* Add owasp dependency scan
* Add github action to upload results
* Remove unused javalin dependency, also generate html reports
* formats instead of format
* Restore javalin dependency (make revert easier later if necessary)
* Set OWASP to run on PR plus better names for sarif upload
## Validator Changes
* Fix up processing conditions in -watch mode
* Fixes for validating against logical models (for fixed up CDA core package)
* Better testing of extension context (when limited to profile)
* Fix handling of UCUM codes when no terminology server
* Report hints and warnings on some code validation that had been not reported
* Better validation of valuesets when checking derived profiles
## Other code changes
* Render reference identifier if there is one when rendering references
* Hide empty place holder column when rendering by profile
* Fix npe rendering extensions + improve base64 presentation
* OMOP terminology importer
* update SPDX code system in R4/R4B for support for not-open-source
* Fix up type handling for conversions between R4/R4B and R5 (OperationDefinition fix)
***NO_CI***
## Validator Changes
* no changes
## Other code changes
* Fix for SPDR not-open-source in code
* fix name and title in VSAC import process
* More work on Android support + fix issues in NPM package installation that caused
***NO_CI***
## Validator Changes
* no changes
## Other code changes
* Fix for SPDR not-open-source in code
* fix name and title in VSAC import process
* More work on Android support
***NO_CI***
## Validator Changes
* Fix issue loading SPDX value set + Fix missing code for 'not-open-source'
* Allow target to be treated as source when validating FML
* Fix issues validating names and urls for logical models
* Don't duplicate warnings about missing expressions on invariants in R5
## Other code changes
* Handle case where base hasn't got a snapshot generating snapshots
***NO_CI***
## Validator Changes
* Fix check for correct type name use in logical models (for CDA)
* Fix bug loading packages (introduced working on minimal loading)
* Fir NPE processing R3 Structure Definitions
* exempt ele-1 from constraint consistency checking
* Add -watch-scan-delay and -watch-settle-time
* fix missing error validating structure maps
* Fix bug with erroneous warning in snapshot generation about profile not being found
* Update SPDX code system to latest version
* Output proper filename in validation log
## Other code changes
* Refactor version utility code
* Fix help placeholders
* Better error when handling loading resources
* fix duplicate element generation in CDA.AD type snapshot generation
* Fix message about rendering problem. Actual solution... not sure.
* Minimal Memory model changes for Npm for Android
***NO_CI***
## Validator Changes
Post DevDays Release - many significant changes!
* Add ```-watch-mode``` parameter (See [doco](https://confluence.hl7.org/display/FHIR/Using+the+FHIR+Validator#UsingtheFHIRValidator-Watchmode))
* Start checking constraint expressions defined in profiles and logical models, and update FHIRPath for logical models
* Start checking ElementDefinition.mustHaveValue and ElementDefinition.valueAlternatives
* Start validating derived questionnaires
* Tighten up checking on FHIRPath - enforce use of ```'```, and don't accept ```"``` for string delimiters
* Add ```-allow-double-quotes-in-fhirpath``` parameter ([doco](https://confluence.hl7.org/display/FHIR/Using+the+FHIR+Validator#UsingtheFHIRValidator-LegacyFHIRPathSetting))
* Fix error when validating profiles that mix canonical() and Reference() types
* Fix extension context checking
* Fix erroneous FHIRPath expression eld-11 when loading
* Fix incomplete support for ```-display-issues-are-warnings``` parameter
* Fix broken NullFlavor binding in R4
* Fix various NPE errors doing value set validation (+ logging tx operations)
* Minor performance improvements to start up time
* Auto-update implied slicing elements when min < slice min
## Other code changes
* Add CodeQL to the build process
* Various NPE fixes
* Add getValueAsString(TemporalPrecisionEnum) method to date/time types
* Fix rendering for unresolvable ValueSets
* Remove r4b eclipse project files
* Upgrade multiple dependency libraries (per CodeQL)
* Only record sorting errors when generating snapshots when debug mode is on
* Tighten up SSL certificate checking
* Partial refactor of CLI parameter handling
* Fix path regex (per CodeQL)
* Remove erroneous logging from conversion tests
* Rendering improvements for various profile related extensions
* More work on TxTests operation (lenient wrt extensions)
* Fix handling of summary extension (delete duplicate tools summary extension, and don't inherit it)
* Reprocess URLs in Markdown extensions on both StructureDefinition and ElementDefinition
* Improve URL detection in markdown when reprocessing URLs
***NO_CI***
## Validator Changes
* no changes
## Other code changes
* Fix bugs in language handling
* Implement Trivy vulnerability scanning and update POI and okhttp libraries
***NO_CI***
## Validator Changes
* Add support for "Obligation Profiles" (see https://chat.fhir.org/#narrow/stream/179177-conformance/topic/Proposed.20new.20Profile.20features)
* Adjust slice min/max checking to ignore type slices (rules are different in this case)
* Properly handle validating mime/type when terminology server is not available
## Other code changes
* Rework Pipelines - more stability and quicker
* Fix bug where elementmodel.Element.copy() didn't clone children. Users of the Element Model (not the normal model) should check all uses of copy. (Only known users are Validator + IG publisher)
* Add nimbus & ZXing to core library dependencies for forthcoming improved SHC/SHL support
***NO_CI***
dotasek
Grahame Grieve
markiantorno
Grahame Grieve