51.0.0

What's Changed

🛠 Breaking Changes

• 730e480 feat(spdx)!: Revert renaming of SpdxDocumentFile to SpdxDocument

🐞 Bug Fixes

• 154cf90 schema: Fix schema for snippet choices
• 7243c75 spdx-utils: Fix performance issue in callers of and()

🚀 Dependency Updates

• f485966 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.8.1
• 6af84b1 update com.charleskorn.kaml:kaml to v0.71.0
• 650e8b6 update com.github.ajalt.clikt:clikt to v5.0.3
• c96f2e8 update docker/setup-buildx-action digest to f7ce87c
• aeb3a4b update github/codeql-action digest to 9e8d078
• 5ef526a update software.amazon.awssdk:s3 to v2.30.16

50.0.0

What's Changed

🛠 Breaking Changes

• 48b638f refactor(utils)!: Rename FileMatcher.matches to matches

🐞 Bug Fixes

• 55798c3 AnalyzerResultBuilderTest: Do not index graphs by project type
• af35e43 pnpm: Fix parsing of JSON output for nested projects
• d9ec5d8 web-app-template: Auto-fix minor linter issues
• cade929 web-app-template: Correct pagination in various tables
• 264995d web-app-template: Display id property for vulnerability resolutions
• 631ca81 web-app-template: Enhance issue severity filtering
• 04b9a04 web-app-template: Enhance rule severity icons
• 281c269 web-app-template: Enhance vulnerability severity filtering
• 8b4ed97 web-app-template: Fix issue severity filtering
• 1df67af web-app-template: Fix webAppRuleViolation.package.id typeError
• 1ece908 web-app-template: Reduce unnecessary render recomputations

🎉 New Features

• abe81f8 ctrlx-reporter: Allow license filtering based on classifications
• d96b46e fossid-webapp: Support FossID 2024.2
• 153ae3c web-app-template: Add score and vector to VulnerabilityReference
• 4a21385 web-app-template: Add helper function to WebAppVulnerability
• c52a2d0 web-app-template: Display vulnerability references

✅ Tests

• d38880f ctrlx-reporter: Improve the functional test
• fe56fb4 pnpm: Add a funTest for a project with a nested subproject
• 26381f0 python: Update expected results

🐘 Build & ⚙️ CI

• f18be69 gradle: Fix excluding generated code for Detekt on Windows

📖 Documentation

• 1c9f09d model: Add a missing "the" in withResolvedScopes() docs
• ad803a0 utils: Fix a reference to a static function
• c738de9 utils: Remove a broken KDoc reference

🔧 Chores

• b759371 commands: Remove obsolete service loader files
• 4594429 plugins: Always set a default value for plugin descriptors
• b81fd97 web-app-template: Improve CSS comment for clarity

🚀 Dependency Updates

• 81ddd72 update com.charleskorn.kaml:kaml to v0.70.0
• c5ba909 update com.github.jmongard.git-semver-plugin to v0.15.0
• c7277ab update com.google.code.gson:gson to v2.12.1
• 87562f2 update com.icegreen:greenmail to v2.1.3
• b876f06 update com.scanoss:scanoss to v0.9.0
• 8a3812c update exposed to v0.59.0
• 5536c8a update gradle/actions digest to 94baf22
• fd8adfb update kotlin monorepo to v2.1.10
• 57546c9 update org.graalvm.buildtools:native-gradle-plugin to v0.10.5
• 79332d6 update org.metaeffekt.core:ae-security to v0.135.2
• 50435a4 update org.wiremock:wiremock to v3.11.0

🚜 Refactorings

• 7681705 common-utils: Remove "Command" suffix from displayName()

💡 Other Changes

• f7723e6 style(web-app-template): Align error color

49.0.0

What's Changed

🛠 Breaking Changes

• 397fecc chore(model)!: Remove the possibility to return qualified scope names

🐞 Bug Fixes

• 2d5e526 Git: Work around a bug with JGit vs MINA
• 5629cd5 black-duck: Properly parse vector and scoring system from CVSS2
• e7f7669 black-duck: Remove duplicate URIs in references

🎉 New Features

• 330ce58 Provenance: Add a RemoteProvenance sub-interface
• d8a4050 black-duck: Make the log output show how the origin is determined

✅ Tests

• a7a251c black-duck: Add a test which shows that links lack deduplication
• fab515f black-duck: Make the test cover the cocoapods purl type
• 235dd05 black-duck: Rename a variable for consistency
• 123ffbc black-duck: Test parsing a vulnerability with CVSS 2 only
• 3df50fa black-duck: Test vulnerability parsing from a CVSS 2

📖 Documentation

• b71d16f Composer: Improve the comment about filtering vendored dependencies
• be43390 black-duck: Add a dot to the end of a sentence
• 89e2bed black-duck: Fix-up a TODO comment
• fb07211 examples: Illustrate how to set the Black Duck origin-id
• b7410dc schema: Fix package manager configurations schema title
• 889577b schema: Fix the JSON schema for the repository configuration
• 7cf4e47 schema: Use reference to fixed analyzer configuration schema

🔧 Chores

• e3600d4 black-duck: Remove an unnecessary override

🚀 Dependency Updates

• 496bb8d docker: Update Swift to version 6.0.3
• c15996b Update the KSP plugin to v2.1.10-1.0.29
• c5b0b5b update actions/setup-java digest to 3a4f6e1
• 9fde78b update actions/setup-node digest to 1d0ff46
• 2113092 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.8.0
• df546a3 update com.blackduck.integration:blackduck-common to v67.0.4
• f73d63d update com.charleskorn.kaml:kaml to v0.67.1
• 53792fb update com.google.code.gson:gson to v2.12.0
• d01921b update github/codeql-action digest to 17a820b
• 18396a0 update github/codeql-action digest to 6e54559
• 2e0a300 update github/codeql-action digest to dd74661
• 95db685 update org.jetbrains.gradle.plugin.idea-ext to v1.1.10
• 3112d9d update org.jruby:jruby to v9.4.11.0
• 87dd873 update org.metaeffekt.core:ae-security to v0.135.1

🚜 Refactorings

• 19770cc black-duck: Move two variables out of a block
• 71d4614 model: Remove the convenience qualifyScope() overload

💡 Other Changes

• 7381fe4 style(black-duck): Use a shorter name for cvssVector
• 20f1749 style: Prefer the infix version of shouldBe{Success,Failure}()
• 253dfba style: Trivially trim trailing spaces from log messages

48.0.0

What's Changed

🛠 Breaking Changes

• dbb65bf fix(PackageManager)!: Use the projectType also when resolution failed
• 852e377 refactor(analyzer)!: Change when {before,after}Resolution() are called
• 403d1bc refactor(web-app-template)!: Use React state handling

🐞 Bug Fixes

• 7c63104 OrtModelBuilder: Add an OrtDependency cache
• b56820b package-managers: Properly close MavenSupport's disk cache
• 59562ef pub: Use the projectType for project references
• 817278b web-app: Change the range in file size check
• 2311698 web-app-template: Add prop function to WebAppRuleViolation
• ef61629 web-app-template: Fix effective stats in models
• 66ba969 web-app-template: Improve vulnerability icons
• 3106879 web-app-template: Show source of an issue

🎉 New Features

• ae2ae6e black-duck: Add a mechanism to query vulnerabilities by origin-id
• 72662ff black-duck: Support external IDs using the "conan" namespace
• b040129 black-duck: Support external IDs using the "long_tail" namespace
• 78ac845 node: Keep created node_modules directories until after resolution
• ff6306e package-managers: Use isolated disk caches for Gradle and Maven
• 33b7a4f spdx: Add file level information to SPDX projects
• e350ab2 web-app-template: Add helper function to WebAppPackage
• 15a7b8b web-app-template: Add helper functions to WebAppOrtIssue
• 418d0a0 web-app-template: Add helper functions to WebAppOrtResult
• 34fe1a7 web-app-template: Enable filtering of findings
• 584ae6e web-app-template: Show effective licenses in Summary

✅ Tests

• d6334b3 black-duck: Fix-up a package identifier
• f327a17 black-duck: Fix-up the alphabetical ordering of properties
• 9eeb644 black-duck: Make a test name more specific
• 0da05f5 pub: Update expected results

📖 Documentation

• 1df21b7 AbstractDependencyNavigatorTest: Trivially add a dash to a test name
• 38c16c9 MavenFunTest: Improve a comment to use passive voice
• 79d089f Yarn2: Remove a comment that does not add value
• d900f44 node: Remove outdated comments
• 68bc2e6 website: Remove the note about Bazel support being experimental

🔧 Chores

• cb82c6a DependencyGraphNavigator: Make clear that managers are names here
• 0ca7c39 DiskCache: Use the more modern java.time API
• aae654b TestUtils: Prefer also over let if the return value is not used
• a68769f black-duck: Align on 'origin-id' in log output
• 84660eb black-duck: Use Identifier.toCoordinates() for log output
• 449e89c github: Use ubuntu-24.04 for Linkspector
• e77fadf package-managers: Name the MavenSupport variable consistently
• 0868bb4 pub: Avoid some toList() conversions
• 955155a pub: Improve the check for package info
• 19159af web-app-template: Add code repo link in About Modal
• e99d818 web-app-template: Clean up WebAppTreeNode
• 0797e9c web-app-template: Remove unused Redux code
• 527fada web-app-template: Rename webAppPath variable
• 191fa23 yarn: Make createPackage() code a bit more readable
• 90ec14e yarn: Prefer also over let if the return value is not used
• fd2fd98 yarn: Remove / replace remaining NPM references
• 64b58c5 yarn: Remove a superfluous toSet() conversion
• 9101dd1 yarn: Use existing scope name constants

🚀 Dependency Updates

• 80aa6e0 web-app-template: Remove unused dev dependencies
• fd20468 web-app-template: Update versions of dependencies
• c13c2f6 update codecov/codecov-action digest to 0da7aa6
• 8193c23 update codecov/codecov-action digest to 13ce06b
• aaca056 update com.scanoss:scanoss to v0.8.2
• debbb73 update dependency gradle to v8.12.1
• ad34316 update docker/build-push-action digest to ca877d9
• e3b5c3d update github/codeql-action digest to ee117c9
• 04a2aa4 update github/codeql-action digest to f6091c0
• fec3fe9 update org.metaeffekt.core:ae-security to v0.135.0

🚜 Refactorings

• ce8bf94 web-app-template: Clean up main CSS file
• 128daeb yarn: Extract an isProject variable for reuse

💡 Other Changes

• f8f2b3c style(AnalyzerResultBuilder): Make an apply call a one-liner
• 3eb2b4a style(node): Remove one level of nesting from tests
• 06d231c style(web-app-template): Add new circuit background

47.0.0

Actions Required

• Update package configurations that refer to SPDX projects to use "SpdxDocument" instead of "SpdxDocumentFile" as the identifier's type.

What's Changed

🛠 Breaking Changes

• 01f1930 fix(package-managers)!: Use projectType as the ID type for projects

🐞 Bug Fixes

• 7154214 downloader: Do not even try empty source code origins
• 7c71782 downloader: Improve the output of error messages
• 025c751 downloader: Support project URLs with query parameters
• 5ffb576 go: Use "GoMod" as the project type
• 66b5b15 node: Properly use the projectType to create projects
• 255d294 package-managers: Do not set the package type to the manager name
• ae58bb8 vcs: Consider VCS configurations in cache lookup

🎉 New Features

• c9f51e9 AnalyzerCommand: Sort output of found definition files
• 6547d1f analyzer: Also fail early if managers for the same type are enabled
• b230f26 detekt-rules: Add autoCorrect for OrtImportOrder rule
• 9b57816 node: Add the project type to the Node package manager type
• c737701 scanner: Add flag to scanner to detect unlicensed files
• 34444c3 test-utils: Support regex patterns in patchExpectedResult()
• 170a3b8 Upgrade Poetry to 2.x series

✅ Tests

• bc4d972 model: Factor out fromJson()
• 7d817f8 model: Factor out toJson()
• da07e1e opossum: Rewrite reporter-test-output.json
• 4bfd33f osv: Make the test for getting vulnerability IDs less flaky
• b9fd340 osv: Make the test which queries by commit less flaky
• 718d762 osv: Make the test which queries by name and version less flaky
• dcd71a5 osv: Rename patchFields()
• bf9de57 osv: Rename a constant for consistency
• 7552dd4 osv: Update expected results
• 16ca9a4 osv: Use WordSpec in the functional test
• 3f56118 pub: Update expected results

🐘 Build & ⚙️ CI

• 5ab6a92 gradle: Make detektAll only run tasks with type resolution

📖 Documentation

• d8ebd62 PackageCurationData: Fix the docs for apply()
• 78edc76 development: Add documentation about Detekt's auto-correct feature
• ecb1186 downloader: Improve the --vcs-path CLI help
• e510c6f website: Also mention the "detektAll" task in the table
• 9e4b989 website: Mention the "detektAll" task instead of individual ones

🔧 Chores

• 46479e5 DependencyGraphNavigator: Avoid relying on manager name prefixes
• 19a2074 OpossumReporterFunTest: Extract a variable to ease debugging
• ec73f3f SpdxLicenseTest: Use Kotest's dedicated resource matcher
• ac2fef5 docker: Upgrade Composer to version 2.8.4
• 55ae851 docker: Upgrade Conan to the latest 1.x version
• a22a7e0 docker: Upgrade Go to version 1.23.5
• cb49aeb docker: Upgrade Licensee to version 9.18.0
• 3c4de5d docker: Upgrade pip to version 24.3.1
• d26dd73 docker: Upgrade pnpm to version 9.15.4
• 4f4b7c4 Capitalize hard-coded issue sources
• c2f1546 Prefer the more fluent infix variant of shouldNotBeNull

🚀 Dependency Updates

• 42d48aa docker: Upgrade ScanCode to version 32.3.2
• 353de0d spdx: Update the license list to version 3.26
• 43f5982 update actions/attest-build-provenance digest to 520d128
• b6560a6 update codecov/codecov-action digest to 5a605bd
• 1d9c9c8 update com.github.ben-manes.versions to v0.52.0
• 1fd0a2d update com.scanoss:scanoss to v0.8.1
• cac29ae update github/codeql-action digest to d68b2d4
• 0d1d615 update github/codeql-action digest to dd196fa
• ceaa7da update org.jruby:jruby to v9.4.10.0
• 7a00318 update org.semver4j:semver4j to v5.6.0
• c504d62 update org.springframework:spring-core to v6.2.2
• 7f8d3d3 update software.amazon.awssdk:s3 to v2.30.1
• 5648515 update software.amazon.awssdk:s3 to v2.30.2
• 92df4f8 update umbrelladocs/action-linkspector digest to de84085

🚜 Refactorings

• 0c454e7 docker: Rename PIPTOOL_VERSION to PIP_VERSION
• 7b21289 node: Introduce an abstract base class for common code
• 71f3467 node: Move parseProject() to NodePackageManager
• 16558a3 node: Rename non-NPM-specific files
• bc3a1b8 scanner: Inline the TOOL_NAME constant

46.0.0

What's Changed

🛠 Breaking Changes

• 4363881 chore(common-utils)!: Remove zipWithCollection() for collections
• e37bf19 chore(common-utils)!: Remove zipWithDefault()
• 716e3b8 feat(fossid)!: Remove support for custom naming variables
• 87b4c04 refactor(commands)!: Migrate VCS plugins to new plugin API
• 5e0f716 refactor(common-utils)!: Rename zipWithCollection() for sets
• 3f2bf92 refactor(common-utils)!: Simplify the semantics of zip() for maps
• 3ea4ec5 refactor(fossid)!: Define URL mappings in a single option
• 43c6e36 refactor(fossid)!: Rename projectName to repositoryName
• e98c703 refactor(fossid)!: Replace namingProjectPattern with projectName
• fa6e2be refactor(vcs)!: Directly store the VCS type as a VcsType

🐞 Bug Fixes

• f57751d VersionControlSystem: Also take configs for forDirectory()
• 0030739 cargo: Add lockfile version 4 to allow-list
• 3498798 common-utils: Make zip work as expected for sorted maps
• f827885 model: Make withPackageManagerOption() case-insensitive
• fdc2be7 python: Use the correct projectType for Pipenv and Poetry
• 7900f0f Correctly mark VersionControlSystem plugins as not configurable yet
• 482ffc8 Remove VersionControlSystemConfiguration

🎉 New Features

• 7c84264 PluginManager: Allow to create plugins with default configuration
• bb301a1 cargo: Handle virtual workspaces
• a5abd0a fossid: Add projectName as a built-in variable
• 6243b60 model: Allow duplicate PackageManagerConfigurations and merge them
• e50fcce vcs: Add Git-specific configuration options for submodule handling

✅ Tests

• c212fc0 VersionControlSystemTest: Remove tests for isAvailable()
• 6bd50bc dfd0292 7241bd8 05ae5d4 8f8de6a 05d94a6 ba0e4ed osv: Update expected results

📖 Documentation

• 373f997 OrtPlugin: Be more specific about the plugin ID derivation logic
• 9d1a14d README: Update the installation from binaries section
• a7238a1 VersionControlSystemFactory: Rewrap comments for compactness
• b85af8b black-duck: Add a missing "the"
• 84e29b1 fossid: Fix issues in FossIdNamingProvider docs
• 7d79190 fossid: Improve docs of normalizeBranchName
• f032c13 fossid: Improve docs of the built-in branch naming variable
• bb610d0 npm: Document the ModuleInfo class
• e8c0b8b sbt: Move a comment before the correct line
• 35b668c website: Fix color for links in banner
• 749d6ff website: Use <Link> instead of <a>
• 1d9f415 Add a missing whitespace to all "BlackDuck" occurences
• c40a759 Extend the Copyright year to 2025 in Markdown files

🔧 Chores

• e9daee1 AnalyzerConfigurationTest: Improve test names
• 355b657 AnalyzerConfigurationTest: Start with the simpler test
• d3901da BlackDuck: Remove the default value of the plugin id
• e86c8be BlackDuck: The display name should spell "Back Duck" with space
• a032f27 EvaluatedModelReporter: Remove unused properties
• ccd0dac Git: Import JGit's Git as JGit for clarity
• d2e2732 NpmDependencyHandler: Make a non-null assumption explicit
• 5238f3e PnpmDependencyHandler: Make use of Dependency.workingDir
• ce80152 YarnDependencyHandler: Rename a variable for clarity
• 1b316ee fossid: Improve error message for too long scan code
• c9de4c6 gradle-inspector: Rename the handler's constructor parameter
• 6cb7dd8 model: Rename other merge parameters
• 842d3c9 node: Introduce a typealias for getting package details
• 402d2ee node: Make use of the definition file constant
• 9ea70d9 node: Remove the workingDir parameter for getting package info
• 95a192f node: Rename the typealias to get package details
• ab91b6a package-curation-providers: Align the display names
• 9aca6b0 version-control-systems: Omit null default arguments
• eb7b571 Do not silently map unparsable booleans to false
• 22a13c8 Do not silently map unparsable booleans to true
• 1858cb7 Prefer the char-version of split() for single chars
• 85defa3 Prefer the infix version of shouldBeInstanceOf where possible
• ec69780 Remove unneeded default java.lang imports

🚀 Dependency Updates

• a7078fe docker: Upgrade Rust to the latest version 1.84
• 5033ab1 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.7.0
• 768060d update com.github.jmongard.git-semver-plugin to v0.14.0
• f7ecd6e update com.networknt:json-schema-validator to v1.5.5
• 5cd9a00 update docker/build-push-action digest to 67a2d40
• 75cf08a update docker/build-push-action digest to b32b51a
• e20304b update exposed to v0.58.0
• ab0161e update github/codeql-action digest to b6a472f
• 1b63f86 update org.jetbrains.kotlinx:kotlinx-html-jvm to v0.12.0
• f373751 update org.metaeffekt.core:ae-security to v0.134.0
• 2eaaaa1 update org.postgresql:postgresql to v42.7.5
• 10583c3 update wagoid/commitlint-github-action digest to b948419

🚜 Refactorings

• 5d8fb72 AnalyzerConfigurationTest: Inline expected result variables
• a967f9d NpmDependencyHandler: Inline the only use of readPackageJson
• 5c67bcd fossid: Add namingScanPattern to FossIdConfig
• 35095c4 fossid: Extract a regular expression to a constant
• 1a9be88 fossid: Extract logic to build default naming pattern
• c21cb64 fossid: Inline scan code generation functions
• 29ef411 fossid: Make convertGitUrlToProjectName internal
• a1b8c3a fossid: Remove #branch inside of normalizeBranchName
• 2931b4c fossid: Rename a function for clarity
• 9859afc gradle: Make handlers take the projectType explicitly
• 226d277 node: Only pass required information to dependency handlers
• 61a3a06 scancode: Always add all built-in variables
• fcced14 vcs: Decouple the base class from CommandLineTool
• debbc8d vcs: Make VCS plugins configurable

💡 Other Changes

• 0f6dad4 style(version-control-systems): Define factory classes at the top

45.0.0

What's Changed

🛠 Breaking Changes

• f9c7220 refactor(model)!: Simplify the CuratedPackage and its creation

🐞 Bug Fixes

• 59702b2 evaluator: Add remaining configuration files to console output
• c57a94c model: Apply author to copyright mapping also for concluded licenses
• 958c08c scancode: Ensure to find license texts in the Docker image
• d03afe6 website: Move a link out of the tagline variable

🎉 New Features

• ef95789 ReporterCommand: Use console colors for the result summary
• 8c2d67a advisor: Add BlackDuck as security vulnerability provider
• f0dd53a cocoapods: Add custom error message
• 98ee1ee cocoapods: Add support for Podspecs from external sources
• de04788 cocoapods: Support tag and branch names in checkout options
• d3ee492 helper-cli: Extend the PackageList by labels
• 79f7805 model: Add the property Package.labels
• 9465fba model: Allow setting package labels via curations

✅ Tests

• a83e03e model: Make use of Package.EMPTY to make the code more compact
• 0e4eb80 model: Verify that authors are added to concluded license
• 6b4e302 7a49056 60edfdf osv: Update expected results
• 17fd3c3 18031e3 90cd058 bf65b8c osv: Update expected results
• bbbb900 17bb877 pub: Update expected results
• e70f36a python: Update expected results

🐘 Build & ⚙️ CI

• c7d899a notifier: Make the Jakarta REST API dependency a constraint

📖 Documentation

• ca43fab cocoapods: Document all Lockfile-related properties
• 31c718a examples: Add a curation which sets a package label
• ab0256c model: Illustrate how to configure the BlackDuck advisor
• 1ca8d2a model: Trivially end comment sentences with dots
• e1a32cc website: Add a curation which sets a package label
• e7b8a3a website: Add a section for the new BlackDuck advisor
• 85fc02f website: Further fix-up the configuration entries
• 547c295 website: Link to the server and make clear these are CLI tools
• 1d6fcf5 website: Re-align the advisor configuration examples
• 11fbb12 website: Sort the advisor sections alphabetically
• c07420d Clarify that repo config is specific to a "distribution"

🔧 Chores

• 666120a GradleDependencyHandler: Use a more specific variable name
• 79ef703 SpdxResolvedDocument: Use a more specific variable name
• ba1d093 bundler: Use StringFormat's decodeFromString
• 6c7b108 cargo: Be explicit about the defintion file to query metadata for
• 37ec0b1 cargo: Give a variable a more fitting name
• b74e81c cocoapods: Remove the workingDir parameter from getPodspec()
• 2663df0 cocoapods: Reorder Lockfile properties to match file order
• dbc5d4f cocoapods: Simplify error handling in getPodspec()
• 5aef26b gradle: Drop a trailing slash for consistency
• 35dde45 model: Rename package curation apply variables for clarity
• d5ccb50 model: Serialize OrtResult.labels in alphabetical order

🚀 Dependency Updates

• 8ebd8c0 docker: Upgrade Node.js to the latest LTS version 22.13.0
• 1ffe4df docker: Upgrade Yarn 1 to the latest version 1.22.22
• 4227d86 docker: Upgrade to the latest ScanCode patch version 32.3.1
• 8527570 web-app-template: Sync the Node / Yarn versions with Docker
• f0b825b update ch.qos.logback:logback-classic to v1.5.14
• 96139ed update ch.qos.logback:logback-classic to v1.5.15
• 2ad4db4 update ch.qos.logback:logback-classic to v1.5.16
• 8b3ff75 update com.charleskorn.kaml:kaml to v0.67.0
• af19524 update dependency gradle to v8.12
• fa99144 update docusaurus monorepo to v3.7.0
• 3523d00 update github/codeql-action digest to 48ab28a
• c3e6c58 update io.mockk:mockk to v1.13.14
• 9370d95 update jetbrains/qodana-action action to v2024.3.4
• f70acdc update ks3 to v1
• 227ca61 update org.cyclonedx:cyclonedx-core-java to v10.1.0
• 7c8d867 update org.freemarker:freemarker to v2.3.34
• f9c4d3e update org.jetbrains.kotlinx:kotlinx-coroutines-core to v1.10.0
• 4cf87b5 update org.jetbrains.kotlinx:kotlinx-coroutines-core to v1.10.1
• 77b0526 update org.jetbrains.kotlinx:kotlinx-serialization-core to v1.8.0
• 1558a59 update org.metaeffekt.core:ae-security to v0.133.0
• fedb94b update org.semver4j:semver4j to v5.5.0
• 2df03a1 update software.amazon.awssdk:s3 to v2.29.39
• d665978 update software.amazon.awssdk:s3 to v2.29.43
• 9b481ba update software.amazon.awssdk:s3 to v2.29.45

🚜 Refactorings

• 4a31d54 MavenDependencyHandler: Make support internal
• dab7a88 cocoapods: Correct the type of a Pod's direct dependencies
• 31153a7 cocoapods: Migrate to the dependency graph API
• 8174eb6 cocoapods: Simplify caching of Podspecs
• 40c9d15 maven: Inline an identifier() extension function
• 7d65f74 maven: Split the handler's managerName property into two
• cbeabfc maven: Use regular AnalyzerConfiguration to set sbtMode
• 4cae987 model: Turn `getDeclaredLicenseMapping()´ into an extension
• 14b2d68 reporter: Extract function for resolving copyrights

44.0.0

What's Changed

🛠 Breaking Changes

• 4872713 feat(cyclonedx)!: Change default format to JSON

🐞 Bug Fixes

• 4b1fb5d aosd: Lookup node linkage breadth-first
• 6121e99 aosd: Only set the selectedLicense if it actually selects something
• 62cdb88 aosd: Populate the selectedLicense unless it offers a choice
• 3cb5f2b bazel: Correctly get the Buildozer version
• 81f58ea npm: Collect issues when listing the packages instead of failing
• 3c62407 reporter: Only write major / minor SPDX license list version info
• 806363a scripts: Use the default image root when running Docker
• a72d6b3 spdx-utils: Fix offersChoice() for equal OR-operands

🎉 New Features

• 804a505 aosd: Sort output by componentName for easier comparison
• a100dcb aosd: Trim trailing whitespace from license texts
• 69a15f4 cyclonedx: Change the default schema version to 1.6
• 8965839 spdx-utils: Make simplify() remove redundant choices

✅ Tests

• d2ba8e4 common-utils: Test EnvironmentVariableFilter with empty deny list
• 1dd2237 oss-index: Change some constants to use packages instead of ids
• 8bc47a4 oss-index: Use coordinates as keys
• 33f3470 osv: Move identifierToPackage() to test-utils
• 58dfc82 osv: Operate on coordinates keys instead of Packages
• 256bc5c e7f4ada pub: Update expected results
• acf9415 spdx-utils: Add a test for simplifying OR-operands
• 419f36e spdx-utils: Compare strings to not rely on semantic equality
• 60b6c4c spdx-utils: Increase a test timeout a bit
• 5d534ad spdx-utils: Simplify comparing a string representation

🐘 Build & ⚙️ CI

• 08b79a0 gradle: Remove an unneeded artifact version filter
• 9ccb771 renovate: Shorten the commit message for Gradle dependencies

📖 Documentation

• 83a9a58 analyzer: Improve PackageManager class documentation
• 7c12d92 bower: Clarify a misleading TODO regardig source artifacts
• c208a15 spdx-utils: Add comments about the validChoices() algorithm

🔧 Chores

• 6b68dd8 aosd: Rename a few variables to singular
• 0753d33 common-utils: Uniformly use lists in EnvironmentVariableFilterTest
• 7b412ef fossid: Add affected path for unmappable licenses
• 8ecb98f model: Allow setting the affected path of an issue
• b2e6c3d model: Return early from collectDependencies()
• ab90bf9 npm: Group lines about missing and invalid packages
• 8ad3a00 npm: Ignore the log file error message of NPM stderr output
• 03d9166 opossum: Prefer add functions when building collections
• 8c65925 scancode: Print JSON raw results non-pretty
• fce2829 Align on constructing URIs without create()

🚀 Dependency Updates

• 5dcde82 Upgrade the JIRA REST client to version 6.0.1
• 6c83409 update actions/setup-java digest to 7a6d8a8
• 12b4e3c update ch.qos.logback:logback-classic to v1.5.13
• cba5464 update codecov/codecov-action digest to 1e68e06
• 56179d5 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.6.1
• 6db8eae update dependency prism-react-renderer to v2.4.1
• 72eca7e update docker/setup-buildx-action digest to 6524bf6
• f3c9a4f update gradle/actions digest to 0bdd871
• 44cbdcc update jetbrains/qodana-action action to v2024.3.3
• 5771756 update log4j2 monorepo to v2.24.3
• 7675665 update software.amazon.awssdk:s3 to v2.29.34
• c259ffb update wagoid/commitlint-github-action digest to 0184f5a

🚜 Refactorings

• efb0711 model: Extract effectiveLicense() code for later reuse
• 1c5cff8 npm: Rename installIssues to allow other issue types

43.0.2

What's Changed

🐞 Bug Fixes

• a9ce535 composer: Restore any modified files after analysis
• 1d0805f cyclonedx: Avoid a StackOverflowError due to dependency cycles
• 64f323b evaluator: Use invariant paths in ProjectSourceRule
• 23c9bb0 Use limited parallelism to prevent thread starvation

✅ Tests

• 958f871 node: Fix running NpmDetectionTest on Windows
• 7e51acc node: Fix running Yarn2Test on Windows

🐘 Build & ⚙️ CI

• 7abe559 gradle: Fix running OrtConfigurationTest on Windows
• ac6b3ae github: Run unit tests on Windows

📖 Documentation

• 69ace3b bower: Trivially add a comment to the model
• dd7a5ee common-utils: Improve FileMatcher class documentation

🔧 Chores

• 709053a common-utils: Only decide once which match() to call
• 50aa02b common-utils: Move FileMatcher's constructor
• fc5986b common-utils: Simplify a condition in FileMatcher
• 32ab460 common-utils: Simplify a function in FileMatcher
• 94ba630 evaluator: Prefer asList() to convert vararg
• ee6016c node: Move a function out of Yarn2Test
• 7b93abf node: Reduce indentation in Yarn2Test

🚀 Dependency Updates

• ae6e660 update dependency org.springframework:spring-core to v6.2.1
• d02f662 update github/codeql-action digest to df409f7

🚜 Refactorings

• fe2776e bower: Migrate to the dependency graph API
• 8516d2a Replace some remaining custom ProcessCapture calls

43.0.1

What's Changed

🐞 Bug Fixes

• aef875e composer: Always allow to create lockfiles
• 750141b composer: Ensure to not block for user input
• 29a6384 helper-cli: Add a default value for Dependency.purl
• a450c04 spdx: Use a single space after the person prefix for the supplier

✅ Tests

• 28bd90f common-utils: Verify stashed directories to be restored on exception
• 17df817 pub: Update expected results
• 015d6ac python: Update expected results

🐘 Build & ⚙️ CI

• e652a76 github: Switch to Linkspector for checking Markdown links

📖 Documentation

• 2231dbb ADOPTERS: Update the link to the EPAM Open Source page
• bc36c14 Adopters: Add HELLA Aglaia
• e39d798 composer: Add a comment about what mapDefinitionFiles() does

🔧 Chores

• 40ea8dd composer: Also run with "--no-audit" to save some time

🚀 Dependency Updates

• 04cd958 update dependency org.cyclonedx:cyclonedx-core-java to v10
• b91dbf2 update dependency org.metaeffekt.core:ae-security to v0.132.0
• 41adff3 update github/codeql-action digest to babb554
• 98c9248 update jetbrains/qodana-action action to v2024.3.2

🚜 Refactorings

• a88a0f3 package-managers: Prefer composition for CommandLineTools
• d88c122 version-control-systems: Reduce visibility of CommandLineTools