deps: update ort to v39 (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.ossreviewtoolkit.utils:test-utils (source)	38.0.0 -> 39.0.0
org.ossreviewtoolkit:model (source)	38.0.0 -> 39.0.0
org.ossreviewtoolkit:detekt-rules (source)	38.0.0 -> 39.0.0
org.ossreviewtoolkit:cli (source)	38.0.0 -> 39.0.0
org.ossreviewtoolkit.plugins.commands:analyzer-command (source)	38.0.0 -> 39.0.0
org.ossreviewtoolkit:analyzer (source)	38.0.0 -> 39.0.0

---

Release Notes

oss-review-toolkit/ort (org.ossreviewtoolkit.utils:test-utils)

v39.0.0

Compare Source

What's Changed

Breaking Changes 🛠

• 31592d4 refactor(node)!: Also move Npm into its own dedicated directory
• 743fd64 refactor(node)!: Invert the inheritance between Yarn and Npm
• 96ded74 refactor(node)!: Limit visibility of NpmDetection code to internal
• 5e1d04e refactor(node)!: Move Yarn into its own dedicated directory
• 5f8ee66 refactor(node)!: Move all files from utils one level up
• 9d63529 refactor(yarn)!: Make loadWorkspaceSubmodules() private

Bug Fixes 🐞

• 06059dd cli: Guard against foreign classpath items with a pathing JAR
• 4a7d58a freemarker: Apply license choices for NOTICE_DEFAULT
• 78fa878 jenkins: Do not use deprecated config key names
• 9c22891 node: Deserialize repository: {} in package.json to null
• bfcfe62 spdx-report: Apply license choices

New Features 🎉

• 0b2b2af osv: Support parsing CVSS v4 vectors
• 70c5179 spdx-reporter: Report detected root licenses for packages
• f1da1cf spdx-utils: Add a function to simplify SPDX expressions
• 31b9be8 spdx-utils: Simplify and / or operators for equal operands

Chores 🔧

• 1de3e08 freemarker: Trivially improve formatting of a comment
• ec77849 npm: Add a missing import
• 390a055 spdx-reporter: Simplify licenseDeclared expressions
• fb6e648 vulnerable-code: Sort tests alphabetically

Dependency Updates 🚀

• f8a0c39 Update the dependency-analysis-gradle-plugin to version 2.4.2
• 95cec36 update actions/attest-build-provenance digest to ef24412
• 151437d update dependency com.charleskorn.kaml:kaml to v0.62.2
• 0690c94 update dependency com.networknt:json-schema-validator to v1.5.3
• 757d38d update dependency com.zaxxer:hikaricp to v6.1.0
• ea8470f update dependency io.github.pdvrieze.xmlutil:serialization to v0.90.3
• fe80e46 update dependency org.jruby:jruby to v9.4.9.0
• f2f45c0 update mordant to v3.0.1

Documentation 📖

• 1f45fda integrations: Add note on running Jenkins as a docker container
• b43a41a integrations: Add required plugin for Jenkins >=2.462.3 to list

Refactorings 🚜

• c702648 dos: Add error message from DOS in issue
• 241da93 dos: Log id for scan job
• 8478040 node: Move the logger variable to the top
• f566a2d node: Move two model mapping functions to NpmSupport
• ccdcad4 node: Remove a dependency on Npm
• 7f61de7 spdx: Move nullOrBlankToSpdxNoassertionOrNone()
• d44917c spdx-reporter: Extract a variable for later reuse
• 94a8708 spdx-utils: Split the large SpdxExpressionTest

Tests ✅

• 5cf22e6 node: Re-align test class name and location
• f100ed0 753d72d 482a499 python: Update expected results
• 254ae3b spdx-reporter: Add a test for a Go project
• 52d1ce0 vulnerable-code: Add a test for an NPM package

Other Changes 💡

• 8e196ab Revert "refactor(script): Migrate from deprecated constructorArgs to properties"

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.