v5.2.0

This minor release incorporates feature improvements and bug fixes from metaschema-java v2.2.0.

The OSCAL version used by this tool is v1.1.3.

New and Noteworthy

• Added support for relative resource resolution for links generated by the profile resolver. Supports metaschema-framework/oscal-cli#84 and resolution of usnistgov/oscal-cli#78 (#94)
• Improved profile exception handling involving throw IOException instances during profile resolution. The underlying cause will now be reported. (#93)
• JUnit tests run during the build are now run using multiple threads. This dramatically speeds up build duration. (#129)
• Added external constraints to check that controls directly referenced in a profile exist in the referenced catalog. Reports non-existence as a validation error. This addresses usnistgov/oscal-cli#126. (#133)
• Adjusted profile resolution reference warnings to be logged at debug instead of warning. This will reduce a ton of noise in the CLI output. This addresses usnistgov/oscal-cli#270. (#142)
• Changed handleIndexMiss() logging from ERROR to WARN. This silences the reporting of dangling anchor references in the CLI as requested in #144 . (#145)

Important Bug Fixes

• Ensure that controls defined at the catalog level are not duplicated during profile resolution. This fixes a bug (metaschema-framework/oscal-cli#60) caused during the import handling phase of profile resolution, which was "promoting" controls defined at the catalog level, causing a second copy of the control to be added. This was fixed by making controls at the catalog level always eligible for selection. (#92)
• Fixed a bug (#112) in the collection of allowed-values constraints. let statements are processed properly now, avoiding an exeption. This code supports the metaschema-framework/oscal-cli list-allowed-values command (#131)
• Adjusted the resolve-profile Metapath function 1-arg variant focus independent. This will dramatically improve execution cache performance, since resutls can now be cached. This builds on metaschema-frameworm/metaschema-java#399. (#141)
• Fixed a binding error causing improper generation of some bound classes. (#143)

What's Changed

• Updates based on latest metaschema-java refactoring by @david-waltermire in #91
• Improve profile resolution exceptions by @david-waltermire in #93
• Support generation of relative links during profile resolution by @david-waltermire in #94
• Bump github/codeql-action from 3.27.5 to 3.27.7 by @dependabot in #95
• Bump org.cyclonedx:cyclonedx-maven-plugin from 2.9.0 to 2.9.1 by @dependabot in #89
• Address duplicate controls at catalog level in profile resolution by @david-waltermire in #92
• Bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot in #100
• Bump actions/setup-java from 4.5.0 to 4.6.0 by @dependabot in #99
• Bump org.apache.xmlbeans:xmlbeans from 5.2.2 to 5.3.0 by @dependabot in #98
• Bump org.apache.logging.log4j:log4j-bom from 2.24.2 to 2.24.3 by @dependabot in #97
• Bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 by @dependabot in #102
• Bump github/codeql-action from 3.27.7 to 3.28.0 by @dependabot in #103
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.1 by @dependabot in #104
• Cleanup null warnings by @david-waltermire in #105
• Bump actions/setup-java from 4.6.0 to 4.7.0 by @dependabot in #120
• Bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 by @dependabot in #123
• Bump actions/upload-artifact from 4.5.0 to 4.6.1 by @dependabot in #126
• Bump github/codeql-action from 3.28.0 to 3.28.10 by @dependabot in #127
• Multithread build and update dependencies by @david-waltermire in #129
• Bump org.assertj:assertj-core from 3.27.1 to 3.27.3 by @dependabot in #113
• Bump org.sonatype.central:central-publishing-maven-plugin from 0.6.0 to 0.7.0 by @dependabot in #108
• Properly support let statements in the AllowedValueCollectingNodeItemVisitor. by @david-waltermire in #131
• Bump org.xmlresolver:xmlresolver from 6.0.12 to 6.0.14 by @dependabot in #135
• Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @dependabot in #137
• Bump github/codeql-action from 3.28.10 to 3.28.13 by @dependabot in #138
• Bump dev.metaschema:oss-parent from 7 to 8 by @dependabot in #139
• Bump lycheeverse/lychee-action from 2.3.0 to 2.4.0 by @dependabot in #140
• Provide a validation error when a profile import references a non-existent control by @david-waltermire in #133
• Make resolve-profile 1-arg variant focus independent. by @david-waltermire in #141
• Adjust reference warnings to debug level by @david-waltermire in #142
• Fixed a binding error causing improper generation of some bound class… by @david-waltermire in #143
• Change handleIndexMiss logging from ERROR to WARN for #144 by @aj-stein-gsa in #145

Full Changelog: v5.1.0...v5.2.0