chore(deps): bump spdx-tools from 0.7.1 to 0.8.2

[dependabot[bot]]

Bumps spdx-tools from 0.7.1 to 0.8.2.

Release notes

Sourced from spdx-tools's releases.

v0.8.2

What's Changed

• add encoding parameter for parsing files by @​chrisdecker1201 in spdx/tools-python#756
• [issue-754] output FilesAnalyzed boolean in lowercase in tag-value by @​armintaenzertng in spdx/tools-python#757
• [issue-753] only allow lowercase values for FilesAnalyzed in tag-value by @​armintaenzertng in spdx/tools-python#758
• fix(validation): also allow URLs in download locations by @​maxhbr in spdx/tools-python#763
• implement recommended UTF-8 encoding for reading and writing SPDX files by @​chrisdecker1201 in spdx/tools-python#759
• fix(validation): fix error generation in expression validator by @​maxhbr in spdx/tools-python#765
• add documentation on the code architecture by @​armintaenzertng in spdx/tools-python#752
• Handle timezone-aware datetime objects when writing SPDX. by @​licquia in spdx/tools-python#768
• update changelog for 0.8.2 release by @​armintaenzertng in spdx/tools-python#769

Full Changelog: https://github.com/spdx/tools-python/compare/v0.8.1...v0.8.2

v0.8.1

What's Changed

• add SPDX tech mailing list link to README by @​armintaenzertng in spdx/tools-python#737
• make relationship parsing to be more efficient through precomputation by @​lumjjb in spdx/tools-python#743
• expand url regex to allow for userinfo by @​bdehamer in spdx/tools-python#746
• only instantiate get_spdx_licensing() once in the project by @​armintaenzertng in spdx/tools-python#749
• [issue-744] implement validation of external license references by @​armintaenzertng in spdx/tools-python#750
• update changelog for 0.8.1 by @​armintaenzertng in spdx/tools-python#751

New Contributors

• @​lumjjb made their first contribution in spdx/tools-python#743
• @​bdehamer made their first contribution in spdx/tools-python#746

Full Changelog: https://github.com/spdx/tools-python/compare/v0.8.0...v0.8.1

v0.8.0

What's Changed

• [fix] remove leftover legacy files. Add NOASSERTION as possible value… by @​armintaenzertng in spdx/tools-python#370
• [Issue 305] add new json parser by @​meretp in spdx/tools-python#366
• [issue-389] allow NONE and NOASSERTION in related_spdx_element_id by @​armintaenzertng in spdx/tools-python#390
• [format] delete unused imports by @​meretp in spdx/tools-python#393
• [issue-381] Add tag-value writer by @​armintaenzertng in spdx/tools-python#396
• convert related_spdx_element_id to str in tv writer by @​armintaenzertng in spdx/tools-python#399
• [issue-388] Update CLI tools for the new parsers/writers by @​armintaenzertng in spdx/tools-python#401
• [issue-397] make fixtures valid and replace valid_defaults.py by @​armintaenzertng in spdx/tools-python#409
• [issue-403] change spdx version handling during validation by @​armintaenzertng in spdx/tools-python#404
• [issue-267] Add GitHub Actions workflow by @​armintaenzertng in spdx/tools-python#410
• GitHub Actions fix by @​armintaenzertng in spdx/tools-python#414
• Minor parsing/writing fixes by @​armintaenzertng in spdx/tools-python#412
• Introduce src-layout by @​meretp in spdx/tools-python#416
• add dummy config.yml to pass pipeline by @​meretp in spdx/tools-python#418
• [issue-397] use fixtures in writer tests by @​meretp in spdx/tools-python#417
• [issue-420] fix order of mocks to match input arguments by @​meretp in spdx/tools-python#421
• [issue-392] make usage of license_concluded consistent by @​meretp in spdx/tools-python#422
• [issue-400] ignore duplicated relationships while parsing by @​meretp in spdx/tools-python#423

... (truncated)

Changelog

Sourced from spdx-tools's changelog.

v0.8.2 (2023-10-12)

New features and changes

• added optional encoding parameter for parsing files
• fixed handling of the FilesAnalyzed field in Tag-Value format
• fixed the validation of the DownloadLocation field
• fixed the error handling while parsing license expressions
• fixed output of timezone-sensitive datetimes
• added code architecture documentation

Contributors

This release was made possible by the following contributors. Thank you very much!

• Christian Decker @​chrisdecker1201
• Jeff Licquia @​licquia
• Maximilian Huber @​maxhbr
• Armin Tänzer @​armintaenzertng

v0.8.1 (2023-08-24)

New features and changes

• massive speed-up in the validation process of large SBOMs
• validation now detects and checks license references from external documents
• allow for userinfo in git+ssh download location
• more efficient relationship parsing in JSON/YAML/XML

Contributors

This release was made possible by the following contributors. Thank you very much!

• Brian DeHamer @​bdehamer
• Brandon Lum @​lumjjb
• Maximilian Huber @​maxhbr
• Armin Tänzer @​armintaenzertng

v0.8.0 (2023-07-25)

New features and changes

• major refactoring of the library
  • new and improved data model
  • type hints and type checks have been added to the model classes
  • license expressions and SPDX license list are now handled by the license-expression package
  • to update your existing code, refer to the migration guide
• experimental support for the upcoming SPDX v3 specification (note, however, that support is neither complete nor

... (truncated)

Commits

• 32e74cd update changelog for 0.8.2 release
• f0873eb Properly install tzdata for GitHub Actions.
• 195e244 Handle timezone-aware datetime objects when writing SPDX.
• 248394c add documentation about the code architecture
• 40d1d8e fix(validation): fix error generation in expression validator
• e08e4d2 Merge pull request #759 from HomagGroup/feature/encoding_compliance
• e8ae39d Merge branch 'main' into feature/encoding_compliance
• ed9a135 fix(validation): also allow URLs in download locations
• a1584b7 implement recommended UTF-8 encoding for reading and writing SPDX files
• 3d3100a [issue-753] only allow lowercase values for FilesAnalyzed in tag-value
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[JeroenKnoops]

@dependabot recreate

[BrunoVernay]

It is not automatic https://github.com/spdx/tools-python/wiki/How-to-migrate-from-0.7-to-0.8