57.0.0

What's Changed

🛠 Breaking Changes

• f65e39f chore!: Merge uppercaseFirstChar() into titlecase()
• 305e354 chore(common-utils)!: Remove an unused calculateHash() overload
• bcf9310 chore(common-utils)!: Remove unused JsonNode extension functions
• ae76215 chore(static-html)!: Move joinNonBlank() to its only use
• 2ec573b refactor!: Move StringSortedSetConverter to ort-utils
• 53f77e1 refactor!: Turn isSymbolicLink() and realFile() into properties

🎉 New Features

• 28537e2 scanner: Expose S3 storage "pathStyleAccess" option
• 90deb48 yarn: Drop the disk cache in favor of a non-persistent one
• fac3825 yarn: Speed-up getting the remote package details

✅ Tests

• 89c2671 asciidoc: Improve Result assertions
• fdb020c bazel: Simplify an expected result
• a9ce79a cli: Factor out createGitRepoProject()
• 24ede02 cli: Simplify an expected result
• c360060 pub: Make use of getAnalyzerResult()
• 8ffec52 pub: Update expected test results
• 9e48e24 sbt: Improve the name of the test projects
• 035a77b sbt: Simplify the expected results
• ef74198 spdx: Make use of getAnalyzerResult()

🐘 Build & ⚙️ CI

• 58acafe plugins: Specify the dependency on Jackson explicitly

📖 Documentation

• 8f8a3b7 cyclonedx: Fix two typos
• 94052ba downloader: Fix a typo
• f330100 node: Align the class docs of all node package managers
• 1972d20 node: Re-align a code comment
• 19da430 node: Remove several redundant comments
• 86abf04 node: Remove the class docs for Yarn2DependencyHandler
• 98c2dc9 node: Update function docs to no more refer to npm view
• d8faa69 scanner: Fix a typo

🔧 Chores

• 8cbb29f bundler: Align on curly-brace-syntax for Ruby scripts
• 9a7a560 node: Add the missing PackageJson.optionalDependencies
• 5cac94b node: Align cache variable names
• 57e0e35 node: Prefer also over let if the return value is unused
• e625994 scanner: Fix S3 config comment
• 3899295 scanner: Improve S3 exception logging
• 2e3e906 scanner: Refactor S3 client creation
• 1f3bf35 spdx-utils: Remove titlecase() usage from tests
• eedf8f7 yarn: Remove a superfluous absoluteFile call

🚀 Dependency Updates

• dfdab38 docker: Upgrade Go to the latest stable version 1.24.2
• f32e0bb docker: Upgrade pip to the latest stable version 25.0.1
• f77e277 update aws-java-sdk-v2 monorepo to v2.31.26
• aec6d63 update aws-java-sdk-v2 monorepo to v2.31.27
• 53afdf0 update aws-java-sdk-v2 monorepo to v2.31.28
• a0f075a update com.blackduck.integration:blackduck-common to v67.0.6
• ddc5b8f update com.google.code.gson:gson to v2.13.1
• 472bcd9 update github/codeql-action digest to 28deaed
• 567d880 update org.metaeffekt.core:ae-security to v0.136.0
• 35da3f1 update org.springframework:spring-core to v6.2.6

🚜 Refactorings

• 0c11bc2 bundler: Simplify code to work with script results
• 6d34ce5 common-utils: Split Extensions.kt and Utils.kt
• 6a7734f node: Extract Yarn2Command to a dedicated file
• ea3eda1 node: Extract Yarn2DependencyHandler to a dedicated file
• f955ef8 node: Get rid of two code comments
• cd56fa7 node: Re-write Yarn to rely less on the node_modules dir
• 31a3c90 node: Turn an extension function into a member function
• a0b862f node: Use the more speaking --* CLI option aliases
• 4fd3d2e nodoe: Split up parsePackage()

56.1.0

What's Changed

🐞 Bug Fixes

• 3e310dc swiftpm: Use identity as name for Swift PM registry deps
• e63029a yarn: Do not fail for workspaces with interdependent packages

🎉 New Features

• 865b49b Maven: Handle Tycho identifiers for Maven artifacts
• ed618c4 Maven: Parse Maven dependencies from Tycho target files

✅ Tests

• 8413db7 analyzer: Enhance analyze() to support testing scope exclusions
• 28aef17 analyzer: Remove the now unused collateMultipleProjects()
• a37baa9 package-managers: Use the more generic analyze()
• b2e3de1 pnpm: Simplify an expected result
• d0c98aa yarn: Re-create a lockfile

🐘 Build & ⚙️ CI

• 8e59727 helper-cli: Fix plugin inclusion for a native image
• 6af505a helper-cli: Rename the project to "cli-helper"
• f17867c web-app-template: Configure tasks lazily

🔧 Chores

• fd85734 helper-cli: Prefer Kotlin's walk() over Java's listFiles()

🚀 Dependency Updates

• e161da3 update aws-java-sdk-v2 monorepo to v2.31.23

🚜 Refactorings

• 32c5210 Maven: Extract parsing of Tycho target files

56.0.0

What's Changed

🛠 Breaking Changes

• fc2767a chore!: Replace concat() et al with the more generic toExpression()
• 13c3d55 chore(model)!: Rename toCompoundExpression() to toExpression()

🐞 Bug Fixes

• 028a31a DependencyGraph: Avoid redundant processing of nodes
• a163e4e analyzer: Call before / after resolution callback in a test utility

🎉 New Features

• 7236e2a model: Make the toExpression() operator configurable
• a69eedb scanner: Default maxVersion to the next major version

✅ Tests

• 19db7a8 spdx: Remove a duplicate license from an expression
• 42c5992 spdx: Rewrite a license expression for easier editing

📖 Documentation

• c978f99 cyclonedx: Clarify that a work-around applies to EPSS scores
• 344d126 model: Document that vector contains the percentile for EPSS
• d15ae3b model: Name CVSS and EPSS as scoring system examples
• 88d782a scanner: Improve minVersion / maxVersion property documentation
• 71e8f4c scanner: Say "reject" instead of "detect" in test names

🔧 Chores

• b2ebc0e model: Simplify code by using map instead of forEach
• 200fa76 scanner: Extract a test value to a constant for clarity
• 068ffbf scanner: Rename a test variable to "config" for consistency
• 36d8083 spdx: Rename a variable for clarity
• 4174ccb Avoid reduce calls for or operators on SpdxExpressions
• 5ee9880 Introduce a function to combine SPDX expressions from collections
• 67beb24 Introduce a function to get the main license of a package

🚀 Dependency Updates

• db14717 Update the dependency-analysis-gradle-plugin to version 2.16.0
• ed88c16 update actions/setup-node digest to 49933ea
• 6bbaade update aws-java-sdk-v2 monorepo to v2.31.20
• b7ed598 update aws-java-sdk-v2 monorepo to v2.31.21
• 7b9d757 update codecov/codecov-action digest to ad3126e
• 0d16572 update com.charleskorn.kaml:kaml to v0.77.0
• 0f203f7 update com.google.code.gson:gson to v2.13.0
• 98c6874 update commons-io:commons-io to v2.19.0
• 5d3876e update org.metaeffekt.core:ae-security to v0.135.10
• 7a0136c update software.amazon.awssdk:apache-client to v2.31.22

💡 Other Changes

• 7e8f3f3 style(analyzer): Rearrange lines around dependency resolution a bit

55.3.0

What's Changed

🐞 Bug Fixes

• be287e7 ScannerCommand: Do not write the ORT result without a scanner run
• 38b0c3e conan: Replace incorrect storage path for Conan 2
• 5962121 scancode: Look for an EXE in addition to a BAT file on Windows
• de3a0c6 scanner: Tolerate copy failures for VCS lockfiles
• 7908362 scanners: Show a user-friendly error if scanners are not in PATH

🎉 New Features

• 32e01c6 utils: Make OrtAuthenticator extensible

✅ Tests

• e7f5e0a conan: Update expected results
• 7bb6e2f fossid: Improve version number assertions
• 52aac13 fossid: Specify default arguments in matchers explicitly
• f1dd1b0 git: Work around temporary directory deletion failure on Windows

🐘 Build & ⚙️ CI

• 8086e31 application: Exclude invalid native image configuration
• 585bec5 application: Initialize SAX helpers at build time
• 5a3b9ef application: Optimize the native image for size
• 2c5f6c2 application: Remove native image configuration for Mordant
• 07c898b application: Simplify native image configuration for Logback
• 99537fd cli: Add GraalVM native image configuration for Kotlin reflect
• 6a81a5c cli: Make the native image include plugins
• 57d0bc8 git: Exclude sshd-sftp for another JGit dependency
• cc451ec gradle: Do not explicitly enable KSP 2

📖 Documentation

• 5fdb3d1 pnpm: Add a note about pnpm info calling npm underneath

🔧 Chores

• e61bb63 bazel: Turn toRemoteArtifact() into an expression
• e55287b bazel: Turn tokenizeString() into an expression
• 5e4e3ce downloader: Merge nested ifs
• d9f9885 downloader: Prefer apply over run for an unused return value
• abbe4a7 evaluated-model: Merge nested ifs
• 48f5c45 model: Replace an unused lambda parameter with _
• 3ff55d9 scanner: Remove an unused import
• 5a72f8c scanner: Remove the unused ScannerWrapperConfig class
• 45ee239 spdx-utils: Remove a useless null-safe access
• 72cf02b spdx-utils: Turn isSubExpression() into an expression
• 914c0ea Remove print statements from tests

🚀 Dependency Updates

• 8171dfa git-repo: Upgrade to the latest repo version
• e70eb81 Update the dependency-analysis-gradle-plugin to version 2.15.0
• 015cc90 update actions/setup-java digest to c5195ef
• 4c90d5c update aws-java-sdk-v2 monorepo to v2.31.16
• 8d6c7b6 update aws-java-sdk-v2 monorepo to v2.31.17
• 94b8dac update aws-java-sdk-v2 monorepo to v2.31.18
• 67a7012 update aws-java-sdk-v2 monorepo to v2.31.19
• f105df0 update com.charleskorn.kaml:kaml to v0.76.0
• d7f4a72 update dependency @easyops-cn/docusaurus-search-local to v0.49.2
• 080a5ad update exposed to v0.61.0
• e52e434 update github/codeql-action digest to 45775bd
• bf361dc update github/codeql-action digest to fc7e4a0
• fa24394 update io.mockk:mockk to v1.14.0
• 00f5279 update ksp monorepo to v2.1.20-2.0.0
• d9e2ffd update org.gradle.toolchains.foojay-resolver-convention to v0.10.0
• 6afffdd update org.jetbrains.kotlinx:kotlinx-coroutines-core to v1.10.2

💡 Other Changes

• a1548fd style: Consistently use empty curly braces without a space

55.2.0

What's Changed

🐞 Bug Fixes

• 86de3cc Maven: Do not exclude modules during a Tycho build

🎉 New Features

• e1d45fb evaluator: Add the matcher PackageRule.hasConcludedLicense()
• 5858cfa freemarker: Add val PackageModel.labels for convenient access
• ab3a44a freemarker: Add a helper function for constructing Identifiers
• effb488 helper-cli: Extend PackageList by a concluded license

✅ Tests

• ee00fa3 conan: Update expected results
• 0fc4054 go: Add a test back again
• 186b69e go: Rename a test

🐘 Build & ⚙️ CI

• 2254f96 gradle: Ensure a deterministic classpath order for the pathing JAR

📖 Documentation

• e91d2cd Adopters: Add ZEISS IQS to ORT adopters list

🔧 Chores

• 3a346df git: Use the .runGit() extension function for convenience
• b4aaec0 git: Use the more speaking lsRemoteRepository() function
• 8497e4b git: Use the more specific GitWorkingTree
• 4137929 Consistently import JGit's Git class as JGit

🚀 Dependency Updates

• e459af5 Update the dependency-analysis-gradle-plugin to version 2.13.3
• 8fd6e11 update com.charleskorn.kaml:kaml to v0.74.0
• f26c647 update crazy-max/ghaction-upx digest to db8cc95
• a9f2c93 update dependency-analysis-gradle-plugin to v2.14.0
• 0deb0e7 update io.github.pdvrieze.xmlutil:serialization to v0.91.0
• 4abd97a update kotlinxserialization to v1.8.1
• dc76373 update software.amazon.awssdk:s3 to v2.31.11

🚜 Refactorings

• 4ea1a69 git: Do not try to fetch ref specs that do not exist
• b53f6e7 mercurial: Introduce a runHg() helper extension function

55.1.0

What's Changed

🐞 Bug Fixes

• d2927d8 Maven: Add the Maven Wagon HTTP provider
• 298a964 cli: Do not output ORT_* environment variables unless set
• 6a64b8f plugins: Do not write "null" as string for configClass

🎉 New Features

• 7637e0f conan: Add a parameter to analyze projects with Conan 2
• 19427ac conan: Add support for Conan 2
• 81670f8 conan: Allow packages without conandata.yml
• c799222 docker: Add Conan 2 to the Docker image
• 0ee7d53 helper-cli: Extend PackageList by a declaredLicense set
• a3a7615 model: Improve the check for empty configuration sources
• 619221d npm: Speed-up getting the remote package details
• e97f46e website: Replace the title text with ORT's logo

✅ Tests

• fa3362f bazel: Update expected results
• 94f3898 go: Replace the go.mongodb.org/mongo-driver dependency
• 95e364b python: Update expected results

🐘 Build & ⚙️ CI

• 8eab579 cli: Remove a deprecated GraalVM option that is now the default
• a2689a7 web-app-template: Update syntax for version properties

📖 Documentation

• 3a9bfb3 model: Fix a typo in PackageConfiguration class docs
• 9663709 model: Improve PackageConfiguration class docs
• 2d35a97 website: Add links for named entities in the footer

🔧 Chores

• 486f0fc commands: Make it explicit that the reference config always exists
• 267938a conan: Move error logging to the place where the error can happen
• 833558a conan: Provide EMPTY property for an empty conandata file
• 4d1b500 model: Add logging when falling back to default configuration
• 027a8d6 model: Align with OrtMain and use the absolute config file path
• bef2cdc model: Remove the now unused OrtConfigurationWrapper class
• c203aa3 model: Simplify loading OrtConfiguration
• eb3e746 node: Align the plugin descriptions of all node managers
• cbd06e5 node: Use buildSet for an NPM function that builds a set
• 00f6207 spdx: Remove else from an exhaustive when

🚀 Dependency Updates

• 190a1b1 gradle: Upgrade SVNKit to the new "com" artifact group
• 4dfeef2 Update Kotlin to version 2.1.20
• 888c785 Update the dependency-analysis-gradle-plugin to version 2.13.1
• 409b482 Update the dependency-analysis-gradle-plugin to version 2.13.2
• 6827784 update com.charleskorn.kaml:kaml to v0.73.0
• e7d384a update com.zaxxer:hikaricp to v6.3.0
• 42af1f5 update docker/login-action digest to 74a5d14
• 5511fed update github/codeql-action digest to 1b549b9
• f1de6fc update gradle/actions digest to 06832c7
• 1f22ea4 update jgit to v7.2.0.202503040940-r
• 15f2b4f update ksp monorepo to v2.1.20-1.0.32
• 2585bc9 update software.amazon.awssdk:s3 to v2.31.6
• eade9f9 update umbrelladocs/action-linkspector digest to 3e12ade
• a07f848 update umbrelladocs/action-linkspector digest to a0567ce

🚜 Refactorings

• 3f2aa2c conan: Change the model to introduce an interface PackageInfo
• 5bbafe5 conan: Introduce version-specific handler
• 193a5fa Use Jackson's withRootName() to write nested configuration

55.0.0

What's Changed

🛠 Breaking Changes

• 370ed4e chore(node)!: Reduce the visibility of a variable and function
• a9dced5 chore(node)!: Reduce the visibility of the ModuleInfo classes again

🐞 Bug Fixes

• fb9029b github: Fetch tags for the native build to get the version correct

🎉 New Features

• b2d09a6 utils: Support a fallback Authenticator

✅ Tests

• 8403c76 pub: Update expected results

🐘 Build & ⚙️ CI

• 93f38ab GeneratePluginDocsTask: Throw a Gradle-specific exception
• f9ea5d4 cli: Add a Gradle property to build an analyzer-only distribution
• 2f3b2e0 cli: Add another class to initialize at native-image build time
• 66d1ee3 gradle: Avoid hard-coding KSP output file patterns
• e031108 ort-library-conventions: Apply native-build-tools to libraries
• d50c3ae requirements: Remove unused project dependencies
• b443cfb Allow to override GraalVM detection via GRAALVM_HOME
• e44a25e github: Add a workflow to build a native Analyzer-only executable
• 31938e4 github: Consistently name checkout steps
• 8e5e540 native-build: Use GraalVM 24

📖 Documentation

• 1190e53 PluginAPI: Fix plugin compiler path in Readme
• de05fd5 gradle: Document matching of Java language versions
• 1c1ae3a python: Explain why it is okay to use lockfiles as definition files
• 57cf381 website: Add generated plugin docs

🔧 Chores

• 67d4b7a GeneratePluginDocsTask: Make the total count go last
• bab7e32 gradle: Move a sorted() call to emphasize where it matters
• 7f60846 node: Do not use "pnpm-lock.yaml" as a definition file glob
• 408a250 python: Drop superfluous package deduplication

🚀 Dependency Updates

• 2cbcc48 Update the dependency-analysis-gradle-plugin to version 2.12.0
• 2fe33a3 Update the dependency-analysis-gradle-plugin to version 2.13.0
• a540255 update actions/setup-node digest to cdca736
• 5487a7b update actions/upload-artifact digest to ea165f8
• 8e7445b update ch.qos.logback:logback-classic to v1.5.18
• 1275a6c update dependency @easyops-cn/docusaurus-search-local to ^0.49.0
• a4df93d update github/codeql-action digest to 5f8171a
• f3b3d55 update org.metaeffekt.core:ae-security to v0.135.8
• 59c2265 update org.springframework:spring-core to v6.2.4
• 5e341b2 update org.springframework:spring-core to v6.2.5
• a11ce97 update software.amazon.awssdk:s3 to v2.31.0
• 5b27e44 update software.amazon.awssdk:s3 to v2.31.1
• 00d0b1b update umbrelladocs/action-linkspector digest to 49cf4f8
• ebaf2e5 update umbrelladocs/action-linkspector digest to c6d4525

💡 Other Changes

• da9c44d style(python): Reformat constructor lines

54.0.0

What's Changed

🛠 Breaking Changes

• 5fb6ccb chore!: Remove the old plugin API
• c5afeca feat(analyzer)!: Migrate package managers to new plugin API
• 346ea42 refactor(analyzer)!: Move definition file matchers to PackageManager
• d90ecb6 refactor(analyzer)!: Remove analysisRoot from PackageManager constructor
• da45b6a refactor(analyzer)!: Remove repoConfig from PackageManager constructor
• 66b03c5 refactor(model)!: Replace PluginConfiguration with PluginConfig

🐞 Bug Fixes

• 4c705ad analyzer: Correctly look up dependency graphs by package manager name
• 77bdbf5 fossid: Use the plugin display name as issue source
• aee0047 maven: Use the plugin display name as issue source
• f9b807e spdx: Use the plugin display name as issue source

🎉 New Features

• 68b6544 Maven: Add P2ArtifactResolver class
• 790d555 Maven: Add P2RepositoryContentLoader class
• 9dddaad Maven: Add a class to create artifacts for OSGi dependencies
• c6eb3a2 Maven: Add functionality to parse artifacts files
• df0f3cb Maven: Improve parsing of VCS information in Tycho
• 5040ff8 Maven: Integrate P2ArtifactChecker with Tycho
• a0860f5 Maven: Update Tycho for the new resolving mechanism
• e4fc496 plugins: Add a PluginConfig.EMPTY constant
• 1f854fb requirements: Remove listing plugins from the RequirementsCommand

✅ Tests

• d7400bf Maven: Add a more advanced funTest for Tycho
• 342c5f9 bazel: Update expected results
• 8e5025d model: Remove the individual withResolvedScopes() tests

🐘 Build & ⚙️ CI

• 44c8cbc gradle: Move all TestData.kt files to testFixtures

📖 Documentation

• 0de5b34 Maven: Shortly describe the strategy used by Tycho
• b0503d0 evaluator: Document the CompatibilityModel

🔧 Chores

• 89701d1 Maven: Remove obsolete code from LocalRepositoryHelper
• 7ef5351 Maven: Remove the obsolete P2ArtifactTracker class
• f8ae512 evaluator: Add a checkNotNull() to silence an inspection hint
• 34c5c6b evaluator: Remove the OSADL matrix timestamp parsing
• 58ce1d7 maven: Only search once for =-separated fields
• fef98f9 maven: Prefer buildMap to build a map
• f73d409 maven: Prefer the speaking first() over [0]
• ff6abf8 maven: Simplify and generalize findHash()
• 4a890f6 node: Use the plugin display name as issue source
• 33b193c nuget: Use the createAndLogIssue helper function
• 3239b71 plugins: Remove option description from class docs
• 6503f28 reporter: Make intermediate test fixture properties private
• 2b15863 scancode: Use the plugin display name as issue source
• f443beb scanner: Use the plugin display names instead of IDs in logs
• ebe3095 swiftpm: Use the createAndLogIssue helper function

🚀 Dependency Updates

• 14cb48c docker: Upgrade ScanCode to version 32.3.3
• db2dc41 evaluator: Update the OSADL license compliance matrix
• 9d6a7e8 Update the dependency-analysis-gradle-plugin to version 2.11.0
• f29c6bc update com.github.jmongard.git-semver-plugin to v0.16.0
• 8d89d7c update com.vanniktech:gradle-maven-publish-plugin to v0.31.0
• 3cd3a9d update github/codeql-action digest to 6bb031a
• c2afe87 update jirarestclient to v6.0.2
• 4f67f5a update org.cyclonedx:cyclonedx-core-java to v10.2.1
• 035fe5e update org.graalvm.buildtools:native-gradle-plugin to v0.10.6
• 5ff3bdc update org.metaeffekt.core:ae-security to v0.135.7
• 2c8aa0c update software.amazon.awssdk:s3 to v2.30.36

🚜 Refactorings

• 57ba918 Maven: Extract a class to deal with the local repository
• 50a9309 Maven: Extract functionality to parse XML documents
• f87dd03 Maven: Move Tycho-related classes to a dedicated package
• 6b507da analyzer: Set default package managers in analyzer config
• 81824ea common-utils: Remove Plugin.isEnabledByDefault
• 82abb36 gradle: Hardcode the issue source
• b3aa56b gradle-inspector: Hardcode the issue source
• bf7cc00 model: Inline qualifiedScopeNames()
• b56bc84 pub: Extract the command into a separate class
• 1bde17b yarn2: Extract the command into a separate class
• fdd755b Add a createAndLogIssue function for use in plugins
• 7ce74c4 Move withResolvedScopes() from model to analyzer

53.0.0

What's Changed

🛠 Breaking Changes

• 5dae200 refactor(Maven)!: Introduce a function type to resolve packages

🐞 Bug Fixes

• c41be5d maven: Avoid deduplication in Tycho dependency trees
• c17b452 scanoss: Make the API key an optional secret again
• 21b05f6 spdx: Add missing aliases for config options
• b4511e3 web-app-template: Fix concluded license in table view

🎉 New Features

• 6e94cb3 Maven: Filter source bundles from dependencies
• 826652a Maven: Obtain package metadata for Tycho OSGi artifacts

✅ Tests

• beb1db8 model: Increase timeout for performance tests

🐘 Build & ⚙️ CI

• 5162e66 advisors: Do not explicitly depend on testUtils
• 22bc094 scanoss: Remove unused dependencies
• 6a24ab7 website: Fail the build on broken anchors

📖 Documentation

• 3359f31 spdx-document: Fix-up a URL
• a667c72 website: Replace Algolia with local search
• 99eb307 Fix a broken anchor warning from Docusaurus

🔧 Chores

• 0fc16c1 docker: Consistently upper-case the AS keyword
• 3c8d858 scanoss: Do not hard-code the default API URL anymore
• 45fde4d spdx-utils: Use 'SpdxModelMapper's in yamlMapper` in a test

🚀 Dependency Updates

• 73f3a58 update actions/attest-build-provenance digest to bd77c07
• a94da70 update actions/attest-build-provenance digest to c074443
• 1eeb4ac update com.blackduck.integration:blackduck-common to v67.0.5
• a8f47a9 update exposed to v0.60.0
• 6a9a8fc update io.mockk:mockk to v1.13.17
• 050fef4 update jackson monorepo to v2.18.3
• a625863 update ksp monorepo to v2.1.10-1.0.31
• 0e8a2f9 update org.wiremock:wiremock to v3.12.1
• efa1bac update software.amazon.awssdk:s3 to v2.30.31

🚜 Refactorings

• 7223922 spdx-util: Split out document-related code to a separate module

52.1.0

What's Changed

🐞 Bug Fixes

• c3f75e3 Maven: Do not duplicate hints about auto-generated POMs
• 4537580 Maven: Pin the version of the dependency tree plugin

🎉 New Features

• 10243af Maven: Add a function to detect Tycho projects
• d5f0272 Maven: Add an initial Tycho package manager implementation
• 25754e6 Maven: Add functionality to parse JSON-based dependency trees
• 2a91005 Maven: Add more error handling for Tycho
• 7655ba1 Maven: Filter out Tycho definition files in Maven
• 17f979e Maven: Generate hints about auto-generated POMs for Tycho
• 985b09f Maven: Support path excludes for Tycho
• 5b69a8b Maven: Support scope excludes for Tycho
• 1be81f2 reporter: Replace javax usages by jakarta in the Jira REST client

✅ Tests

• 67b0b11 Maven: Replace organizations in test projects
• b43803a reporter: Add a Jira REST API client test

📖 Documentation

• d8d38d3 website: Mention Tycho support
• 366713a website: Remove some unneeded wrapping in Markdown code
• 5c6a900 website: Remove the Node peer dependency limitations

🔧 Chores

• 7c6e483 Maven: Let the dependency tree plugin write the output file

🚀 Dependency Updates

• 8c4beb9 update actions/attest-build-provenance digest to f9eaf23
• 8d2e72d update ch.qos.logback:logback-classic to v1.5.17
• b35f0e3 update codecov/codecov-action digest to 0565863
• c5414d3 update dependency gradle to v8.13
• a91733c update docker/build-push-action digest to 471d1dc
• e5a0d34 update docker/metadata-action digest to 902fa8e
• a74589a update docker/setup-buildx-action digest to b5ca514
• 9b9bb70 update kotlinpoet to v2.1.0
• 6068604 update org.metaeffekt.core:ae-security to v0.135.6
• 63d424d update org.slf4j:slf4j-api to v2.0.17

🚜 Refactorings

• 08bc01a Maven: Extract LocalProjectWorkspaceReader
• 944c377 Maven: Move creation of projects to an extension function
• dbc2e7b Maven: Move extension functions to a separate file