82.1.0

What's Changed

🐞 Bug Fixes

• c913239 ortproject: Do not hard-code the issue source
• b11bc50 spdx-utils: Compare SPDX expressions case-insensitively
• 6e80b64 Do not "double-throw" IllegalArgumentExceptions

🎉 New Features

• eb7eae2 model: Sort SpdxExpressions in more places on serialization
• 7d47932 spdx-utils: Make expression sorting case-insensitive

✅ Tests

• c54331d opossum: Do not serialize explicit nulls
• cb70c3c spdx-utils: Add more tests for sorting compound expressions

🐘 Build & ⚙️ CI

• 03c8729 package-managers: Rename the ortproject module
• 70c996b package-managers: Rename the spdx module

📖 Documentation

• a4d92f7 ort-project-file: Use a more readable displayName
• 61be7e1 spdx-document-file: Use a more readable displayName

🔧 Chores

• ed60cff opossum: Consistently take all package properties from PURL
• 883a80a spdx-utils: Remove superfluous case distinctions for equals()

🚀 Dependency Updates

• 86c6b09 update kotest to v6.1.6

💡 Other Changes

• ff6ffc7 style(fossid): Adjust a function call's formatting to the common style

82.0.0

What's Changed

🛠 Breaking Changes

• 053940b chore(model)!: Also move SnippetChoices under snippet

🐞 Bug Fixes

• 56a4353 cargo: Correctly map git+https:// sources to VCS information
• 7649178 carthage: Manually construct a PURL for generic Git URLs
• 5eba5b5 fossid-webapp: Return empty PURL when artifact name is empty
• 72e649f pub: Handle SDK sources properly
• 0f48a63 web-app-template: Safely access package id of an issue

🎉 New Features

• 6df9647 analyzer: Create a simple package list file format analyzer plugin
• b0e5504 fossid: Improve PURL mapping
• 56f0f57 model: Add a function for getting advisor provider issues
• 0ebf38e spdx: Allow to deduce the ORT id from a PURL

✅ Tests

• 63a14fe carthage: Simplify some assertions
• 73d15f8 carthage: Unmock only after those tests where mocking is used
• 75faa5a cyclonedx: Simplify an assertion
• e7e908c fossid: Simplify an assertion

📖 Documentation

• 1fb40d4 cargo: Fix a typo in a test name

🔧 Chores

• ee1308a fossid: Extract PURL creation code to an extension function
• 693134b fossid: Remove an unused import
• cbd4851 models: Make snippet class names consistent
• e54d0d3 ortproject: Map to a Set in one go
• 16e6d1b ortproject: Prefer operators over function calls
• ce8355e ortproject: Unwrap from OrtProjectFileMapper
• 12eeb21 pub: Inline a property
• d21b580 pub: Omit superfluous orEmpty() calls
• dd32c4d pub: Reorder properties a bit to match package order
• 77bfc08 Map to a set in one go

🚀 Dependency Updates

• 0cc83c3 update com.github.gmazzo.buildconfig to v6.0.8
• 4499c31 update com.github.gmazzo.buildconfig to v6.0.9
• 5e13a3d update docker/build-push-action action to v7
• 27422de update docker/metadata-action action to v6
• 116b451 update docker/setup-buildx-action action to v4
• 06b3216 update github/codeql-action action to v4.32.6
• 770fba5 update kotest to v6.1.5
• f500afc update org.metaeffekt.core:ae-security to v0.153.1

🚜 Refactorings

• 595310a advisor: Collect issues from providers
• b1ddf2c advisor-command: Count in provider issues to the statistics
• 0d7f4b7 evaluated-model: Add advisor provider issues
• 9f54a3e spdx: Inline the last usage of SpdxDocument.isProject()
• 2097fb5 spdx: Move getPackageManagerDependency() to top-level
• aa7c246 spdx: Move various functions for a better overview
• 6159101 spdx: Only determine the ORT package id once
• 39474f3 spdx: Simplify the projectPackage condition
• 62eb27c static-html: Add advisor provider issues

💡 Other Changes

• c474192 Revert "fix(model): Return empty PURL when package name is empty"
• 616ad78 style(carthage): Reduce indentation in the test
• 4306b31 style: Do some general alignments of Kotest matcher styles

81.0.0

What's Changed

🛠 Breaking Changes

• ca58446 refactor!: Maintain the name of a script in result messages, if possible

🐞 Bug Fixes

• 1873575 bazel: Accept bazel_dep statements without version
• b75e750 bazel: Accept module statements without version
• 628e018 bazel: Fix dev dependency lookup when an override is present
• f38de35 docker: Make curl trust system certificates
• 54e152e docker: Make nodejs toolchain trust system certificates

🎉 New Features

• bc349ef spdx: Derive document name from project name by default

✅ Tests

• 02f6b93 python: Update expected results
• 137f86a spdx: Upgrade assets to SPDX 2.3 and "PACKAGE-MANAGER" spelling

🐘 Build & ⚙️ CI

• f988493 native-build: Do not archive the already compressed UPX executable

📖 Documentation

• ff71157 Fix spelling to say "an SPDX"

🔧 Chores

• 90c9393 cyclonedx-utils: Move a variable closer to its only usage
• 7041100 package-managers: Move project / package types to constants
• 077cb02 Prefer enumEntries over enumValues

🚀 Dependency Updates

• 279285f update actions/attest-build-provenance action to v4.1.0
• 692b483 update actions/setup-node action to v6.3.0
• dfa8c6e update at.yawk.lz4:lz4-java to v1.10.4
• dfdcb7f update aws-java-sdk-v2 monorepo to v2.42.6
• 6b7658f update com.autonomousapps:dependency-analysis-gradle-plugin to v3.6.1
• 9dcc921 update com.scanoss:scanoss to v0.13.0
• 85a0d29 update crazy-max/ghaction-upx action to v4
• 3079858 update dependency @easyops-cn/docusaurus-search-local to v0.55.1
• 7dc61b4 update dev.aga.gradle.version-catalog-generator to v4.1.0
• 7ab8e11 update docker/login-action action to v4
• fd95dbf update exposed to v1.1.1
• 8d8b393 update github artifact actions
• 515a9e6 update github/codeql-action action to v4.32.5
• 1de2a30 update gradle to v9.4.0
• bd0da5f update jgit to v7.6.0.202603022253-r
• a4de9bf update org.graalvm.buildtools:native-gradle-plugin to v0.11.5
• 0d7a551 update org.metaeffekt.core:ae-security to v0.153.0
• 04eeba9 update org.tukaani:xz to v1.12

80.0.0

What's Changed

🛠 Breaking Changes

• f1eadd8 refactor(model)!: Remove PurlType enum in favor of plain strings
• c8dbd46 refactor(model)!: Replace custom PURL handling with packageurl-jvm

🐞 Bug Fixes

• 6cf8912 docker: Support non-x86_64 archs for Conan 2
• 5e900ad fossid: Don't create issue for zero pending identifications
• 4af9208 model: Return empty PURL when package name is empty
• b57f0be sbt: Also support version parsing for the newer sbt runner

🎉 New Features

• 770ee75 Tycho: Improve handling of wrapped artifacts
• cf37dab analyzer: Add Mix package manager plugin for Elixir
• 36c895c analyzer: Add Rebar3 package manager plugin for Erlang
• 9cff5d5 docker: Add mix_sbom for Elixir SBOM generation
• 5fbed8c docker: Add rebar3_sbom for Erlang SBOM generation
• 38d8eee utils: Add shared CycloneDX analyzer utility
• f4f8cc3 utils: Map purlType to the corresponding ORT identifier
• ce34db9 utils: Parse a Package URL string into its components

✅ Tests

• 8739919 fossid: Adapt to recent changes about issues for pending files
• 22cbe62 python: Update expected results

🐘 Build & ⚙️ CI

• d83ebb0 spdx-utils: Remove an unused test dependency
• d7355bd spdx-utils: Remove the explicit dependency on the Kotest engine
• e5fc292 test-utils: Fix the Kotest engine to be an API dependency
• f718f7b github: Exclude https://hella-aglaia.com/ from link checks

📖 Documentation

• 4fba162 sbt: Improve linking to some reference code location
• b6090a0 Add Erlang Ecosystem Foundation to adopters
• 7f79db1 Add Mix & Rebar3 to supported package managers list

🔧 Chores

• 252806c analyzer: Register Mix & Rebar3 package manager plugins
• 8266776 docker: Exclusively use curl to download files
• 310a526 docker: Silence curl progress output for Gleam download
• 6f6b2b0 npm: Improve the detection of multi-line hints
• a667283 pnpm: Simplify the findModulesFor() extension function

🚀 Dependency Updates

• 363a855 spdx: Update the license list to version 3.28
• 0ebaa36 update actions/attest-build-provenance action to v4
• 0c63070 update aws-java-sdk-v2 monorepo to v2.42.0
• 416cdd5 update aws-java-sdk-v2 monorepo to v2.42.2
• f27f6ea update com.autonomousapps:dependency-analysis-gradle-plugin to v3.6.0
• 88d7d6e update com.fasterxml.jackson:jackson-bom to v2.21.1
• eb309ef update exposed to v1.1.0
• f4027d2 update github/codeql-action action to v4.32.4
• eaa518b update gradle/actions action to v5.0.2
• dca505d update kotest to v6.1.4
• 1f2c9f8 update mavenresolver to v1.9.27

🚜 Refactorings

• a6a7b39 docker: Use cosign image instead of downloading binary
• 05344bf node: Also track the package type via NodePackageManagerType
• e68c92c node: Consistently make isProject extension properties
• f2afd76 spdx: Use PURL utilities for parsing and construction

💡 Other Changes

• 70a60e8 Revert "build(gradle): Do not publish application modules"
• 8f62798 Revert "ci(github): Downgrade Flox to 1.8.4"
• 28777ae style(bazel): Add empty lines in tests to match the AAA pattern
• 70467be style: Align the formatting of get() for extension properties

79.1.0

What's Changed

🐞 Bug Fixes

• 010e0b2 conan: Include header-only libraries in the dependency graph
• 7b1f894 fossid: Avoid parsing plain text comments as ORT JSON
• 23ffb5b gradle: Recognize platform dependencies as metadata-only
• c1d3556 gradle: Replace usages of deprecated methods in Groovy code
• 4bbbd2b gradle-inspector: Recognize POM artifacts as metadata-only
• 38fba04 scanner: Do not store duplicate scan results
• b0f7717 scanner: Fall back to GET from HEAD requests in more cases
• 2b6b390 scanner: Prevent an exception due to duplicate results
• c3d17a2 scanner: Regard HTTP_MOVED_TEMP as a successful provenance check
• f10091c schemas: Add missing pathIncludeReason

🎉 New Features

• 815a704 RepositoryConfiguration: Add a model for scope includes
• 7c28392 analyzer: Pass the includes as a parameter to resolveDependencies
• c30c8ed gradle: Add basic support for KMP dependencies
• 8737b8f gradle: Capture attributes of dependency variants
• 4f7a99f model: Apply the scope includes to the DependencyGraphConverter
• 0590eeb model: Apply the scope includes to the OrtResult
• 991d476 reporter: Take in account the scope includes

✅ Tests

• 1bdb5b6 gradle: Remove disabled tests for ancient Gradle versions
• 14c74ee osv: Update expected results
• 90c98a0 pnpm: Ensure to use a consistent PNPM version
• 6403771 postgres: Fix running on Docker 29.0.0
• 95ce602 Use the more generic Testcontainers instead of otj-pg-embedded

🐘 Build & ⚙️ CI

• c1b0669 renovate: Switch to the pinGitHubActionDigestsToSemver preset

📖 Documentation

• 338946b gradle-inspector: Add a missing "the" to code comments

🔧 Chores

• 38a41d6 model: move a condition to filterExcludedPackages
• 474a8d6 website: Remove the node engine, which is advisory only
• 9f9b116 website: Run npm audit fix to address vulnerabilities
• 3b6b2ae Add more early returns for cheap checks when comparing dependencies

🚀 Dependency Updates

• 57e30c9 pin dependencies
• 932c889 update actions/attest-build-provenance action to v3.2.0
• 677df9b update actions/checkout action to v6.0.2
• d40a669 update actions/deploy-pages action to v4.0.5
• 6f4d098 update actions/setup-java action to v5.2.0
• 7d39534 update actions/setup-node action to v6.2.0
• ab85d39 update ch.qos.logback:logback-classic to v1.5.31
• 8cc6dcc update ch.qos.logback:logback-classic to v1.5.32
• c1d86f0 update codecov/codecov-action action to v5.5.2
• 113a3d8 update crazy-max/ghaction-upx action to v3.2.0
• aa4c007 update docker/build-push-action action to v6.19.2
• 4818fa1 update docker/build-push-action digest to 10e90e3
• 70c56b4 update docker/login-action action to v3.7.0
• ba8ea68 update docker/metadata-action action to v5.10.0
• f4f0539 update docker/setup-buildx-action action to v3.12.0
• 59256bc update flox/install-flox-action action to v2.3.0
• fc4b1dd update github/codeql-action action to v4.32.2
• e4421e3 update github/codeql-action action to v4.32.3
• 4c950b0 update graalvm/setup-graalvm action to v1.4.5
• f250cb3 update gradle/actions action to v5.0.1
• 404bebb update ksp monorepo to v2.3.6
• 9cc9e63 update mavenresolver to v1.9.26
• 42fe7c4 update org.jetbrains.gradle.plugin.idea-ext to v1.4.1
• 09067c6 update org.springframework:spring-core to v7.0.4
• 617f238 update org.springframework:spring-core to v7.0.5
• 4ed8f84 update umbrelladocs/action-linkspector action to v1.4.0
• b5a84e9 update wagoid/commitlint-github-action action to v6.2.1

🚜 Refactorings

• cd7ae77 scanner: Move result creation out of loop

💡 Other Changes

• a484075 Revert "fix(gradle-plugin): Ignore BOM dependencies"
• f2a9c76 style(gradle): Reduce indentation in tests

79.0.0

What's Changed

🛠 Breaking Changes

• 6453a52 chore(model)!: Use the central function for includes/excludes evaluation

🎉 New Features

• b57b623 model: Support Ivy's "Sub Revision Matcher" syntax explicitly
• e28b6ec spring: Add basic version range support to the curation provider

✅ Tests

• 305488d conan: Update expected results
• 9846852 model: Add a direct test for Ivy "Sub Revision Matcher" syntax
• d7c7e07 osv: Update expected results
• dd71d2e pub: Update expected results

🐘 Build & ⚙️ CI

• 383b496 gradle: Do not publish application modules
• c0d1175 gradle: Enforce the Kotlin version only for application modules
• ed2500a gradle: Use the Kotlin BOM to align kotlin-reflect versions
• 2951d4d github: Downgrade Flox to 1.8.4
• 41418b6 github: Use CodeQL nightly for Kotlin 2.3.10 support
• 7bfdcbf Add a job to test the Maven publication

📖 Documentation

• 033561a spring: Give a test a more specific name
• f191d7a website: Fix a code snippet to say includes

🔧 Chores

• 434514d PackageManager: Evaluate the includes/excludes in a central function
• a522606 fossid-webapp: Use the function for includes/excludes evaluation

🚀 Dependency Updates

• 29c78e8 flox: Upgrade environments to ScanCode 32.5.0
• 3956117 update actions/checkout digest to de0fac2
• fe50797 update aws-java-sdk-v2 monorepo to v2.41.27
• 8d7541c update ch.qos.logback:logback-classic to v1.5.27
• 646f995 update ch.qos.logback:logback-classic to v1.5.28
• 451a2d7 update ch.qos.logback:logback-classic to v1.5.29
• a2eb8bc update de.undercouch.download to v5.7.0
• ed588cd update docker/build-push-action digest to 601a80b
• fe628a3 update docker/build-push-action digest to ee4ca42
• 4525c9f update github/codeql-action digest to 45cbd0c
• b91a726 update gradle to v9.3.1
• ff98bcd update io.github.irgaly.kottage:kottage to v1.11.0
• 08fe95d update kotest to v6.1.3
• 9f8f6f0 update kotlin monorepo to v2.3.10
• f34ee8b update org.cyclonedx:cyclonedx-core-java to v12.1.0
• 9f01a73 update org.glassfish.jersey.core:jersey-common to v4.0.2
• c0ca15c update org.postgresql:postgresql to v42.7.10

🚜 Refactorings

• 9c4adad model: Rename isVersionRange() to hasIvyVersionRange()
• afa9bc7 model: Simplify the code to get version ranges

💡 Other Changes

• 966e764 Revert "fix(docker): Copy only cargo directory instead of full Rust installation"
• c88336d style(model): Add a blank line after the header

78.0.0

What's Changed

🛠 Breaking Changes

• 021a3ff refactor(plugins)!: Make option parsing functions extension functions
• 43bd6d5 refactor(plugins)!: Pass the plugin option to the parsing functions

🐞 Bug Fixes

• 1bb26ab conan: Filter packages by APPLICATION and BUILD_SCRIPTS types
• 8e9156e docker: Add cache mount for nvm during Node.js build
• be3d891 docker: Add cache/tmpfs mounts to base stage to reduce image size
• 28863b1 docker: Build askalono in separate stage to reduce image size
• d80b3fc docker: Build cargo-credential-netrc in separate stage
• d7f1669 docker: Copy only cargo directory instead of full Rust installation
• ab8e3e8 docker: Mount /tmp and /home as tmpfs during ort requirements
• 58bd033 docker: Move recursive chmod into Android build stage
• 7349036 docker: Optimize PHP installation to reduce image size
• 586dcee docker: Prune .NET installation to keep only runtime
• 222c28c docker: Prune Swift installation to keep only package manager
• ffc3c84 docker: Remove Python pycache directories from image
• b341987 downloader: Support (Git) working trees without a remote

🎉 New Features

• 389d9bd ort-utils: Log stacktraces with a logger
• 3d7f14f plugins: Add support for enum and enum list options
• 7bd1406 web-app-template: Show scan result details for a package

✅ Tests

• 34e475b conan: Update expected results
• 0a2bf99 plugins: Add tests for all plugin option parsing functions

🐘 Build & ⚙️ CI

• d073d5a renovate: Merge two NPM related configs
• 360b9cf renovate: Pin NPM dependenies

📖 Documentation

• b388620 plugins: Add an example for plugin option aliases
• de109d6 plugins: Update a code example
• f89adfe Add python-ort reference in documentation

🔧 Chores

• 2f9a604 buildSrc: Remove an unnecessary default argument

🚀 Dependency Updates

• 17b25b9 docker: Upgrade to ScanCode 32.5.0
• 0bd79c8 update ch.qos.logback:logback-classic to v1.5.26
• fe9fb4a update detektplugin to v2.0.0-alpha.2
• a00123f update docker/login-action digest to c94ce9f
• f1b0670 update exposed to v1
• 0c4924a update flox/install-flox-action digest to 9428713
• 74caab4 update github/codeql-action digest to 19b2f06
• c17c5a7 update github/codeql-action digest to b20883b
• d131de5 update gradle/actions digest to f29f5a9
• c91c2f9 update io.mockk:mockk to v1.14.9
• 215e7c0 update kotest to v6.1.1
• ac905ff update kotest to v6.1.2
• bbb1e9c update ksp monorepo to v2.3.5
• 3466305 update org.glassfish.jersey.core:jersey-common to v4.0.1
• c7aa177 update org.jetbrains.gradle.plugin.idea-ext to v1.4

🚜 Refactorings

• ec79e5e cyclonedx: Make use of enum options
• c2c5f43 evaluated-model: Use enum for the output formats config option
• c3f2749 fossid: Use enums for config options
• 0d1876f python: Use an enum for the operating system config option
• 3382ec6 spdx: Use enums for config options
• 184acd4 web-app-template: Move and improve date conversion function
• de52240 web-app-template: Move and rename link render function

💡 Other Changes

• d77e356 style(detekt): Add a blank line between when-conditions
• b0670d0 style(detekt): Do not use KDoc inside a 'block'

77.0.0

What's Changed

🛠 Breaking Changes

• 4019fdd feat(evaluated-model)!: Include metadata for all tool runs

🐞 Bug Fixes

• d198bcf detekt-rules: Make auto-correct work again
• 8c8052b plugins: Filter empty strings when parsing string list options
• 49d58e6 web-app-template: Fix showing the VCS info for packages
• e1006f2 web-app-template: Remove render from getColumnSearchProps
• 3a0f6b3 web-app-template: Rename 'Excludes' in AboutModal
• e135465 web-app-template: Restore Tag styling
• 0083c58 web-app-template: Return 0 as index from getLicenseIndexByName

🎉 New Features

• 4d74aa5 evaluated-model: Add a property for the package labels
• 0357a3a evaluator: Add Environment to Evaluator
• 79fa3c9 web-app-template: Add links to license tables
• 4743807 web-app-template: Add package configurations to models
• d305176 web-app-template: Display package labels from curations
• 206e2bc web-app-template: Show curations for a package
• 451566c web-app-template: Show metadata in AboutModal
• df4a0d1 web-app-template: Show package configs for a package
• ccfc7e7 web-app-template: Show package configs in AboutModel
• d56e8c5 web-app-template: Show package curation in AboutModel
• d06a5bc web-app-template: Show/hide curations column
• 0a82524 web-app-template: Show/hide package configs column
• bbb50a3 web-app-template: Add OrtResult.getPackageById()

✅ Tests

• 3f7d457 advisors: Temporarily disable a test
• c213d12 common-utils: Switch from invocations to property testing
• 77d6048 reporters: Re-align environment objects in test data
• 686d3b1 web-app: Adjust the expected size
• e583a6f web-app: Adjust the expected size

🐘 Build & ⚙️ CI

• 06c8819 gradle: Migrate from Dokkatoo to Dokka for documentation generation
• 2a7439e gradle: Remove the explicit "sourcesJar" task definition

📖 Documentation

• 6792a80 detekt: Update URLs in comments of the configuration
• d392f68 evaluated-model: Fix-up and improve comments

🔧 Chores

• 62d1c99 common-utils: Use Kotlin's Any instead of Java's Object
• 70957fc detekt-rules: Add language injection markers in test code
• a6cdd72 detekt-rules: Omit the file path from the finding's message
• 74a4606 gradle-plugin: Bump the minimum Kotlin version to 1.9
• 3e9963d model: Add an explicit return type to a function expression
• 4530740 web-app-template: Address ESLint issues
• 271fc21 web-app-template: Fix linter issue
• 6cb787b web-app-template: Implement RepositoryConfiguration
• c963831 web-app-template: Increase Drawer size to 70% / min 1000px
• 1d1678c web-app-template: Lift ResultTable state to AppPage
• 6422347 web-app-template: Rename OrtResult YAML functions
• 7127e67 web-app-template: Replace deprecated APIs
• ba6807e web-app-template: Replace deprecated properties
• 697e9ba web-app-template: Update Statistics
• d496493 web-app-template: Update index.html
• 265359f web-app-template: Update test index.html
• 2f69228 web-app-template: Update test index.html
• ca16508 web-app-template: Use indexes for curations
• 4513686 Align visibility of serializers with class visibility

🚀 Dependency Updates

• 8621182 gradle: Upgrade to Detekt 2
• 81e7bda gradle: Upgrade to Gradle version 9.3
• 643ccbc web-app-template: Update versions of dependencies
• cf20c0c update actions/setup-java digest to be666c2
• 015fb13 update at.yawk.lz4:lz4-java to v1.10.3
• b44be77 update aws-java-sdk-v2 monorepo to v2.41.12
• 84e2b2f update ch.qos.logback:logback-classic to v1.5.25
• 01e2c65 update com.fasterxml.jackson:jackson-bom to v2.21.0
• 2ba11e4 update com.github.ajalt.clikt:clikt to v5.1.0
• 3dd5330 update com.vanniktech:gradle-maven-publish-plugin to v0.36.0
• 5618680 update dependency prettier to v3.8.1
• 091322f update flox/install-flox-action digest to e3e10c1
• 60ab46a update kotest to v6.1.0
• 52582cb update kotlin monorepo to v2.3.0
• 2a03509 update kotlinxserialization to v1.10.0
• f1b5baa update org.cyclonedx:cyclonedx-core-java to v12
• 1c51723 update org.graalvm.buildtools:native-gradle-plugin to v0.11.4
• 0fcb9d5 update org.metaeffekt.core:ae-security to v0.151.0
• 7e77709 update org.metaeffekt.core:ae-security to v0.152.0
• e89dd32 update org.postgresql:postgresql to v42.7.9
• 9e24c07 update org.springframework:spring-core to v7.0.3

💡 Other Changes

• 5692fab Revert "build(gradle): Add a "detektAll" convenience task"
• cfa2874 style(detekt): Adjust config / code so that the code base passes checks

76.0.0

What's Changed

🛠 Breaking Changes

• 19c7262 feat(evaluated-model)!: Include entire package curations
• 8d924fb refactor(evaluated-model)!: Use indexing and referencing for curations

🐞 Bug Fixes

• 8c7bc8c cli: Reduce the non-interactive terminal width for Mordant
• 0bacbb2 fossid-webapp: Add missing license category
• 63b0dd2 git: Checkout with force to be on the safe side
• 84ed217 node: Make passing --use-system-ca conditional
• 428f4ef ort-utils: Use the default ORT OkHttp client for Java bootstrapping

🎉 New Features

• 7953a2e evaluated-model: Add package configs to each package
• f666a70 gleam: Fail hard in case the lockfile is missing an entry
• 9c059a8 plugins: Simplify code generation for parsing plugin options
• 5857495 utils: Cache the result of the disco service
• 3719714 yarn2: Also conditionally use system certificates

✅ Tests

• b1d6a9a conan: Update expected results
• a387268 evaluated-model: Add package configs to test input
• 4dc5bf3 ort-utils: Avoid polluting the main HTTP cache
• a1d3d91 python: Update expected results

🐘 Build & ⚙️ CI

• 32b9aea subversion: Substitute the vulnerable lz4-java dependency

📖 Documentation

• 6925db2 bundler: Use one-line KDoc syntax for compact property docs
• c59b261 tekton: Replace deprecated Tekton hub links

🔧 Chores

• 0857d71 bundler: Explicitly convert Gem::Version to a string
• dc02550 downloader: Prefer the in operator over contains()
• 0c78949 gleam: Make use of orEmpty()
• 6c19daf gleam: Remove the unnecessary wrapping via ManifestPackageInfo
• 05fca1e gleam: Turn toIdentifier() into an expression
• cdac3fc model: Make isVersionRange() public
• bd141b8 plugins: Make PluginOptionType know their type names

🚀 Dependency Updates

• f375d09 docker: Upgrade Pip to version 25.3.0
• e363b36 update actions/setup-node digest to 6044e13
• a7211c0 update aws-java-sdk-v2 monorepo to v2.41.7
• d45399b update com.scanoss:scanoss to v0.12.1
• e41416b update github/codeql-action digest to cdefb33

🚜 Refactorings

• ffc37f7 node: Override run() that takes environment
• cbeb299 utils: Slightly simplify an expression

💡 Other Changes

• 15bf783 Revert "feat(utils): Cache the result of the disco service"

75.0.0

What's Changed

🛠 Breaking Changes

• e7fabb0 feat(plugin)!: Set the retention of plugin annotations to SOURCE

🎉 New Features

• e346865 docker: Add Gleam programming language to the full image
• 4f61c3a gleam: Run 'gleam deps download' when no lockfile exists

✅ Tests

• 45a5854 gleam: Use HTTPS URL for git dependency in test fixture

🐘 Build & ⚙️ CI

• e36da82 github: Consistently pin Ubuntu to version 24.04
• 2c7281d github: Do not fail Docker X86 if the ARM64 build fails
• b048254 github: Install Askalono from source for the ARM64 Docker image
• 6fefdf5 github: Simplify an arch condition
• 6f19105 linkspector: Ignore a valid URL that is reported as broken
• 6fe0379 linkspector: Improve the pattern for ignoring localhost links

📖 Documentation

• c35c831 README: Update the copyright year range
• 198c6f7 website: Fix handling of plugin option default values
• e11ee58 website: Show aliases for plugin options

🔧 Chores

• 4078055 linkspector: Ignore links to localhost
• 2f22d89 mailmap: Update Martin's email address
• ed3fd97 plugins: Improve formatting of aliases
• 9337ba2 plugins: Improve formatting of fallback values
• 9f56f01 stack: Fix broken links in a test project

🚀 Dependency Updates

• 7f2dd59 update aws-java-sdk-v2 monorepo to v2.41.0
• 5b15950 update ch.qos.logback:logback-classic to v1.5.24
• ad8327e update com.github.jmongard.git-semver-plugin to v0.18.0
• 29d66a3 update graalvm/setup-graalvm digest to 54b4f5a

🚜 Refactorings

• 72b7a10 gleam: Remove manual non-transitive dependency resolution
• 308b337 gleam: Remove redundant vcsProcessed assignments
• 681179a gleam: Simplify package info class hierarchy
• fb7244f gleam: Use / operator instead of resolve() for paths