Releases: oss-review-toolkit/ort
Releases · oss-review-toolkit/ort
89.2.0
What's Changed
🐞 Bug Fixes
- 915c289 scanoss: Treat full file matches initially as pending snippet matches
🎉 New Features
- cb4855b cli-helper: Allow inserting an .ort.yml file into analyzer result
🐘 Build & ⚙️ CI
- 2ab2005 gradle: Avoid using
Project.getProperties - 7358073 gradle: Avoid using
Projectobjects in dependency notation - 49177e2 gradle: Avoid using property delegates
📖 Documentation
- 1d18e0f analyzer: Clarify the message about duplicate projects / packages
- 11004e6 model: Improve
DependencyGraphclass docs wording
🔧 Chores
- c63f40c cli-test-launcher: Conveniently run all tests
🚀 Dependency Updates
- 44882a9 docker: Upgrade Provenant to version 0.1.13
- e23a7c5 update actions/setup-java action to v5.3.0
- e8753ac update aws-java-sdk-v2 monorepo to v2.46.13
- 84c3a05 update blackduckcommon to v68.0.2
- 55b5aaf update dependency prettier to v3.8.4
- 4c9a331 update graalvm/setup-graalvm action to v1.5.6
🚜 Refactorings
- 9ec07af model: Factor out
RepositoryConfiguration.orEmpty()
89.1.1
What's Changed
🐞 Bug Fixes
- 1c277de gradle-inspector: Avoid failing on component lookups
✅ Tests
- 4caf580 providers: Use isolated ORT data directories
📖 Documentation
- ac22717 providers: Clarify that a path is relative to the repository root
🚀 Dependency Updates
- 03a2734 update aesecurity to v0.156.1
- ff4a3c5 update graalvm/setup-graalvm action to v1.5.5
- de8be2c update jetbrains/qodana-action action to v2026.1.3
- 2911ff1 update kfxplugin to v0.2.10
- 13341e9 update kotest to v6.2.0
💡 Other Changes
- 49d46da Revert "ci(qodana): Pin to the previous version"
89.1.0
What's Changed
🐞 Bug Fixes
- 4dc0c4a docker: Force the lockfile of
cargo-credential-netrcto be used - 2c4ff7a flox: Also forward environment variables for terminal coloring
- 6b1b1af gradle: Avoid model name classpath clashes with
GradleInspector
🎉 New Features
- 0aa36af license-fact-plroviders: Allow to provide id-specific texts
- a92f0d4 spdx-document-file: Optionally create issues for unclear linkage
📖 Documentation
- 687fec2 flox: Add an example how to run
ort requirements - a162a3a gradle: Correct the path to the referenced
GradleModel.ktfile - cc41621 gradle-model: Remove obsolete comments
- a0b1cad license-fact-providers: Align on "a" for consistency
🔧 Chores
- 1f4c553 license-fact-provider: Group abstract functions together
- df194f7 ort-utils: Add "COLORTERM" to the relevant variables to show
- 576a55c scripts: Make the shebang line stand out as a separate comment
- 968ebf0 spdx: Add a license header to the script to create test assets
- 4e7fb6d spdx-document-file: Move
getLinkageForDependency()into class
🚀 Dependency Updates
89.0.0
Note
This release starts to build ORT with Java 25, which means that also the implied default Java version that the Gradle(Inspector) and Sbt analyzer use changes from Java 21 to Java 25. Analyzed projects that do not support Java 25 yet need to start explicitly setting the javaVersion for these analyzers in the respective plugin's options.
What's Changed
🛠 Breaking Changes
- 5e28e80 build!: Upgrade to Java 25 to benefit from various optimizations
- f893ace build(gradle)!: Move script definitions to
script-utils - 26be2aa build(scripting)!: Rename the module to just "script" for shortness
- 571af2e refactor!: Rename the ort-config package configuration provider module
🐞 Bug Fixes
- 51f1773 detekt-rules: Correctly determine the root project
- ef3e806 flox: Pass on API keys / PAT variables to the isolated environment
- f7cbbe4 gradle-plugin: Fix-up the caching mechanism
- 5860fde reuse: Add correct licensing information for unoconv files
- dc84c9c scanner: Do not create file archives multiple times
- ffb6488 fa41f4a tycho: Use correct identifiers for mapped packages
- 6643d57 yarn2: Deal with version mismatches
- 365d278 yarn2: Handle dependencies with multiple versions
🎉 New Features
- 362ff86 bazel: Add variable parsing to StarlarkParser
- cbd1d5b gradle-model: Make the representation more memory efficient
- ec245f4 ort-config: Extract a generic
GitPackageConfigurationProvider - 4230e99 spdx-document-file: Imply static linkage for
CONTAINS - 59fa18f spdx-expression: Map "No Copyright" to
NONE
✅ Tests
- 924507d cli: Use
GradleInspectorinstead ofGradlein a test - 2e75615 conan: Update expected results
- 446d287 evaluator: Combine the "access ORT result" with
checkSyntax() - af4b1bd evaluator: Get the OSADL rules only once
- c942f6c model: Add
noticeFilenamestoOrtConfigurationTest - 65d27e8 osv: Update expected results
- a3b9cf4 provenant: Remove an enabled-condition
- c2538fa scanoss: Disable failing tests
- 6abd9e7 vulnerable-code: Use an API key if configured
🐘 Build & ⚙️ CI
- 2e06850 gradle: Configure and rerun
updateDaemonJvm - 8f52b97 github: Adjust permissions for reviewdog
- 8683c28 github: Always run Gradle with stacktrace logging
- 75f16de github: Forward secrets to environment variables
📖 Documentation
- 0252e0b evaluator: Improve OSADL rules documentation
- 711ce96 evaluator: Update the path to the OSADL rules example input file
- a86b3a1 scanoss: Fix a typo in a code comment
🔧 Chores
- b8ee6d1 bazel: Add variable parsing tests for Bazel
- 322e7bc bazel: Make StarlarkParser more verbose for
MODULE.bazelissues - 04fe4cc evaluator: Update the OSADL compatibility matrix to 2026-02-12
- bb35656 flox: Align on the schema version and default outputs
- 742aad2 gradle: Reorder tasks definition a bit
- 1cf618c gradle: Replace
mapwithforEach - 9d51987 gradle-inspector: Log some status around getting the tree model
- 32c9884 gradle-plugin: Move
resolvePoms()out of the class - 6f4b729 gradle-plugin: Trivially simplify obtaining all components
- 4bfbe0f gradle-plugin: Use a more speaking name for
dep - f6db6c2 spdx-document-file: Factor out
removeDocumentRefPrefix() - 49a5f23 test-utils: Remove the ineffective execution order config
- b69dd08 test-utils: Remove unused
JunitXmlReporterextension - 2b50fbc Clean up
github-graphqlremainders - 5ec726d Fix package names that slipped through while the check was broken
🚀 Dependency Updates
- 8d3c24b cli: Limit
funTestdependencies to the minimum of concrete plugins - e6b90ee docker: Upgrade Provenant to version 0.1.8
- cbd7340 gradle: Move the Git plugin dependency to the only place needed
- 7d8eade update aws-java-sdk-v2 monorepo to v2.46.8
- 3de77fe update codecov/codecov-action action to v6.0.2
- a8d4874 update codecov/codecov-action action to v7
- bb924a2 update com.autonomousapps.build-health to v3.15.0
- 51c2034 update dependency @easyops-cn/docusaurus-search-local to v0.55.2
- 60436e6 update github/codeql-action action to v4.36.2
- b83a940 update gitsemverplugin to v0.19.1
- f44d413 update gitsemverplugin to v0.19.2
- bbd5628 update graalvmnativeimageplugin to v1.1.2
- 636f7ad update gradle/actions action to v6.1.1
- 7fac2d9 update jruby to v9.4.15.0
- 0cc6d2a update jsonschemavalidator to v3.0.4
- f71ee2b update okhttp monorepo to v5.4.0
- 8acb4ad update spring core to v7.0.8
- f25ba7c update umbrelladocs/action-linkspector action to v1.5.3
🚜 Refactorings
88.0.0
What's Changed
🛠 Breaking Changes
- 44bf368 refactor!: Rename a Gradle module to match the Git curation provider
- fe47add refactor(gradle)!: Split out authentication utilities to a new module
- e4379ef refactor(plugins)!: Rename
descriptiontosummary - db57349 refactor(spdx)!: Split out expression-related code to a new Gradle module
🐞 Bug Fixes
- 4cc2fbe maven: Use unlimited JAXP XML processing with Java >= 24
- 2adf5e4 model: Adhere to
omitExcludedfor projects ingetDependencies() - 14c0f5c ort-utils: Read the request body before responding in a test
- 33f9795 ort-utils: Set the body size to -1 when not sending any body in tests
🎉 New Features
- 1d8bd43 gradle: Support HTTP header authentication for repositories
- 4632b4c ort-config: Extract a generic
GitPackageCurationProvider - d926869 plugins: Add
descriptionproperty toPluginDescriptor
🐘 Build & ⚙️ CI
- 5392863 cli-test-launcher: Do not tap into the file-system to get funTests
- deabfba gradle: Apply dependency-analysis as a settings plugin
- 320dd08 gradle: Apply the sort-dependencies plugin
- 4212953 gradle: Do not use
libsin convention plugins - 18fdf4e gradle: Enable more dependency analysis rules
- b219898 gradle: Remove all unused dependencies
- fae8ac1 gradle: Use correct configurations for dependencies
- 5ddb211 model: Reduce to
runtimeOnlydependencies where possible - 3f7c081 static-analysis: Add a check for build health
- e0694bc static-analysis: Include checking for sorted dependencies
📖 Documentation
- f3266f3 gradle: Add links to configuration roles for reference
- 40ef461 gradle: Document why a dependency analysis rule is disabled
- 287efcd gradle: Remove some weird chars from a
becausestring - 988cc27 model: Add a missing "the"
- c39bb92 model: Further clarify the term provenance in two cases
- 48a5b0e plugins: Document how class docs are used as plugin descriptions
- 9530a42 plugins: Trivially improve the plugin docs
- 93171d3 skills: Start adding code-review skills for Copilot
- 6e3f0ac website: Show the plugin descriptions
- 4673835 Move
OrtProjectpackage manager docs to the plugin
🔧 Chores
- 6e6d13e gradle: Remove inconsistent test fixtures comments
- 019abdf maven: Log Tycho
stderroutput for debugging - 695cc6d model: Improve the construction of the used patterns
- 68b931a ort-utils: Let the system pick an ephemeral port for testing
- dd1085c ort-utils: Use a
ConcurrentHashMapfor requests in tests - 25df745 spdx-expression: Make all mapping types explicit for clarity
- 71d5687 Give utility files more fitting names
🚀 Dependency Updates
- b8f4b68 update actions/checkout action to v6.0.3
- 8ca6af1 update aws-java-sdk-v2 monorepo to v2.46.0
- a57068a update aws-java-sdk-v2 monorepo to v2.46.3
- f0d9382 update buildconfigplugin to v6.0.10
- 17b080f update ch.qos.logback:logback-classic to v1.5.34
- 9fac900 update com.autonomousapps.build-health to v3.14.1
- f98024b update docusaurus monorepo to v3.10.1
- b1b82c2 update flox/install-flox-action action to v2.5.1
- d687fae update github/codeql-action action to v4.36.1
- 6cc8e02 update graalvm/setup-graalvm action to v1.5.4
- 5672f01 update io.mockk:mockk to v1.14.11
- bfcc3b5 update jackson monorepo to v2.22.0
- 910e103 update jgit to v7.7.0.202606012155-r
- 11569d5 update net.sf.saxon:saxon-he to v13
- c3c3589 update umbrelladocs/action-linkspector action to v1.5.2
🚜 Refactorings
- a254b38 gradle-plugin: Drop a
whenin favor of early returns - 555bc12 gradle-plugin: Drop another
whenin favor of early returns - e3dcbad gradle-plugin: Factor out
getPomFile() - 5c87913 gradle-plugin: Factor out
toOrtDependency() - 32a3f6f gradle-plugin: Inline
selectedComponent - c2ccd72 spdx: Migrate from Jackson to KxS
- 402b766 spdx-expression: Avoid Jackson for mapping deserialization
💡 Other Changes
87.3.0
What's Changed
🐞 Bug Fixes
- 9920bd0 bundler: Resolve dependencies from optional groups
- 3c4dcea maven: Call
injectMirrorbeforeinjectProxy - 9547a44 model: Fix license file resolution when there are no findings
🎉 New Features
- a294aaf model: Allow resolving artifact license files outside of root dir
- bba75ec model: Handle path excludes when resolving license files
- 86ec797 ort-project-file: Add support for specifying the package linkage
- 3f452a6 schema: Add JSON schema for ORT project files
✅ Tests
- 871838c bundler: Regenerate a lockfile
- f74033d cyclonedx: Also use
ORT_RESULT_WITH_VULNERABILITIESin one test - 2fe597e cyclonedx: Factor out redundant code
- b970ecb cyclonedx: Remove two redundant test cases
- 3ba4679 cyclonedx: Replace or remove non-empty file assertions
- 3097546 cyclonedx: Stop having dedicate schema verification checks
- 794c0a8 model: Add VCS-specific tests for the license file resolution
- 60f644f model: Add an artifact-specific test for license file resolution
- af30ab6 model: Avoid using
archive.zipas test resource - 9719e7a model: Inline
vcsInfointo its only use - 90d6c16 model: Move two variables outside of the class
🐘 Build & ⚙️ CI
- 3ee9ad5 chore: Publish to Maven Central after making the GitHub release
📖 Documentation
- 582a210 gradle-plugin: Fix a typo
🔧 Chores
- 74d1c52 bundler: Use more idiomatic YAML mapping code
- 683e463 model: Improve two variable names
- 89cb991 model: Perform de-duplication on the
KnownProvenance - facbef7 model: Trivially simplify getting the result entry
- bf78413 scanner: Drop storing failed repository provenance resolutions
🚀 Dependency Updates
- 0fe124a docker: Upgrade Provenant to version 0.1.6
- 00cb32b update aws-java-sdk-v2 monorepo to v2.45.0
- d394bc0 update com.fasterxml.jackson:jackson-bom to v2.21.4
🚜 Refactorings
- 2ff744c model: Factor out
resolveLicenseFiles()
87.2.0
Note
- This release is missing attestations due to a publishing error.
- It is recommended to review your ORT configuration, e.g.
$HOME/.ort/config/config.yml, against documentation updates of 8d26884. - As of b8ca7f9 additional files are included into file archives. For this to take effect, all existing file archives must be deleted (recommended) from the configured file archive storage.
What's Changed
🐞 Bug Fixes
- 2305784 bazel: Use the correct syntax for the fallback version
- a0d6807 model: Stop using notice files as resolved license files
- 098ed19 spdx: Track visited nodes per project type
🎉 New Features
- 17e9c6e bazel: Allow to configure the Bazel version directly
- 43bbdd9 evaluator: Add
getNonApplicablePackageLicenseChoices() - caa0da8 evaluator: Add
getNonApplicableRepositoryLicenseChoices() - 77c47ef model: Add
effectiveLicenseAndAppliedChoices() - b8ca7f9 model: Broaden the condition for including files in file archives
- b52339b spdx: Add
applyAndGetChoices()
✅ Tests
- 9e21070 evaluator: Factor out
OrtResult.setLicenseChoices() - 05c7db4 mix: Update expected results
- d6a8479 model: Ensure default patterns do not include arbitrary files
- fac6b74 model: Factor out
DEFAULT_PATTERNS - 4c75ddf model: Trivially simplify some assertions
- 5e94b25 python: Update expected results
🐘 Build & ⚙️ CI
- a009a16 detekt-rules: Remove an obsolete work-around
- b9b5176 gradle: Work around the TAPI strictly depending on slf4j-api 2.0.17
📖 Documentation
- 4a4fd89 bazel: Move a code comment to the correct line
- 4eccaca model: Document that filename patterns get prepended with
"**/"
🔧 Chores
- ca1d5fc model: Introduce a helper function to delete files on exit
- f845b89 model: Move
getSubdirectoryForProvenance()nearby its only use - ad73569 model: Remove Maven-specific logic from file archive creation
- 8ce7a98 spdx: Add a default value for
SpdxLicenseChoice.given - 1b0d51a spdx: Remove a default argument to address an IDE hint
🚀 Dependency Updates
- 6e18129 bazel: Use a newer fallback version
- 0ae2264 Update the dependency-analysis-gradle-plugin to version 3.13.0
- f1a5a62 Update the dependency-analysis-gradle-plugin to version 3.14.0
- b2501ca update aws-java-sdk-v2 monorepo to v2.44.14
- b9a94a2 update ch.qos.logback:logback-classic to v1.5.33
- 70bfb2f update com.networknt:json-schema-validator to v3.0.3
- 981a7f3 update dev.panuszewski.typesafe-conventions to v0.11.1
- 4c27bb7 update docker/build-push-action action to v7.2.0
- d36c1e2 update docker/login-action action to v4.2.0
- d938a03 update docker/metadata-action action to v6.1.0
- b5f49ae update docker/setup-buildx-action action to v4.1.0
- 23663c3 update github/codeql-action action to v4.36.0
- 5311aad update io.ktor:ktor-version-catalog to v3.5.0
- 1de3472 update ksp monorepo to v2.3.9
- b2e0293 update org.apache.tika:tika-core to v3.3.1
- 7f749ec update org.graalvm.buildtools:native-gradle-plugin to v1.1.1
- 7f31a8b update org.slf4j:slf4j-api to v2.0.18
87.1.0
What's Changed
🐞 Bug Fixes
- da876b9 conan: Allow patch field in conandata to be both list or map
- 26fe2f5 docker: Install libncurses6 which is required by Swift at runtime
- 33275c5 helper-cli: Do not resolve scopes when merging scanner runs
- bde835a scanoss: Get the actual version from the server
- 27219b7 spdx: Avoid running into cycles when computing linkage types
- 8314d1a yarn2+: Change the Regex to detect virtual packages
🎉 New Features
- b2b708f model: Factor out
OrtResult.getIdentifiers() - d13833f scanoss: Put remaining string properties into additional data
✅ Tests
🐘 Build & ⚙️ CI
- ba0745f gradle: Disable publication of functional tests in a better way
📖 Documentation
- 3ce53b6 scanoss: Trivially remove a space from a
TODOcomment - 78063fd Fix various KDoc warnings when resolving symbols
🔧 Chores
- 2a536b5 docker: Remove redundant apt list cleanup
- 6c2f447 model: Slightly simplify
effectiveLicense()
🚀 Dependency Updates
- 643f256 docker: Update python-inspector to 0.15.2
- 8230c0c docker: Upgrade Provenant to version 0.1.1
- 05e5d2b Update the dependency-analysis-gradle-plugin to version 3.12.0
- e0e5c96 Update the dependency-analysis-gradle-plugin to version 3.12.1
- 3903105 Update the dependency-analysis-gradle-plugin to version 3.12.2
- 2482a8e update aws-java-sdk-v2 monorepo to v2.44.10
- 39bbcd9 update codecov/codecov-action action to v6.0.1
- 911613e update exposed to v1.3.0
- cde438e update github/codeql-action action to v4.35.5
- 57b0523 update io.github.java-diff-utils:java-diff-utils to v4.17
- 5c6979e update maven to v3.9.16
- 4bde8f5 update org.metaeffekt.core:ae-security to v0.155.0
🚜 Refactorings
- 0a14ec4 fossid: Move key constants to the client for shared access
💡 Other Changes
- 723dc3b Revert "build(gradle): Do not publish "funTest" feature variants"
87.0.0
What's Changed
🛠 Breaking Changes
- 83fcd73 chore(aosd)!: Remove support for format version 2.0
🐞 Bug Fixes
- 8c9b84d conan: Also stash the cache database for reproducible results
- 9cf165f conan: Based on documentation, default
visibletotrue - 7ef5264 conan: Include dependencies marked with
visible=False - 94b9c55 conan: Support overridden Conan homes
- 044707d docker: Align the Swift download with Ubuntu Noble LTS
- fb2abce spdx: Include subprojects when building the linkage type map
🎉 New Features
- c1c8280 cli-helper: Increase the fault tolerance for merging scanner runs
- d965a78 cyclonedx: Include the effective license as an SPDX expression
- 8082233 docker: Add the
provenantscanner - a3b36da scanoss: Expose and implement tuning parameters for snippet detection
- 822ee12 test-utils: Enhance
matchJsonSchema()to load remote resources
✅ Tests
- fe6fa2b aosd: Update schema and example to latest versions
- 30e8bd0 asciidoc: Undo unwanted changes to expected results
- a79fc92 conan: Update expected results
- a446b04 cyclonedx: Factor out
matchCycloneDxXmlSchema() - 3cd636f cyclonedx: Factor out the redundant
schemavariable - 1c64eb0 cyclonedx: Use
matchJsonSchema()to validate JSON reports - 66587b6 cyclonedx: Use a more speaking name for
schema - 75c13f5 node: Pin NPM versions for reproducible results
- aca1f5a npm: Update expected results
- 23bafe4 reporter: Inline a couple of variables
- a8f8742 reporters: Use named arguments for a vulnerability reference
📖 Documentation
- ed8f685 conan: Document existing package traits
🔧 Chores
- dbc23e2 cli-helper: Improve a variable name
- 83ec2e9 conan: Add remaining non-experimental boolean package traits
- 1a88814 conan: Be more clear what is stored in the storage path
- 617d4f1 conan: Inline the lazy
conanStoragePathvariable - 12a61a1 conan: Let handlers get the package storage path directly
- 38ee990 conan: Use the
stashFilesalias - dd256af cyclonedx: Reduce the visibility of a variable
- 30a951a cyclonedx: Remove
DEFAULT_SCHEMA_VERSION - 8394714 cyclonedx: Remove two unneeded default parameter values
- 7bcf5ab cyclonedx: Rework / align test names a bit
- 086a358 docker: Name build targets consistently
- 24bc070 docker: Remove the intermediate
FROM scratchtargets - 352da35 docker: Update the Askalono GitHub URL
- 4ba7e42 node: Rewrite lockfiles with NPM 11.6.2
- 4a2517e spdx: Move
nullOrBlankToSpdxNone()toutils/spdx - a104b6e Use the canonical URL to the ORT Slack workspace
🚀 Dependency Updates
- e77dcc5 docker: Update nuget-inspector to version 0.10.0
- de31f78 docker: Upgrade Rust to version 1.94.0
- cf4c244 docker: Upgrade Swift to version 6.3.1
- 5b3b35e docker: Upgrade the base image to Ubuntu Noble LTS
- 0e48fbd Update the dependency-analysis-gradle-plugin to version 3.11.0
- 9c8f5fe update aws-java-sdk-v2 monorepo to v2.44.5
- dd51454 update com.networknt:json-schema-validator to v3
- 5cc4c33 update dev.panuszewski.typesafe-conventions to v0.11.0
- a9b03d9 update flox/install-flox-action action to v2.4.1
- 6d73b88 update gradle to v9.5.1
- f12097f update io.github.hfhbd.kfx to v0.2.9
- ce059b5 update ksp monorepo to v2.3.8
- 6c41864 update react monorepo to v19.2.6
🚜 Refactorings
- 8093332 conan: More compact filtering of dependencies
- cf26e77 cyclonedx: Make JSON schema testing independent of CycloneDX
💡 Other Changes
- 250970c style(docker): Indent
if/elsebranches for readability
86.0.0
What's Changed
🛠 Breaking Changes
- 6276932 chore(scripts)!: Remove snippets for custom Docker image builds
- 9a18ddc refactor(utils)!: Drop caching in
OrtAuthenticator
🐞 Bug Fixes
- eeabe2e pnpm: Remove the upper bound from the version requirement
- 83f8586 reporter: Enhance shared test data for further licenses
- 57c43bf scanoss: Also take EPSS scores as references
- e73bcb7 scanoss: Filter out project packages for the advisor
- 279ef09 scanoss: Print (only) the PURL correctly in an issue message
🎉 New Features
- bf22359 spdx: Include the effective licenses
- 1c83bd6 spdx-utils: Map "Eclipse Distribution License v1.0" to BSD-3-Clause
✅ Tests
- 8fc749b aosd: Simplify the test resource filenames
- 7c1fbd6 conan: Update expected results
- a924ff8 spdx: Enhance test input data to cover a license choice
- b08e063 trustsource: Re-format a test asset
🔧 Chores
- 89636af model: Formally align
validate()function signatures - 2ab68b2 model: Move variables to members in a test
- cc6cd37 model: Move variables to the only tests that use them
- d6fab2b model: Rename variables in a test to mark them as schemas
🚀 Dependency Updates
- 729119f Upgrade CycloneDX and JSON schema libraries for alignment
- 22335b1 update com.blackduck.integration:blackduck-common to v68.0.1
- f77e91d update github/codeql-action action to v4.35.4
- a9087d0 update graalvm/setup-graalvm action to v1.5.3
- 2fa6206 update log4j2 monorepo to v2.26.0
- d4b34d1 update org.jetbrains.kotlinx:kotlinx-coroutines-core to v1.11.0
- 2ce0b52 update test-summary/action digest to 37b508c