which file extension creation failed
• e93de8a pub: Improve function names

Dependency Updates 🚀

• 824cc38 pin dependencies
• 25f07db update dependency com.github.ajalt.mordant:mordant to v2.7.1
• 6229972 update dependency gradle to v8.9
• 0e47316 update dependency io.mockk:mockk to v1.13.12
• 639a454 update docker/build-push-action digest to 1ca370b
• 88084c1 update docker/build-push-action digest to a254f8c
• 2651da9 update github/codeql-action digest to 4fa2a79
• 0139c25 update gradle/actions digest to d9c87d4
• 0ac569e update graphqlplugin to v6.8.1
• 3f69531 update graphqlplugin to v6.8.2
• 144588e update graphqlplugin to v6.8.4

Documentation 📖

• f545e5e README: Add an OpenSSF Scorecard badge
• da70ac4 cyclonedx: Remove an obsolete TODO comment
• bdaf216 github: Ensure that all static analysis steps have names
• 1ae222a github: Explain what security-events: write is needed for
• 22cd864 pip: Correctly state the default Python version to analyze for
• efed39f pip: Refer to option constants instead of repeating their values

Refactorings 🚜

• 2df46c6 cocoapods: Decompose a MapEntry
• 7e776e3 cocoapods: Factor out YamlNode.toPod()
• 26c31cf cocoapods: Factor out parsePodspec()
• 7115b14 cocoapods: Move Podspec to a dedicated file
• 35e048f cocoapods: Move an orEmpty() a couple of lines upwards
• ebc4b63 cocoapods: Port the Podspec parsing to KxS
• d4f0b5a cocoapods: Port the lockfile parsing from Jackson to KxS
• 41c5bca cocoapods: Remove a minor code redundancy
• ed9ce11 cocoapods: Separate parsing the lockfile
• 8978ee4 cocoapods: Turn resolveDependencies() into an expression
• b3f6311 cocoapods: Use a data class for the source property
• 5d6827c cocoapods: Use a more speaking name for externalSources
• af02a8c conan: Extract the variable hashValue
• 3181191 conan: Inline a function
• 86d6ff7 conan: Port parsing package info from Jackson to KxS
• 802dfa8 conan: Port the remaining Jackson based code to KxS
• a942c7e conan: Remove a code redundancy
• 5dbe633 conan: Slightly simplify the code for obtaining the URL
• 5c6322a conan: Turn parseSourceArtifact() into an expression
• bbdbf10 conan: Use a data class for parsing the package infos
• d0ed6ca cyclonedx: Avoid exceptions to be swallowed
• 5503c68 cyclonedx: Continue with remaining formats even if one failed
• 229a76e cyclonedx: Extract generating the BOM string to a function

Tests ✅

• 2d9e67f SpdxDocumentFile: Add test for missing issues for external refs
• 9117279 SpdxDocumentFile: Use correct checksumValue for external document
• fe46f21 osv: Update expected results
• e4aa9e9 pub: Update expected results
• b590ad2 2f133e8 pub: Update expected results
• 1756495 python: Update expected results

26.0.0

What's Changed

Breaking Changes 🛠

• 43123ce refactor(ctrlx)!: Make all model classes internal

Bug Fixes 🐞

• 3f8f078 github: Do not use variables as part of attestation subject paths
• e8e80c2 github: Use correct syntax for environment variable expansion
• 72d9291 nuget: Parse namespaces for names that include versions correctly

New Features 🎉

• 799acd1 helper-cli: Allow listing only non-excluded packages

Build 🐘 & CI ⚙️

• dd4c197 ctrlx: Fix some project dependency issues

Dependency Updates 🚀

• bab1858 update dependency com.networknt:json-schema-validator to v1.5.0
• 51e5eb4 update jackson to v2.17.2
• 36f8c3b update mavenresolver to v1.9.21

Refactorings 🚜

• 6ad7675 spdx-utils: Move operator-relared code to a separate file

Tests ✅

• 3a37300 nuget: Use more fine-granular grouping of tests

25.1.0

What's Changed

Bug Fixes 🐞

• 767475e Bazel: Fix local registry modules path
• a6894a2 bazel: Always disable the disk cache
• 6aaa408 bazel: Always disable the wrapper script
• c4b1d66 github: Be explicit about artifact paths to attest for
• 4d49fc2 spdx: Avoid serializing the document into a string

New Features 🎉

• 7193af3 bundler: Add fallbacks for the description field
• 9bdeaaf bundler: Add the description -> summary fallback for gemspecs
• ae8b9b9 detekt-rules: Add a rule to enforce empty lines after blocks
• 4bb80bb dos: Allow to configure scan storage settings
• d2b5779 evaluator: Update the OSADL license compliance matrix
• e4e4859 stack: Derive the VCS path from the subdir in the cabal file

Build 🐘 & CI ⚙️

• 129ec48 go: Remove the unused tomlkt dependency
• 6e836b1 renovate: Only allow digit-versions of the Jira REST client
• de9dbc9 renovate: Remove Maven resolver related package rules

Chores 🔧

• dc12ef2 bazel: Consistently refer to lockfile as single word
• 0ddc883 bazel: Drop an unnecessary code comment
• fd6b3fb bazel: Simplify obtaining the Bazel version
• 74ab0cd bundler: Align Ruby helper scripts on to_yaml
• 7e49e1b bundler: Correct a few test / variable names
• 18c7ae4 bundler: Make Ruby helper scripts executable
• 5904433 bundler: Use the portable env shebang
• 70209af cyclonedx: Simplify BOM generation code
• 78fb986 model: Remove the unused XML mapper
• 62ba50f stack: Move a function to the top level
• 32f8d45 stack: Remove a misleading comment

Dependency Updates 🚀

• 8eff1ea docker: Upgrade ScanCode to version 32.2.1
• 146ab3b update dependency com.github.ajalt.mordant:mordant to v2.7.0
• b67dda9 update dependency net.sf.saxon:saxon-he to v12.5
• 01f347e update dependency org.jruby:jruby to v9.4.8.0
• 70f8de8 update dependency org.wiremock:wiremock to v3.8.0
• d332eba update jetbrains/qodana-action action to v2024.1.7
• 2c0dc49 update jetbrains/qodana-action action to v2024.1.8

Documentation 📖

• 61866be stack: Turn a code comment into a test

Refactorings 🚜

• 8ea4205 Gradle: Remove the kotlinxSerialization bundle
• 73b579c Gradle: Rename the tomltk dependency
• f1bc44b bazel: Align on the "to" prefix for several functions
• b6b7686 bazel: Avoid some toSet() calls
• 6e44eca bazel: Drop an explicit return type
• acdf397 bazel: Extract expandRepositoryUrl()
• ee1df8b bazel: Factor out parseBazelModule()
• 37f4aa5 bazel: Simplify expandRepositoryUrl() a bit
• dccd7f7 bazel: Simplify partitioning the dependencies
• 55ee953 bazel: Turn parseModuleGraph() into an expression function
• 0035d76 bazel: Use a more speaking name for node
• 9318b6d bazel: Use a shorter name for the graph data model
• 065e1ca bundler: Migrate from Jackson to KxS
• a8f6547 bundler: Refer to data from https://rubygems.org as "RubyGems"
• 1699c84 bundler: Rename the GemSpec class to GemInfo
• 51d0bec bundler: Simplify the description fallback logic
• 81af6f8 common: Remove a code redundancy
• dd09f54 cyclonedx: Remove the dependency on FileFormat
• e929d4d dos: Edit job query parameters
• eae8cbe dos: Edit scan results query parameters
• ed740e9 fossid: Make a constructor argument a non-member
• 2c3d0a8 git: Migrate from Jackson to KxS
• cb1a182 stack: Avoid copying the project package
• 5a9700f stack: Factor out getProject()
• 46a3d76 stack: Factor out toPackage()
• 34e7e95 stack: Generalize filtering out the "ghc" package
• 17ff138 stack: Inline a couple of variables
• 4a33f34 stack: Make toPackage() return a non-nullable package
• c0587e1 stack: Make use of isProject()
• f13733d stack: Migrate from Jackson to KxS
• f81750a stack: Move several function to the top level
• 1331ef7 stack: Move the model classes into a dedicated file
• b11d47c stack: Move two constants to the model
• be27bed stack: Move two functions to the class level
• 46ff1b8 stack: Re-order the constuctor arguments for VcsInfo
• f8fc96c stack: Remove code reduncancies in scope creation
• 28fe497 stack: Simplify toPackage() a bit
• 1e765df stack: Use buildMap and inline allDependencies
• 325c842 stack: Use a shorter name for the dependencies variables

Other Changes 💡

• fabe6c8 style: Add empty lines after multi-line blocks for readability

25.0.0

What's Changed

Breaking Changes 🛠

• 50c0512 refactor(Bazel)!: Rename the Bazel registry service

Bug Fixes 🐞

• 72c1a14 Bazel: Make the flags property of the lock file optional
• 5968180 Bazel: Support local registries
• 82c11ce analyzer: Re-align the version requirement for pnpm
• f77a29f dos: Correctly get error body strings

New Features 🎉

• 15defa6 clients: Add the Double Open Server (DOS) client
• 0629f3d github: Attest build provenance for releases
• ae0ca85 scanners: Add the DOS scanner wrapper plugin
• 2c8dd49 Add the package configuration provider for DOS

Build 🐘 & CI ⚙️

• 17a956c Gradle: Also check testFixtures with Detekt
• 94e2fb7 github: Create test summaries for workflow jobs

Chores 🔧

• a4ca0ee package-managers: Do not log all Gradle stderr output as warnings

Dependency Updates 🚀

• 5494c69 Gradle: Update the gradle-maven-publish-plugin to version 0.29.0
• f449b70 update dependency com.github.jmongard.git-semver-plugin to v0.12.10
• 126ea60 update dependency com.github.jmongard.git-semver-plugin to v0.12.9
• f995050 update dependency com.networknt:json-schema-validator to v1.4.2
• 35825dd update dependency com.networknt:json-schema-validator to v1.4.3
• 2d86b98 update dependency org.cyclonedx:cyclonedx-core-java to v9.0.4
• 60ab3b7 update dependency org.wiremock:wiremock to v3.7.0
• 5bcaf9b update exposed to v0.52.0
• 5886773 update kotlinxserialization to v1.7.1
• 6a26070 update ktor monorepo to v2.3.12

Documentation 📖

• 6fb9c25 chore: Reorder named arguments to match the function signature
• 9420a9f dos: Improve the wording of two log messages
• f9e7f72 dos: Link from the package configuration provider to the scanner
• ec2b3e9 fossid: Improve class docs

Refactorings 🚜

• ec73b97 fossid: Add a function to create ignore rules
• 0bcbbad fossid: Align filterLegacyRules with Kotlin standards
• f27de64 fossid: Change functions to return issues
• ea37669 fossid: Deduplicate a message
• d93fd02 fossid: Make a function argument immutable

Tests ✅

• 135615c fossid-webapp: Ensure to use unique IDs per stub mapping
• 940af6a osv: Update expected results

Other Changes 💡

• b11c32a style(dos): Unwrap a line that fits into one

24.0.0

What's Changed

Breaking Changes 🛠

• 9e6bf29 feat(model)!: Stop silently ignoring invalid declared license mappings
• a601dbe refactor(clients)!: Rename OSV classes according to ORT conventions
• 794befc refactor(clients)!: Rename a class to BazelModuleRegistryService

Bug Fixes 🐞

• 5e5296e Bundler: Enforce Ruby platform when fetching version data
• 9c7494f fossid-webapp: Generate ignore rules also for non-delta scans
• d42a87a scanner: Store only distinct results of package scanners

New Features 🎉

• c9351b3 spdx-utils: Introduce a toSpdxOrNull() utility extension function

Build 🐘 & CI ⚙️

• 631db0f Gradle: Use the new way to opt-in to build scan terms

Chores 🔧

• d477384 clearly-defined: Avoid a now redundant receiver-based let call
• 5d0a178 conan: Avoid deprecated section name

Dependency Updates 🚀

• 8d16697 update dependency com.opentable.components:otj-pg-embedded to v1.1.0
• 5618227 update dependency net.peanuuutz.tomlkt:tomlkt to v0.4.0
• 373d047 update dependency org.cyclonedx:cyclonedx-core-java to v9.0.3
• 980f5ea update dependency org.springframework:spring-core to v5.3.37
• 951bbc4 update docker/build-push-action action to v6
• 56c9c11 update maven to v3.9.8

Documentation 📖

• c021ca5 clients: Trivially improve BazelModuleRegistryClient class docs
• aa1a5a6 github: Clarify that console output is preferred over screenshots
• fc5389c spdx-utils: Duplicate mapping docs into the YML files for visibility
• bfa3112 spdx-utils: Improve function docs to use imperative mood
• fce6a94 spdx-utils: Refer to SpdxSimpleLicenseMapping in normalize()
• de7785c spdx-utils: Remove an obsolete SpdxSimpleLicenseMapping sentence

Refactorings 🚜

• 8d8480b ort-utils: Semantically separate mapping from processing licenses

Tests ✅

• 9b0a825 model: Use valid SPDX expressions in declared license mapping
• 40ca101 pub: Update expected results
• 2226fe1 Disable scanning for Kotest project config in third-party JARs

23.0.0

What's Changed

Breaking Changes 🛠

• 6f50cf5 refactor!: Move the WorkingTreeCache from the scanner to the downloader
• b2328c7 refactor(downloader)!: Make getDefaultBranchName() non-nullable

Bug Fixes 🐞

• 96fd771 conan: Fix supported version indication
• 8ebfe9a github: Do not cache-to Docker image builds from PRs

New Features 🎉

• 2e1399c scanner: Add branch name to FossID scan code

Chores 🔧

• afdd4fa docker: Update Pnpm to the latest version
• 28308a7 docker: Upgrade Conan to version 1.64.1
• dd81d17 model: Make also readValueOrNull() throw on multiple documents
• 64fccd8 model: Reject reading multiple YAML documents per file
• 503edee model: Remove the unused createMissingArchives scanner option
• 3a825fb model: Use named arguments for the tempfile() suffix

Dependency Updates 🚀

• 804892a update dependency com.github.jmongard.git-semver-plugin to v0.12.8
• 3b98c7d update dependency software.amazon.awssdk:s3 to v2.26.0
• 0da841f update jgit to v6.10.0.202406032230-r

Documentation 📖

• 6d1db78 github: Explain why there is no cache-to for the "minimal" image
• 4b093ed scanoss: Add a link to the API docs
• c1543d8 website: Clarify supported Conan version
• c7bd73e website: Remove superfluous subdirectory

Tests ✅

• 4d4714e model: Add readValueOrNull() tests for input with no content
• b2f0588 model: Clarify that "empty" means "zero size"
• 7953965 model: Verify the current readValue() behavior for empty files
• 2c14d9a node: Update Pnpm lockfiles to the latest lockfile format version
• e20d80f osv: Update expected results