41.0.0

What's Changed

Breaking Changes 🛠

• b724b62 chore(reporter)!: Remove the deprecated GitLab license model reporter

Bug Fixes 🐞

• a8e789b aosd: Always add a default part
• fc7ca86 aosd: Exclusively support SHA256 checksums
• bc6bdbb cli: Use the id to show enabled advisors
• 5371ce8 cyclonedx: Sanitize copyrights for the CycloneDX XML report
• 37dae9f pnpm: Tolerate absent name / version in projects' package.json
• 661d629 schema: Require exactly one of the storage provider configurations
• d286300 schema: Use correct ref key
• a4e01c0 spdx-utils: Avoid endless recursions with the and operator

New Features 🎉

• edad867 node: Handle scope excludes in Pnpm
• c3145d2 scancode: Add support for output format version 4.0.0
• 1223199 scancode: Support parsing arbitrary options
• 78303ed yarn2: Support parsing the project's authors

Chores 🔧

• 4601134 clearly-defined: Increase the maximum chunk size for bulk requests
• 2bca4d1 clearly-defined: Use "raw" mode for getting harvest data
• c0ff3b0 dos: Trivially improve logging multiple packages
• 7feab15 scancode: Drop a work-around for an old ScanCode bug
• 2d25785 scancode: Remove a work-around for old RC versions
• 16daaf4 scancode: Remove tests for old ScanCode versions
• c42600f scanner: Update a ScanCode test asset to a more recent version
• 3bb72b8 spdx-utils: Use singleOrNull() to shorten code

Dependency Updates 🚀

• ddfdef1 docker: Bump the ScanCode version to 32.3.0
• 9418bd4 docker: Update CocoaPods to the latest version
• 79aab39 scancode: Bump the minimum required version to 30.0.0
• 36444b9 update codecov/codecov-action digest to 015f24e
• f23fbb2 update codecov/codecov-action digest to 5c47607
• d19c625 update codecov/codecov-action digest to 985343d
• 5983dcb update dependency com.icegreen:greenmail to v2.1.1
• a2f46b5 update dependency com.zaxxer:hikaricp to v6.2.0
• 2d2690c update dependency com.zaxxer:hikaricp to v6.2.1
• 3434aa0 update dependency commons-io:commons-io to v2.18.0
• b5de62b update dependency gradle to v8.11.1
• 972c0da update dependency org.metaeffekt.core:ae-security to v0.126.0
• 7a5015a update docker/metadata-action digest to 359e915
• 894f587 update docker/metadata-action digest to 369eb59
• c1c584b update github/codeql-action digest to f09c1c0
• d7a5164 update gradle/actions digest to cc4fc85
• fa45428 update ksp to v2.0.21-1.0.28

Documentation 📖

• 4dbbf12 aosd: Add Provider documentation based on the schema description
• 682e1cd cli: Align enabled advisor output with other commands
• 4d11189 plugins: Align terminology for KSP-based plugins
• 76fd3e3 scancode: Clarify which ScanCode versions are affected by an issue
• 8837c7a scancode: Remove a semi-outdated comment that is covered by a test

Refactorings 🚜

• 8d81c6e scancode: Parameterize a test for easier version upgrades
• a7d31d8 scancode: Rely on output_format_version to be present
• 5f67c4e scanner: Extract VCSPath filtering functions
• 09f5afe scanner: Move all result parsing to the respective scanner

Tests ✅

• 212d1a1 aosd: Update expected results
• d9276e0 clearly-defined: Temporarily disable flaky tests
• 995ad41 node: Align project-with-lockfile dependencies
• dea89b0 node: Align the metadata of the project-with-lockfile
• b446e2a node: Re-create lockfiles of the project-with-lockfile projects
• dfaa896 node: Remove an incorrect replacement
• 1e58026 npm: Remove a left-over replacement
• 24b4ac0 npm: Remove another incorrect replacement
• 566b22f npm: Rename the package-lock project to project-with-lockfile
• c27fa95 npm: Sort the dependencies of project-with-lockfile
• ffda909 vulnerable-code: Correct a stub path and assertion condition
• fbfcd0c vulnerable-code: Update expected results
• bf0bb08 vulnerable-code: Update expected results
• 1bee82d yarn: Align a test case name with analog tests for other managers

Other Changes 💡

• f5bcf78 style: Remove empty lines after block starts