deps: update ort to v58 (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.ossreviewtoolkit.plugins.packagemanagers:nuget-package-manager (source)	57.0.0 -> 58.0.1
org.ossreviewtoolkit:model (source)	57.0.0 -> 58.0.1
org.ossreviewtoolkit:reporter (source)	57.0.0 -> 58.0.1
org.ossreviewtoolkit:notifier (source)	57.0.0 -> 58.0.1
org.ossreviewtoolkit:evaluator (source)	57.0.0 -> 58.0.1

---

Release Notes

oss-review-toolkit/ort (org.ossreviewtoolkit.plugins.packagemanagers:nuget-package-manager)

v58.0.1

Compare Source

What's Changed

🐞 Bug Fixes

• 8f0c2c0 node: Tolerate unused malformed package.json files under node_modules

v58.0.0

Compare Source

What's Changed

🛠 Breaking Changes

• f054ed9 chore(commands)!: Consistently use verb-based command names
• 816c300 chore(commands)!: Remove plugin IDs that can be derived now
• 03f7e54 chore(ort-utils)!: Move ORT_VERSION and friends to constants
• bca9510 feat(analyzer)!: Pass the configuration also to mapDefinitionFiles()
• d4c6d1b refactor(node)!: Reduce visibility of NodeManagerType details
• 643bfd8 refactor(node)!: Rename corepackOverride
• e855ea5 refactor(reporters)!: Inline isFullFileLocation()

🐞 Bug Fixes

• a0f2176 analyzer: Handle incomplete JDK records from foojay
• 6271772 common-utils: Create parent directories when extracting resources
• 83ea41e node: Add back the workingDir parameter for getting module infos
• b13bfe0 node: Fall back to any single enabled node package manager
• 91354fe node: Log the fallback warning only once
• 2b04cb9 reuse: Correct the path to "sample.fossinfo.json"
• 2a31f79 reuse: Fix "clients" paths

🎉 New Features

• 3dbf6b2 Maven: Add logic to check whether an artifact is a Tycho feature
• 4ca2139 Maven: Evaluate the binary classifier
• ab13c45 Maven: Extend the check for Tycho features
• cfd1ece Maven: Extract features declared in Tycho target files
• 46ef609 Maven: Filter out Tycho features from the dependency graph
• a185f7c Maven: Handle Tycho binary artifacts
• bfa82fa Maven: Handle the classifier for P2 artifacts
• f6d41d0 bazel: Add Conan dependencies to Bazel's dependency tree
• c0afc16 bazel: Add a config flag to disable the analysis of Conan packages
• 389c406 commands: Make the plugins output more easily comparable
• b1ff0ba commands: Show the failure count after downloading
• 5b99107 conan: Add support for test dependencies with Conan 2
• 34d2672 conan: Ignore Conan files containing Bazel generators
• 4df7b90 downloader: Support plugin configs when creating working tree cache
• 1f1e6a7 fossid: Add NON_LICENSE category to LicenseCategory
• b3dcdbb gradle: Bootstrap a native image toolchain
• 23813a7 gradle: Use a more portable way to embed the ORT version
• bf9b61a model: Introduce a TextLocation.hasLineRange property
• f3275cb node: Allow a custom fallback when filtering definition files
• e7d0c78 node: Implement caching of the remote package details
• e32d8ae node: Support virtual dependencies with Yarn2
• 647c16e node: Tolerate empty arrays for dependencies in PackageJson files
• 13960e9 npm: Do not run npm info for excluded packages
• 5aad29c plugins: Extend the logic to derive the plugin id
• 6adc221 scanoss: Add exclusion pattern support to SCANOSS
• 77293c6 scanoss: Add snippet choice parsing for scan results
• 897c590 test-utils: Add a matchExpectedResult() overload for URLs
• 3b1b6db test-utils: Add a function to read test resources
• 3b8af8c test-utils: Add a function to read typed values from resources
• 167cf98 yarn: Adhere to scope excludes

✅ Tests

• 7b64959 Maven: Extend the test for special Tycho artifacts
• 4c374d2 cli: Move assets to resources
• a659fd8 cli-helper: Move assets to resources
• 5b7ef41 clients: Move assets to resources
• e15f7c9 model: Add a test for curation versions with leading zeros
• ab59805 model: Fix a ProvenanceTest title to match the assertion
• 3608999 model: Fix a ProvenanceTest to match its title
• 00a27f0 node: Enhance workspaces test case for package interdependencies
• 489923a node: Rename two test classes
• b9d654a osv-client: Flatten test assets
• 050246f resources: Normalize line endings for expected test results
• ee73d76 scanner: Move assets to resources
• d624ad1 utils: Move assets to resources
• 881c00d Migrate model and reporter assets to resources
• 65c7148 Use infix matchers for collections to avoid explicit list creation

🐘 Build & ⚙️ CI

• a645d93 gradle: Ignore test resources in copyright checks
• f470dfa gradle: Remove the versions plugin
• cb4687a gradle: Set the native group property
• 96b3099 github: Allow setting JAVA_HOME for the native build
• 28eb65f renovate: Also schedule AWS "apache-client" updates
• 063c5b6 renovate: Schedule updates for the eventing before the release
• a207f1f reuse: Apply tests assets information also to test resources

📖 Documentation

• da01309 commun-utils: Fix alsoIfNull function documentation
• 2b7bfe9 model: Document TextLocation.compareTo()
• e5b946f node: Drop function docs of getRemotePackageDetails()
• f9cfa61 node: Fix-up KDoc for parseVcsInfo()
• b99cff4 plugins: Fix the class reference to PluginFactory

🔧 Chores

• 11242ab commands: Let Clikt derive the command name
• e3e58ec model: Change a test path to not contain the word "assets"
• 17b2fdd node: Consistently use JSON
• 9b3b889 node: Drop a minor code redundancy
• 346c967 node: Drop a warning
• ff27b3e node: Drop some log output
• fde7692 node: Improve formatting
• 5371d2e node: Inline a couple of variables
• 8670aa8 3aed348 node: Inline a variable
• db7473e node: Make the PackageInfo.Children.manifest nullable
• 6a62490 node: Move a function further down
• dd83769 node: Reduce the visibility of extractNpmIssues()
• 9c159d7 node: Reduce the visibility of a constant
• 2a7c929 node: Remove the now unused GetPackageDetailsFun
• 5bcac8c node: Rename a variable
• 71888ee package-managers: Make use of the default value for issues
• b32cddc plugins: Say "base class" instead of "parent class" for clarity
• 98c0d27 reporters: Replace matchExpectedResult with patchExpectedResult

🚀 Dependency Updates

• 0ce7ab4 Update the dependency-analysis-gradle-plugin to version 2.17.0
• ced6be5 update actions/attest-build-provenance digest to db473fd
• 18ab4b3 update aws-java-sdk-v2 monorepo to v2.31.29
• 437716b update aws-java-sdk-v2 monorepo to v2.31.30
• 7e8460c update aws-java-sdk-v2 monorepo to v2.31.31
• 4310fa5 update aws-java-sdk-v2 monorepo to v2.31.32
• 55c53d6 update aws-java-sdk-v2 monorepo to v2.31.33
• b1d7506 update aws-java-sdk-v2 monorepo to v2.31.34
• d37d096 update aws-java-sdk-v2 monorepo to v2.31.35
• 79532a3 update aws-java-sdk-v2 monorepo to v2.31.36
• a6352f6 update aws-java-sdk-v2 monorepo to v2.31.38
• 1c64bdb update com.blackduck.integration:blackduck-common to v67.0.7
• 585c45b update com.charleskorn.kaml:kaml to v0.77.1
• 3c79925 update com.github.gmazzo.buildconfig to v5.6.4
• f499e1b update com.github.gmazzo.buildconfig to v5.6.5
• a806c27 update dependency gradle to v8.14
• 7800c61 update docker/build-push-action digest to 14487ce
• 7760b0f update github/codeql-action digest to 60168ef
• f2ce919 update io.mockk:mockk to v1.14.2
• c658a5b update jackson monorepo to v2.19.0
• 548ab26 update jetbrains/qodana-action action to v2025
• 32a455e update jetbrains/qodana-action action to v2025.1.1
• 060c708 update ksp monorepo to v2.1.20-2.0.1
• 6caf13b update net.sf.saxon:saxon-he to v12.6
• 385034f update org.jruby:jruby to v9.4.12.1
• 17629eb update org.semver4j:semver4j to v5.7.0
• f1ff6e4 update org.wiremock:wiremock to v3.13.0

🚜 Refactorings

• 46a15fd model: Move package-configuration.yml to examples
• 689a600 node: Change the return type of queryPackageDetails()
• e0ea968 node: Explicitly pass the moduleIds for the cache warm-up
• 4dda4eb node: Extract NodePackageManagerType to a dedicated file
• 8c47832 node: Extract PackageJson.moduleId
• af80653 node: Extract getInstalledModulesDirs()
• c97f779 node: Factor out Scope.isExcluded()
• 5933e1c node: Factor out isProject()
• 2f7ec8d node: Factor out a ModuleInfoResolver
• a647305 node: Factor out a common Scope enum
• ffbda81 node: Hard code the project type in the dependency handlers
• c4cec22 node: Improve the name of getPackageDetails()
• a845303 node: Move getDependenciesForScope() to a common place
• 0194c8d node: Re-write large parts of Yarn2
• 33b25d6 node: Remove DependencyType in favor of re-using Scope
• 51d3ee2 node: Remove unnecessary lazy evaluation
• 4eb0431 node: Rename queryPackageDetails()
• c496127 node: Rename a variable
• 61d95b7 node: Simplify and unify dealing with scope names
• c18a5fd node: Split isApplicable() out of filterApplicable()
• 3c7cfee node: Turn getRemotePackageDetails() into an expression
• b0363de node: Use a more speaking name for getModuleDirs()
• c69e9e4 node: Use a more speaking name for projectDirManagers
• 2e51353 node: Use a more speaking name for workspacePatterns
• f460b60 node: Use a shorter name for NodePackageManagerSupport
• d00d074 plugins: Extract the name derivation logic and cover it by a test
• 47e00dc scanoss: Remove path anonymization from SCANOSS implementation
• b03e57a scanoss: Replace direct API calls with SCANOSS SDK
• 071d324 scanoss: Replace test assets with randomly generated data
• dfa4ee1 scanoss: Set SCANOSS matcher property to null
• d90a806 test-utils: Extract getResource() for upcoming reuse
• 40d6361 test-utils: Make patchExpectedResult() take an expected string
• 7d2e86a yarn: Align on module info in log output of the resolvers
• e773e2c Move extractResource() to common-utils

💡 Other Changes

• bf90433 style: Align on lower-case "unused" as the IDE would write it

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.