chore(deps): update cyclonedx-python-lib[validation] requirement from <8.0.0,>=7.3.4 to >=7.3.4,<9.0.0

[dependabot]

Updates the requirements on cyclonedx-python-lib[validation] to permit the latest version.

Release notes

Sourced from cyclonedx-python-lib[validation]'s releases.

v8.1.0 (2024-10-21)

Documentation

• docs: fix code examples regarding outputting (#709)

Feature

• feat: add support for Lifecycles in BOM metadata (#698)

---

What's Changed

• docs: fix code examples regarding outputting by @​hakandilek in CycloneDX/cyclonedx-python-lib#709
• chore(deps-dev): update mypy requirement from 1.11.2 to 1.12.0 by @​dependabot in CycloneDX/cyclonedx-python-lib#716
• chore(deps-dev): update tox requirement from 4.21.2 to 4.23.0 by @​dependabot in CycloneDX/cyclonedx-python-lib#714
• chore(deps-dev): update tomli requirement from 2.0.1 to 2.0.2 by @​dependabot in CycloneDX/cyclonedx-python-lib#715
• feat: add support for Lifecycles in BOM metadata by @​Churro in CycloneDX/cyclonedx-python-lib#698

Full Changelog: CycloneDX/cyclonedx-python-lib@v8.0.0...v8.1.0

Changelog

Sourced from cyclonedx-python-lib[validation]'s changelog.

v8.1.0 (2024-10-21)

Documentation

• docs: fix code examples regarding outputting (#709)

Signed-off-by: Hakan Dilek <[email protected]> (c72d5f4)

Feature

• feat: add support for Lifecycles in BOM metadata (#698)

---

Signed-off-by: Johannes Feichtner <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]> Signed-off-by: Johannes Feichtner <[email protected]> Co-authored-by: Jan Kowalleck <[email protected]> (6cfeb71)

v8.0.0 (2024-10-14)

Breaking

• feat!: v8.0.0 (#665)

BREAKING Changes

• Removed cyclonedx.mode.ThisTool, utilize cyclonedx.builder.this.this_tool() instead.
• Moved cyclonedx.model.Tool to cyclonedx.model.tool.Tool.
• Property cyclonedx.mode.bom.BomMetaData.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• Property cyclonedx.mode.vulnerability.Vulnerability.tools is of type cyclonedx.model.tool.ToolRepository now, was SortedSet[cyclonedx.model.Tool].
  The getter will act accordingly; the setter might act in a backwards-compatible way.
• Constructor cyclonedx.model.license.LicenseExpression() accepts optional argument acknowledgement only as key-word argument, no longer as positional argument.

Changes

• Constructor of cyclonedx.model.bom.BomMetaData also accepts an instance of cyclonedx.model.tool.ToolRepository for argument tools.
• Constructor of cyclonedx.model.bom.BomMetaData no longer adds this very library as a tool.
  Downstream users SHOULD add it manually, like my-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component()).

Fixes

• Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.

... (truncated)

Commits

• 10c4ec2 chore(release): 8.1.0
• 6cfeb71 feat: add support for Lifecycles in BOM metadata (#698)
• 369009f chore(deps-dev): update tomli requirement from 2.0.1 to 2.0.2 (#715)
• 74a86f6 chore(deps-dev): update tox requirement from 4.21.2 to 4.23.0 (#714)
• bcb6489 chore(deps-dev): update mypy requirement from 1.11.2 to 1.12.0 (#716)
• 2decdb7 chore(docs): link python test snapshots docs
• c72d5f4 docs: fix code examples regarding outputting (#709)
• 7e511ae chore(release): 8.0.0
• 002f966 feat!: v8.0.0 (#665)
• a210809 docs(chaneglog): omit chore/ci/refactor/style/test/build (#703)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)