0.56.0

What's Changed

🛠 Breaking Changes

• 0426e7a feat(api)!: Expose typed permissions in user info

🐞 Bug Fixes

• 25d9294 compose: Actually use the secrets.properties file
• aacc1dc orchestrator: Add variables to configure pod labels
• 963a5ea ui: Also disable "delete ORT run" with insufficient permissions
• d7e599e correct case in SCANNEr_SENDER_TRANSPORT_CPU_REQUEST

🎉 New Features

• 0df7403 authorization: Add permission enums to API model
• b1e3d79 authorization: Add the repository permission MANAGE_RESOLUTIONS
• aec7162 compose: Use a dedicated Keycloak client for the backend
• 94ac570 resolutions: Add a read model for vulnerability resolutions
• eeb56b0 resolutions: Add a service to manage vulnerability resolutions
• 19f5638 resolutions: Add a store for vulnerability resolution events
• 1530adb resolutions: Add routes to manage vulnerability resolutions
• a2b18c5 resolutions: Define vulnerability resolution events
• b56b385 ui: Add copy button to error toasts
• 359f274 ui: Add links to projects table
• e05fa0e ui: Align capitalization and wording of buttons
• 1111461 ui: Open subrow also in projects table
• 42a2861 ui: Prettify the error copied to clipboard
• 3c3deb4 ui: Prevent "Rerun" without TRIGGER_ORT_RUN permission
• 0320082 ui: Prevent admins to manage secrets from higher hierarchy level
• 554cb4b ui: Protect users without access rights to create items
• c4d00d2 workers: Resolve vulnerability resolutions from the repository
• 21248e8 Add a new resolutions component

⚡ Performance Enhancements

• fbd37ba service: Optimize listForOrtRuns() for performance

🔧 Chores

• d935adc compose: Recreate the master realm file with Keycloak 26.5.5
• 667137f compose: Remove the unused superuser role
• c2b035b dao: Remove tests for old migrations
• 14e66b8 Beautify some test assertions
• 73c9e57 Ignore some more agent directories
• d36f7c7 Prefer enumEntries over enumValues
• 393cc09 Remove superfluous test assertions

🚀 Dependency Updates

• 58fbbbb update actions/setup-node action to v6.3.0
• a9209e5 update awssdk to v1.6.31
• 89c6a89 update com.github.gmazzo.buildconfig to v6.0.8
• 2cfb827 update com.github.gmazzo.buildconfig to v6.0.9
• 5068a4d update dependency @eslint/compat to v2.0.3
• b709627 update dependency @eslint/eslintrc to v3.3.5
• 322bf5a update dependency @hey-api/openapi-ts to v0.94.0
• 744c1d2 update dependency @types/node to v24.11.2
• bc5c4cd update dependency @types/node to v24.12.0
• 3067aba update dependency eslint to v9.39.4
• 8f33b09 update dependency lucide-react to v0.577.0
• 2adaf74 update dependency recharts to v3.8.0
• 8a0596d update docker/build-push-action action to v7
• a1d7e46 update docker/dockerfile docker tag to v1.22
• 695be38 update docker/login-action action to v4
• 53bbba8 update docker/metadata-action action to v6
• e55bded update docker/setup-buildx-action action to v4
• 2ac8f88 update flyway to v12.1.0
• b9560ed update gradle to v9.4.0
• 7f20015 update io.ktor:ktor-version-catalog to v3.4.1
• 8e90850 update io.micrometer:micrometer-registry-graphite to v1.16.4
• cdf70c1 update kotest to v6.1.5
• 7544141 update org.ossreviewtoolkit:version-catalog to v81
• 1f82eec update org.ossreviewtoolkit:version-catalog to v82
• bfb5dad update pnpm to v10.31.0
• 567ef44 update pnpm to v10.32.0
• 152bb51 update quay.io/keycloak/keycloak docker tag to v26.5.5
• 2500ae2 update tanstack-router monorepo
• 4550d6b update typescript-eslint monorepo to v8.57.0

🚜 Refactorings

• da148ad api: Move vulnerability resolution classes to shared model
• a15918a dao: Add a helper function for enum columns
• e6557fa ort-run-service: Avoid an unnecessary query
• ed989c0 ort-run-service: Keep the order of issue rows
• 31d2f07 ort-run-service: Keep the order of rule violation rows
• 31b33e7 ort-run-service: Simplify building identifiers

💡 Other Changes

• 04f721b style(ui): Add aria-disabled styling to button variants

0.55.0

What's Changed

🐞 Bug Fixes

• 2ca214f dao: Distinguish issues by identifier when storing resolved issues
• bece2f6 ui: Migrate call sites to shared ItemCounts
• 83ba8ab workers: Persist Analyzer/Advisor issues before resolution mapping

🎉 New Features

• 466d41e analyzer: Store package-curation relations in Analyzer worker
• 1f8b782 core: Support multiple license sources in rule violations
• 4ee1a30 dao: Add getForOrtRunId() query for CuratedPackagesTable
• 6e52243 dao: Add table to store package-curation relations per ORT run
• dafa947 dao: Persist applied package-curation relations per ORT run
• e30f1c9 service: Refactor listForOrtRuns() for performance
• dbe3ec4 service: Replace in-memory OrtResult with direct SQL queries
• 107b645 service: Replace in-memory OrtResult with direct SQL queries
• 8f6065b service: Replace in-memory OrtResult with direct SQL queries
• 8a3c983 service: Replace in-memory OrtResult with direct SQL queries
• be7dcac service: Store package-curation relations in OrtRunService
• 029177e ui: Support multiple license sources in rule violations
• 907aa15 workers: Add a generator for Bazel

✅ Tests

• 12d1642 service: Remove redundancy from some service unit tests

🐘 Build & ⚙️ CI

• 91d1b33 gradle: Add TinyJib support for yet more Jib properties
• 5e1cd42 gradle: Use TinyJib instead of Jib
• 7570197 tinyjib: Support more Jib properties
• 5c8fb2d docker: Use latest tag only for release builds

🔧 Chores

• 72658f7 workers: Extract urlWithCredentials function to a utility class
• d0c86de Remove jib.console=plain with TinyJib

🚀 Dependency Updates

• 87a1e8f update awssdk to v1.6.27
• 65b6d6c update com.autonomousapps:dependency-analysis-gradle-plugin to v3.6.0
• 9056f96 update com.autonomousapps:dependency-analysis-gradle-plugin to v3.6.1
• b42198f update com.rabbitmq:amqp-client to v5.29.0
• 2241b6e update com.typesafe:config to v1.4.6
• 2d970cb update dependency @easyops-cn/docusaurus-search-local to v0.55.1
• 810566f update dependency @hey-api/openapi-ts to v0.93.1
• df4b9fa update dependency @types/node to v24.10.14
• 357385b update dependency @types/node to v24.10.15
• 9bc821d update dependency @types/node to v24.11.0
• 14cfb47 update dependency ae-cvss-calculator to v1.0.11
• 6f74250 update dependency autoprefixer to v10.4.27
• 5eb1fa1 update dependency axios to v1.13.6
• 0917744 update dependency globals to v17.4.0
• d72bffa update dependency postcss to v8.5.8
• 211a78c update exposed to v1.1.0
• fa5d270 update exposed to v1.1.1
• 1f00556 update flyway to v12.0.3
• af92f64 update github artifact actions
• 8b5fd1e update grafana/grafana docker tag to v12.4
• f75d80f update kotest to v6.1.4
• 6ca6de1 update ktoropenapi to v5.6.0
• bb9dd28 update node.js to e8e2e91
• bbe6eb8 update org.ossreviewtoolkit:version-catalog to v80
• 03eb49e update pnpm to v10.30.3
• fae1fd4 update tanstack-router monorepo
• e8d87a4 update tel.schich.tinyjib to v0.3.1

🚜 Refactorings

• 2443ee4 gradle: Centralize applying Jib properties for compatibility
• 34bd59d service: Extract a shared utility function into Utils
• ae48eda service: Refactor IssueService
• 5e57d3b ui: Extract shared ItemCounts component

0.54.0

What's Changed

🐞 Bug Fixes

• 5ded1b3 ui: Use guard components to protect routes

🎉 New Features

• 848e704 cli: Support the system CA bundle under Linux
• 978eb82 kubernetes: Allow adding custom labels to worker pods
• 0b98baf ui: Add a component for confirming repository move
• ea43dd8 ui: Add a component for selecting the target product
• 7c4d7b9 ui: Add permission hooks and guard components
• 5836d28 ui: Move repository to another product

🐘 Build & ⚙️ CI

• b67da1b logging: Turn an implementation dependency to an api one

🚀 Dependency Updates

• 4435547 Downgrade ktor-openapi to 5.4.0
• 5245abe update awssdk to v1.6.22
• 72ba29d update com.google.devtools.ksp to v2.3.6
• 419296e update dependency @eslint/eslintrc to v3.3.4
• 08a27fe update dependency @hey-api/openapi-ts to v0.93.0
• 46779fb update dependency eslint to v9.39.3
• a597f33 update dependency eslint-plugin-react-refresh to v0.5.1
• d18bc4f update dependency eslint-plugin-react-refresh to v0.5.2
• 2f03972 update dependency lucide-react to v0.575.0
• dbfa8d7 update dependency react-hook-form to v7.71.2
• 2e21154 update dependency tailwind-merge to v3.5.0
• 7df45f9 update eclipse-temurin:21.0.10_7-jdk-jammy docker digest to 9119073
• 314abe9 update flyway to v12.0.2
• 383eab4 update gradle/actions action to v5.0.2
• a0d709a update grafana/logstash-output-loki docker tag to v3.6.6
• d200c8a update grafana/logstash-output-loki docker tag to v3.6.7
• 3f15c91 update grafana/loki docker tag to v3.6.6
• 750f735 update grafana/loki docker tag to v3.6.7
• 05fdd5b update org.ossreviewtoolkit:version-catalog to v79.1.0
• 95550b9 update pnpm to v10.30.0
• e6b2682 update pnpm to v10.30.1
• c070e66 update pnpm to v10.30.2
• 4b2efa7 update quay.io/keycloak/keycloak docker tag to v26.5.4
• 1e0efc6 update rabbitmq docker tag to v4.2.4
• ed0328a update tailwindcss monorepo to v4.2.0
• 2f3d431 update tailwindcss monorepo to v4.2.1
• a42f1ff update tanstack-router monorepo
• 4add936 update typescript-eslint monorepo to v8.56.1

0.53.0

What's Changed

🐞 Bug Fixes

• 935be05 evaluator: Narrow resolved Evaluator items to rule violations only

🎉 New Features

• 023b065 advisor: Resolve Advisor issues and vulnerabilities
• 287e000 analyzer: Resolve Analyzer issues
• 66a25af api: Expose report file sizes in reporter job endpoint
• 94afe2d dao: Add a nullable size_in_bytes column to reports table
• e0ac1ff dao: Persist and expose report file sizes
• 3066575 logging: Add functionality for structure job logging
• f100a46 model: Add ProcessingResult data class
• 87b291f model: Add report file size fields to domain model
• a2d0edf reporter: Capture report file sizes during generation
• 0d54cc8 reporter: Resolve Reporter issues and remove fallback resolution
• 91b2750 scanner: Resolve Scanner issues
• 6298e98 services: Change the result of deleteRunsCreatedBefore()
• ba0a625 tasks: Write a status log for DeleteOldOrtRunsTask
• 138ba6d ui: Display report file sizes on Reports and SBOM pages
• f22ac99 ui: Use optionally an arrow between key-value pairs

✅ Tests

• eb33755 Extract functionality to test status logs to an extension

🐘 Build & ⚙️ CI

• b7a9f92 Ensure to use PNPM version 10.29.3 which fixes memory issues
• 45f484f github: Align on -C syntax for the PNPM working directory
• 6e8f304 github: Stop installing PNPM manually but leave it to Corepack
• 88767fc renovate: Switch to the pinGitHubActionDigestsToSemver preset

🔧 Chores

• 652534d dao: Stop using the deprecated toDataSource
• 41a878a Ignore some AI agent configuration files

🚀 Dependency Updates

• 08d04de docker: Let PNPM be bootstrapped based on the packageManager field
• 5b54f3e Upgrade the ActiveMQ Artemis test container to 2.50.0
• d16838c update awssdk to v1.6.17
• c5bba3e update ch.qos.logback:logback-classic to v1.5.31
• 6292897 update ch.qos.logback:logback-classic to v1.5.32
• 161cd34 update dependency @easyops-cn/docusaurus-search-local to v0.55.0
• 12e41ad update dependency @hey-api/openapi-ts to v0.92.4
• f54d3d6 update dependency @tanstack/react-query to v5.90.21
• 849573b update dependency @types/react to v19.2.14
• e453edd update dependency lucide-react to v0.564.0
• 867efdd update dependency pnpm to v10.29.3
• 64efe28 update dependency tailwind-merge to v3.4.1
• 27ffc22 update docker/build-push-action action to v6.19.0
• ef2b76f update docker/build-push-action action to v6.19.1
• 2061287 ff416b3 update docker/build-push-action action to v6.19.2
• 6a60cdd update docker/build-push-action digest to 10e90e3
• 61fcf75 update docker/build-push-action digest to 601a80b
• a62eefe update docker/build-push-action digest to ee4ca42
• 6659d00 update flyway to v12.0.1
• 09282b8 update node.js to a81a03d
• 1d8ee1e update org.ossreviewtoolkit:version-catalog to v79
• 754f7af update org.postgresql:postgresql to v42.7.10
• 8f40aab update tanstack-router monorepo to v1.160.0
• d1ebeb8 update typescript-eslint monorepo to v8.56.0

🚜 Refactorings

• d42f2cf common: Extract common resolution provider creation
• f5b0535 evaluator: Match resolution handling with other workers

0.52.0

What's Changed

🛠 Breaking Changes

• dbbdf76 refactor!: Remove the defects model

🐞 Bug Fixes

• d760fd4 dao: Add DELETE CASCADE constraint for path includes table
• 583421f dao: Add missing mapping for path includes
• 52f706b dao: Use upsert for resolved items junction tables
• c41b7aa docker: Add cache/tmpfs mounts to base stage to reduce image size
• 9ebef11 docker: Build cargo-credential-netrc in separate stage
• ff635bf docker: Copy only cargo directory instead of full Rust installation
• 7be8f8d docker: Move recursive chmod into Android build stage
• 1bdc745 docker: Prune .NET installation to keep only runtime
• 329bef0 docker: Prune Swift installation to keep only package manager
• d1fbab9 docker: Remove Python pycache directories from image
• c3921fa ui: Add missing Tycho package manager to UI

🎉 New Features

• 7deb0e7 api: Support moving repositories to another product
• 944c336 authorization: Add AuthorizationService.removeAssignments()
• 3613ee8 dao: Support moving repositories to another product
• 2a2c061 docker: Add Gleam programming language
• 5d0cbc5 services: Support moving repositories to another product
• 222518d ui: Add support for Gleam to the UI
• 1a5d414 ui: Align jobs in Accordion titles
• afa1b0a ui: Refactor job configurations in the configuration page

🐘 Build & ⚙️ CI

• 29854c3 gradle: Do not publish application modules
• 764f858 gradle: Enforce the Kotlin version for JVM builds
• 8d60c20 gradle: Enforce the Kotlin version only for application modules
• 95e6aba Add a job to test the Maven publication

🔧 Chores

• 41725dc ui: Remove unused assignments
• db91de6 Remove unused Keycloak config options

🚀 Dependency Updates

• eda5d3e Upgrade Kubernetes client to 25.0.0
• 5c23568 update awssdk to v1.6.12
• 3e41417 update ch.qos.logback:logback-classic to v1.5.28
• 0d8c284 update ch.qos.logback:logback-classic to v1.5.29
• 10a43be update com.google.cloud.tools.jib to v3.5.3
• ffb430f update dependency @easyops-cn/docusaurus-search-local to v0.53.0
• 99be7e1 update dependency @easyops-cn/docusaurus-search-local to v0.54.0
• 92e6685 update dependency @easyops-cn/docusaurus-search-local to v0.54.1
• 38dd971 update dependency @eslint/js to v10
• 383914b update dependency @hey-api/openapi-ts to v0.92.3
• f09b28f update dependency @ianvs/prettier-plugin-sort-imports to v4.7.1
• bc24d22 update dependency @playwright/test to v1.58.2
• 3aef48f update dependency @types/node to v24.10.11
• 6e82f28 update dependency @types/node to v24.10.12
• 47c7acb update dependency @types/node to v24.10.13
• ef6656e update dependency @types/react to v19.2.11
• f65c8fa update dependency @types/react to v19.2.13
• cabdbd2 update dependency @vitejs/plugin-react to v5.1.4
• 3d5443e update dependency axios to v1.13.5
• 6ab27f8 update dependency pnpm to v10.29.1
• 1b23f24 update dependency pnpm to v10.29.2
• db3bf17 update eclipse-temurin docker tag to v21.0.10_7-jdk-jammy
• 3840ceb update grafana/logstash-output-loki docker tag to v3.6.5
• ea5ab79 update grafana/loki docker tag to v3.6.5
• a573662 update io.micrometer:micrometer-registry-graphite to v1.16.3
• c0c50a2 update kotest to v6.1.3
• 9fa3d20 update ktoropenapi to v5.5.0
• 411f758 update nginx:1.29-alpine docker digest to 1d13701
• 1cb1273 update nginx:1.29-alpine docker digest to 5878d06
• e1c493b update node.js to 4660b1c
• f133fcc update org.jetbrains.kotlin.plugin.serialization to v2.3.10
• 9166233 update quay.io/keycloak/keycloak docker tag to v26.5.3
• 099124e update tanstack-router monorepo
• f3bee7b update typescript-eslint monorepo to v8.55.0

🚜 Refactorings

• eb044d2 authorization: Extract logic to generate filter conditions
• 796a535 ui: Add search parameter schema for jobs

💡 Other Changes

• 156e4bd Revert "fix(docker): Copy only cargo directory instead of full Rust installation"

0.51.0 (withdrawn)

Caution

The Docker images of this release are broken, for details see #4419.
Use 0.52.0 instead.

What's Changed

🛠 Breaking Changes

• 4f7dfe8 refactor!: Switch from kotlinx.datetime to kotlin.time

🐞 Bug Fixes

• dc06666 dao: Fix toDatabasePrecision()
• b7f5c43 reporter: Store issues in a thread-safe collection

🎉 New Features

• 9daa0e7 ui: Add component to show item counts of runs
• f64b7ed ui: Add extra small variant for buttons
• 2a1a671 ui: Show item counts in organization products table
• 163edda ui: Show item counts in product repository table
• c96bb5c ui: Show the items counts in repository runs table

🐘 Build & ⚙️ CI

• 37839e9 Delete obsolete build file

🔧 Chores

• 48dd7bc api: Merge a mapNotNull / firstOrNull chain
• e27614f dao: Remove an unused import
• a765842 dao: Remove unused extension functions
• 6bdb2e3 plugin-manager: Remove a redundant return keyword
• 0451133 plugin-manager: Simplify a null check
• 81932ce storage: Use new API for suspend transactions
• 455a3dd Do not pass the default argument to joinToString
• 76ee5ee Mark TanStack Router's route exports as extraHOCs
• f95f920 Prefer infix in over contains

🚀 Dependency Updates

• 12c8db3 update actions/cache action to v5.0.3
• bf6f6b5 update awssdk to v1.6.4
• b708f85 update awssdk to v1.6.7
• 2a535bb update ch.qos.logback:logback-classic to v1.5.27
• e878a2d update com.google.devtools.ksp to v2.3.5
• ba69028 update dependency @easyops-cn/docusaurus-search-local to v0.52.3
• 584a72c update dependency @eslint/compat to v2.0.2
• 64f2f47 update dependency @hey-api/openapi-ts to v0.91.0
• c35bf31 update dependency @hey-api/openapi-ts to v0.91.1
• ae730fa update dependency @playwright/test to v1.58.1
• 5a23e44 update dependency @tanstack/react-query-devtools to v5.91.3
• 7b146ca update dependency @types/node to v24.10.10
• 4bc8831 update dependency @types/react to v19.2.10
• 0b01aa4 update dependency @vitejs/plugin-react to v5.1.3
• 301735c update dependency autoprefixer to v10.4.24
• cbbdc94 update dependency axios to v1.13.4
• e62b9f2 update dependency docusaurus-plugin-openapi-docs to v4.7.0
• ce57cd8 update dependency docusaurus-plugin-openapi-docs to v4.7.1
• 360de2b update dependency docusaurus-theme-openapi-docs to v4.7.1
• 0df3ae1 update dependency eslint-plugin-react-refresh to v0.5.0
• ec6f2d0 update dependency globals to v17.2.0
• ee86d89 update dependency globals to v17.3.0
• 8178ff7 update dependency zustand to v5.0.11
• 82e0229 update docker/login-action action to v3.7.0
• cb4a779 update exposed to v1
• f686e5f update flyway to v12
• 52c2021 update gradle to v9.3.1
• 934a140 update gradle/actions action to v5.0.1
• 99fa132 update kotest to v6.1.2
• 65f5bc5 update nginx:1.29-alpine docker digest to 2622096
• 342ad28 update nginx:1.29-alpine docker digest to 4870c12
• 129f223 update nginx:1.29-alpine docker digest to 7d7a15b
• 939631d update org.ossreviewtoolkit:version-catalog to v78
• 9512ed5 update schemakenerator to v2.6.0
• 5b9b7c4 update tanstack-router monorepo to v1.157.18

🚜 Refactorings

• 9cf3c22 github: Work around a false positive unreachable code warning
• 760a737 reporter: Do not return report files from generateReports
• 208a7c9 reporter: Do not return report formats from generateReports
• 7637573 reporter: Remove unnecessary toList() calls
• 44f5584 reporter: Simplify ReporterRunnerResult.reports
• fa89fed reporter: Use a set instead of a map to store active reporters
• 0aff6e4 ui: Use helper function also for ItemCount component
• fdaa18e Add a default value for the cause of ConfigException

0.50.0

What's Changed

🛠 Breaking Changes

• 4126197 feat!: Use enums for the issue resolution reasons
• 4d34ac9 feat!: Use enums for the license source
• bd241d5 feat!: Use enums for the rule violation resolution reasons
• a31cf03 feat!: Use enums for the vulnerability resolution reasons
• 8598c2e feat(api)!: Add resolved counts to statistics endpoints

🐞 Bug Fixes

• c2bfb5b docker: Install XML-related dev packages also for the reporter
• 3b57688 infrastructure-services: Disallow empty names
• 2ecca3f secrets: Disallow empty names

🎉 New Features

• a720e98 dao: Add tables to store resolution matches
• 4d56eca dao: Store resolved items
• e426f4f evaluator: Store resolution by item
• 9dddd3c reporter: Store resolution by item
• 2087801 service: Add unresolved count methods to service layer
• a759476 ui: Add an optional prop for the total number of items
• 327f283 ui: Rearrange the statistics cards in run overview page
• ec7ec55 ui: Show unresolved/total counts in all statistics cards
• 367c018 ui: Use the new statistics counts for cards
• afbb2a0 workers: Add a function to match resolutions

✅ Tests

• 55ddec2 core: Disable the whole spec if generateOpenApiSpec is not true

🐘 Build & ⚙️ CI

• 9d9971c renovate: Ignore legacy Kubernetes Java Client updates
• 704b22d renovate: Pin dependenies in PNPM projects

🔧 Chores

• c32f2d1 detekt: Prefer ktlint's rule for unused imports
• 376ed64 docker: Use the usual boilerplate to install apt packages
• 61bc60f logs: Replace a deprecate attribute in the logback config
• ef0aa86 workers: Simplify some test assertions
• e401e75 Ignore some AI agent configuration files

🚀 Dependency Updates

• 8eb6ad1 gradle: Upgrade to Detekt 2
• 5ca6e1b 5a79037 pin dependencies
• 4bb661a pin dependency react-markdown to 10.1.0
• fd5358e update actions/checkout action to v6.0.2
• 4e22eb3 update actions/setup-java action to v5.2.0
• 27d6cef update ch.qos.logback:logback-classic to v1.5.26
• d2fabe5 update com.github.ajalt.clikt:clikt to v5.1.0
• 12059e1 update dependency @hey-api/openapi-ts to v0.90.10
• 926b35e update dependency @hey-api/openapi-ts to v0.90.6
• f4d272a update dependency @hey-api/openapi-ts to v0.90.7
• ea64781 update dependency @hey-api/openapi-ts to v0.90.8
• a942928 update dependency @hey-api/openapi-ts to v0.90.9
• f107826 update dependency @playwright/test to v1.58.0
• 03462f9 update dependency @tanstack/react-query to v5.90.20
• 697e3c0 update dependency @types/react to v19.2.9
• d54fad9 update dependency axios to v1.13.3
• 228508e update dependency globals to v17.1.0
• ce3ba85 update dependency lucide-react to v0.563.0
• 0479057 update dependency pnpm to v10.28.2
• 44a8af9 update dependency prettier to v3.8.1
• 848d93b update dependency recharts to v3.7.0
• 58575a1 update dependency vitest to v4.0.18
• 1face2a update dependency zod to v4.3.6
• cfefd9c update docker/dockerfile docker tag to v1.21
• d92b498 update flyway to v11.20.3
• 4de0087 update grafana/logstash-output-loki docker tag to v3.6.4
• 9fe59e0 update grafana/loki docker tag to v3.6.4
• 2a05d45 update io.ktor:ktor-version-catalog to v3.4.0
• ff5d50d update io.mockk:mockk to v1.14.9
• 33cae63 update kotest to v6.1.0
• 58762fd update kotest to v6.1.1
• 1450520 update org.apache.qpid:qpid-jms-client to v2.10.0
• 303b885 update org.jetbrains.kotlin:kotlin-gradle-plugin to v2.3.0
• b5dd284 update org.jetbrains.kotlinx:kotlinx-serialization-json to v1.10.0
• 0429413 update org.ossreviewtoolkit:version-catalog to v77
• d05e391 update python docker tag to v3.14
• ffa6e4c update quay.io/keycloak/keycloak docker tag to v26.5.2
• 4047c6f update rabbitmq docker tag to v4.2.3
• c097435 update react monorepo to v19.2.4
• 74c82ae update tanstack-router monorepo to v1.157.14
• e118b0a update typescript-eslint monorepo to v8.54.0

🚜 Refactorings

• 6439fb7 logs: Represent MDC keys as classes
• e2ace9e logs: Simplify adding the jobId to the MDC

💡 Other Changes

• 1901938 style(detekt): Adjust config / code so that the code base passes checks
• 04124ec style(detekt): Disallow trailing commas on call / declaration sites
• 7dbeaa4 style(detekt): Remove trailing commas from the code base
• dc52889 style: Propertly name constant test data properties

0.49.0

What's Changed

🐞 Bug Fixes

• 276ddc9 ui: Abbreviate long usernames and emails
• 8a0eea1 vault: Correctly override the token header

🎉 New Features

• 383ec3b vault: Improve the retry configuration

🔧 Chores

• 5bccf2f clients: Drop AbstractKeycloakClientTest
• a52d76e clients: Drop unused Keycloak model classes and test data
• 0100c75 clients: Remove KeycloakTestClient class
• 343e2ac clients: Strip down the KeycloakClient interface

🚀 Dependency Updates

• a6762ed docker: Upgrade to ScanCode 32.5.0
• 83e203a update actions/cache action to v5.0.2
• 9326b21 update awssdk to v1.5.122
• 9d5562f update ch.qos.logback:logback-classic to v1.5.25
• 3f36e0d update com.vanniktech:gradle-maven-publish-plugin to v0.36.0
• ff36aee update dependency @hey-api/openapi-ts to v0.90.4
• a46b93b update dependency @tanstack/react-query to v5.90.19
• 984b1d6 update dependency @types/node to v24.10.9
• 7a64d7a update dependency docusaurus-plugin-openapi-docs to v4.6.0
• a97e4bb update dependency docusaurus-theme-openapi-docs to v4.6.0
• 4f76b4c update eclipse-temurin:21.0.9_10-jdk-jammy docker digest to 41c8a28
• 6368be6 update flyway to v11.20.2
• b58e464 update gradle to v9.3.0
• 0d362e7 update node.js to bf22df2
• 2d83d70 update org.postgresql:postgresql to v42.7.9
• c68f19b update tanstack-router monorepo to v1.151.6
• febd80e update typescript-eslint monorepo to v8.53.1

0.48.0

What's Changed

🐞 Bug Fixes

• dae556f ui: Align EPSS and job durations charts
• b9315e7 ui: Align Radar dot callback with Recharts 3.6
• 1292c1f ui: Fix infinite rerenders
• 06a8aa9 ui: Fix links to ORT runs in all search results tables
• 04efd01 ui: Make Chart components compatible with Recharts 3.6
• 7cf721f workers: Always consider all secrets when resolving services

🎉 New Features

• cab8472 ui: Add package and vulnerability search to organization
• ced4fad ui: Add package and vulnerability search to repository
• 88683bf ui: Tweak the product search tables

🔧 Chores

• 4f1ba94 ui: Omit descriptions about using regex search
• bb11b60 workers: Drop an unnecessary expression

🚀 Dependency Updates

• 91f36a8 update actions/setup-node action to v6.2.0
• d32da5e update com.github.dasniko:testcontainers-keycloak to v4.1.1
• 97d2344 update dependency @types/node to v24.10.8
• f9721dc update dependency prettier to v3.8.0
• 721dd72 update dependency react-hook-form to v7.71.1
• f7429dc update dependency recharts to v3.6.0
• 23cd792 update nginx:1.29-alpine docker digest to 550ada9
• 0351ed4 update nginx:1.29-alpine docker digest to 66d420c
• bdbfe31 update nginx:1.29-alpine docker digest to b0f7830
• b05c8ee update org.ossreviewtoolkit:version-catalog to v76
• f0eccde update quay.io/keycloak/keycloak docker tag to v26.5.1
• e95e4ba update typescript-eslint monorepo to v8.53.0

🚜 Refactorings

• 5459cfc authorization: Improve HierarchyPermissions docs and naming
• d786062 authorization: Inline computeImplicitIncludes
• 18266f8 authorization: Inline constructAssignmentsMap
• 9ed7906 authorization: Inline a trivial helper function
• 3306595 authorization: Remove an unnecessary variable
• d932272 authorization: Simplify a function by using when
• 5e71672 authorization: Turn assignmentsMap into a set
• fa16780 authorization: Turn a helper function into an extension function
• 1abd04e authorization: Turn anonymous objects into classes
• a14c4ec Move the parents helper function to CompoundHierarchyId

0.47.0

What's Changed

🛠 Breaking Changes

• dd050df build(gradle)!: Append "-worker" to all worker projects
• 57fde0f build(gradle)!: Prefix component subprojects with the component name
• 64dfbcc feat(api)!: Add the superuser status when listing all users
• c652017 feat(api)!: Use Identifier instead of String for package search

🐞 Bug Fixes

• 1140164 compose: Add missing mount for secrets.properties
• 952bd9c compose: Enable Keycloak database migrations during realm import
• 27569a3 compose: Fix the Logstash config
• a7d99f3 config: Use the default branch for blank revisions also when updating
• 71b9917 dao: Fix handling of rule violations without license sources
• 68746ef ui: Don't hide the chart tooltip behind other UI elements
• 33605fa ui: Don't submit form when clicking copy button
• 295bec0 ui: Fix "total job duration" calculation
• f7573e9 ui: Fix tooltip rendering when infra durations not in use
• 7be9eed ui: Make text inside light blue badges more readable
• 02253d2 ui: Make the tooltip of the run durations chart wider
• 5acaeca vault: Fix a failing request after token renewal
• 9af5da8 workers: Also show ORT stacktraces for forked processes

🎉 New Features

• 69e4453 api: Add routes to add and remove the superuser status
• 277ba47 dao: Add a migration script to delete fake scan results
• 3452ef6 dao: Add scan result and scan summary indexes
• f47b51c logs: Add custom header for UI and CLI clients
• c898514 search: Add PURL-based package search with curation support
• 221c3ef search: Extend search service and API
• 8258cf7 search: Make the searches case-insensitive
• e0b9470 search: Tests for vulnerability search
• 727b53b ui: Add "copy to clipboard" where applicable
• d37407c ui: Add a component to show the SHA1
• ea9169d ui: Allow to add and remove superusers
• a7eadc9 ui: Extend RunDuration to align implementation
• b9128d4 ui: Lift package ID to URL in package search
• b489084 ui: Link package IDs to packages table
• 031c853 ui: Refactor the repository runs table
• 1f8d0c9 ui: Search ORT runs with vulnerabilities
• f9a2d37 ui: Show superuser status in admin users table
• 2413753 ui: Unify showing the SHA1 in the UI
• 38fc897 ui: Use ORT ID or purl in package search
• 8a8bf45 ui: Use getSize() for element widths in header and body components
• 68bd7f5 ui: Use the column sizing hook in main table components

✅ Tests

• 8e9d4e6 search: Add tests for PURL-based package search
• 1c7a32a search: Add tests for case-insensitive search

🐘 Build & ⚙️ CI

• e5e58c2 gradle: Automate adding the "-service" suffix to service projects
• 0423305 gradle: Automate prefixing of SPI projects
• f47cc7c gradle: Simplify accessing the version catalog from buildSrc

📖 Documentation

• b4765a7 ui: Improve the "Repository configuration path" description

🔧 Chores

• 6c2baa1 authorization: Fix some references to outdated classes
• 86ac8ce buildSrc: Remove unused imports
• 8b3b85a compose: Set fixed versions for grafana images
• d131c07 mailmap: Merge Oliver's email addresses
• f63e86d mailmap: Update Martin's email address
• 3967d04 Drop obsolete classes from authorization-keycloak

🚀 Dependency Updates

• 18133bc Update ORT to version 73.0.0
• 07608f3 Update ORT to version 74.0.0
• 3e21d56 update awssdk to v1.5.107
• d9f57d2 update awssdk to v1.5.110
• 9ac91f6 update awssdk to v1.5.113
• a1c42f1 update awssdk to v1.5.117
• fc48c6b update ch.qos.logback:logback-classic to v1.5.23
• a80530e update ch.qos.logback:logback-classic to v1.5.24
• 63c1a82 update com.github.dasniko:testcontainers-keycloak to v4.1.0
• 5a53f1c update com.github.gmazzo.buildconfig to v6.0.7
• 4b9fd39 update com.github.jmongard.git-semver-plugin to v0.18.0
• f09c7b0 update com.google.devtools.ksp to v2.3.4
• c4c84f2 update com.sksamuel.aedile:aedile-core to v3.0.2
• 211f3ba update dependency @eslint/compat to v2.0.1
• 3e2fb10 update dependency @hey-api/openapi-ts to v0.89.1
• 3479a6c update dependency @hey-api/openapi-ts to v0.89.2
• 6f2eb93 update dependency @hey-api/openapi-ts to v0.90.0
• 41da262 update dependency @hey-api/openapi-ts to v0.90.1
• 23281c1 update dependency @hey-api/openapi-ts to v0.90.2
• a029f19 update dependency @hey-api/openapi-ts to v0.90.3
• e3119d0 update dependency @tanstack/react-query to v5.90.16
• 08222f9 update dependency @types/node to v24.10.6
• 1f883c1 update dependency @types/node to v24.10.7
• 4458e73 update dependency @types/react to v19.2.8
• 3ccdf96 update dependency eslint-plugin-react-refresh to v0.4.26
• 490df93 update dependency globals to v17
• c60756a update dependency lucide-react to ^0.562.0
• 8d6f18e update dependency react-hook-form to v7.69.0
• baa71df update dependency react-hook-form to v7.70.0
• 1c5da2a update dependency react-hook-form to v7.71.0
• 35494ea update dependency vite to v7.3.1
• e52d313 update dependency vitest to v4.0.16
• cbcbad3 update dependency vitest to v4.0.17
• a767d42 update dependency zod to v4.3.2
• 867d852 update dependency zod to v4.3.4
• 443f7bc update dependency zod to v4.3.5
• 28a84cf update dependency zustand to v5.0.10
• 7a28eb8 update docker/setup-buildx-action action to v3.12.0
• e64882f update flyway to v11.19.1
• e4df13e update flyway to v11.20.0
• a9e0eb3 update flyway to v11.20.1
• 84c60ac update io.micrometer:micrometer-registry-graphite to v1.16.2
• 881a976 update nginx:1.29-alpine docker digest to 8491795
• 6810b38 update nginx:1.29-alpine docker digest to 9de2613
• b2d84c9 update nginx:1.29-alpine docker digest to c083c37
• 9ed3665 update nginx:1.29-alpine docker digest to ce611bb
• 40b146f update nginx:1.29-alpine docker digest to fd9f8ce
• 50f031d update node.js to b83af04
• 73e2ad0 update org.apache.logging.log4j:log4j-to-slf4j to v2.25.3
• 2e68536 update org.ossreviewtoolkit:version-catalog to v74.1.0
• c94f6f3 update org.ossreviewtoolkit:version-catalog to v75
• 001ae12 update quay.io/keycloak/keycloak docker tag to v26.5.0
• 3e4248b update tanstack-query monorepo
• 3b72003 update tanstack-router monorepo
• fb3894c update tanstack-router monorepo to v1.142.8
• 2ddd759 update tanstack-router monorepo to v1.144.0
• d737202 update tanstack-router monorepo to v1.145.4
• e8a7e93 update typescript-eslint monorepo to v8.50.1
• 67c86b0 update typescript-eslint monorepo to v8.51.0
• 73c1db1 update typescript-eslint monorepo to v8.52.0

🚜 Refactorings

• 89d154f...