51.1.0

What's Changed

🎉 New Features

• 0797f37 Dockerfile: Install the rng-tools5 package
• 5956a45 model: Match the type case insensitively in package configurations

✅ Tests

• 038961f model: Add two tests for a recently fixed performance issue
• 8ba5d1d model: Avoid unnecessary temporary list creations
• c28f005 model: Move SimpleLicenseInfoProvider to TestUtils
• 7c8d3ec model: Move a function to the top level for consistency
• f75a87d model: Remove an init block to reduce the level of nesting
• 56f3034 model: Turn createResolvedLicenseInfo() into a constant

🐘 Build & ⚙️ CI

• cd855be Upgrade to Gradle 8.13 RC1

📖 Documentation

• 69ae168 github: Adjust issue templates to issue types
• 9c32fea model: Fix-up a comment
• eba69a9 model: Remove a duplicate comment
• 4391f15 spdx-utils: Document a couple of recently introduced functions

🔧 Chores

• 48b9cfc reporter: Show the total time only after per-file results

🚀 Dependency Updates

• 4a87084 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.8.2
• d7cb050 update com.charleskorn.kaml:kaml to v0.72.0
• b6c8262 update org.jruby:jruby to v9.4.12.0
• b80d751 update org.metaeffekt.core:ae-security to v0.135.3
• 4c9d11c update org.metaeffekt.core:ae-security to v0.135.4
• 6b5b865 update org.wiremock:wiremock to v3.12.0

💡 Other Changes

• 594e39b Revert "fix(Git): Work around a bug with JGit vs MINA"

51.0.0

Actions Required

• The renaming of "SpdxDocumentFile" to "SpdxDocument" from release 47.0.0 was reverted, so package configurations that refer to SPDX projects have to use "SpdxDocumentFile" instead of "SpdxDocument" as the identifier's type again.

What's Changed

🛠 Breaking Changes

• 730e480 feat(spdx)!: Revert renaming of SpdxDocumentFile to SpdxDocument

🐞 Bug Fixes

• 154cf90 schema: Fix schema for snippet choices
• 7243c75 spdx-utils: Fix performance issue in callers of and()

🚀 Dependency Updates

• f485966 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.8.1
• 6af84b1 update com.charleskorn.kaml:kaml to v0.71.0
• 650e8b6 update com.github.ajalt.clikt:clikt to v5.0.3
• c96f2e8 update docker/setup-buildx-action digest to f7ce87c
• aeb3a4b update github/codeql-action digest to 9e8d078
• 5ef526a update software.amazon.awssdk:s3 to v2.30.16

50.0.0

What's Changed

🛠 Breaking Changes

• 48b638f refactor(utils)!: Rename FileMatcher.matches to matches

🐞 Bug Fixes

• 55798c3 AnalyzerResultBuilderTest: Do not index graphs by project type
• af35e43 pnpm: Fix parsing of JSON output for nested projects
• d9ec5d8 web-app-template: Auto-fix minor linter issues
• cade929 web-app-template: Correct pagination in various tables
• 264995d web-app-template: Display id property for vulnerability resolutions
• 631ca81 web-app-template: Enhance issue severity filtering
• 04b9a04 web-app-template: Enhance rule severity icons
• 281c269 web-app-template: Enhance vulnerability severity filtering
• 8b4ed97 web-app-template: Fix issue severity filtering
• 1df67af web-app-template: Fix webAppRuleViolation.package.id typeError
• 1ece908 web-app-template: Reduce unnecessary render recomputations

🎉 New Features

• abe81f8 ctrlx-reporter: Allow license filtering based on classifications
• d96b46e fossid-webapp: Support FossID 2024.2
• 153ae3c web-app-template: Add score and vector to VulnerabilityReference
• 4a21385 web-app-template: Add helper function to WebAppVulnerability
• c52a2d0 web-app-template: Display vulnerability references

✅ Tests

• d38880f ctrlx-reporter: Improve the functional test
• fe56fb4 pnpm: Add a funTest for a project with a nested subproject
• 26381f0 python: Update expected results

🐘 Build & ⚙️ CI

• f18be69 gradle: Fix excluding generated code for Detekt on Windows

📖 Documentation

• 1c9f09d model: Add a missing "the" in withResolvedScopes() docs
• ad803a0 utils: Fix a reference to a static function
• c738de9 utils: Remove a broken KDoc reference

🔧 Chores

• b759371 commands: Remove obsolete service loader files
• 4594429 plugins: Always set a default value for plugin descriptors
• b81fd97 web-app-template: Improve CSS comment for clarity

🚀 Dependency Updates

• 81ddd72 update com.charleskorn.kaml:kaml to v0.70.0
• c5ba909 update com.github.jmongard.git-semver-plugin to v0.15.0
• c7277ab update com.google.code.gson:gson to v2.12.1
• 87562f2 update com.icegreen:greenmail to v2.1.3
• b876f06 update com.scanoss:scanoss to v0.9.0
• 8a3812c update exposed to v0.59.0
• 5536c8a update gradle/actions digest to 94baf22
• fd8adfb update kotlin monorepo to v2.1.10
• 57546c9 update org.graalvm.buildtools:native-gradle-plugin to v0.10.5
• 79332d6 update org.metaeffekt.core:ae-security to v0.135.2
• 50435a4 update org.wiremock:wiremock to v3.11.0

🚜 Refactorings

• 7681705 common-utils: Remove "Command" suffix from displayName()

💡 Other Changes

• f7723e6 style(web-app-template): Align error color

49.0.0

What's Changed

🛠 Breaking Changes

• 397fecc chore(model)!: Remove the possibility to return qualified scope names

🐞 Bug Fixes

• 2d5e526 Git: Work around a bug with JGit vs MINA
• 5629cd5 black-duck: Properly parse vector and scoring system from CVSS2
• e7f7669 black-duck: Remove duplicate URIs in references

🎉 New Features

• 330ce58 Provenance: Add a RemoteProvenance sub-interface
• d8a4050 black-duck: Make the log output show how the origin is determined

✅ Tests

• a7a251c black-duck: Add a test which shows that links lack deduplication
• fab515f black-duck: Make the test cover the cocoapods purl type
• 235dd05 black-duck: Rename a variable for consistency
• 123ffbc black-duck: Test parsing a vulnerability with CVSS 2 only
• 3df50fa black-duck: Test vulnerability parsing from a CVSS 2

📖 Documentation

• b71d16f Composer: Improve the comment about filtering vendored dependencies
• be43390 black-duck: Add a dot to the end of a sentence
• 89e2bed black-duck: Fix-up a TODO comment
• fb07211 examples: Illustrate how to set the Black Duck origin-id
• b7410dc schema: Fix package manager configurations schema title
• 889577b schema: Fix the JSON schema for the repository configuration
• 7cf4e47 schema: Use reference to fixed analyzer configuration schema

🔧 Chores

• e3600d4 black-duck: Remove an unnecessary override

🚀 Dependency Updates

• 496bb8d docker: Update Swift to version 6.0.3
• c15996b Update the KSP plugin to v2.1.10-1.0.29
• c5b0b5b update actions/setup-java digest to 3a4f6e1
• 9fde78b update actions/setup-node digest to 1d0ff46
• 2113092 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.8.0
• df546a3 update com.blackduck.integration:blackduck-common to v67.0.4
• f73d63d update com.charleskorn.kaml:kaml to v0.67.1
• 53792fb update com.google.code.gson:gson to v2.12.0
• d01921b update github/codeql-action digest to 17a820b
• 18396a0 update github/codeql-action digest to 6e54559
• 2e0a300 update github/codeql-action digest to dd74661
• 95db685 update org.jetbrains.gradle.plugin.idea-ext to v1.1.10
• 3112d9d update org.jruby:jruby to v9.4.11.0
• 87dd873 update org.metaeffekt.core:ae-security to v0.135.1

🚜 Refactorings

• 19770cc black-duck: Move two variables out of a block
• 71d4614 model: Remove the convenience qualifyScope() overload

💡 Other Changes

• 7381fe4 style(black-duck): Use a shorter name for cvssVector
• 20f1749 style: Prefer the infix version of shouldBe{Success,Failure}()
• 253dfba style: Trivially trim trailing spaces from log messages

48.0.0

What's Changed

🛠 Breaking Changes

• dbb65bf fix(PackageManager)!: Use the projectType also when resolution failed
• 852e377 refactor(analyzer)!: Change when {before,after}Resolution() are called
• 403d1bc refactor(web-app-template)!: Use React state handling

🐞 Bug Fixes

• 7c63104 OrtModelBuilder: Add an OrtDependency cache
• b56820b package-managers: Properly close MavenSupport's disk cache
• 59562ef pub: Use the projectType for project references
• 817278b web-app: Change the range in file size check
• 2311698 web-app-template: Add prop function to WebAppRuleViolation
• ef61629 web-app-template: Fix effective stats in models
• 66ba969 web-app-template: Improve vulnerability icons
• 3106879 web-app-template: Show source of an issue

🎉 New Features

• ae2ae6e black-duck: Add a mechanism to query vulnerabilities by origin-id
• 72662ff black-duck: Support external IDs using the "conan" namespace
• b040129 black-duck: Support external IDs using the "long_tail" namespace
• 78ac845 node: Keep created node_modules directories until after resolution
• ff6306e package-managers: Use isolated disk caches for Gradle and Maven
• 33b7a4f spdx: Add file level information to SPDX projects
• e350ab2 web-app-template: Add helper function to WebAppPackage
• 15a7b8b web-app-template: Add helper functions to WebAppOrtIssue
• 418d0a0 web-app-template: Add helper functions to WebAppOrtResult
• 34fe1a7 web-app-template: Enable filtering of findings
• 584ae6e web-app-template: Show effective licenses in Summary

✅ Tests

• d6334b3 black-duck: Fix-up a package identifier
• f327a17 black-duck: Fix-up the alphabetical ordering of properties
• 9eeb644 black-duck: Make a test name more specific
• 0da05f5 pub: Update expected results

📖 Documentation

• 1df21b7 AbstractDependencyNavigatorTest: Trivially add a dash to a test name
• 38c16c9 MavenFunTest: Improve a comment to use passive voice
• 79d089f Yarn2: Remove a comment that does not add value
• d900f44 node: Remove outdated comments
• 68bc2e6 website: Remove the note about Bazel support being experimental

🔧 Chores

• cb82c6a DependencyGraphNavigator: Make clear that managers are names here
• 0ca7c39 DiskCache: Use the more modern java.time API
• aae654b TestUtils: Prefer also over let if the return value is not used
• a68769f black-duck: Align on 'origin-id' in log output
• 84660eb black-duck: Use Identifier.toCoordinates() for log output
• 449e89c github: Use ubuntu-24.04 for Linkspector
• e77fadf package-managers: Name the MavenSupport variable consistently
• 0868bb4 pub: Avoid some toList() conversions
• 955155a pub: Improve the check for package info
• 19159af web-app-template: Add code repo link in About Modal
• e99d818 web-app-template: Clean up WebAppTreeNode
• 0797e9c web-app-template: Remove unused Redux code
• 527fada web-app-template: Rename webAppPath variable
• 191fa23 yarn: Make createPackage() code a bit more readable
• 90ec14e yarn: Prefer also over let if the return value is not used
• fd2fd98 yarn: Remove / replace remaining NPM references
• 64b58c5 yarn: Remove a superfluous toSet() conversion
• 9101dd1 yarn: Use existing scope name constants

🚀 Dependency Updates

• 80aa6e0 web-app-template: Remove unused dev dependencies
• fd20468 web-app-template: Update versions of dependencies
• c13c2f6 update codecov/codecov-action digest to 0da7aa6
• 8193c23 update codecov/codecov-action digest to 13ce06b
• aaca056 update com.scanoss:scanoss to v0.8.2
• debbb73 update dependency gradle to v8.12.1
• ad34316 update docker/build-push-action digest to ca877d9
• e3b5c3d update github/codeql-action digest to ee117c9
• 04a2aa4 update github/codeql-action digest to f6091c0
• fec3fe9 update org.metaeffekt.core:ae-security to v0.135.0

🚜 Refactorings

• ce8bf94 web-app-template: Clean up main CSS file
• 128daeb yarn: Extract an isProject variable for reuse

💡 Other Changes

• f8f2b3c style(AnalyzerResultBuilder): Make an apply call a one-liner
• 3eb2b4a style(node): Remove one level of nesting from tests
• 06d231c style(web-app-template): Add new circuit background

47.0.0

Actions Required

• Update package configurations that refer to SPDX projects to use "SpdxDocument" instead of "SpdxDocumentFile" as the identifier's type.

What's Changed

🛠 Breaking Changes

• 01f1930 fix(package-managers)!: Use projectType as the ID type for projects

🐞 Bug Fixes

• 7154214 downloader: Do not even try empty source code origins
• 7c71782 downloader: Improve the output of error messages
• 025c751 downloader: Support project URLs with query parameters
• 5ffb576 go: Use "GoMod" as the project type
• 66b5b15 node: Properly use the projectType to create projects
• 255d294 package-managers: Do not set the package type to the manager name
• ae58bb8 vcs: Consider VCS configurations in cache lookup

🎉 New Features

• c9f51e9 AnalyzerCommand: Sort output of found definition files
• 6547d1f analyzer: Also fail early if managers for the same type are enabled
• b230f26 detekt-rules: Add autoCorrect for OrtImportOrder rule
• 9b57816 node: Add the project type to the Node package manager type
• c737701 scanner: Add flag to scanner to detect unlicensed files
• 34444c3 test-utils: Support regex patterns in patchExpectedResult()
• 170a3b8 Upgrade Poetry to 2.x series

✅ Tests

• bc4d972 model: Factor out fromJson()
• 7d817f8 model: Factor out toJson()
• da07e1e opossum: Rewrite reporter-test-output.json
• 4bfd33f osv: Make the test for getting vulnerability IDs less flaky
• b9fd340 osv: Make the test which queries by commit less flaky
• 718d762 osv: Make the test which queries by name and version less flaky
• dcd71a5 osv: Rename patchFields()
• bf9de57 osv: Rename a constant for consistency
• 7552dd4 osv: Update expected results
• 16ca9a4 osv: Use WordSpec in the functional test
• 3f56118 pub: Update expected results

🐘 Build & ⚙️ CI

• 5ab6a92 gradle: Make detektAll only run tasks with type resolution

📖 Documentation

• d8ebd62 PackageCurationData: Fix the docs for apply()
• 78edc76 development: Add documentation about Detekt's auto-correct feature
• ecb1186 downloader: Improve the --vcs-path CLI help
• e510c6f website: Also mention the "detektAll" task in the table
• 9e4b989 website: Mention the "detektAll" task instead of individual ones

🔧 Chores

• 46479e5 DependencyGraphNavigator: Avoid relying on manager name prefixes
• 19a2074 OpossumReporterFunTest: Extract a variable to ease debugging
• ec73f3f SpdxLicenseTest: Use Kotest's dedicated resource matcher
• ac2fef5 docker: Upgrade Composer to version 2.8.4
• 55ae851 docker: Upgrade Conan to the latest 1.x version
• a22a7e0 docker: Upgrade Go to version 1.23.5
• cb49aeb docker: Upgrade Licensee to version 9.18.0
• 3c4de5d docker: Upgrade pip to version 24.3.1
• d26dd73 docker: Upgrade pnpm to version 9.15.4
• 4f4b7c4 Capitalize hard-coded issue sources
• c2f1546 Prefer the more fluent infix variant of shouldNotBeNull

🚀 Dependency Updates

• 42d48aa docker: Upgrade ScanCode to version 32.3.2
• 353de0d spdx: Update the license list to version 3.26
• 43f5982 update actions/attest-build-provenance digest to 520d128
• b6560a6 update codecov/codecov-action digest to 5a605bd
• 1d9c9c8 update com.github.ben-manes.versions to v0.52.0
• 1fd0a2d update com.scanoss:scanoss to v0.8.1
• cac29ae update github/codeql-action digest to d68b2d4
• 0d1d615 update github/codeql-action digest to dd196fa
• ceaa7da update org.jruby:jruby to v9.4.10.0
• 7a00318 update org.semver4j:semver4j to v5.6.0
• c504d62 update org.springframework:spring-core to v6.2.2
• 7f8d3d3 update software.amazon.awssdk:s3 to v2.30.1
• 5648515 update software.amazon.awssdk:s3 to v2.30.2
• 92df4f8 update umbrelladocs/action-linkspector digest to de84085

🚜 Refactorings

• 0c454e7 docker: Rename PIPTOOL_VERSION to PIP_VERSION
• 7b21289 node: Introduce an abstract base class for common code
• 71f3467 node: Move parseProject() to NodePackageManager
• 16558a3 node: Rename non-NPM-specific files
• bc3a1b8 scanner: Inline the TOOL_NAME constant

46.0.0

What's Changed

🛠 Breaking Changes

• 4363881 chore(common-utils)!: Remove zipWithCollection() for collections
• e37bf19 chore(common-utils)!: Remove zipWithDefault()
• 716e3b8 feat(fossid)!: Remove support for custom naming variables
• 87b4c04 refactor(commands)!: Migrate VCS plugins to new plugin API
• 5e0f716 refactor(common-utils)!: Rename zipWithCollection() for sets
• 3f2bf92 refactor(common-utils)!: Simplify the semantics of zip() for maps
• 3ea4ec5 refactor(fossid)!: Define URL mappings in a single option
• 43c6e36 refactor(fossid)!: Rename projectName to repositoryName
• e98c703 refactor(fossid)!: Replace namingProjectPattern with projectName
• fa6e2be refactor(vcs)!: Directly store the VCS type as a VcsType

🐞 Bug Fixes

• f57751d VersionControlSystem: Also take configs for forDirectory()
• 0030739 cargo: Add lockfile version 4 to allow-list
• 3498798 common-utils: Make zip work as expected for sorted maps
• f827885 model: Make withPackageManagerOption() case-insensitive
• fdc2be7 python: Use the correct projectType for Pipenv and Poetry
• 7900f0f Correctly mark VersionControlSystem plugins as not configurable yet
• 482ffc8 Remove VersionControlSystemConfiguration

🎉 New Features

• 7c84264 PluginManager: Allow to create plugins with default configuration
• bb301a1 cargo: Handle virtual workspaces
• a5abd0a fossid: Add projectName as a built-in variable
• 6243b60 model: Allow duplicate PackageManagerConfigurations and merge them
• e50fcce vcs: Add Git-specific configuration options for submodule handling

✅ Tests

• c212fc0 VersionControlSystemTest: Remove tests for isAvailable()
• 6bd50bc dfd0292 7241bd8 05ae5d4 8f8de6a 05d94a6 ba0e4ed osv: Update expected results

📖 Documentation

• 373f997 OrtPlugin: Be more specific about the plugin ID derivation logic
• 9d1a14d README: Update the installation from binaries section
• a7238a1 VersionControlSystemFactory: Rewrap comments for compactness
• b85af8b black-duck: Add a missing "the"
• 84e29b1 fossid: Fix issues in FossIdNamingProvider docs
• 7d79190 fossid: Improve docs of normalizeBranchName
• f032c13 fossid: Improve docs of the built-in branch naming variable
• bb610d0 npm: Document the ModuleInfo class
• e8c0b8b sbt: Move a comment before the correct line
• 35b668c website: Fix color for links in banner
• 749d6ff website: Use <Link> instead of <a>
• 1d9f415 Add a missing whitespace to all "BlackDuck" occurences
• c40a759 Extend the Copyright year to 2025 in Markdown files

🔧 Chores

• e9daee1 AnalyzerConfigurationTest: Improve test names
• 355b657 AnalyzerConfigurationTest: Start with the simpler test
• d3901da BlackDuck: Remove the default value of the plugin id
• e86c8be BlackDuck: The display name should spell "Back Duck" with space
• a032f27 EvaluatedModelReporter: Remove unused properties
• ccd0dac Git: Import JGit's Git as JGit for clarity
• d2e2732 NpmDependencyHandler: Make a non-null assumption explicit
• 5238f3e PnpmDependencyHandler: Make use of Dependency.workingDir
• ce80152 YarnDependencyHandler: Rename a variable for clarity
• 1b316ee fossid: Improve error message for too long scan code
• c9de4c6 gradle-inspector: Rename the handler's constructor parameter
• 6cb7dd8 model: Rename other merge parameters
• 842d3c9 node: Introduce a typealias for getting package details
• 402d2ee node: Make use of the definition file constant
• 9ea70d9 node: Remove the workingDir parameter for getting package info
• 95a192f node: Rename the typealias to get package details
• ab91b6a package-curation-providers: Align the display names
• 9aca6b0 version-control-systems: Omit null default arguments
• eb7b571 Do not silently map unparsable booleans to false
• 22a13c8 Do not silently map unparsable booleans to true
• 1858cb7 Prefer the char-version of split() for single chars
• 85defa3 Prefer the infix version of shouldBeInstanceOf where possible
• ec69780 Remove unneeded default java.lang imports

🚀 Dependency Updates

• a7078fe docker: Upgrade Rust to the latest version 1.84
• 5033ab1 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.7.0
• 768060d update com.github.jmongard.git-semver-plugin to v0.14.0
• f7ecd6e update com.networknt:json-schema-validator to v1.5.5
• 5cd9a00 update docker/build-push-action digest to 67a2d40
• 75cf08a update docker/build-push-action digest to b32b51a
• e20304b update exposed to v0.58.0
• ab0161e update github/codeql-action digest to b6a472f
• 1b63f86 update org.jetbrains.kotlinx:kotlinx-html-jvm to v0.12.0
• f373751 update org.metaeffekt.core:ae-security to v0.134.0
• 2eaaaa1 update org.postgresql:postgresql to v42.7.5
• 10583c3 update wagoid/commitlint-github-action digest to b948419

🚜 Refactorings

• 5d8fb72 AnalyzerConfigurationTest: Inline expected result variables
• a967f9d NpmDependencyHandler: Inline the only use of readPackageJson
• 5c67bcd fossid: Add namingScanPattern to FossIdConfig
• 35095c4 fossid: Extract a regular expression to a constant
• 1a9be88 fossid: Extract logic to build default naming pattern
• c21cb64 fossid: Inline scan code generation functions
• 29ef411 fossid: Make convertGitUrlToProjectName internal
• a1b8c3a fossid: Remove #branch inside of normalizeBranchName
• 2931b4c fossid: Rename a function for clarity
• 9859afc gradle: Make handlers take the projectType explicitly
• 226d277 node: Only pass required information to dependency handlers
• 61a3a06 scancode: Always add all built-in variables
• fcced14 vcs: Decouple the base class from CommandLineTool
• debbc8d vcs: Make VCS plugins configurable

💡 Other Changes

• 0f6dad4 style(version-control-systems): Define factory classes at the top

45.0.0

What's Changed

🛠 Breaking Changes

• f9c7220 refactor(model)!: Simplify the CuratedPackage and its creation

🐞 Bug Fixes

• 59702b2 evaluator: Add remaining configuration files to console output
• c57a94c model: Apply author to copyright mapping also for concluded licenses
• 958c08c scancode: Ensure to find license texts in the Docker image
• d03afe6 website: Move a link out of the tagline variable

🎉 New Features

• ef95789 ReporterCommand: Use console colors for the result summary
• 8c2d67a advisor: Add BlackDuck as security vulnerability provider
• f0dd53a cocoapods: Add custom error message
• 98ee1ee cocoapods: Add support for Podspecs from external sources
• de04788 cocoapods: Support tag and branch names in checkout options
• d3ee492 helper-cli: Extend the PackageList by labels
• 79f7805 model: Add the property Package.labels
• 9465fba model: Allow setting package labels via curations

✅ Tests

• a83e03e model: Make use of Package.EMPTY to make the code more compact
• 0e4eb80 model: Verify that authors are added to concluded license
• 6b4e302 7a49056 60edfdf osv: Update expected results
• 17fd3c3 18031e3 90cd058 bf65b8c osv: Update expected results
• bbbb900 17bb877 pub: Update expected results
• e70f36a python: Update expected results

🐘 Build & ⚙️ CI

• c7d899a notifier: Make the Jakarta REST API dependency a constraint

📖 Documentation

• ca43fab cocoapods: Document all Lockfile-related properties
• 31c718a examples: Add a curation which sets a package label
• ab0256c model: Illustrate how to configure the BlackDuck advisor
• 1ca8d2a model: Trivially end comment sentences with dots
• e1a32cc website: Add a curation which sets a package label
• e7b8a3a website: Add a section for the new BlackDuck advisor
• 85fc02f website: Further fix-up the configuration entries
• 547c295 website: Link to the server and make clear these are CLI tools
• 1d6fcf5 website: Re-align the advisor configuration examples
• 11fbb12 website: Sort the advisor sections alphabetically
• c07420d Clarify that repo config is specific to a "distribution"

🔧 Chores

• 666120a GradleDependencyHandler: Use a more specific variable name
• 79ef703 SpdxResolvedDocument: Use a more specific variable name
• ba1d093 bundler: Use StringFormat's decodeFromString
• 6c7b108 cargo: Be explicit about the defintion file to query metadata for
• 37ec0b1 cargo: Give a variable a more fitting name
• b74e81c cocoapods: Remove the workingDir parameter from getPodspec()
• 2663df0 cocoapods: Reorder Lockfile properties to match file order
• dbc5d4f cocoapods: Simplify error handling in getPodspec()
• 5aef26b gradle: Drop a trailing slash for consistency
• 35dde45 model: Rename package curation apply variables for clarity
• d5ccb50 model: Serialize OrtResult.labels in alphabetical order

🚀 Dependency Updates

• 8ebd8c0 docker: Upgrade Node.js to the latest LTS version 22.13.0
• 1ffe4df docker: Upgrade Yarn 1 to the latest version 1.22.22
• 4227d86 docker: Upgrade to the latest ScanCode patch version 32.3.1
• 8527570 web-app-template: Sync the Node / Yarn versions with Docker
• f0b825b update ch.qos.logback:logback-classic to v1.5.14
• 96139ed update ch.qos.logback:logback-classic to v1.5.15
• 2ad4db4 update ch.qos.logback:logback-classic to v1.5.16
• 8b3ff75 update com.charleskorn.kaml:kaml to v0.67.0
• af19524 update dependency gradle to v8.12
• fa99144 update docusaurus monorepo to v3.7.0
• 3523d00 update github/codeql-action digest to 48ab28a
• c3e6c58 update io.mockk:mockk to v1.13.14
• 9370d95 update jetbrains/qodana-action action to v2024.3.4
• f70acdc update ks3 to v1
• 227ca61 update org.cyclonedx:cyclonedx-core-java to v10.1.0
• 7c8d867 update org.freemarker:freemarker to v2.3.34
• f9c4d3e update org.jetbrains.kotlinx:kotlinx-coroutines-core to v1.10.0
• 4cf87b5 update org.jetbrains.kotlinx:kotlinx-coroutines-core to v1.10.1
• 77b0526 update org.jetbrains.kotlinx:kotlinx-serialization-core to v1.8.0
• 1558a59 update org.metaeffekt.core:ae-security to v0.133.0
• fedb94b update org.semver4j:semver4j to v5.5.0
• 2df03a1 update software.amazon.awssdk:s3 to v2.29.39
• d665978 update software.amazon.awssdk:s3 to v2.29.43
• 9b481ba update software.amazon.awssdk:s3 to v2.29.45

🚜 Refactorings

• 4a31d54 MavenDependencyHandler: Make support internal
• dab7a88 cocoapods: Correct the type of a Pod's direct dependencies
• 31153a7 cocoapods: Migrate to the dependency graph API
• 8174eb6 cocoapods: Simplify caching of Podspecs
• 40c9d15 maven: Inline an identifier() extension function
• 7d65f74 maven: Split the handler's managerName property into two
• cbeabfc maven: Use regular AnalyzerConfiguration to set sbtMode
• 4cae987 model: Turn `getDeclaredLicenseMapping()´ into an extension
• 14b2d68 reporter: Extract function for resolving copyrights

44.0.0

What's Changed

🛠 Breaking Changes

• 4872713 feat(cyclonedx)!: Change default format to JSON

🐞 Bug Fixes

• 4b1fb5d aosd: Lookup node linkage breadth-first
• 6121e99 aosd: Only set the selectedLicense if it actually selects something
• 62cdb88 aosd: Populate the selectedLicense unless it offers a choice
• 3cb5f2b bazel: Correctly get the Buildozer version
• 81f58ea npm: Collect issues when listing the packages instead of failing
• 3c62407 reporter: Only write major / minor SPDX license list version info
• 806363a scripts: Use the default image root when running Docker
• a72d6b3 spdx-utils: Fix offersChoice() for equal OR-operands

🎉 New Features

• 804a505 aosd: Sort output by componentName for easier comparison
• a100dcb aosd: Trim trailing whitespace from license texts
• 69a15f4 cyclonedx: Change the default schema version to 1.6
• 8965839 spdx-utils: Make simplify() remove redundant choices

✅ Tests

• d2ba8e4 common-utils: Test EnvironmentVariableFilter with empty deny list
• 1dd2237 oss-index: Change some constants to use packages instead of ids
• 8bc47a4 oss-index: Use coordinates as keys
• 33f3470 osv: Move identifierToPackage() to test-utils
• 58dfc82 osv: Operate on coordinates keys instead of Packages
• 256bc5c e7f4ada pub: Update expected results
• acf9415 spdx-utils: Add a test for simplifying OR-operands
• 419f36e spdx-utils: Compare strings to not rely on semantic equality
• 60b6c4c spdx-utils: Increase a test timeout a bit
• 5d534ad spdx-utils: Simplify comparing a string representation

🐘 Build & ⚙️ CI

• 08b79a0 gradle: Remove an unneeded artifact version filter
• 9ccb771 renovate: Shorten the commit message for Gradle dependencies

📖 Documentation

• 83a9a58 analyzer: Improve PackageManager class documentation
• 7c12d92 bower: Clarify a misleading TODO regardig source artifacts
• c208a15 spdx-utils: Add comments about the validChoices() algorithm

🔧 Chores

• 6b68dd8 aosd: Rename a few variables to singular
• 0753d33 common-utils: Uniformly use lists in EnvironmentVariableFilterTest
• 7b412ef fossid: Add affected path for unmappable licenses
• 8ecb98f model: Allow setting the affected path of an issue
• b2e6c3d model: Return early from collectDependencies()
• ab90bf9 npm: Group lines about missing and invalid packages
• 8ad3a00 npm: Ignore the log file error message of NPM stderr output
• 03d9166 opossum: Prefer add functions when building collections
• 8c65925 scancode: Print JSON raw results non-pretty
• fce2829 Align on constructing URIs without create()

🚀 Dependency Updates

• 5dcde82 Upgrade the JIRA REST client to version 6.0.1
• 6c83409 update actions/setup-java digest to 7a6d8a8
• 12b4e3c update ch.qos.logback:logback-classic to v1.5.13
• cba5464 update codecov/codecov-action digest to 1e68e06
• 56179d5 update com.autonomousapps:dependency-analysis-gradle-plugin to v2.6.1
• 6db8eae update dependency prism-react-renderer to v2.4.1
• 72eca7e update docker/setup-buildx-action digest to 6524bf6
• f3c9a4f update gradle/actions digest to 0bdd871
• 44cbdcc update jetbrains/qodana-action action to v2024.3.3
• 5771756 update log4j2 monorepo to v2.24.3
• 7675665 update software.amazon.awssdk:s3 to v2.29.34
• c259ffb update wagoid/commitlint-github-action digest to 0184f5a

🚜 Refactorings

• efb0711 model: Extract effectiveLicense() code for later reuse
• 1c5cff8 npm: Rename installIssues to allow other issue types

43.0.2

What's Changed

🐞 Bug Fixes

• a9ce535 composer: Restore any modified files after analysis
• 1d0805f cyclonedx: Avoid a StackOverflowError due to dependency cycles
• 64f323b evaluator: Use invariant paths in ProjectSourceRule
• 23c9bb0 Use limited parallelism to prevent thread starvation

✅ Tests

• 958f871 node: Fix running NpmDetectionTest on Windows
• 7e51acc node: Fix running Yarn2Test on Windows

🐘 Build & ⚙️ CI

• 7abe559 gradle: Fix running OrtConfigurationTest on Windows
• ac6b3ae github: Run unit tests on Windows

📖 Documentation

• 69ace3b bower: Trivially add a comment to the model
• dd7a5ee common-utils: Improve FileMatcher class documentation

🔧 Chores

• 709053a common-utils: Only decide once which match() to call
• 50aa02b common-utils: Move FileMatcher's constructor
• fc5986b common-utils: Simplify a condition in FileMatcher
• 32ab460 common-utils: Simplify a function in FileMatcher
• 94ba630 evaluator: Prefer asList() to convert vararg
• ee6016c node: Move a function out of Yarn2Test
• 7b93abf node: Reduce indentation in Yarn2Test

🚀 Dependency Updates

• ae6e660 update dependency org.springframework:spring-core to v6.2.1
• d02f662 update github/codeql-action digest to df409f7

🚜 Refactorings

• fe2776e bower: Migrate to the dependency graph API
• 8516d2a Replace some remaining custom ProcessCapture calls