• Gradle: Uses ResolutionAPI for gradle analysis. (#740)
• Cleans up duplicated internal hashing primitives (#737)
• Adds a prerequisite required for future VSI improvements (#736)

• Makes experimental flags discoverable and documents them. (#723)
• Supports extracting .tar.xz files (#734)
• Supports extracting .tar.bz2 files (#734)
• Adds explicit xz support for rpm files (#735)
• Adds zstd support for rpm files (#735)
• Adds a prerequisite required for future VSI improvements (#730)

• Nuget: Fixes analysis performance when working with project.assets.json (#733)

• Go: go mod graph is used as default tactic in gomod analysis. (#707)

• Yarn: Fixes a bug with yarn v1 lock file analysis, where direct dependencies were sometimes not reported (#716)

• Nim: Adds support for dependency analysis using nimble.lock. (#711)

• Npm: Fixes a bug where dev dependencies were not included in result when using --include-unused-deps (#710)

Increases default timeout to 3600 seconds (1 hour) for commands listed below (#712)

• fossa test
• fossa container test
• fossa vps test
• fossa report
• fossa vps report

• Nuget (projectassetsjson): Ignores project type dependencies in reporting (#704)
• Nuget (projectassetsjson): Fixes a bug, where indirect dependencies where appearing as direct dependencies(#704)

• Deduplicates vendored-dependencies entries when possible, and provides a better error message when not. (#689)
• Adds logging to vendored-dependencies processing. (#703)