chore(deps): bump spdx-tools from 0.7.1 to 0.8.1

[dependabot[bot]]

Bumps spdx-tools from 0.7.1 to 0.8.1.

Release notes

Sourced from spdx-tools's releases.

v0.8.1

What's Changed

• add SPDX tech mailing list link to README by @​armintaenzertng in spdx/tools-python#737
• make relationship parsing to be more efficient through precomputation by @​lumjjb in spdx/tools-python#743
• expand url regex to allow for userinfo by @​bdehamer in spdx/tools-python#746
• only instantiate get_spdx_licensing() once in the project by @​armintaenzertng in spdx/tools-python#749
• [issue-744] implement validation of external license references by @​armintaenzertng in spdx/tools-python#750
• update changelog for 0.8.1 by @​armintaenzertng in spdx/tools-python#751

New Contributors

• @​lumjjb made their first contribution in spdx/tools-python#743
• @​bdehamer made their first contribution in spdx/tools-python#746

Full Changelog: https://github.com/spdx/tools-python/compare/v0.8.0...v0.8.1

v0.8.0

What's Changed

• [fix] remove leftover legacy files. Add NOASSERTION as possible value… by @​armintaenzertng in spdx/tools-python#370
• [Issue 305] add new json parser by @​meretp in spdx/tools-python#366
• [issue-389] allow NONE and NOASSERTION in related_spdx_element_id by @​armintaenzertng in spdx/tools-python#390
• [format] delete unused imports by @​meretp in spdx/tools-python#393
• [issue-381] Add tag-value writer by @​armintaenzertng in spdx/tools-python#396
• convert related_spdx_element_id to str in tv writer by @​armintaenzertng in spdx/tools-python#399
• [issue-388] Update CLI tools for the new parsers/writers by @​armintaenzertng in spdx/tools-python#401
• [issue-397] make fixtures valid and replace valid_defaults.py by @​armintaenzertng in spdx/tools-python#409
• [issue-403] change spdx version handling during validation by @​armintaenzertng in spdx/tools-python#404
• [issue-267] Add GitHub Actions workflow by @​armintaenzertng in spdx/tools-python#410
• GitHub Actions fix by @​armintaenzertng in spdx/tools-python#414
• Minor parsing/writing fixes by @​armintaenzertng in spdx/tools-python#412
• Introduce src-layout by @​meretp in spdx/tools-python#416
• add dummy config.yml to pass pipeline by @​meretp in spdx/tools-python#418
• [issue-397] use fixtures in writer tests by @​meretp in spdx/tools-python#417
• [issue-420] fix order of mocks to match input arguments by @​meretp in spdx/tools-python#421
• [issue-392] make usage of license_concluded consistent by @​meretp in spdx/tools-python#422
• [issue-400] ignore duplicated relationships while parsing by @​meretp in spdx/tools-python#423
• also use the src-layout for tests by @​meretp in spdx/tools-python#419
• move typing to common module to prepare for the prototype of spdx 3.0 by @​meretp in spdx/tools-python#430
• Validate ExternalPackageRef by @​armintaenzertng in spdx/tools-python#439
• [issue-443] change file name validation logic by @​armintaenzertng in spdx/tools-python#445
• [issue-442] change CLI to read version from document by @​armintaenzertng in spdx/tools-python#446
• [issue-10] use license_expression library for LicenseExpression by @​armintaenzertng in spdx/tools-python#447
• [issue-457] add "no #" requirement to validation messages by @​armintaenzertng in spdx/tools-python#458
• [issue-407] add rdf writer by @​meretp in spdx/tools-python#448
• [issue-378] implement invalidation of duplicated SPDX Ids by @​armintaenzertng in spdx/tools-python#459
• [issue-376] add tests for spdx_id_validators by @​armintaenzertng in spdx/tools-python#460
• [issue-386] Finish Package validation by @​armintaenzertng in spdx/tools-python#461
• [issue-375] test "document describes at least one element" by @​armintaenzertng in spdx/tools-python#462
• [issue-466] bug fix and add test by @​meretp in spdx/tools-python#467
• [issue-407] write comments for relationships by @​meretp in spdx/tools-python#470
• fix helper method by @​meretp in spdx/tools-python#484

... (truncated)

Changelog

Sourced from spdx-tools's changelog.

v0.8.1 (2023-08-24)

New features and changes

• massive speed-up in the validation process of large SBOMs
• validation now detects and checks license references from external documents
• allow for userinfo in git+ssh download location
• more efficient relationship parsing in JSON/YAML/XML

Contributors

This release was made possible by the following contributors. Thank you very much!

• Brian DeHamer @​bdehamer
• Brandon Lum @​lumjjb
• Maximilian Huber @​maxhbr
• Armin Tänzer @​armintaenzertng

v0.8.0 (2023-07-25)

New features and changes

• major refactoring of the library
  • new and improved data model
  • type hints and type checks have been added to the model classes
  • license expressions and SPDX license list are now handled by the license-expression package
  • to update your existing code, refer to the migration guide
• experimental support for the upcoming SPDX v3 specification (note, however, that support is neither complete nor stable at this point, as the spec is still evolving)
• full validation of SPDX documents against the v2.2 and v2.3 specification
• support for SPDX's RDF format with all v2.3 features
• unified pysdpxtools CLI tool replaces separate pyspdxtools_parser and pyspdxtools_convertor
• online API documentation
• replaced CircleCI with GitHub Actions

Contributors

This release was made possible by the following contributors. Thank you very much!

• Armin Tänzer @​armintaenzertng
• Gary O'Neall @​goneall
• Gaurav Mishra @​GMishx
• HarshvMahawar @​HarshvMahawar
• Holger Frydrych @​fholger
• Jeff Licquia @​licquia
• Kate Stewart @​kestewart
• Maximilian Huber @​maxhbr
• Meret Behrens @​meretp
• Nicolaus Weidner @​nicoweidner

... (truncated)

Commits

• 777bd27 update changelog for 0.8.1
• 85b480a [issue-744] implement validation of external license references
• ca72624 instantiate get_spdx_licensing() in a singleton module
• 1ecc6f6 expand url regex to allow for userinfo
• ee95e60 fix additional lint errors in tests
• 3f1c62f fix lint errors
• 32e3d2d fix test to correctly use assumption of no comments in relationships
• eab5db9 make relationship parsing to be more efficient through precomputation
• f15a64f add SPDX tech mailing list link to README
• 69eea91 update README and CHANGELOG for the upcoming release
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[JeroenKnoops]

We need to adjust the code for this change.

See https://github.com/spdx/tools-python/wiki/How-to-migrate-from-0.7-to-0.8

[dependabot[bot]]

Superseded by #77.