chore(release): 8.0.0

Automatically generated by python-semantic-release

Signed-off-by: semantic-release <semantic-release@bot.local>

Author: semantic-release

CHANGELOG.md

@@ -1,28 +1,60 @@
 # CHANGELOG
 
 
-## Unreleased
 
-### Documentation
-
-* docs(chaneglog): omit chore/ci/refactor/style/test/build (#703)
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a210809`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a210809efb34c2dc895fc0c6d96a3412a9097625))
-
-* docs: rephrase migration paths
+## v8.0.0 (2024-10-14)
 
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`b0260a7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b0260a7d45bc3e099b979001049a8c5a67b97634))
-
-### Unknown
+### Breaking
 
-* Merge remote-tracking branch 'origin/main' into 8.0.0-dev ([`b9a33e6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/b9a33e614a84ba4a6546a1907b70a0cbfee8cd6f))
+* feat!: v8.0.0 (#665)
 
-* rework tools xml deserializer (#700)
+### BREAKING Changes
+
+* Removed `cyclonedx.mode.ThisTool`, utilize `cyclonedx.builder.this.this_tool()` instead. 
+* Moved `cyclonedx.model.Tool` to `cyclonedx.model.tool.Tool`.
+* Property `cyclonedx.mode.bom.BomMetaData.tools` is of type `cyclonedx.model.tool.ToolRepository` now, was `SortedSet[cyclonedx.model.Tool]`.  
+  The getter will act accordingly; the setter might act in a backwards-compatible way.
+* Property `cyclonedx.mode.vulnerability.Vulnerability.tools` is of type `cyclonedx.model.tool.ToolRepository` now, was `SortedSet[cyclonedx.model.Tool]`.  
+  The getter will act accordingly; the setter might act in a backwards-compatible way.
+* Constructor `cyclonedx.model.license.LicenseExpression()` accepts optional argument `acknowledgement` only as key-word argument, no longer as positional argument.  
+  
+
+### Changes
+
+* Constructor of `cyclonedx.model.bom.BomMetaData` also accepts an instance of `cyclonedx.model.tool.ToolRepository` for argument `tools`.
+* Constructor of `cyclonedx.model.bom.BomMetaData` no longer adds this very library as a tool.  
+  Downstream users SHOULD add it manually, like `my-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component())`. 
+
+### Fixes
+
+* Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
+
+### Added
+
+Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5 
+
+* New class `cyclonedx.model.tool.ToolRepository`.
+* New function `cyclonedx.builder.this.this_component()` -- representation of this very python library as a `Component`.
+* New function `cyclonedx.builder.this.this_tool()` -- representation of this very python library as a `Tool`.
+* New function `cyclonedx.model.tool.Tool.from_component()`.
+
+### Dependencies
+
+* Raised runtime dependency `py-serializable>=1.1.1,<2`, was `>=1.1.0,<2`.
+
+---------
+
+Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
+Signed-off-by: Joshua Kugler <tek30584@adobe.com>
+Signed-off-by: semantic-release <semantic-release@bot.local>
+Co-authored-by: Joshua Kugler <joshua@azariah.com>
+Co-authored-by: semantic-release <semantic-release@bot.local> ([`002f966`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/002f96630ce8fc6f1766ee6cc92a16b35a821c69))
 
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1a24ee6`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1a24ee6a0853e535465f85c6380971948281ad6e))
+### Documentation
 
-* Merge remote-tracking branch 'origin/main' into 8.0.0-dev ([`4c57fa1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/4c57fa156516de07cdd4acd3f3057c0b20d108d7))
+* docs(chaneglog): omit chore/ci/refactor/style/test/build (#703)
 
+Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`a210809`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/a210809efb34c2dc895fc0c6d96a3412a9097625))
 
 
 ## v7.6.2 (2024-10-07)
@@ -43,126 +75,9 @@ fixes #690
 
 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`d8b20bd`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/d8b20bdc5224ea30cf767f6f3f1a6f8ff2754973))
 
-### Unknown
-
-* docs
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`68c681d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/68c681d46c85230a97c4058de97400f3d93119f5))
-
-
-## v8.0.0-rc.2 (2024-09-27)
-
-### Fix
-
-* fix: ToolRepository serialize migrated tools deduplicated (#686)
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`35ccdd1`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/35ccdd1bfec9757457763308d16e1dbf5d9e28e9))
-
-### Unknown
-
-* docs
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`2e16408`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/2e16408098a3c649b80fb407d4f43aaa34aee39f))
-
-* rename `ToolsRepository` -> `ToolRepository` (#687)
-
-Item class of repository is to be called in singular(`Tool`).
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e00af17`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e00af1739fa6d3933315e96266d96d9b290012ee))
-
-
-## v8.0.0-rc.1 (2024-09-25)
-
-### Documentation
-
-* docs: migrate to v8.0.0 (#684)
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0ac84d7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0ac84d76f2e526f329937ab004480405492e7417))
-
-### Fix
-
-* fix: assert copyright headers
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`bef268b`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/bef268b7abe2c3f343274d7789906c99c80e9df9))
-
-### Unknown
-
-* Merge branch 'main' into 8.0.0-dev
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`39514b3`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/39514b331eef98fbf5208ead341060831f8acddf))
-
-* Merge branch 'main' into 8.0.0-dev ([`c123aff`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/c123aff4bd479ec0f5f1982725ffe8901afb87c9))
-
 
 ## v7.6.1 (2024-09-18)
 
-### Breaking
-
-* feat!: this-builder (#649)
-
-reworked `ThisTool` for #635
-
----------
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`cf5d2c7`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/cf5d2c7e43883967c5d5837f465ecac5a8cc034e))
-
-* refactor!: `LicenseExpression()` optional args are named args (#595)
-
-fixes #594
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`0172564`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0172564d5f9529e7ce543da434969b552833de31))
-
-* feat!: Add component and services for tools (#635)
-
-CycloneDX spec 1.5 deprecated an array of tools in bom.metadata and
-instead prefers object with an array of components and an array of
-services.
-
-This PR implements that.
-
-This works de-serializing a Syft SBOM with a tool section like so:
-```
-  "metadata": {
-    "timestamp": "2024-06-10T13:06:52-08:00",
-    "tools": {
-      "components": [
-        {
-          "type": "application",
-          "author": "anchore",
-          "name": "syft",
-          "version": "1.4.1"
-        }
-      ]
-    },
-    "component": {
-      "bom-ref": "08329a07b4eb8eac",
-      "type": "file",
-      "name": "./"
-    }
-  },
-```
-Next up: docs, XML (de)serialization code, and tests.
-
-fixes #561
-
----------
-
-Signed-off-by: Joshua Kugler <tek30584@adobe.com>
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
-Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`1f5fd7a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/1f5fd7a6be94d93d2260622d39ea01cd74614402))
-
-* feat!: 8.0.0
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`9ba4b8e`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/9ba4b8e5d255c8dba51df214786328bfa700291c))
-
-### Feature
-
-* feat: don't add self to `metafata.tools` (#674)
-
-fixes #673
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`e0a153f`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/e0a153fbd553dcf29343d72e361c1cc9122c63b4))
-
 ### Fix
 
 * fix: file copyright headers (#676)
@@ -173,16 +88,6 @@ correct headers
 
 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`35e00b4`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/35e00b4ee5a9306b9e97b011025409bcbfcef309))
 
-### Unknown
-
-* Merge branch 'main' into 8.0.0-dev ([`3d1548a`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/3d1548abf5db45764a22fcca96493574f96ff693))
-
-* Merge branch 'main' into 8.0.0-dev
-
-Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> ([`735c800`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/735c8003ce88b0c6efa802ccd806f17d22b4df89))
-
-* Merge branch 'main' into 8.0.0-dev ([`0ec785d`](https://github.com/CycloneDX/cyclonedx-python-lib/commit/0ec785d29abcc215a5a0f6feec9bf16b0994cc92))
-
 
 ## v7.6.0 (2024-08-14)
 

cyclonedx/__init__.py

@@ -22,4 +22,4 @@
 
 # !! version is managed by semantic_release
 # do not use typing here, or else `semantic_release` might have issues finding the variable
-__version__ = "8.0.0-rc.2"  # noqa:Q000
+__version__ = "8.0.0"  # noqa:Q000

docs/conf.py

@@ -20,7 +20,7 @@
 
 # The full version, including alpha/beta/rc tags
 # !! version is managed by semantic_release
-release = '8.0.0-rc.2'
+release = '8.0.0'
 
 # -- General configuration ---------------------------------------------------
 

pyproject.toml

@@ -5,7 +5,7 @@ build-backend = "poetry.core.masonry.api"
 [tool.poetry]
 name = "cyclonedx-python-lib"
 # !! version is managed by semantic_release
-version = "8.0.0-rc.2"
+version = "8.0.0"
 description = "Python library for CycloneDX"
 authors = [
   "Paul Horton <phorton@sonatype.com>",