This is an automated email from the ASF dual-hosted git repository. pottlinger pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/creadur-site.git
commit 1e9cc9db1f1b6688e8f3175cf424f0b00097a84f Author: Hugo Hirsch <[email protected]> AuthorDate: Mon Jan 8 22:44:47 2024 +0100 Add complete release notes --- RELEASE_NOTES.txt | 141 ++++++++++++++++++++++++++++++++++++++++ release-notes/RELEASE_NOTES.txt | 54 +++++++++++++++ 2 files changed, 195 insertions(+) diff --git a/RELEASE_NOTES.txt b/RELEASE_NOTES.txt index 85206e6b..3fd8df1c 100644 --- a/RELEASE_NOTES.txt +++ b/RELEASE_NOTES.txt @@ -1,3 +1,144 @@ +Rat 0.16 +======== +Apart from dependency updates and multiple bugfixes, this release brings the ability to use SPDX license identifiers and enhances the .gitignore-exclusion filterung during RAT runs. +Furthermore new CLI options were added and new file types can be used by default. This release makes RAT a fully Maven3-compatible plugin and removes deprecated Maven2 completely. +Thanks to all new contributors for improving RAT! + +New features: +o RAT-338: Update minimal build Maven version to 3.2.5 and maven dependencies to 3.9.6. Remove pre-JDK8 code constructs and minor refactorings. Thanks to Tamás Cservenák. +o RAT-335: Enhance .gitignore handling; support multiple .gitignore files and allow a more complete parsing of Git's ignore files. Thanks to Niels Basjes. +o RAT-322: Add configuration option to scan hidden directories: --scan-hidden-directories on the command line and scanHiddenDirectories as a Maven plugin parameter. Thanks to Jean-Baptiste Onofré. +o RAT-320: Add new command line option -o/--output to write RAT's output to a file. Thanks to Jean-Baptiste Onofré. +o RAT-329: Add markdown (MD) and yaml (YML/YAML) as a recognized extension for file and license processing. Thanks to Claude Warren. +o RAT-316: Add default exclusion of MANIFEST.MF as it must not contain comment lines to include a license. +o RAT-321: Allow text-based XML configuration of RAT. Thanks to Claude Warren. + +Fixed Bugs: +o RAT-326: Fix existing javadoc build errors and add javadoc generation to existing GithubActions to not introduce build errors via merge requests. +o RAT-328: Ensure that System.out does not get closed during report generation and updated javadocs. Thanks to Claude Warren. +o RAT-311: Update commons-compress to 1.24.0 in order to circumvent CVE-2023-42503. +o RAT-251: Added SPDX processing for default licenses. Thanks to Claude Warren. +o RAT-315: Fix warnings when using RAT with newer Maven versions as methods from Maven v2 are deprecated. Minimum version of required Maven changed to 3.2.5. Thanks to Guillaume Nodet. +o RAT-317: Change log output level of SCM ignore parser from info to debug in order to produce less log output in RAT runs. Thanks to Gary Gregory. +o RAT-314: Add default recursive exclusion for maven-induced build artifacts in folder .mvn. Thanks to François Guillot. +o RAT-312: Remove Travis build as it is unreliable. Builds with ASF Jenkins and Github Actions remain as before. + +Changes: +o RAT-311: Update actions/setup-java from 3.4.1 to 4.0.0. Thanks to dependabot. +o RAT-311: Update actions/cache from 3.0.11 to 3.3.2 Thanks to dependabot. +o RAT-311: Update actions/checkout from 3 to 4. Thanks to dependabot. +o RAT-311: Update mockito-core from 4.7.0 to 4.11.0, newer versions 5.x cannot be applied due to our JDK8-compatibility restriction. Thanks to dependabot. +o RAT-311: Update plexus-utils from 3.4.2 to 3.5.1, versions 4.x are for upcoming Maven4 and must not be applied here. Thanks to dependabot. +o RAT-311: Update maven-plugin-version from 3.6.4 to 3.8.2. Thanks to dependabot. +o RAT-311: Update wagon-ssh from 3.5.2 to 3.5.3. Thanks to dependabot. +o RAT-311: Update Ant from 1.10.12 to 1.10.14. Thanks to dependabot. +o RAT-311: Update ASF parent pom from 27 to 31 and update multiple maven plugin versions implicitly (surefire, release, project-info, enforcer, jxr). Thanks to dependabot. +o RAT-311: Update doxiaVersion from 1.11.1 to 1.12.0. Thanks to dependabot. +o RAT-311: Update maven-shared-utils from 3.3.4 to 3.4.2. Thanks to dependabot. +o RAT-311: Update org.slf4j:slf4j-simple from 1.7.36 to 2.0.9. Thanks to dependabot. +o RAT-311: Update commons-lang3 from 3.5 to 3.14.0. Thanks to dependabot. +o RAT-311: Update commons-compress from 1.21 to 1.25. Thanks to dependabot. +o RAT-311: Update commons-io from 2.11.0 to 2.15.1. Thanks to dependabot. +o RAT-311: Update commons-cli from 1.5.0 to 1.6.0. Thanks to dependabot. +o RAT-311: Update maven-pmd-plugin from 3.18.0 to 3.21.2. Thanks to dependabot. +o RAT-311: Update maven-dependency-plugin from 3.3.0 to 3.6.1. Thanks to dependabot. +o RAT-311: Update maven-compiler-plugin from 3.10.1 to 3.12.1. Thanks to dependabot. +o RAT-311: Update maven-javadoc-plugin from 3.4.1 to 3.6.3. Thanks to dependabot. +o RAT-311: Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot. +o RAT-311: Update maven-enforcer-plugin from 3.1.0 to 3.4.1. Thanks to dependabot. +o RAT-311: Update extra-enforcer-rules from 1.6.1 to 1.7.0 Thanks to dependabot. +o RAT-311: Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot. +o RAT-311: Update animal-sniffer-maven-plugin from 1.22 to 1.23. Thanks to dependabot. +o RAT-311: Update maven-project-info-reports-plugin from 3.4.1 to 3.5.0. Thanks to dependabot. +o RAT-311: Update maven-surefire-plugin from 3.2.2 to 3.2.3. Thanks to dependabot. + +Rat 0.15 +======== +This release fixes a warning during site builds and updates various dependencies. + +Fixed Bugs: +o RAT-309: Site builds could not be generated properly due to API changes: solution was to upgrade Maven Reporting API to 3.1.1 and use details of Maven Reporting Implementation 3.2.0 in RAT's Mojo hierarchy. Thanks to Michael Osipov, Gary Gregory. +o RAT-309: Updated internal data structures from deprecated ArrayStack to JDK's ArrayDeque. +o RAT-306: Add note about hierarchy of changelogs in RAT project structure when publishing the project webpage. +o RAT-307: Update to focal (Ubuntu 20.04) on Travis to circumvent build errors and be able to use more modern JDK versions. Deprecate openJDK8 build with focal as it is not supported on Travis. + +Changes: +o RAT-305: Update maven-project-info-reports-plugin from 3.3.0 to 3.4.1. Thanks to dependabot. +o RAT-305: Update maven-javadoc-plugin from 3.4.0 to 3.4.1. Thanks to dependabot. +o RAT-305: Update maven-jxr-plugin from 3.2.0 to 3.3.0. Thanks to dependabot. +o RAT-305: Update animal-sniffer-maven-plugin from 1.21 to 1.22. Thanks to dependabot. +o RAT-305: Update maven-site-plugin from 3.12.0 to 3.12.1. Thanks to dependabot. +o RAT-305: Update maven-pmd-plugin from 3.16.0 to 3.18.0. Thanks to dependabot. +o RAT-305: Update mockito-core from 4.6.0 to 4.7.0. Thanks to dependabot. +o RAT-305: Update extra-enforcer-rules from 1.5.1 to 1.6.1. Thanks to dependabot. +o RAT-305: Update Apache parent pom from 26 to 27. Thanks to dependabot. +o RAT-305: Update wagon-ssh from 3.5.1 to 3.5.2. Thanks to dependabot. +o RAT-305: Update maven-enforcer-plugin from 3.0.0 to 3.1.0. Thanks to dependabot. +o RAT-305: Update actions/setup-java from 3.3.0 to 3.4.1. Thanks to dependabot. +o RAT-310: Fix deprecation warnings in tests. Use hamcrest's annotations instead of ones from JUnit. + +Rat 0.14 +======== +This release contains dependency updates, bugfixes and many improvements apart from infrastructure updates at ASF. + +New features: +* RAT-288: Adapt logging output to be more compliant with future Maven versions as debug is deprecated and verbose is the recommended way to go. Thanks to Michael Osipov. +* RAT-297: Update maven-reporting-api from 3.0 to 3.1.0 and remove usage of deprecated Sink API. Thanks to Michael Osipov. +* RAT-289: Enable dependabot integration - write access is forbidden, but email alerts and pull requests should be ok. +* RAT-279: Migrate vom Travis CI.org to Travis-ci.com. +* RAT-271: Move all Creadur projects to new Jenkins infrastructure at ASF and migrate from Subversion to Gitbox/Github. Please update your repository URLs and use the new default branch master in all projects. +* RAT-270: Change default behaviour to output erroneous files to console. Can be disabled by setting rat.consoleOutput to false. +* RAT-266: Add .factorypath to Eclipse-default exclusions. Thanks to Michael Osipov. +* RAT-254: Properly finish move to gitbox/github, get rid of SVN references and adapt main branch to master and fix all Jenkins build jobs for RAT. +* RAT-244: Update compiler level to 1.7 to allow building with more recent JDKs. Update plugins and dependencies to more modern versions to fix security issues (CVE-warnings). +* RAT-212: Add alternative https URLs in Apache License, Version 2.0 to allow automatic recognition as valid ASF2.0. Thanks to Niels Basjes. +* RAT-250: Update to latest available and compatible Apache ANT 1.9.14 to get bugfixes. +o INFRA-17348: SCM repository has been moved from svn.apache.org (Subversion) to gitbox.apache.org (Git) + +Fixed Bugs: +* RAT-290: Update maven-jxr-plugin from 2.5 to 3.2.0. Thanks to dependabot. +* RAT-290: Update maven-antrun-plugin from 3.0.0 to 3.1.1. Thanks to dependabot. +* RAT-290: Update github actions/checkout from 2 to 3. Thanks to dependabot. +* RAT-290: Update github actions/setup-java from 2.5.0 to 3.3.0. Thanks to dependabot. +* RAT-290: Update maven-pmd-plugin from 3.14.0 to 3.16.0. Thanks to dependabot. +* RAT-290: Update maven-javadoc-plugin from 3.3.1 to 3.4.0. Thanks to dependabot. +* RAT-290: Update maven-compiler-plugin from 3.8.1 to 3.10.1. Thanks to dependabot. +* RAT-290: Update wagon-ssh from 3.5.0 to 3.5.1. Thanks to dependabot. +* RAT-290: Update maven-site-plugin from 3.9.1 to 3.12.0. Thanks to dependabot. +* RAT-290: Update maven-project-info-reports-plugin from 3.1.1 to 3.3.0. Thanks to dependabot. +* RAT-290: Update mockito-core from 3.11.2 to 4.6.0. Thanks to dependabot. +* RAT-290: Update ASF parent from 23 to 26. Thanks to dependabot. +* RAT-273: Some tests were based on the assumption, that the value of file.encoding + can be changed on runtime. (Won't work nowadays, beginning with Java 16.) + Removed this assumption in favour of a proper surefire configuration. +* RAT-273: Workaround for an incompatibility in the java.io.LineNumberReader, which is + being replaced by the org.apache.rat.header.LineNumberReader. +* RAT-290: Update animal-sniffer-maven-plugin from 1.20 to 1.21. Thanks to Jin Xu/Xeno Amess. +* RAT-296: Use Github Actions for matrix builds on Windows and ubuntu with JDK 8,11,12,13,14,15. Simplify Travis integration to avoid dockerhub-related build failures. +* RAT-274: Update to latest Apache Ant 1.10.12. +* RAT-291: Fix links to Travis builds for all creadur projects. +* RAT-290: Update maven-dependency-plugin from 3.1.1 to 3.2.0. Thanks to dependabot. +* RAT-290: Update plexus-utils from 3.0.21 to 3.4.1. Thanks to dependabot. +* RAT-290: Update commons-cli from 1.4 to 1.5.0. Thanks to dependabot. +* RAT-290: Update maven-plugin-annotation and maven-plugin-plugin from 3.6.1 to 3.6.2. Thanks to dependabot. +* RAT-275: Update to doxia 1.11.1 in order to get CVE-2020-13956-httpclient problem fixes in doxia. +* RAT-283: Update plugin versions and dependencies in order to run properly with Java8 as minimal compiler level. +* RAT-286: Update to maven-plugin-plugin v3.6.1 in order to circumvent error during maven site builds. +* RAT-285: Update to latest Apache Ant 1.10.11 in order to fix issues related to dependency commons-compress in Ant itself. +* RAT-207: Properly report thread-safeness to Maven. Thanks to Xavier Dury. +* RAT-281: Update to latest Commons IO to fix CVE-2021-29425 (Moderate severity). +* RAT-274: Update to latest Apache Ant 1.10.10. +* RAT-277: Update to junit 4.13.1 to fix CVE-2020-15250. +* RAT-158: Update to new ASF parent 23 in order to get rid of doxia version management that generated warnings. +* RAT-274: Update to latest Apache Ant 1.10.9 to fix CVE-2020-11979. Update to JDK8 as minimal version/compiler version. +* RAT-269: Update to latest Apache Ant to fix CVE-2020-1945. +* RAT-268: Allow handling of pom-file-only projects by not assuming that all modules are in directories. Thanks to Robert Scholte. +* RAT-267: Report ignored lines from exclusion file to stderr instead of std to not generate erroneous JSON. Thanks to Fabio Utzig. +* RAT-262: Treat JSON data as binary to avoid reports of missing licenses. +* RAT-260: Change to docker image when building on Travis to avoid JDK version mixup in traditional build setup. Thanks to Kamil Breguła. +* RAT-258: Update to latest commons-compress to fix CVE-2019-12402. +* RAT-257: Adapt help text for CLI usage of RAT. + Rat 0.13 ========= diff --git a/release-notes/RELEASE_NOTES.txt b/release-notes/RELEASE_NOTES.txt index c88e22a9..3fd8df1c 100644 --- a/release-notes/RELEASE_NOTES.txt +++ b/release-notes/RELEASE_NOTES.txt @@ -1,3 +1,57 @@ +Rat 0.16 +======== +Apart from dependency updates and multiple bugfixes, this release brings the ability to use SPDX license identifiers and enhances the .gitignore-exclusion filterung during RAT runs. +Furthermore new CLI options were added and new file types can be used by default. This release makes RAT a fully Maven3-compatible plugin and removes deprecated Maven2 completely. +Thanks to all new contributors for improving RAT! + +New features: +o RAT-338: Update minimal build Maven version to 3.2.5 and maven dependencies to 3.9.6. Remove pre-JDK8 code constructs and minor refactorings. Thanks to Tamás Cservenák. +o RAT-335: Enhance .gitignore handling; support multiple .gitignore files and allow a more complete parsing of Git's ignore files. Thanks to Niels Basjes. +o RAT-322: Add configuration option to scan hidden directories: --scan-hidden-directories on the command line and scanHiddenDirectories as a Maven plugin parameter. Thanks to Jean-Baptiste Onofré. +o RAT-320: Add new command line option -o/--output to write RAT's output to a file. Thanks to Jean-Baptiste Onofré. +o RAT-329: Add markdown (MD) and yaml (YML/YAML) as a recognized extension for file and license processing. Thanks to Claude Warren. +o RAT-316: Add default exclusion of MANIFEST.MF as it must not contain comment lines to include a license. +o RAT-321: Allow text-based XML configuration of RAT. Thanks to Claude Warren. + +Fixed Bugs: +o RAT-326: Fix existing javadoc build errors and add javadoc generation to existing GithubActions to not introduce build errors via merge requests. +o RAT-328: Ensure that System.out does not get closed during report generation and updated javadocs. Thanks to Claude Warren. +o RAT-311: Update commons-compress to 1.24.0 in order to circumvent CVE-2023-42503. +o RAT-251: Added SPDX processing for default licenses. Thanks to Claude Warren. +o RAT-315: Fix warnings when using RAT with newer Maven versions as methods from Maven v2 are deprecated. Minimum version of required Maven changed to 3.2.5. Thanks to Guillaume Nodet. +o RAT-317: Change log output level of SCM ignore parser from info to debug in order to produce less log output in RAT runs. Thanks to Gary Gregory. +o RAT-314: Add default recursive exclusion for maven-induced build artifacts in folder .mvn. Thanks to François Guillot. +o RAT-312: Remove Travis build as it is unreliable. Builds with ASF Jenkins and Github Actions remain as before. + +Changes: +o RAT-311: Update actions/setup-java from 3.4.1 to 4.0.0. Thanks to dependabot. +o RAT-311: Update actions/cache from 3.0.11 to 3.3.2 Thanks to dependabot. +o RAT-311: Update actions/checkout from 3 to 4. Thanks to dependabot. +o RAT-311: Update mockito-core from 4.7.0 to 4.11.0, newer versions 5.x cannot be applied due to our JDK8-compatibility restriction. Thanks to dependabot. +o RAT-311: Update plexus-utils from 3.4.2 to 3.5.1, versions 4.x are for upcoming Maven4 and must not be applied here. Thanks to dependabot. +o RAT-311: Update maven-plugin-version from 3.6.4 to 3.8.2. Thanks to dependabot. +o RAT-311: Update wagon-ssh from 3.5.2 to 3.5.3. Thanks to dependabot. +o RAT-311: Update Ant from 1.10.12 to 1.10.14. Thanks to dependabot. +o RAT-311: Update ASF parent pom from 27 to 31 and update multiple maven plugin versions implicitly (surefire, release, project-info, enforcer, jxr). Thanks to dependabot. +o RAT-311: Update doxiaVersion from 1.11.1 to 1.12.0. Thanks to dependabot. +o RAT-311: Update maven-shared-utils from 3.3.4 to 3.4.2. Thanks to dependabot. +o RAT-311: Update org.slf4j:slf4j-simple from 1.7.36 to 2.0.9. Thanks to dependabot. +o RAT-311: Update commons-lang3 from 3.5 to 3.14.0. Thanks to dependabot. +o RAT-311: Update commons-compress from 1.21 to 1.25. Thanks to dependabot. +o RAT-311: Update commons-io from 2.11.0 to 2.15.1. Thanks to dependabot. +o RAT-311: Update commons-cli from 1.5.0 to 1.6.0. Thanks to dependabot. +o RAT-311: Update maven-pmd-plugin from 3.18.0 to 3.21.2. Thanks to dependabot. +o RAT-311: Update maven-dependency-plugin from 3.3.0 to 3.6.1. Thanks to dependabot. +o RAT-311: Update maven-compiler-plugin from 3.10.1 to 3.12.1. Thanks to dependabot. +o RAT-311: Update maven-javadoc-plugin from 3.4.1 to 3.6.3. Thanks to dependabot. +o RAT-311: Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot. +o RAT-311: Update maven-enforcer-plugin from 3.1.0 to 3.4.1. Thanks to dependabot. +o RAT-311: Update extra-enforcer-rules from 1.6.1 to 1.7.0 Thanks to dependabot. +o RAT-311: Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot. +o RAT-311: Update animal-sniffer-maven-plugin from 1.22 to 1.23. Thanks to dependabot. +o RAT-311: Update maven-project-info-reports-plugin from 3.4.1 to 3.5.0. Thanks to dependabot. +o RAT-311: Update maven-surefire-plugin from 3.2.2 to 3.2.3. Thanks to dependabot. + Rat 0.15 ======== This release fixes a warning during site builds and updates various dependencies.
