diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
index 88c55c264d..8c76555602 100644
--- a/.github/actions/spelling/allow.txt
+++ b/.github/actions/spelling/allow.txt
@@ -94,6 +94,7 @@ codecov
collectd
commons
compress
+conan
conda
config
connman
diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt
index fd3171373d..5ba2fec4af 100644
--- a/.github/actions/spelling/expect.txt
+++ b/.github/actions/spelling/expect.txt
@@ -13,4 +13,4 @@ NOTKNOWN
pyyaml
skontar
Svunknown
-urllib
+urllib
\ No newline at end of file
diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml
index f2b0195499..3e1f10de2d 100644
--- a/.github/workflows/build-wheel.yml
+++ b/.github/workflows/build-wheel.yml
@@ -23,7 +23,7 @@ jobs:
if: github.repository == 'intel/cve-bin-tool' # run on origin repo only
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
@@ -44,11 +44,11 @@ jobs:
echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT
echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT
- name: Attest Build Provenance for tar
- uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
+ uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-path: "dist/${{ steps.filename.outputs.tar }}"
- name: Attest Build Provenance for whl
- uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
+ uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-path: "dist/${{ steps.filename.outputs.whl }}"
# TODO Upload to pypi on release creation
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index aa82ed9ecf..cc9e7ae6d3 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,7 +42,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
@@ -51,7 +51,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+ uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -76,4 +76,4 @@ jobs:
# make release
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
+ uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 6ad8ebb3ac..28ab5b0c38 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -14,7 +14,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/cve_bin_tool_action.yml b/.github/workflows/cve_bin_tool_action.yml
index 44e630403d..a98930f0e2 100644
--- a/.github/workflows/cve_bin_tool_action.yml
+++ b/.github/workflows/cve_bin_tool_action.yml
@@ -11,7 +11,7 @@ jobs:
scan:
permissions:
security-events: write
- runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
+ runs-on: ubuntu-latest
steps:
- uses: intel/cve-bin-tool-action@main
with:
diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml
index c97248eeb3..52d238a6fe 100644
--- a/.github/workflows/cve_scan.yml
+++ b/.github/workflows/cve_scan.yml
@@ -17,7 +17,7 @@ jobs:
timeout-minutes: 60
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
@@ -32,7 +32,7 @@ jobs:
run: |
echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
- name: Get cached database
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index d99c952123..de970949f3 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,11 +17,11 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: 'Checkout Repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Dependency Review'
- uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
+ uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
index 5ef52b7699..a864aeb4c8 100644
--- a/.github/workflows/formatting.yml
+++ b/.github/workflows/formatting.yml
@@ -19,7 +19,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
index b4fb4a9fcb..ea981003ec 100644
--- a/.github/workflows/fuzzing.yml
+++ b/.github/workflows/fuzzing.yml
@@ -51,13 +51,13 @@ jobs:
echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
- name: Get today's cached database
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
id: todays-cache
with:
path: fuzz-cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: fuzz-cache
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index c4737601f6..a7cacf22e2 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -18,7 +18,7 @@ jobs:
tool: ['isort', 'black', 'pyupgrade', 'flake8', 'bandit', 'gitlint', 'mypy', 'interrogate']
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 1d42ac5baa..ad5cca1bf2 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -22,7 +22,7 @@ jobs:
python: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index e6c3614f67..6f7ecafd4e 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -15,19 +15,14 @@ permissions: read-all
jobs:
analysis:
name: Scorecard analysis
- runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
+ runs-on: ubuntu-latest
permissions:
security-events: write
id-token: write
steps:
- - name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
- with:
- egress-policy: audit
-
- name: "Checkout code"
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
@@ -38,10 +33,3 @@ jobs:
results_format: sarif
publish_results: true
- - name: "Upload artifact"
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
- with:
- name: SARIF file
- path: results.sarif
- retention-days: 5
-
diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml
index 2dec16dcae..4676520a5e 100644
--- a/.github/workflows/spelling.yml
+++ b/.github/workflows/spelling.yml
@@ -14,7 +14,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 6ed476bcb6..0ea4070d42 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -39,7 +39,7 @@ jobs:
runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
@@ -76,7 +76,7 @@ jobs:
timeout-minutes: 90
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
@@ -135,13 +135,13 @@ jobs:
echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
- name: Get today's cached database
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
id: todays-cache
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: cache
@@ -197,48 +197,12 @@ jobs:
github.head_ref
)
)
- runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
+ runs-on: 'ubuntu-latest'
timeout-minutes: 120
env:
LONG_TESTS: 1
- steps:
- - name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
- with:
- egress-policy: block
- allowed-endpoints: >
- access.redhat.com:443
- api.codecov.io:443
- api.github.com:443
- archives.fedoraproject.org:443
- azure.archive.ubuntu.com:80
- cli.codecov.io:443
- codecov.io:443
- curl.se:443
- epss.cyentia.com:443
- esm.ubuntu.com:443
- files.pythonhosted.org:443
- ftp.fr.debian.org:80
- github.com:443
- gitlab.com:443
- mirror.cveb.in:443
- mirror.cveb.in:80
- motd.ubuntu.com:443
- nvd.nist.gov:443
- osv-vulnerabilities.storage.googleapis.com:443
- packages.microsoft.com:443
- ppa.launchpadcontent.net:443
- pypi.org:443
- raw.githubusercontent.com:443
- release-monitoring.org:443
- rpmfind.net:443
- security-tracker.debian.org:443
- services.nvd.nist.gov:443
- storage.googleapis.com:443
- uploader.codecov.io:443
- www.cisa.gov:443
- www.sqlite.org:443
+ steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
@@ -267,35 +231,18 @@ jobs:
echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
- name: Get today's cached database
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
id: todays-cache
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
- - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2
- with:
- PATTERNS: |
- cve_bin_tool/*.py
- cve_bin_tool/data_sources/*.py
- cve_bin_tool/checkers/*.py
- test/condensed-downloads/*
- FILES: |
- cvedb.py
- test_scanner.py
- test_cli.py
- cli.py
- - uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1
- id: git-diff
- with:
- cond: ${{ (github.event.inputs.longTests == 'true') || (env.GIT_DIFF != '') }}
- if_true: '1'
- if_false: '0'
+
- name: Install cabextract
if: env.sbom != 'true'
run: sudo apt-get update && sudo apt-get install cabextract
@@ -320,32 +267,287 @@ jobs:
cp -r ~/.cache/cve-bin-tool cache
- name: Run async tests
if: env.sbom != 'true'
- env:
- LONG_TESTS: ${{ steps.git-diff.outputs.value }}
run: >
- pytest --cov --cov-append -n 4 -v --durations=50
+ pytest --cov --cov-append -n 32 --cov-report=xml -v --durations=50
--ignore=test/test_cli.py
--ignore=test/test_cvedb.py
--ignore=test/test_requirements.py
--ignore=test/test_html.py
--ignore=test/test_json.py
- - name: Run synchronous tests
+ --ignore=test/test_scanner.py
+ --ignore=test/test_language_parser.py
+ - name: Upload code coverage to codecov
+ if: env.sbom != 'true'
+ uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2
+ with:
+ files: ./coverage.xml
+ flags: longtests
+ name: codecov-umbrella
+ fail_ci_if_error: false
+
+ long_tests_languages:
+ name: Long tests on Python 3.10 (language parsers)
+ permissions:
+ contents: read
+ if: |
+ ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+ ! (
+ startsWith(github.head_ref, 'chore-sbom-py') ||
+ contains(
+ fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
+ github.head_ref
+ )
+ )
+ runs-on: 'ubuntu-latest'
+ timeout-minutes: 120
+ env:
+ LONG_TESTS: 1
+
+ steps:
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+ with:
+ python-version: '3.10'
+ cache: 'pip'
+
+ - name: "Skip tests if this is an automated sbom job"
+ env:
+ COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
+ run: |
+ if ${COMMIT_VAR} == true; then
+ echo "sbom=true" >> $GITHUB_ENV
+ echo "sbom set to true"
+ else
+ echo "sbom=false" >> $GITHUB_ENV
+ echo "sbom set to false"
+ fi
+
+ - name: Get date
+ id: get-date
+ run: |
+ echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+ echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+ - name: Print Cache Keys
+ run: |
+ echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
+ echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
+ - name: Get today's cached database
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ id: todays-cache
+ with:
+ path: cache
+ key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
+ - name: Get yesterday's cached database if today's is not available
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ if: steps.todays-cache.outputs.cache-hit != 'true'
+ with:
+ path: cache
+ key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
+
+ - name: Install cve-bin-tool
+ if: env.sbom != 'true'
+ run: |
+ python -m pip install --upgrade pip
+ python -m pip install --upgrade setuptools
+ python -m pip install --upgrade wheel
+ python -m pip install --upgrade -r dev-requirements.txt
+ python -m pip install --editable .
+ - name: Try single CLI run of tool
+ if: env.sbom != 'true'
+ run: |
+ [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
+ NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
+ cp -r ~/.cache/cve-bin-tool cache
+ - name: Run language scanner tests
+ if: env.sbom != 'true'
+ run: >
+ pytest --cov --cov-append -n 32 --cov-report=xml -v --durations=50
+ test/test_language_scanner.py
+ - name: Upload code coverage to codecov
+ if: env.sbom != 'true'
+ uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2
+ with:
+ files: ./coverage.xml
+ flags: longtests
+ name: codecov-umbrella
+ fail_ci_if_error: false
+
+ long_tests_scanners:
+ name: Long tests on Python 3.10 (scanners)
+ permissions:
+ contents: read
+ if: |
+ ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+ ! (
+ startsWith(github.head_ref, 'chore-sbom-py') ||
+ contains(
+ fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
+ github.head_ref
+ )
+ )
+ runs-on: 'ubuntu-latest'
+ timeout-minutes: 120
+ env:
+ LONG_TESTS: 1
+
+ steps:
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+ with:
+ python-version: '3.10'
+ cache: 'pip'
+
+ - name: "Skip tests if this is an automated sbom job"
+ env:
+ COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
+ run: |
+ if ${COMMIT_VAR} == true; then
+ echo "sbom=true" >> $GITHUB_ENV
+ echo "sbom set to true"
+ else
+ echo "sbom=false" >> $GITHUB_ENV
+ echo "sbom set to false"
+ fi
+
+ - name: Get date
+ id: get-date
+ run: |
+ echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+ echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+ - name: Print Cache Keys
+ run: |
+ echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
+ echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
+ - name: Get today's cached database
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ id: todays-cache
+ with:
+ path: cache
+ key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
+ - name: Get yesterday's cached database if today's is not available
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ if: steps.todays-cache.outputs.cache-hit != 'true'
+ with:
+ path: cache
+ key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
+
+ - name: Install cve-bin-tool
if: env.sbom != 'true'
+ run: |
+ python -m pip install --upgrade pip
+ python -m pip install --upgrade setuptools
+ python -m pip install --upgrade wheel
+ python -m pip install --upgrade -r dev-requirements.txt
+ python -m pip install --editable .
+ - name: Try single CLI run of tool
+ if: env.sbom != 'true'
+ run: |
+ [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
+ NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
+ cp -r ~/.cache/cve-bin-tool cache
+ - name: Run binary scanner tests
+ if: env.sbom != 'true'
+ run: >
+ pytest --cov --cov-append -n 32 --cov-report=xml -v --durations=50
+ test/test_scanner.py
+ - name: Upload code coverage to codecov
+ if: env.sbom != 'true'
+ uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2
+ with:
+ files: ./coverage.xml
+ flags: longtests
+ name: codecov-umbrella
+ fail_ci_if_error: false
+
+ long_tests_sync:
+ name: Long tests on Python 3.10 (synchronous)
+ permissions:
+ contents: read
+ if: |
+ ! github.event.pull_request.user.login == 'github-actions[bot]' ||
+ ! (
+ startsWith(github.head_ref, 'chore-sbom-py') ||
+ contains(
+ fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'),
+ github.head_ref
+ )
+ )
+ runs-on: 'ubuntu-latest'
+ timeout-minutes: 120
+ env:
+ LONG_TESTS: 1
+
+ steps:
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+ - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+ with:
+ python-version: '3.10'
+ cache: 'pip'
+
+ - name: "Skip tests if this is an automated sbom job"
env:
- LONG_TESTS: ${{ steps.git-diff.outputs.value }}
+ COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }}
+ run: |
+ if ${COMMIT_VAR} == true; then
+ echo "sbom=true" >> $GITHUB_ENV
+ echo "sbom set to true"
+ else
+ echo "sbom=false" >> $GITHUB_ENV
+ echo "sbom set to false"
+ fi
+
+ - name: Get date
+ id: get-date
+ run: |
+ echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+ echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT
+ - name: Print Cache Keys
+ run: |
+ echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
+ echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
+ - name: Get today's cached database
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ id: todays-cache
+ with:
+ path: cache
+ key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
+ - name: Get yesterday's cached database if today's is not available
+ uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ if: steps.todays-cache.outputs.cache-hit != 'true'
+ with:
+ path: cache
+ key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}
+
+ - name: Install pdftotext, reportlab and cve-bin-tool
+ if: env.sbom != 'true'
+ run: |
+ python -m pip install --upgrade pip
+ python -m pip install --upgrade setuptools
+ python -m pip install --upgrade wheel
+ python -m pip install --upgrade -r dev-requirements.txt
+ python -m pip install --editable .
+ - name: Try single CLI run of tool
+ if: env.sbom != 'true'
+ run: |
+ [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool
+ NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
+ cp -r ~/.cache/cve-bin-tool cache
+ - name: Run synchronous tests
+ if: env.sbom != 'true'
run: >
pytest -v --cov --cov-append --cov-report=xml --durations=50
test/test_cli.py
test/test_cvedb.py
- name: Upload code coverage to codecov
if: env.sbom != 'true'
- uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
+ uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
with:
files: ./coverage.xml
flags: longtests
name: codecov-umbrella
fail_ci_if_error: false
+
linux-mayfail:
name: Tests that may fail due to network or HTML
permissions:
@@ -365,7 +567,7 @@ jobs:
EXTERNAL_SYSTEM: 1
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
@@ -411,13 +613,13 @@ jobs:
echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}"
echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}"
- name: Get today's cached database
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
id: todays-cache
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: cache
@@ -498,7 +700,7 @@ jobs:
PYTHONIOENCODING: 'utf8'
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
@@ -517,14 +719,14 @@ jobs:
echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}"
echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}"
- name: Get today's cached database
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
id: todays-cache
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}
enableCrossOsArchive: true
- name: Get yesterday's cached database if today's is not available
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
if: steps.todays-cache.outputs.cache-hit != 'true'
with:
path: cache
@@ -558,7 +760,7 @@ jobs:
test/test_cli.py
test/test_cvedb.py
- name: Cache conda
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
env:
# Increase to reset cache if requirements.txt file has not changed
CACHE_NUMBER: 0
@@ -583,7 +785,7 @@ jobs:
- name: Test PDF generation on Windows
run: pytest test/test_output_engine.py -k test_output_pdf --cov --cov-append --cov-report=xml --durations=50
- name: Upload code coverage to codecov
- uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
+ uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
with:
files: ./coverage.xml
flags: win-longtests
diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml
index fa2c93fae7..f61a4c70d6 100644
--- a/.github/workflows/update-cache.yml
+++ b/.github/workflows/update-cache.yml
@@ -26,7 +26,7 @@ jobs:
timeout-minutes: 60
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
@@ -39,7 +39,7 @@ jobs:
id: get-date
run: |
echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
- - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: cache
key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}
diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml
index f2b3fc0bd9..950b74f967 100644
--- a/.github/workflows/update-js-dependencies.yml
+++ b/.github/workflows/update-js-dependencies.yml
@@ -22,7 +22,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
@@ -36,7 +36,7 @@ jobs:
run: python .github/workflows/update_js_dependencies.py
- name: Get cached Python packages
- uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
+ uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml
index 2b3be9cf39..192b599ee4 100644
--- a/.github/workflows/update-pre-commit.yml
+++ b/.github/workflows/update-pre-commit.yml
@@ -22,7 +22,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/update-spdx-header.yml b/.github/workflows/update-spdx-header.yml
index 68cde73344..adb37a09d6 100644
--- a/.github/workflows/update-spdx-header.yml
+++ b/.github/workflows/update-spdx-header.yml
@@ -23,7 +23,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml
index b4bd97f31d..821a621727 100644
--- a/.github/workflows/validate-yml.yml
+++ b/.github/workflows/validate-yml.yml
@@ -12,7 +12,7 @@ jobs:
steps:
- name: Harden Runner
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+ uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 8a14acb674..2c0751509b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -34,7 +34,7 @@ repos:
exclude: ^fuzz/generated/|bandit\.conf$
- repo: https://github.com/PyCQA/bandit
- rev: 1.7.10
+ rev: 1.8.0
hooks:
- id: bandit
exclude: ^fuzz/generated/
diff --git a/cve_bin_tool/available_fix/debian_cve_tracker.py b/cve_bin_tool/available_fix/debian_cve_tracker.py
index 542fc34375..fcb0733bae 100644
--- a/cve_bin_tool/available_fix/debian_cve_tracker.py
+++ b/cve_bin_tool/available_fix/debian_cve_tracker.py
@@ -33,7 +33,27 @@
class DebianCVETracker:
+ """
+ A class for tracking CVEs (Common Vulnerabilities and Exposures) for Debian-based distributions.
+
+ This class is designed to monitor CVEs specific to a given Debian distribution,
+ taking into account the distribution name, codename, and whether the package is a backport.
+
+ Attributes:
+ distro_name (str): The name of the Debian-based distribution (e.g., "Debian", "Ubuntu").
+ distro_codename (str): The codename of the distribution release (e.g., "buster", "focal").
+ is_backport (bool): Flag indicating if the package is a backport.
+ """
+
def __init__(self, distro_name: str, distro_codename: str, is_backport: bool):
+ """
+ Initializes a DebianCVETracker instance with distribution information.
+
+ Parameters:
+ distro_name (str): The name of the Debian-based distribution.
+ distro_codename (str): The codename for the distribution release.
+ is_backport (bool): Specifies if the package is a backport.
+ """
self.distro_name = distro_name
self.distro_codename = distro_codename
self.is_backport = is_backport
@@ -42,7 +62,17 @@ def cve_info(
self,
all_cve_data: dict[ProductInfo, CVEData],
):
- """Produces the Backported fixes' info"""
+ """
+ Generates information on backported CVE fixes for a given set of CVE data.
+
+ This function processes CVE data and checks for resolved vulnerabilities in
+ the Debian or Ubuntu distributions. If a fix is available or backported, it logs
+ relevant information about the fix's availability and version.
+
+ Parameters:
+ all_cve_data (dict[ProductInfo, CVEData]): Dictionary containing CVE data,
+ organized by product and version.
+ """
cve_data = format_output(all_cve_data, None)
json_data = self.get_data()
@@ -72,11 +102,30 @@ def cve_info(
)
def get_data(self):
+ """
+ Retrieves CVE data from the Debian CVE JSON file.
+
+ This method opens and loads the Debian CVE JSON file for processing
+ vulnerability data, calling `check_json` to verify that the file is
+ up-to-date before loading.
+
+ Returns:
+ dict: Loaded JSON data from the Debian CVE JSON file.
+ """
check_json()
with open(DEB_CVE_JSON_PATH) as jsonfile:
return load(jsonfile)
def compute_distro(self):
+ """
+ Computes the distribution codename based on the Debian or Ubuntu release.
+
+ Maps the specified distribution codename to either Ubuntu or Debian based
+ on the provided `distro_name`.
+
+ Returns:
+ str: The mapped codename for the distribution.
+ """
if self.distro_name == "ubuntu":
return UBUNTU_DEBIAN_MAP[self.distro_codename]
elif self.distro_name == "debian":
@@ -84,7 +133,12 @@ def compute_distro(self):
def check_json():
- """Check to update the Debian CVE JSON file"""
+ """
+ Verifies if the Debian CVE JSON file is current and triggers an update if outdated.
+
+ This function checks the modification time of the JSON file. If it's older than
+ one day, it calls `update_json` to download a fresh version.
+ """
if (
not DEB_CVE_JSON_PATH.exists()
@@ -94,7 +148,12 @@ def check_json():
def update_json():
- """Update the Debian CVE JSON file"""
+ """
+ Updates the Debian CVE JSON file by downloading the latest data.
+
+ This function requests the JSON data from the specified URL and saves it to
+ the `DEB_CVE_JSON_PATH` location, logging the update status.
+ """
LOGGER.info("Updating Debian CVE JSON file for checking available fixes.")
# timeout = 300s = 5min. This is a guess at a valid default
diff --git a/cve_bin_tool/parsers/__init__.py b/cve_bin_tool/parsers/__init__.py
index 5ed25c87ad..8394ccebd0 100644
--- a/cve_bin_tool/parsers/__init__.py
+++ b/cve_bin_tool/parsers/__init__.py
@@ -26,6 +26,7 @@
"perl",
"dart",
"env",
+ "ccpp",
]
diff --git a/cve_bin_tool/parsers/ccpp.py b/cve_bin_tool/parsers/ccpp.py
new file mode 100644
index 0000000000..8d4452e940
--- /dev/null
+++ b/cve_bin_tool/parsers/ccpp.py
@@ -0,0 +1,65 @@
+# Copyright (C) 2024 Intel Corporation
+# SPDX-License-Identifier: GPL-3.0-or-later
+"""Python script containing all functionalities related to parsing of C/C++ conan.lock files."""
+
+import json
+import re
+
+from cve_bin_tool.parsers import Parser
+
+
+class CCppParser(Parser):
+ """
+ Parser for C/C++ conan.lock files based on
+ https://docs.conan.io/2/tutorial/versioning/lockfiles.html
+ """
+
+ PARSER_MATCH_FILENAMES = [
+ "conan.lock",
+ ]
+
+ def __init__(self, cve_db, logger):
+ super().__init__(cve_db, logger)
+ self.purl_pkg_type = "conan"
+
+ def generate_purl(self, product, vendor="", version="", qualifier={}, subpath=None):
+ """Generates PURL after normalizing all components."""
+ product = re.sub(r"[^a-zA-Z0-9._-]", "", product).lower()
+
+ if not product:
+ return None
+
+ purl = super().generate_purl(
+ product,
+ vendor,
+ version,
+ qualifier,
+ subpath,
+ )
+
+ return purl
+
+ def run_checker(self, filename):
+ """Parse the file and yield valid PURLs."""
+ self.filename = filename
+ with open(self.filename) as fh:
+ data = json.load(fh)
+ requires = data["requires"]
+ build_requires = data["build_requires"]
+ if requires:
+ for require in requires:
+ product = require.split("#")[0].split("/")[0]
+ version = require.split("#")[0].split("/")[1]
+ purl = self.generate_purl(product)
+ vendor = self.get_vendor(purl, product, version)
+ if vendor is not None:
+ yield from vendor
+ if build_requires:
+ for build_require in build_requires:
+ product = build_require.split("#")[0].split("/")[0]
+ version = build_require.split("#")[0].split("/")[1]
+ purl = self.generate_purl(product)
+ vendor = self.get_vendor(purl, product, version)
+ if vendor is not None:
+ yield from vendor
+ self.logger.debug(f"Done scanning file: {self.filename}")
diff --git a/cve_bin_tool/schemas/json2.json b/cve_bin_tool/schemas/json2.json
new file mode 100644
index 0000000000..e926c2e037
--- /dev/null
+++ b/cve_bin_tool/schemas/json2.json
@@ -0,0 +1,481 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "Generated schema for Root",
+ "type": "object",
+ "properties": {
+ "$schema": {
+ "type": "string"
+ },
+ "metadata": {
+ "type": "object",
+ "properties": {
+ "tool": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "name",
+ "version"
+ ]
+ },
+ "generation_date": {
+ "type": "string"
+ },
+ "parameter": {
+ "type": "object",
+ "properties": {
+ "options": {
+ "type": "object",
+ "properties": {
+ "help": {},
+ "exclude": {
+ "type": "array",
+ "items": {}
+ },
+ "version": {},
+ "disable-version-check": {
+ "type": "boolean"
+ },
+ "disable-validation-check": {
+ "type": "boolean"
+ },
+ "offline": {
+ "type": "boolean"
+ },
+ "detailed": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "help",
+ "exclude",
+ "version",
+ "disable-version-check",
+ "disable-validation-check",
+ "offline",
+ "detailed"
+ ]
+ },
+ "cve_data_download": {
+ "type": "object",
+ "properties": {
+ "nvd": {
+ "type": "string"
+ },
+ "update": {
+ "type": "string"
+ },
+ "nvd-api-key": {
+ "type": "string"
+ },
+ "disable-data-source": {
+ "type": "array",
+ "items": {}
+ },
+ "use-mirror": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "nvd",
+ "update",
+ "nvd-api-key",
+ "disable-data-source",
+ "use-mirror"
+ ]
+ },
+ "input": {
+ "type": "object",
+ "properties": {
+ "directory": {
+ "type": "string"
+ },
+ "input-file": {
+ "type": "string"
+ },
+ "triage-input-file": {
+ "type": "string"
+ },
+ "config": {
+ "type": "string"
+ },
+ "package-list": {
+ "type": "string"
+ },
+ "sbom": {
+ "type": "string"
+ },
+ "sbom-file": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "directory",
+ "input-file",
+ "triage-input-file",
+ "config",
+ "package-list",
+ "sbom",
+ "sbom-file"
+ ]
+ },
+ "output": {
+ "type": "object",
+ "properties": {
+ "quiet": {
+ "type": "boolean"
+ },
+ "log-level": {
+ "type": "string"
+ },
+ "output-file": {
+ "type": "string"
+ },
+ "html-theme": {
+ "type": "string"
+ },
+ "format": {
+ "type": "string"
+ },
+ "generate-config": {
+ "type": "string"
+ },
+ "cvss": {
+ "type": "number"
+ },
+ "severity": {
+ "type": "string"
+ },
+ "metrics": {
+ "type": "boolean"
+ },
+ "epss-percentile": {},
+ "epss-probability": {},
+ "no-0-cve-report": {
+ "type": "boolean"
+ },
+ "available-fix": {
+ "type": "string"
+ },
+ "backport-fix": {
+ "type": "string"
+ },
+ "affected-versions": {
+ "type": "number"
+ },
+ "vex": {
+ "type": "string"
+ },
+ "sbom-output": {
+ "type": "string"
+ },
+ "sbom-type": {
+ "type": "string"
+ },
+ "sbom-format": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "quiet",
+ "log-level",
+ "output-file",
+ "html-theme",
+ "format",
+ "generate-config",
+ "cvss",
+ "severity",
+ "metrics",
+ "epss-percentile",
+ "epss-probability",
+ "no-0-cve-report",
+ "available-fix",
+ "backport-fix",
+ "affected-versions",
+ "vex",
+ "sbom-output",
+ "sbom-type",
+ "sbom-format"
+ ]
+ },
+ "merge_report": {
+ "type": "object",
+ "properties": {
+ "append": {
+ "type": "boolean"
+ },
+ "tag": {
+ "type": "string"
+ },
+ "merge": {},
+ "filter": {
+ "type": "array",
+ "items": {}
+ }
+ },
+ "required": [
+ "append",
+ "tag",
+ "merge",
+ "filter"
+ ]
+ },
+ "checkers": {
+ "type": "object",
+ "properties": {
+ "skips": {
+ "type": "string"
+ },
+ "runs": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "skips",
+ "runs"
+ ]
+ },
+ "database_management": {
+ "type": "object",
+ "properties": {
+ "import-json": {
+ "type": "string"
+ },
+ "ignore-sig": {
+ "type": "boolean"
+ },
+ "log-signature-error": {
+ "type": "boolean"
+ },
+ "verify": {
+ "type": "string"
+ },
+ "export-json": {
+ "type": "string"
+ },
+ "pgp-sign": {
+ "type": "string"
+ },
+ "passphrase": {
+ "type": "string"
+ },
+ "export": {
+ "type": "string"
+ },
+ "import": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "import-json",
+ "ignore-sig",
+ "log-signature-error",
+ "verify",
+ "export-json",
+ "pgp-sign",
+ "passphrase",
+ "export",
+ "import"
+ ]
+ },
+ "exploits": {
+ "type": "object",
+ "properties": {
+ "exploits": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "exploits"
+ ]
+ },
+ "deprecated": {
+ "type": "object",
+ "properties": {
+ "extract": {
+ "type": "boolean"
+ },
+ "report": {
+ "type": "boolean"
+ }
+ },
+ "required": [
+ "extract",
+ "report"
+ ]
+ }
+ },
+ "required": [
+ "options",
+ "cve_data_download",
+ "input",
+ "output",
+ "merge_report",
+ "checkers",
+ "database_management",
+ "exploits",
+ "deprecated"
+ ]
+ }
+ },
+ "required": [
+ "tool",
+ "generation_date",
+ "parameter"
+ ]
+ },
+ "database_info": {
+ "type": "object",
+ "properties": {
+ "last_updated": {
+ "type": "string"
+ },
+ "total_entries": {
+ "type": "object",
+ "properties": {
+ "NVD": {
+ "type": "number"
+ },
+ "OSV": {
+ "type": "number"
+ },
+ "GAD": {
+ "type": "number"
+ },
+ "REDHAT": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "NVD"
+ ]
+ }
+ },
+ "required": [
+ "last_updated",
+ "total_entries"
+ ]
+ },
+ "vulnerabilities": {
+ "type": "object",
+ "properties": {
+ "summary": {
+ "type": "object",
+ "properties": {
+ "CRITICAL": {
+ "type": "number"
+ },
+ "HIGH": {
+ "type": "number"
+ },
+ "MEDIUM": {
+ "type": "number"
+ },
+ "LOW": {
+ "type": "number"
+ },
+ "UNKNOWN": {
+ "type": "number"
+ }
+ },
+ "required": [
+ "CRITICAL",
+ "HIGH",
+ "MEDIUM",
+ "LOW",
+ "UNKNOWN"
+ ]
+ },
+ "report": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "datasource": {
+ "type": "string"
+ },
+ "entries": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "vendor": {
+ "type": "string"
+ },
+ "product": {
+ "type": "string"
+ },
+ "version": {
+ "type": "string"
+ },
+ "cve_number": {
+ "type": "string"
+ },
+ "severity": {
+ "type": "string"
+ },
+ "score": {
+ "type": "string"
+ },
+ "source": {
+ "type": "string"
+ },
+ "cvss_version": {
+ "type": "string"
+ },
+ "cvss_vector": {
+ "type": "string"
+ },
+ "paths": {
+ "type": "string"
+ },
+ "remarks": {
+ "type": "string"
+ },
+ "comments": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "vendor",
+ "product",
+ "version",
+ "cve_number",
+ "severity",
+ "score",
+ "source",
+ "cvss_version",
+ "cvss_vector",
+ "paths",
+ "remarks",
+ "comments"
+ ]
+ }
+ }
+ },
+ "required": [
+ "datasource",
+ "entries"
+ ]
+ }
+ }
+ },
+ "required": [
+ "summary",
+ "report"
+ ]
+ }
+ },
+ "required": [
+ "$schema",
+ "metadata",
+ "database_info",
+ "vulnerabilities"
+ ]
+}
\ No newline at end of file
diff --git a/cve_bin_tool/version_compare.py b/cve_bin_tool/version_compare.py
index 11716ac202..b719272fc6 100644
--- a/cve_bin_tool/version_compare.py
+++ b/cve_bin_tool/version_compare.py
@@ -134,6 +134,15 @@ def version_compare(v1: str, v2: str):
if v1_array[i] in pre_release_words:
return -1
+ # special edge case for folk editing version info in excel
+ # who may lose the trailing .0 in versions like 1.0
+ try:
+ if int(v1_array[i]) == 0 and len(v1_array) == len(v2_array) + 1:
+ return 0
+
+ except ValueError:
+ return 1
+
# Otherwise, v1 has more digits than v2 and the previous ones matched,
# so it's probably later. e.g. 1.2.3 amd 1.2.q are both > 1.2
return 1
@@ -150,6 +159,15 @@ def version_compare(v1: str, v2: str):
if v2_array[len(v1_array)] in pre_release_words:
return 1
+ # special edge case for folk editing version info in excel
+ # who may lose the trailing .0 in versions like 1.0
+ try:
+ if int(v2_array[len(v1_array)]) == 0 and len(v2_array) == len(v1_array) + 1:
+ return 0
+
+ except ValueError:
+ return -1
+
return -1
return 0
diff --git a/dev-requirements.txt b/dev-requirements.txt
index d98d7977bb..7977b7cdc3 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -6,7 +6,8 @@ pre-commit; python_version <= "3.8"
pre-commit==4.0.1; python_version > "3.8"
flake8; python_version < "3.8"
flake8==7.1.1; python_version >= "3.8"
-bandit==1.7.10
+bandit==1.7.10; python_version <= "3.8"
+bandit==1.8.0; python_version > "3.8"
gitlint==v0.19.1
interrogate
mypy==v1.13.0
diff --git a/doc/MANUAL.md b/doc/MANUAL.md
index 4a7644afff..6eea193c78 100644
--- a/doc/MANUAL.md
+++ b/doc/MANUAL.md
@@ -92,6 +92,7 @@
- [Perl](#perl)
- [PHP](#php)
- [Dart](#dart)
+ - [C/C++](#cc)
- [Feedback \& Contributions](#feedback--contributions)
- [Security Issues](#security-issues)
@@ -1520,10 +1521,16 @@ Here's an example of what a [`composer.lock`](https://github.com/intel/cve-bin-t
### Dart
-The scanner examines the pubspec.lock file, made by Dart's pub tool for managing project dependencies and versions. The package names and versions are used to search the database for vulnerabilities.
+The scanner examines the `pubspec.lock` file, made by Dart's pub tool for managing project dependencies and versions. The package names and versions are used to search the database for vulnerabilities.
Here's an example of what a [`pubspec.lock`](https://github.com/intel/cve-bin-tool/blob/main/test/language_data/pubspec.lock) file might look like.
+### C/C++
+
+The scanner examines the `conan.lock` file, generated by the Conan dependency and package manager for C and C++. The package names and versions are used to search the database for vulnerabilities.
+
+Here's an example of what a [`conan.lock`](https://github.com/intel/cve-bin-tool/blob/main/test/language_data/conan.lock) file might look like.
+
## Feedback & Contributions
Bugs and feature requests can be made via [GitHub issues](https://github.com/intel/cve-bin-tool/issues).
diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 11e8b80d5a..ec697c7c36 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:9d8b3f1e-c984-4279-a86b-50bcec4fda9b",
+ "serialNumber": "urn:uuid:9156251d-e08f-4547-bd3b-7efd92c86014",
"version": 1,
"metadata": {
- "timestamp": "2024-11-11T00:37:52Z",
+ "timestamp": "2024-12-16T00:38:54Z",
"lifecycles": [
{
"phase": "build"
@@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
- "version": "0.11.3",
+ "version": "0.12.1",
"type": "application"
}
]
@@ -42,6 +42,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -65,6 +71,10 @@
],
"purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-17T18:57:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -79,8 +89,14 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.10",
+ "version": "3.11.10",
"description": "Async http client/server framework (asyncio)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -97,13 +113,49 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.10.10/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.10/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiohttp",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiohttp.org/en/stable/changes.html",
+ "type": "log"
+ },
+ {
+ "url": "https://docs.aiohttp.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.10",
+ "purl": "pkg:pypi/aiohttp@3.11.10",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-05T23:51:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -118,7 +170,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,12 +179,12 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ "alg": "SHA-256",
+ "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8"
}
],
"licenses": [
@@ -151,13 +203,33 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://aiohappyeyeballs.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
@@ -172,14 +244,8 @@
"type": "library",
"bom-ref": "4-aiosignal",
"name": "aiosignal",
- "version": "1.3.1",
+ "version": "1.3.2",
"description": "aiosignal: a list of registered asynchronous callbacks",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
- }
- ],
"licenses": [
{
"license": {
@@ -196,13 +262,41 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiosignal/1.3.1/#files",
+ "url": "https://pypi.org/project/aiosignal/1.3.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiosignal",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiosignal.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiosignal@1.3.1",
+ "purl": "pkg:pypi/aiosignal@1.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
@@ -210,10 +304,6 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-08T16:03:57.000Z"
}
]
},
@@ -223,6 +313,12 @@
"name": "frozenlist",
"version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -242,10 +338,50 @@
"url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/frozenlist",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog",
+ "type": "log"
+ },
+ {
+ "url": "https://frozenlist.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-23T09:46:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -260,7 +396,7 @@
"type": "library",
"bom-ref": "6-async-timeout",
"name": "async-timeout",
- "version": "4.0.3",
+ "version": "5.0.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -269,12 +405,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*",
"description": "Timeout context manager for asyncio programs",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a48974404c746593f78c116faceb56a0db50309e"
+ "alg": "SHA-256",
+ "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c"
}
],
"licenses": [
@@ -293,13 +429,37 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/async-timeout/4.0.3/#files",
+ "url": "https://pypi.org/project/async-timeout/5.0.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/async-timeout",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/async-timeout@4.0.3",
+ "purl": "pkg:pypi/async-timeout@5.0.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-06T16:41:37Z"
+ },
{
"name": "language",
"value": "Python"
@@ -307,10 +467,6 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2023-08-10T16:35:55.000Z"
}
]
},
@@ -331,8 +487,8 @@
"description": "Classes Without Boilerplate",
"hashes": [
{
- "alg": "SHA-1",
- "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ "alg": "SHA-256",
+ "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"
}
],
"externalReferences": [
@@ -340,10 +496,34 @@
"url": "https://pypi.org/project/attrs/24.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.attrs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://www.attrs.org/en/stable/changelog.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-attrs/attrs",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/sponsors/hynek",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi",
+ "type": "other"
}
],
"purl": "pkg:pypi/attrs@24.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T14:37:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -356,42 +536,42 @@
},
{
"type": "library",
- "bom-ref": "8-multidict",
- "name": "multidict",
- "version": "6.1.0",
+ "bom-ref": "8-importlib-metadata",
+ "name": "importlib-metadata",
+ "version": "8.0.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
- "licenses": [
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*",
+ "description": "Read metadata from Python packages",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
+ "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_metadata",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/multidict@6.1.0",
+ "purl": "pkg:pypi/importlib-metadata@8.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-25T18:38:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -404,34 +584,42 @@
},
{
"type": "library",
- "bom-ref": "9-typing-extensions",
- "name": "typing-extensions",
- "version": "4.12.2",
+ "bom-ref": "9-zipp",
+ "name": "zipp",
+ "version": "3.21.0",
"supplier": {
- "name": "Guido van Jukka ukasz Michael",
+ "name": "Jason R .",
"contact": [
{
- "email": "levkivskyi@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
- "description": "Backported and Experimental Type Hints for Python 3.8+",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
+ "description": "Backport of pathlib-compatible object wrapper for zip files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ "alg": "SHA-256",
+ "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/jaraco/zipp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/typing-extensions@4.12.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-10T15:05:19Z"
+ },
{
"name": "language",
"value": "Python"
@@ -444,42 +632,63 @@
},
{
"type": "library",
- "bom-ref": "10-yarl",
- "name": "yarl",
- "version": "1.17.1",
+ "bom-ref": "10-typing-extensions",
+ "name": "typing-extensions",
+ "version": "4.12.2",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Guido van Jukka ukasz Michael",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "levkivskyi@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
- "licenses": [
+ "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
+ "description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/yarl",
+ "url": "https://github.com/python/typing_extensions",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.17.1/#files",
+ "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://typing-extensions.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python/typing/discussions",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/yarl@1.17.1",
+ "purl": "pkg:pypi/typing-extensions@4.12.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-07T18:52:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -492,28 +701,88 @@
},
{
"type": "library",
- "bom-ref": "11-idna",
- "name": "idna",
- "version": "3.10",
+ "bom-ref": "11-multidict",
+ "name": "multidict",
+ "version": "6.1.0",
"supplier": {
- "name": "Kim Davies",
+ "name": "Andrew Svetlov",
"contact": [
{
- "email": "kim+pypi@gumleaf.org"
+ "email": "andrew.svetlov@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/idna/3.10/#files",
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/multidict/6.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/multidict",
+ "type": "other"
+ },
+ {
+ "url": "https://multidict.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://multidict.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/multidict@6.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T23:47:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -528,7 +797,7 @@
"type": "library",
"bom-ref": "12-propcache",
"name": "propcache",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -537,8 +806,14 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6"
+ }
+ ],
"licenses": [
{
"license": {
@@ -555,13 +830,203 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/propcache@0.2.0",
- "properties": [
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/propcache",
+ "type": "other"
+ },
+ {
+ "url": "https://propcache.readthedocs.io/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://propcache.readthedocs.io",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/propcache@0.2.1",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T18:27:02Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.10.15"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "13-yarl",
+ "name": "yarl",
+ "version": "1.18.3",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
+ "description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/yarl",
+ "type": "other"
+ },
+ {
+ "url": "https://yarl.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://yarl.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/yarl@1.18.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T20:32:32Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.10.15"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "14-idna",
+ "name": "idna",
+ "version": "3.10",
+ "supplier": {
+ "name": "Kim Davies",
+ "contact": [
+ {
+ "email": "kim+pypi@gumleaf.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
+ "description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/idna/3.10/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/kjd/idna/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kjd/idna",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/idna@3.10",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-15T18:07:37Z"
+ },
{
"name": "language",
"value": "Python"
@@ -574,7 +1039,7 @@
},
{
"type": "library",
- "bom-ref": "13-beautifulsoup4",
+ "bom-ref": "15-beautifulsoup4",
"name": "beautifulsoup4",
"version": "4.12.3",
"supplier": {
@@ -587,11 +1052,17 @@
},
"cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
"description": "Screen-scraping library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -606,10 +1077,18 @@
"url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/",
+ "type": "other"
}
],
"purl": "pkg:pypi/beautifulsoup4@4.12.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-01-17T16:53:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -617,16 +1096,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-01-17T16:53:12.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "14-soupsieve",
+ "bom-ref": "16-soupsieve",
"name": "soupsieve",
"version": "2.6",
"supplier": {
@@ -641,8 +1116,8 @@
"description": "A modern CSS selector implementation for Beautiful Soup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ "alg": "SHA-256",
+ "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"
}
],
"externalReferences": [
@@ -659,6 +1134,10 @@
],
"purl": "pkg:pypi/soupsieve@2.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-13T13:39:10Z"
+ },
{
"name": "language",
"value": "Python"
@@ -671,7 +1150,7 @@
},
{
"type": "library",
- "bom-ref": "15-cvss",
+ "bom-ref": "17-cvss",
"name": "cvss",
"version": "3.3",
"supplier": {
@@ -684,6 +1163,12 @@
},
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -703,10 +1188,30 @@
"url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/actions",
+ "type": "build-system"
}
],
"purl": "pkg:pypi/cvss@3.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T10:05:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -719,7 +1224,7 @@
},
{
"type": "library",
- "bom-ref": "16-defusedxml",
+ "bom-ref": "18-defusedxml",
"name": "defusedxml",
"version": "0.7.1",
"supplier": {
@@ -734,8 +1239,8 @@
"description": "XML bomb protection for Python stdlib modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ "alg": "SHA-256",
+ "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
}
],
"licenses": [
@@ -754,13 +1259,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/defusedxml/0.7.1/#files",
+ "url": "https://pypi.python.org/pypi/defusedxml",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/defusedxml@0.7.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-03-08T10:59:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -768,16 +1277,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2021-03-08T10:59:24.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "17-distro",
+ "bom-ref": "19-distro",
"name": "distro",
"version": "1.9.0",
"supplier": {
@@ -790,6 +1295,12 @@
},
"cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
"description": "Distro - an OS platform information API",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
+ }
+ ],
"licenses": [
{
"license": {
@@ -813,6 +1324,10 @@
],
"purl": "pkg:pypi/distro@1.9.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-24T09:54:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -820,16 +1335,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-24T09:54:30.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "18-filetype",
+ "bom-ref": "20-filetype",
"name": "filetype",
"version": "1.2.0",
"supplier": {
@@ -844,15 +1355,15 @@
"description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ "alg": "SHA-256",
+ "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -864,13 +1375,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/filetype/1.2.0/#files",
+ "url": "https://github.com/h2non/filetype.py/tarball/master",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/filetype@1.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-02T17:34:01Z"
+ },
{
"name": "language",
"value": "Python"
@@ -878,18 +1393,14 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-02T17:34:01.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "19-gsutil",
+ "bom-ref": "21-gsutil",
"name": "gsutil",
- "version": "5.31",
+ "version": "5.33",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -898,8 +1409,14 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856"
+ }
+ ],
"licenses": [
{
"license": {
@@ -916,13 +1433,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.31/#files",
+ "url": "https://cloud.google.com/storage/docs/gsutil_install",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.31",
+ "purl": "pkg:pypi/gsutil@5.33",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-11T09:40:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -935,9 +1456,9 @@
},
{
"type": "library",
- "bom-ref": "20-argcomplete",
+ "bom-ref": "22-argcomplete",
"name": "argcomplete",
- "version": "3.5.1",
+ "version": "3.5.2",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -946,8 +1467,14 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
+ }
+ ],
"licenses": [
{
"license": {
@@ -964,13 +1491,33 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.5.1/#files",
+ "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://kislyuk.github.io/argcomplete",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst",
+ "type": "log"
}
],
- "purl": "pkg:pypi/argcomplete@3.5.1",
+ "purl": "pkg:pypi/argcomplete@3.5.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-06T18:24:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -983,7 +1530,7 @@
},
{
"type": "library",
- "bom-ref": "21-crcmod",
+ "bom-ref": "23-crcmod",
"name": "crcmod",
"version": "1.7",
"supplier": {
@@ -996,11 +1543,17 @@
},
"cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
"description": "CRC Generator",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1012,13 +1565,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/crcmod/1.7/#files",
+ "url": "http://sourceforge.net/projects/crcmod",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/crcmod@1.7",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2010-06-27T14:35:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1031,7 +1588,7 @@
},
{
"type": "library",
- "bom-ref": "22-fasteners",
+ "bom-ref": "24-fasteners",
"name": "fasteners",
"version": "0.19",
"supplier": {
@@ -1041,8 +1598,8 @@
"description": "A python package that provides useful locks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ "alg": "SHA-256",
+ "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237"
}
],
"licenses": [
@@ -1068,6 +1625,10 @@
],
"purl": "pkg:pypi/fasteners@0.19",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-09-19T17:11:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1080,7 +1641,7 @@
},
{
"type": "library",
- "bom-ref": "23-gcs-oauth2-boto-plugin",
+ "bom-ref": "25-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
"version": "3.2",
"supplier": {
@@ -1095,8 +1656,8 @@
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+ "alg": "SHA-256",
+ "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843"
}
],
"licenses": [
@@ -1115,13 +1676,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files",
+ "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-02T14:37:31Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1129,57 +1694,57 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-02T14:37:31.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "24-boto",
- "name": "boto",
- "version": "2.49.0",
+ "bom-ref": "26-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
"supplier": {
- "name": "Mitch Garnaat",
+ "name": "Sybren A . Stuvel",
"contact": [
{
- "email": "mitch@garnaat.com"
+ "email": "sybren@stuvel.eu"
}
]
},
- "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
- "description": "Amazon Web Services Library",
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
"hashes": [
{
- "alg": "SHA-1",
- "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ "alg": "SHA-256",
+ "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/boto/boto/",
+ "url": "https://stuvel.eu/rsa",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/boto/2.49.0/#files",
+ "url": "https://pypi.org/project/rsa/4.7.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/boto@2.49.0",
+ "purl": "pkg:pypi/rsa@4.7.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-02-24T10:55:03Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1187,57 +1752,73 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2018-07-11T20:58:55.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "25-google-auth",
- "name": "google-auth",
- "version": "2.17.0",
+ "bom-ref": "27-pyasn1",
+ "name": "pyasn1",
+ "version": "0.6.1",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243"
+ "alg": "SHA-256",
+ "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/googleapis/google-auth-library-python",
+ "url": "https://github.com/pyasn1/pyasn1",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth/2.17.0/#files",
+ "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/google-auth@2.17.0",
+ "purl": "pkg:pypi/pyasn1@0.6.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:41:42Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1250,42 +1831,52 @@
},
{
"type": "library",
- "bom-ref": "26-cachetools",
- "name": "cachetools",
- "version": "5.5.0",
+ "bom-ref": "28-boto",
+ "name": "boto",
+ "version": "2.49.0",
"supplier": {
- "name": "Thomas Kemmer",
+ "name": "Mitch Garnaat",
"contact": [
{
- "email": "tkemmer@computer.org"
+ "email": "mitch@garnaat.com"
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
+ "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
+ "description": "Amazon Web Services Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/tkem/cachetools/",
+ "url": "https://github.com/boto/boto/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cachetools/5.5.0/#files",
+ "url": "https://pypi.org/project/boto/2.49.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.5.0",
+ "purl": "pkg:pypi/boto@2.49.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-07-11T20:58:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1298,42 +1889,52 @@
},
{
"type": "library",
- "bom-ref": "27-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.1",
+ "bom-ref": "29-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "googleapis-publisher@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1-modules",
+ "url": "https://github.com/Google/google-reauth-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
+ "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.4.1",
+ "purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-12-01T17:35:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1346,42 +1947,52 @@
},
{
"type": "library",
- "bom-ref": "28-pyasn1",
- "name": "pyasn1",
- "version": "0.6.1",
+ "bom-ref": "30-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google Inc .",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "pyu2f-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1",
+ "url": "https://github.com/google/pyu2f/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
+ "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.6.1",
+ "purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-10-30T20:03:07Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1394,48 +2005,52 @@
},
{
"type": "library",
- "bom-ref": "29-rsa",
- "name": "rsa",
- "version": "4.7.2",
+ "bom-ref": "31-six",
+ "name": "six",
+ "version": "1.17.0",
"supplier": {
- "name": "Sybren A . Stuvel",
+ "name": "Benjamin Peterson",
"contact": [
{
- "email": "sybren@stuvel.eu"
+ "email": "benjamin@python.org"
}
]
},
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
+ "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
+ "description": "Python 2 and 3 compatibility utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ "alg": "SHA-256",
+ "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://stuvel.eu/rsa",
+ "url": "https://github.com/benjaminp/six",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rsa/4.7.2/#files",
+ "url": "https://pypi.org/project/six/1.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2",
+ "purl": "pkg:pypi/six@1.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T17:35:26Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1443,57 +2058,57 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2021-02-24T10:55:03.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "30-six",
- "name": "six",
- "version": "1.16.0",
+ "bom-ref": "32-httplib2",
+ "name": "httplib2",
+ "version": "0.20.4",
"supplier": {
- "name": "Benjamin Peterson",
+ "name": "Joe Gregorio",
"contact": [
{
- "email": "benjamin@python.org"
+ "email": "joe@bitworking.org"
}
]
},
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
- "description": "Python 2 and 3 compatibility utilities",
+ "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
+ "description": "A comprehensive HTTP client library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "65486e4383f9f411da95937451205d3c7b61b9e1"
+ "alg": "SHA-256",
+ "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/benjaminp/six",
+ "url": "https://github.com/httplib2/httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/six/1.16.0/#files",
+ "url": "https://pypi.org/project/httplib2/0.20.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/httplib2@0.20.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-02-03T00:00:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1501,57 +2116,48 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T14:18:17.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "31-google-auth-httplib2",
- "name": "google-auth-httplib2",
- "version": "0.2.0",
+ "bom-ref": "33-pyparsing",
+ "name": "pyparsing",
+ "version": "3.2.0",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Paul McGuire",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "ptmcg.gm+pyparsing@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library: httplib2 transport",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
+ "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"hashes": [
{
- "alg": "SHA-1",
- "content": "932ac88800dd6de004c1bd59867831ccf033f031"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84"
}
],
"externalReferences": [
{
- "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
+ "url": "https://github.com/pyparsing/pyparsing/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
+ "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
+ "purl": "pkg:pypi/pyparsing@3.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-13T10:01:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1559,57 +2165,57 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-12T17:40:13.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "32-httplib2",
- "name": "httplib2",
- "version": "0.20.4",
+ "bom-ref": "34-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
"supplier": {
- "name": "Joe Gregorio",
+ "name": "Google Inc .",
"contact": [
{
- "email": "joe@bitworking.org"
+ "email": "jonwayne+oauth2client@google.com"
}
]
},
- "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
- "description": "A comprehensive HTTP client library.",
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ "alg": "SHA-256",
+ "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/httplib2/httplib2",
+ "url": "http://github.com/google/oauth2client/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/httplib2/0.20.4/#files",
+ "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/httplib2@0.20.4",
+ "purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-09-07T21:38:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1622,33 +2228,64 @@
},
{
"type": "library",
- "bom-ref": "33-pyparsing",
- "name": "pyparsing",
- "version": "3.2.0",
+ "bom-ref": "35-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.4.1",
"supplier": {
- "name": "Paul McGuire",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "ptmcg.gm+pyparsing@gmail.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://github.com/pyparsing/pyparsing/",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
+ "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt",
+ "type": "log"
}
],
- "purl": "pkg:pypi/pyparsing@3.2.0",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:42:08Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1661,23 +2298,23 @@
},
{
"type": "library",
- "bom-ref": "34-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
+ "bom-ref": "36-pyopenssl",
+ "name": "pyopenssl",
+ "version": "24.2.1",
"supplier": {
- "name": "Google",
+ "name": "The pyOpenSSL developers",
"contact": [
{
- "email": "googleapis-publisher@google.com"
+ "email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "description": "Python wrapper module around the OpenSSL library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ "alg": "SHA-256",
+ "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d"
}
],
"licenses": [
@@ -1691,18 +2328,26 @@
],
"externalReferences": [
{
- "url": "https://github.com/Google/google-reauth-python",
+ "url": "https://pyopenssl.org/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyca/pyopenssl",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1",
+ "purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-20T17:26:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1710,57 +2355,69 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2020-12-01T17:35:45.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "35-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
+ "bom-ref": "37-cryptography",
+ "name": "cryptography",
+ "version": "43.0.3",
"supplier": {
- "name": "Google Inc .",
+ "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
{
- "email": "pyu2f-team@google.com"
+ "email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ "alg": "SHA-256",
+ "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"
}
],
"licenses": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "expression": "Apache-2.0 OR BSD-3-Clause"
}
],
"externalReferences": [
{
- "url": "https://github.com/google/pyu2f/",
+ "url": "https://github.com/pyca/cryptography",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
+ "url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://cryptography.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cryptography.io/en/latest/changelog/",
+ "type": "log"
}
],
- "purl": "pkg:pypi/pyu2f@0.1.5",
+ "purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:57:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1768,57 +2425,81 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2020-10-30T20:03:07.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "36-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
+ "bom-ref": "38-cffi",
+ "name": "cffi",
+ "version": "1.17.1",
"supplier": {
- "name": "Google Inc .",
+ "name": "Armin Maciej Fijalkowski",
"contact": [
{
- "email": "jonwayne+oauth2client@google.com"
+ "email": "python-cffi@googlegroups.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
+ "description": "Foreign Function Interface for Python calling C code.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
+ "alg": "SHA-256",
+ "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://github.com/google/oauth2client/",
+ "url": "http://cffi.readthedocs.org",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
+ "url": "https://pypi.org/project/cffi/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "http://cffi.readthedocs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/python-cffi",
+ "type": "other"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3",
+ "purl": "pkg:pypi/cffi@1.17.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-04T20:43:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1826,51 +2507,57 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2018-09-07T21:38:16.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "37-pyopenssl",
- "name": "pyopenssl",
- "version": "24.2.1",
+ "bom-ref": "39-pycparser",
+ "name": "pycparser",
+ "version": "2.22",
"supplier": {
- "name": "The pyOpenSSL developers",
+ "name": "Eli Bendersky",
"contact": [
{
- "email": "cryptography-dev@python.org"
+ "email": "eliben@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
- "description": "Python wrapper module around the OpenSSL library",
+ "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
+ "description": "C parser in Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pyopenssl.org/",
+ "url": "https://github.com/eliben/pycparser",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pycparser/2.22/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pycparser@2.22",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-03-30T13:22:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1883,38 +2570,52 @@
},
{
"type": "library",
- "bom-ref": "38-cryptography",
- "name": "cryptography",
- "version": "43.0.3",
+ "bom-ref": "40-retry-decorator",
+ "name": "retry-decorator",
+ "version": "1.1.1",
"supplier": {
- "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
+ "name": "Patrick Ng",
"contact": [
{
- "email": "cryptography-dev@python.org"
+ "email": "pn.appdev@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
- "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
+ "description": "Retry Decorator",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe"
+ }
+ ],
"licenses": [
{
- "expression": "Apache-2.0 OR BSD-3-Clause"
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://github.com/pyca/cryptography",
+ "url": "https://github.com/pnpnpn/retry-decorator",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/retry-decorator@1.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-03-10T23:56:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1927,42 +2628,52 @@
},
{
"type": "library",
- "bom-ref": "39-cffi",
- "name": "cffi",
- "version": "1.17.1",
+ "bom-ref": "41-google-auth",
+ "name": "google-auth",
+ "version": "2.17.0",
"supplier": {
- "name": "Armin Maciej Fijalkowski",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "python-cffi@googlegroups.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
- "description": "Foreign Function Interface for Python calling C code.",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://cffi.readthedocs.org",
+ "url": "https://github.com/googleapis/google-auth-library-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cffi/1.17.1/#files",
+ "url": "https://pypi.org/project/google-auth/2.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cffi@1.17.1",
+ "purl": "pkg:pypi/google-auth@2.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-03-28T19:51:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1975,48 +2686,52 @@
},
{
"type": "library",
- "bom-ref": "40-pycparser",
- "name": "pycparser",
- "version": "2.22",
+ "bom-ref": "42-cachetools",
+ "name": "cachetools",
+ "version": "5.5.0",
"supplier": {
- "name": "Eli Bendersky",
+ "name": "Thomas Kemmer",
"contact": [
{
- "email": "eliben@gmail.com"
+ "email": "tkemmer@computer.org"
}
]
},
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
- "description": "C parser in Python",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
"hashes": [
{
- "alg": "SHA-1",
- "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+ "alg": "SHA-256",
+ "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
}
],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/eliben/pycparser",
+ "url": "https://github.com/tkem/cachetools/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pycparser/2.22/#files",
+ "url": "https://pypi.org/project/cachetools/5.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pycparser@2.22",
+ "purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-18T20:28:43Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2024,57 +2739,57 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-03-30T13:22:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "41-retry-decorator",
- "name": "retry-decorator",
- "version": "1.1.1",
+ "bom-ref": "43-google-auth-httplib2",
+ "name": "google-auth-httplib2",
+ "version": "0.2.0",
"supplier": {
- "name": "Patrick Ng",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "pn.appdev@gmail.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
- "description": "Retry Decorator",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ "alg": "SHA-256",
+ "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pnpnpn/retry-decorator",
+ "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/retry-decorator@1.1.1",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-12T17:40:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2082,16 +2797,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2020-03-10T23:56:29.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "42-google-apitools",
+ "bom-ref": "44-google-apitools",
"name": "google-apitools",
"version": "0.5.32",
"supplier": {
@@ -2106,8 +2817,8 @@
"description": "client libraries for humans",
"hashes": [
{
- "alg": "SHA-1",
- "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ "alg": "SHA-256",
+ "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
}
],
"licenses": [
@@ -2133,6 +2844,10 @@
],
"purl": "pkg:pypi/google-apitools@0.5.32",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-05-05T22:12:58Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2140,16 +2855,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T22:12:58.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "43-monotonic",
+ "bom-ref": "45-monotonic",
"name": "monotonic",
"version": "1.6",
"supplier": {
@@ -2164,8 +2875,8 @@
"description": "An implementation of time.monotonic() for Python 2 & < 3.3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ "alg": "SHA-256",
+ "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c"
}
],
"licenses": [
@@ -2191,6 +2902,10 @@
],
"purl": "pkg:pypi/monotonic@1.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-04-09T21:58:05Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2198,23 +2913,19 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2021-04-09T21:58:05.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "44-jinja2",
+ "bom-ref": "46-jinja2",
"name": "jinja2",
"version": "3.1.4",
"description": "A very fast and expressive template engine.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+ "alg": "SHA-256",
+ "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
}
],
"externalReferences": [
@@ -2222,10 +2933,34 @@
"url": "https://pypi.org/project/jinja2/3.1.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/pallets/jinja/",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jinja2@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-05T23:41:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2233,23 +2968,19 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-05T23:41:59.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "45-markupsafe",
+ "bom-ref": "47-markupsafe",
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ "alg": "SHA-256",
+ "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"
}
],
"externalReferences": [
@@ -2257,10 +2988,34 @@
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
}
],
"purl": "pkg:pypi/markupsafe@3.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:20:51Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2273,7 +3028,7 @@
},
{
"type": "library",
- "bom-ref": "46-jsonschema",
+ "bom-ref": "48-jsonschema",
"name": "jsonschema",
"version": "4.23.0",
"supplier": {
@@ -2286,11 +3041,17 @@
},
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2305,10 +3066,38 @@
"url": "https://pypi.org/project/jsonschema/4.23.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://python-jsonschema.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema@4.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-08T18:40:00Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2321,7 +3110,7 @@
},
{
"type": "library",
- "bom-ref": "47-jsonschema-specifications",
+ "bom-ref": "49-jsonschema-specifications",
"name": "jsonschema-specifications",
"version": "2024.10.1",
"supplier": {
@@ -2336,8 +3125,8 @@
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
- "alg": "SHA-1",
- "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549"
+ "alg": "SHA-256",
+ "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"
}
],
"externalReferences": [
@@ -2350,10 +3139,34 @@
"url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jsonschema-specifications.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema-specifications@2024.10.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-08T12:29:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2366,7 +3179,7 @@
},
{
"type": "library",
- "bom-ref": "48-referencing",
+ "bom-ref": "50-referencing",
"name": "referencing",
"version": "0.35.1",
"supplier": {
@@ -2381,8 +3194,8 @@
"description": "JSON Referencing + Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ "alg": "SHA-256",
+ "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
}
],
"externalReferences": [
@@ -2395,10 +3208,38 @@
"url": "https://pypi.org/project/referencing/0.35.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/en/stable/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/referencing@0.35.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-01T20:26:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2406,18 +3247,14 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-01T20:26:02.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "49-rpds-py",
+ "bom-ref": "51-rpds-py",
"name": "rpds-py",
- "version": "0.21.0",
+ "version": "0.22.3",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2426,8 +3263,14 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2435,13 +3278,41 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.22.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rpds.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/orium/rpds",
+ "type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.21.0",
+ "purl": "pkg:pypi/rpds-py@0.22.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T15:31:31Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2454,9 +3325,9 @@
},
{
"type": "library",
- "bom-ref": "50-lib4sbom",
+ "bom-ref": "52-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.5",
+ "version": "0.8.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2465,8 +3336,14 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2483,13 +3360,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.7.5/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.5",
+ "purl": "pkg:pypi/lib4sbom@0.8.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-09T20:13:26Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2502,7 +3383,7 @@
},
{
"type": "library",
- "bom-ref": "51-pyyaml",
+ "bom-ref": "53-pyyaml",
"name": "pyyaml",
"version": "6.0.2",
"supplier": {
@@ -2515,11 +3396,17 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2531,13 +3418,37 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyyaml/6.0.2/#files",
+ "url": "https://pypi.org/project/PyYAML/",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://pyyaml.org/wiki/PyYAMLDocumentation",
+ "type": "documentation"
+ },
+ {
+ "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core",
+ "type": "mailing-list"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyyaml@6.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T20:31:40Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2550,7 +3461,7 @@
},
{
"type": "library",
- "bom-ref": "52-semantic-version",
+ "bom-ref": "54-semantic-version",
"name": "semantic-version",
"version": "2.10.0",
"supplier": {
@@ -2565,8 +3476,8 @@
"description": "A library implementing the 'SemVer' scheme.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ "alg": "SHA-256",
+ "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177"
}
],
"licenses": [
@@ -2592,6 +3503,10 @@
],
"purl": "pkg:pypi/semantic-version@2.10.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-05-26T13:35:21Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2599,16 +3514,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2022-05-26T13:35:21.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "53-lib4vex",
+ "bom-ref": "55-lib4vex",
"name": "lib4vex",
"version": "0.2.0",
"supplier": {
@@ -2623,8 +3534,8 @@
"description": "VEX generator and consumer library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ "alg": "SHA-256",
+ "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
}
],
"licenses": [
@@ -2650,6 +3561,10 @@
],
"purl": "pkg:pypi/lib4vex@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-29T20:36:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2662,7 +3577,7 @@
},
{
"type": "library",
- "bom-ref": "54-csaf-tool",
+ "bom-ref": "56-csaf-tool",
"name": "csaf-tool",
"version": "0.3.2",
"supplier": {
@@ -2677,15 +3592,15 @@
"description": "CSAF generator and analyser",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4"
+ "alg": "SHA-256",
+ "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2704,6 +3619,10 @@
],
"purl": "pkg:pypi/csaf-tool@0.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-12T20:10:06Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2716,7 +3635,7 @@
},
{
"type": "library",
- "bom-ref": "55-packageurl-python",
+ "bom-ref": "57-packageurl-python",
"name": "packageurl-python",
"version": "0.16.0",
"supplier": {
@@ -2724,11 +3643,17 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2747,6 +3672,10 @@
],
"purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-22T05:51:23Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2759,7 +3688,7 @@
},
{
"type": "library",
- "bom-ref": "56-rich",
+ "bom-ref": "58-rich",
"name": "rich",
"version": "13.9.4",
"supplier": {
@@ -2774,15 +3703,15 @@
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
- "alg": "SHA-1",
- "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ "alg": "SHA-256",
+ "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2797,10 +3726,18 @@
"url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rich.readthedocs.io/en/latest/",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/rich@13.9.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T16:43:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2813,7 +3750,7 @@
},
{
"type": "library",
- "bom-ref": "57-markdown-it-py",
+ "bom-ref": "59-markdown-it-py",
"name": "markdown-it-py",
"version": "3.0.0",
"supplier": {
@@ -2828,8 +3765,8 @@
"description": "Python port of markdown-it. Markdown parsing, done right!",
"hashes": [
{
- "alg": "SHA-1",
- "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ "alg": "SHA-256",
+ "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"
}
],
"externalReferences": [
@@ -2842,10 +3779,18 @@
"url": "https://pypi.org/project/markdown-it-py/3.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://markdown-it-py.readthedocs.io",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/markdown-it-py@3.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-06-03T06:41:11Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2853,16 +3798,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2023-06-03T06:41:11.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "58-mdurl",
+ "bom-ref": "60-mdurl",
"name": "mdurl",
"version": "0.1.2",
"supplier": {
@@ -2877,8 +3818,8 @@
"description": "Markdown URL utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ "alg": "SHA-256",
+ "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"
}
],
"externalReferences": [
@@ -2895,6 +3836,10 @@
],
"purl": "pkg:pypi/mdurl@0.1.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-08-14T12:40:09Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2902,16 +3847,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2022-08-14T12:40:09.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "59-pygments",
+ "bom-ref": "61-pygments",
"name": "pygments",
"version": "2.18.0",
"supplier": {
@@ -2926,8 +3867,8 @@
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ "alg": "SHA-256",
+ "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
}
],
"licenses": [
@@ -2949,10 +3890,30 @@
"url": "https://pypi.org/project/pygments/2.18.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pygments.org/docs",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pygments/pygments",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/blob/master/CHANGES",
+ "type": "log"
}
],
"purl": "pkg:pypi/pygments@2.18.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-04T13:41:57Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2960,16 +3921,82 @@
{
"name": "python_version",
"value": "3.10.15"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "62-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.3",
+ "supplier": {
+ "name": "Vinay Sajip",
+ "contact": [
+ {
+ "email": "vinay_sajip@yahoo.co.uk"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://gnupg.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "vcs"
},
{
- "name": "package_release_date",
- "value": "2024-05-04T13:41:57.000Z"
+ "url": "https://github.com/vsajip/python-gnupg/issues",
+ "type": "issue-tracker"
+ }
+ ],
+ "purl": "pkg:pypi/python-gnupg@0.5.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-20T16:43:47Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.10.15"
}
]
},
{
"type": "library",
- "bom-ref": "60-packaging",
+ "bom-ref": "63-packaging",
"name": "packaging",
"version": "24.2",
"supplier": {
@@ -2982,15 +4009,33 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://packaging.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pypa/packaging",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/packaging@24.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-08T09:47:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3003,7 +4048,7 @@
},
{
"type": "library",
- "bom-ref": "61-plotly",
+ "bom-ref": "64-plotly",
"name": "plotly",
"version": "5.24.1",
"supplier": {
@@ -3016,11 +4061,17 @@
},
"cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3035,10 +4086,26 @@
"url": "https://pypi.org/project/plotly/5.24.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://plotly.com/python/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
+ "type": "log"
}
],
"purl": "pkg:pypi/plotly@5.24.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T15:36:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3051,7 +4118,7 @@
},
{
"type": "library",
- "bom-ref": "62-tenacity",
+ "bom-ref": "65-tenacity",
"name": "tenacity",
"version": "9.0.0",
"supplier": {
@@ -3066,8 +4133,8 @@
"description": "Retry code until it succeeds",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+ "alg": "SHA-256",
+ "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
}
],
"licenses": [
@@ -3094,53 +4161,9 @@
"purl": "pkg:pypi/tenacity@9.0.0",
"properties": [
{
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.10.15"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "63-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.3",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "website",
- "comment": "Home page for project"
+ "name": "release_date",
+ "value": "2024-07-29T12:12:25Z"
},
- {
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
- "properties": [
{
"name": "language",
"value": "Python"
@@ -3153,7 +4176,7 @@
},
{
"type": "library",
- "bom-ref": "64-requests",
+ "bom-ref": "66-requests",
"name": "requests",
"version": "2.32.3",
"supplier": {
@@ -3168,8 +4191,8 @@
"description": "Python HTTP for Humans.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "0e322af87745eff34caffe4df68456ebc20d9068"
+ "alg": "SHA-256",
+ "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
}
],
"licenses": [
@@ -3191,10 +4214,22 @@
"url": "https://pypi.org/project/requests/2.32.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://requests.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/psf/requests",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/requests@2.32.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-29T15:37:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3207,42 +4242,60 @@
},
{
"type": "library",
- "bom-ref": "65-certifi",
- "name": "certifi",
- "version": "2024.8.30",
+ "bom-ref": "67-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.4.0",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Ahmed TAHRI",
"contact": [
{
- "email": "me@kennethreitz.com"
+ "email": "tahri.ahmed@proton.me"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/certifi/python-certifi",
+ "url": "https://github.com/Ousret/charset_normalizer",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2024.8.30/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/Ousret/charset_normalizer/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://charset-normalizer.readthedocs.io/en/latest",
+ "type": "documentation"
}
],
- "purl": "pkg:pypi/certifi@2024.8.30",
+ "purl": "pkg:pypi/charset-normalizer@3.4.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-09T07:38:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3255,42 +4308,54 @@
},
{
"type": "library",
- "bom-ref": "66-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.4.0",
+ "bom-ref": "68-urllib3",
+ "name": "urllib3",
+ "version": "2.2.3",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Andrey Petrov",
"contact": [
{
- "email": "tahri.ahmed@proton.me"
+ "email": "andrey.petrov@shazow.net"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
}
],
"externalReferences": [
{
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+ "url": "https://pypi.org/project/urllib3/2.2.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://urllib3.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
+ "purl": "pkg:pypi/urllib3@2.2.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T10:52:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3303,28 +4368,56 @@
},
{
"type": "library",
- "bom-ref": "67-urllib3",
- "name": "urllib3",
- "version": "2.2.3",
+ "bom-ref": "69-certifi",
+ "name": "certifi",
+ "version": "2024.12.14",
"supplier": {
- "name": "Andrey Petrov",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "andrey.petrov@shazow.net"
+ "email": "me@kennethreitz.com"
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/certifi/2024.12.14/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/urllib3@2.2.3",
+ "purl": "pkg:pypi/certifi@2024.12.14",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-14T13:52:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3337,7 +4430,7 @@
},
{
"type": "library",
- "bom-ref": "68-rpmfile",
+ "bom-ref": "70-rpmfile",
"name": "rpmfile",
"version": "2.1.0",
"supplier": {
@@ -3352,15 +4445,15 @@
"description": "Read rpm archive files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5"
+ "alg": "SHA-256",
+ "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3379,6 +4472,10 @@
],
"purl": "pkg:pypi/rpmfile@2.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-24T21:57:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3391,9 +4488,9 @@
},
{
"type": "library",
- "bom-ref": "69-setuptools",
+ "bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "75.3.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3402,17 +4499,39 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.3.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pypa/setuptools",
+ "type": "vcs"
+ },
+ {
+ "url": "https://setuptools.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://setuptools.pypa.io/en/stable/history.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/setuptools@75.3.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-20T18:16:10Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3425,7 +4544,7 @@
},
{
"type": "library",
- "bom-ref": "70-toml",
+ "bom-ref": "72-toml",
"name": "toml",
"version": "0.10.2",
"supplier": {
@@ -3440,15 +4559,15 @@
"description": "Python Library for Tom's Obvious, Minimal Language",
"hashes": [
{
- "alg": "SHA-1",
- "content": "3f637dba5f68db63d4b30967fedda51c82459471"
+ "alg": "SHA-256",
+ "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3467,6 +4586,10 @@
],
"purl": "pkg:pypi/toml@0.10.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-11-01T01:40:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3474,16 +4597,12 @@
{
"name": "python_version",
"value": "3.10.15"
- },
- {
- "name": "package_release_date",
- "value": "2020-11-01T01:40:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "71-xmlschema",
+ "bom-ref": "73-xmlschema",
"name": "xmlschema",
"version": "3.4.3",
"supplier": {
@@ -3496,11 +4615,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3519,6 +4644,10 @@
],
"purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T09:47:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3531,7 +4660,7 @@
},
{
"type": "library",
- "bom-ref": "72-elementpath",
+ "bom-ref": "74-elementpath",
"name": "elementpath",
"version": "4.6.0",
"supplier": {
@@ -3544,11 +4673,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3568,39 +4703,9 @@
"purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
- "name": "language",
- "value": "Python"
+ "name": "release_date",
+ "value": "2024-10-27T21:52:58Z"
},
- {
- "name": "python_version",
- "value": "3.10.15"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "73-zipp",
- "name": "zipp",
- "version": "3.21.0",
- "supplier": {
- "name": "Jason R .",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/zipp/3.21.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/zipp@3.21.0",
- "properties": [
{
"name": "language",
"value": "Python"
@@ -3613,7 +4718,7 @@
},
{
"type": "library",
- "bom-ref": "74-zstandard",
+ "bom-ref": "75-zstandard",
"name": "zstandard",
"version": "0.23.0",
"supplier": {
@@ -3626,6 +4731,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -3649,6 +4760,10 @@
],
"purl": "pkg:pypi/zstandard@0.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-15T00:13:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3671,30 +4786,31 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "13-beautifulsoup4",
- "15-cvss",
- "16-defusedxml",
- "17-distro",
- "18-filetype",
- "19-gsutil",
- "44-jinja2",
- "46-jsonschema",
- "50-lib4sbom",
- "53-lib4vex",
- "55-packageurl-python",
- "60-packaging",
- "61-plotly",
- "63-python-gnupg",
- "51-pyyaml",
- "64-requests",
- "56-rich",
- "68-rpmfile",
- "69-setuptools",
- "70-toml",
- "67-urllib3",
- "71-xmlschema",
- "73-zipp",
- "74-zstandard"
+ "15-beautifulsoup4",
+ "17-cvss",
+ "18-defusedxml",
+ "19-distro",
+ "20-filetype",
+ "21-gsutil",
+ "8-importlib-metadata",
+ "46-jinja2",
+ "48-jsonschema",
+ "52-lib4sbom",
+ "55-lib4vex",
+ "62-python-gnupg",
+ "57-packageurl-python",
+ "63-packaging",
+ "64-plotly",
+ "53-pyyaml",
+ "66-requests",
+ "58-rich",
+ "70-rpmfile",
+ "71-setuptools",
+ "72-toml",
+ "68-urllib3",
+ "73-xmlschema",
+ "75-zstandard",
+ "9-zipp"
]
},
{
@@ -3705,8 +4821,9 @@
"6-async-timeout",
"7-attrs",
"5-frozenlist",
- "8-multidict",
- "10-yarl"
+ "11-multidict",
+ "12-propcache",
+ "13-yarl"
]
},
{
@@ -3716,84 +4833,87 @@
]
},
{
- "ref": "8-multidict",
+ "ref": "7-attrs",
"dependsOn": [
- "9-typing-extensions"
+ "8-importlib-metadata"
]
},
{
- "ref": "10-yarl",
+ "ref": "8-importlib-metadata",
"dependsOn": [
- "11-idna",
- "8-multidict",
- "12-propcache"
+ "9-zipp",
+ "10-typing-extensions"
]
},
{
- "ref": "13-beautifulsoup4",
+ "ref": "11-multidict",
"dependsOn": [
- "14-soupsieve"
+ "10-typing-extensions"
]
},
{
- "ref": "19-gsutil",
+ "ref": "13-yarl",
"dependsOn": [
- "20-argcomplete",
- "21-crcmod",
- "22-fasteners",
- "23-gcs-oauth2-boto-plugin",
- "42-google-apitools",
- "25-google-auth",
- "31-google-auth-httplib2",
- "34-google-reauth",
- "32-httplib2",
- "43-monotonic",
- "37-pyopenssl",
- "41-retry-decorator",
- "30-six"
+ "14-idna",
+ "11-multidict",
+ "12-propcache"
+ ]
+ },
+ {
+ "ref": "15-beautifulsoup4",
+ "dependsOn": [
+ "16-soupsieve"
]
},
{
- "ref": "23-gcs-oauth2-boto-plugin",
+ "ref": "21-gsutil",
"dependsOn": [
- "24-boto",
- "25-google-auth",
- "31-google-auth-httplib2",
- "34-google-reauth",
+ "22-argcomplete",
+ "23-crcmod",
+ "24-fasteners",
+ "25-gcs-oauth2-boto-plugin",
+ "44-google-apitools",
"32-httplib2",
- "36-oauth2client",
- "37-pyopenssl",
- "41-retry-decorator",
- "29-rsa",
- "30-six"
+ "29-google-reauth",
+ "45-monotonic",
+ "36-pyopenssl",
+ "40-retry-decorator",
+ "31-six",
+ "41-google-auth",
+ "43-google-auth-httplib2"
]
},
{
- "ref": "25-google-auth",
+ "ref": "25-gcs-oauth2-boto-plugin",
"dependsOn": [
- "26-cachetools",
- "27-pyasn1-modules",
- "29-rsa",
- "30-six"
+ "26-rsa",
+ "28-boto",
+ "29-google-reauth",
+ "32-httplib2",
+ "34-oauth2client",
+ "36-pyopenssl",
+ "40-retry-decorator",
+ "31-six",
+ "41-google-auth",
+ "43-google-auth-httplib2"
]
},
{
- "ref": "27-pyasn1-modules",
+ "ref": "26-rsa",
"dependsOn": [
- "28-pyasn1"
+ "27-pyasn1"
]
},
{
- "ref": "29-rsa",
+ "ref": "29-google-reauth",
"dependsOn": [
- "28-pyasn1"
+ "30-pyu2f"
]
},
{
- "ref": "31-google-auth-httplib2",
+ "ref": "30-pyu2f",
"dependsOn": [
- "25-google-auth",
- "32-httplib2"
+ "31-six"
]
},
{
@@ -3803,139 +4923,155 @@
]
},
{
- "ref": "34-google-reauth",
+ "ref": "34-oauth2client",
"dependsOn": [
- "35-pyu2f"
+ "32-httplib2",
+ "27-pyasn1",
+ "35-pyasn1-modules",
+ "26-rsa",
+ "31-six"
]
},
{
- "ref": "35-pyu2f",
+ "ref": "35-pyasn1-modules",
"dependsOn": [
- "30-six"
+ "27-pyasn1"
]
},
{
- "ref": "36-oauth2client",
+ "ref": "36-pyopenssl",
"dependsOn": [
- "32-httplib2",
- "28-pyasn1",
- "27-pyasn1-modules",
- "29-rsa",
- "30-six"
+ "37-cryptography"
+ ]
+ },
+ {
+ "ref": "37-cryptography",
+ "dependsOn": [
+ "38-cffi"
]
},
{
- "ref": "37-pyopenssl",
+ "ref": "38-cffi",
"dependsOn": [
- "38-cryptography"
+ "39-pycparser"
]
},
{
- "ref": "38-cryptography",
+ "ref": "41-google-auth",
"dependsOn": [
- "39-cffi"
+ "42-cachetools",
+ "35-pyasn1-modules",
+ "31-six",
+ "26-rsa"
]
},
{
- "ref": "39-cffi",
+ "ref": "43-google-auth-httplib2",
"dependsOn": [
- "40-pycparser"
+ "41-google-auth",
+ "32-httplib2"
]
},
{
- "ref": "42-google-apitools",
+ "ref": "44-google-apitools",
"dependsOn": [
- "22-fasteners",
"32-httplib2",
- "36-oauth2client",
- "30-six"
+ "24-fasteners",
+ "34-oauth2client",
+ "31-six"
]
},
{
- "ref": "44-jinja2",
+ "ref": "46-jinja2",
"dependsOn": [
- "45-markupsafe"
+ "47-markupsafe"
]
},
{
- "ref": "46-jsonschema",
+ "ref": "48-jsonschema",
"dependsOn": [
"7-attrs",
- "47-jsonschema-specifications",
- "48-referencing",
- "49-rpds-py"
+ "49-jsonschema-specifications",
+ "50-referencing",
+ "51-rpds-py"
]
},
{
- "ref": "47-jsonschema-specifications",
+ "ref": "49-jsonschema-specifications",
"dependsOn": [
- "48-referencing"
+ "50-referencing"
]
},
{
- "ref": "48-referencing",
+ "ref": "50-referencing",
"dependsOn": [
"7-attrs",
- "49-rpds-py"
+ "51-rpds-py"
+ ]
+ },
+ {
+ "ref": "52-lib4sbom",
+ "dependsOn": [
+ "53-pyyaml",
+ "54-semantic-version",
+ "18-defusedxml"
]
},
{
- "ref": "50-lib4sbom",
+ "ref": "55-lib4vex",
"dependsOn": [
- "16-defusedxml",
- "51-pyyaml",
- "52-semantic-version"
+ "52-lib4sbom",
+ "56-csaf-tool",
+ "57-packageurl-python"
]
},
{
- "ref": "53-lib4vex",
+ "ref": "56-csaf-tool",
"dependsOn": [
- "54-csaf-tool",
- "50-lib4sbom",
- "55-packageurl-python"
+ "57-packageurl-python",
+ "58-rich"
]
},
{
- "ref": "54-csaf-tool",
+ "ref": "58-rich",
"dependsOn": [
- "55-packageurl-python",
- "56-rich"
+ "59-markdown-it-py",
+ "61-pygments",
+ "10-typing-extensions"
]
},
{
- "ref": "56-rich",
+ "ref": "59-markdown-it-py",
"dependsOn": [
- "57-markdown-it-py",
- "59-pygments",
- "9-typing-extensions"
+ "60-mdurl"
]
},
{
- "ref": "57-markdown-it-py",
+ "ref": "64-plotly",
"dependsOn": [
- "58-mdurl"
+ "65-tenacity",
+ "63-packaging"
]
},
{
- "ref": "61-plotly",
+ "ref": "66-requests",
"dependsOn": [
- "60-packaging",
- "62-tenacity"
+ "67-charset-normalizer",
+ "14-idna",
+ "68-urllib3",
+ "69-certifi"
]
},
{
- "ref": "64-requests",
+ "ref": "73-xmlschema",
"dependsOn": [
- "65-certifi",
- "66-charset-normalizer",
- "11-idna",
- "67-urllib3"
+ "74-elementpath"
]
},
{
- "ref": "71-xmlschema",
+ "ref": "75-zstandard",
"dependsOn": [
- "72-elementpath"
+ "38-cffi"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index 3450e18661..b2777fea05 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fbb1f496-d598-4256-ad86-451dd81c5ec2
-LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-11T00:37:01Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-261079ca-b6a6-4bd6-8da8-337df97f2e0f
+LicenseListVersion: 3.25
+Creator: Tool: sbom4python-0.12.1
+Created: 2024-12-16T00:38:46Z
CreatorComment: This document has been automatically generated.
#####
@@ -17,62 +17,84 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/intel/cve-bin-tool
+PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
+ReleaseDate: 2024-09-17T18:57:44Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.10
+PackageVersion: 3.11.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10
+ReleaseDate: 2024-12-05T23:51:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp
+ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
+ExternalRef: OTHER other https://docs.aiohttp.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
+PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues
+ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
SPDXID: SPDXRef-4-aiosignal
-PackageVersion: 1.3.1
+PackageVersion: 1.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files
+PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: aiosignal: a list of registered asynchronous callbacks
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
+ExternalRef: OTHER other https://docs.aiosignal.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2
#####
PackageName: frozenlist
@@ -83,30 +105,47 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+ReleaseDate: 2024-10-23T09:46:20Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist
+ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog
+ExternalRef: OTHER other https://frozenlist.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
PackageName: async-timeout
SPDXID: SPDXRef-6-async-timeout
-PackageVersion: 4.0.3
+PackageVersion: 5.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/async-timeout
-PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e
+PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-06T16:41:37Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*
#####
PackageName: attrs
@@ -116,418 +155,509 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
+PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
+ReleaseDate: 2024-08-06T14:37:36Z
+ExternalRef: OTHER documentation https://www.attrs.org/
+ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
+ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
+ExternalRef: OTHER other https://github.com/sponsors/hynek
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
#####
+PackageName: importlib-metadata
+SPDXID: SPDXRef-8-importlib-metadata
+PackageVersion: 8.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read metadata from Python packages
+ReleaseDate: 2024-06-25T18:38:02Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zipp
+SPDXID: SPDXRef-9-zipp
+PackageVersion: 3.21.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backport of pathlib-compatible object wrapper for zip files
+ReleaseDate: 2024-11-10T15:05:19Z
+ExternalRef: OTHER vcs https://github.com/jaraco/zipp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
+#####
+
+PackageName: typing-extensions
+SPDXID: SPDXRef-10-typing-extensions
+PackageVersion: 4.12.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/python/typing_extensions
+PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ReleaseDate: 2024-06-07T18:52:13Z
+ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues
+ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
+ExternalRef: OTHER other https://github.com/python/typing/discussions
+ExternalRef: OTHER vcs https://github.com/python/typing_extensions
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+#####
+
PackageName: multidict
-SPDXID: SPDXRef-8-multidict
+SPDXID: SPDXRef-11-multidict
PackageVersion: 6.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: multidict implementation
+ReleaseDate: 2024-09-09T23:47:18Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
+ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://multidict.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
#####
-PackageName: typing-extensions
-SPDXID: SPDXRef-9-typing-extensions
-PackageVersion: 4.12.2
+PackageName: propcache
+SPDXID: SPDXRef-12-propcache
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
+PackageHomePage: https://github.com/aio-libs/propcache
+PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6
+PackageLicenseDeclared: Apache-2.0
+PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
-PackageSummary: Backported and Experimental Type Hints for Python 3.8+
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+PackageSummary: Accelerated property cache
+ReleaseDate: 2024-12-01T18:27:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache
+ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
+ExternalRef: OTHER other https://propcache.readthedocs.io
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
-SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.17.1
+SPDXID: SPDXRef-13-yarl
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
+PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-01T20:32:32Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl
+ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://yarl.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-11-idna
+SPDXID: SPDXRef-14-idna
PackageVersion: 3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
+ReleaseDate: 2024-09-15T18:07:37Z
+ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
+ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
+ExternalRef: OTHER vcs https://github.com/kjd/idna
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
#####
-PackageName: propcache
-SPDXID: SPDXRef-12-propcache
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/propcache
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
-#####
-
PackageName: beautifulsoup4
-SPDXID: SPDXRef-13-beautifulsoup4
+SPDXID: SPDXRef-15-beautifulsoup4
PackageVersion: 4.12.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
+PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
+ReleaseDate: 2024-01-17T16:53:12Z
+ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
-SPDXID: SPDXRef-14-soupsieve
+SPDXID: SPDXRef-16-soupsieve
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
-PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
+PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ReleaseDate: 2024-08-13T13:39:10Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-15-cvss
+SPDXID: SPDXRef-17-cvss
PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
+PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
+ReleaseDate: 2024-11-01T10:05:52Z
+ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
+ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
+ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
+ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
-SPDXID: SPDXRef-16-defusedxml
+SPDXID: SPDXRef-18-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files
+PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml
FilesAnalyzed: false
PackageHomePage: https://github.com/tiran/defusedxml
-PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
+PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
+ReleaseDate: 2021-03-08T10:59:24Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
PackageName: distro
-SPDXID: SPDXRef-17-distro
+SPDXID: SPDXRef-19-distro
PackageVersion: 1.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-distro/distro
+PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
+ReleaseDate: 2023-12-24T09:54:30Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
PackageName: filetype
-SPDXID: SPDXRef-18-filetype
+SPDXID: SPDXRef-20-filetype
PackageVersion: 1.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
-PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files
+PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master
FilesAnalyzed: false
PackageHomePage: https://github.com/h2non/filetype.py
-PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
+PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
+ReleaseDate: 2022-11-02T17:34:01Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-19-gsutil
-PackageVersion: 5.31
+SPDXID: SPDXRef-21-gsutil
+PackageVersion: 5.33
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files
+PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
+PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-11T09:40:59Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-20-argcomplete
-PackageVersion: 3.5.1
+SPDXID: SPDXRef-22-argcomplete
+PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
+PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-06T18:24:27Z
+ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
+ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
+ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
+ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-21-crcmod
+SPDXID: SPDXRef-23-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files
+PackageDownloadLocation: http://sourceforge.net/projects/crcmod
FilesAnalyzed: false
PackageHomePage: http://crcmod.sourceforge.net/
+PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
+ReleaseDate: 2010-06-27T14:35:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-22-fasteners
+SPDXID: SPDXRef-24-fasteners
PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/harlowja/fasteners
-PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
+PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
+ReleaseDate: 2023-09-19T17:11:18Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files
+PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin
FilesAnalyzed: false
PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb
+PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+ReleaseDate: 2024-05-02T14:37:31Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
-PackageName: boto
-SPDXID: SPDXRef-24-boto
-PackageVersion: 2.49.0
+PackageName: rsa
+SPDXID: SPDXRef-26-rsa
+PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageHomePage: https://stuvel.eu/rsa
+PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
+PackageSummary: Pure-Python RSA implementation
+ReleaseDate: 2021-02-24T10:55:03Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
-PackageName: google-auth
-SPDXID: SPDXRef-25-google-auth
-PackageVersion: 2.17.0
+PackageName: pyasn1
+SPDXID: SPDXRef-27-pyasn1
+PackageVersion: 0.6.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ReleaseDate: 2024-09-10T22:41:42Z
+ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
+ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
#####
-PackageName: cachetools
-SPDXID: SPDXRef-26-cachetools
-PackageVersion: 5.5.0
+PackageName: boto
+SPDXID: SPDXRef-28-boto
+PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
+PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
+PackageHomePage: https://github.com/boto/boto/
+PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+PackageSummary: Amazon Web Services Library
+ReleaseDate: 2018-07-11T20:58:55Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-27-pyasn1-modules
-PackageVersion: 0.4.1
+PackageName: google-reauth
+SPDXID: SPDXRef-29-google-reauth
+PackageVersion: 0.1.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageHomePage: https://github.com/Google/google-reauth-python
+PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1
-SPDXID: SPDXRef-28-pyasn1
-PackageVersion: 0.6.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
+PackageSummary: Google Reauth Library
+ReleaseDate: 2020-12-01T17:35:45Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
-PackageName: rsa
-SPDXID: SPDXRef-29-rsa
-PackageVersion: 4.7.2
+PackageName: pyu2f
+SPDXID: SPDXRef-30-pyu2f
+PackageVersion: 0.1.5
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
+PackageHomePage: https://github.com/google/pyu2f/
+PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ReleaseDate: 2020-10-30T20:03:07Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-30-six
-PackageVersion: 1.16.0
+SPDXID: SPDXRef-31-six
+PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
-PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/benjaminp/six
-PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1
+PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth-httplib2
-SPDXID: SPDXRef-31-google-auth-httplib2
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library: httplib2 transport
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T17:35:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
PackageName: httplib2
@@ -538,11 +668,12 @@ PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/httplib2/httplib2
-PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
+PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
+ReleaseDate: 2022-02-03T00:00:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
@@ -555,804 +686,998 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+ReleaseDate: 2024-10-13T10:01:13Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*
#####
-PackageName: google-reauth
-SPDXID: SPDXRef-34-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-35-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
PackageName: oauth2client
-SPDXID: SPDXRef-36-oauth2client
+SPDXID: SPDXRef-34-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/oauth2client/
-PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
+PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
+ReleaseDate: 2018-09-07T21:38:16Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-35-pyasn1-modules
+PackageVersion: 0.4.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ReleaseDate: 2024-09-10T22:42:08Z
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
+ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+#####
+
PackageName: pyopenssl
-SPDXID: SPDXRef-37-pyopenssl
+SPDXID: SPDXRef-36-pyopenssl
PackageVersion: 24.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
+PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
+ReleaseDate: 2024-07-20T17:26:29Z
+ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
-SPDXID: SPDXRef-38-cryptography
+SPDXID: SPDXRef-37-cryptography
PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
+PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+ReleaseDate: 2024-10-18T15:57:36Z
+ExternalRef: OTHER documentation https://cryptography.io/
+ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
+ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
+ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
-SPDXID: SPDXRef-39-cffi
+SPDXID: SPDXRef-38-cffi
PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
+ReleaseDate: 2024-09-04T20:43:30Z
+ExternalRef: OTHER documentation http://cffi.readthedocs.org/
+ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
+ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
+ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
+ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
PackageName: pycparser
-SPDXID: SPDXRef-40-pycparser
+SPDXID: SPDXRef-39-pycparser
PackageVersion: 2.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
+PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
+ReleaseDate: 2024-03-30T13:22:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
PackageName: retry-decorator
-SPDXID: SPDXRef-41-retry-decorator
+SPDXID: SPDXRef-40-retry-decorator
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
+PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
+ReleaseDate: 2020-03-10T23:56:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
+PackageName: google-auth
+SPDXID: SPDXRef-41-google-auth
+PackageVersion: 2.17.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/googleapis/google-auth-library-python
+PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library
+ReleaseDate: 2023-03-28T19:51:30Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cachetools
+SPDXID: SPDXRef-42-cachetools
+PackageVersion: 5.5.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/tkem/cachetools/
+PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ReleaseDate: 2024-08-18T20:28:43Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-auth-httplib2
+SPDXID: SPDXRef-43-google-auth-httplib2
+PackageVersion: 0.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
+PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library: httplib2 transport
+ReleaseDate: 2023-12-12T17:40:13Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+#####
+
PackageName: google-apitools
-SPDXID: SPDXRef-42-google-apitools
+SPDXID: SPDXRef-44-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
+PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
+ReleaseDate: 2021-05-05T22:12:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-43-monotonic
+SPDXID: SPDXRef-45-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/atdt/monotonic
-PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
+PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+ReleaseDate: 2021-04-09T21:58:05Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
PackageName: jinja2
-SPDXID: SPDXRef-44-jinja2
+SPDXID: SPDXRef-46-jinja2
PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57
+PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
+ReleaseDate: 2024-05-05T23:41:59Z
+ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
+ExternalRef: OTHER chat https://discord.gg/pallets
+ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER vcs https://github.com/pallets/jinja/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
#####
PackageName: markupsafe
-SPDXID: SPDXRef-45-markupsafe
+SPDXID: SPDXRef-47-markupsafe
PackageVersion: 3.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
+PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
-PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: markupsafe declares Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
+ReleaseDate: 2024-10-18T15:20:51Z
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
+ExternalRef: OTHER chat https://discord.gg/pallets
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2
#####
PackageName: jsonschema
-SPDXID: SPDXRef-46-jsonschema
+SPDXID: SPDXRef-48-jsonschema
PackageVersion: 4.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema
+PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
+ReleaseDate: 2024-07-08T18:40:00Z
+ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
-SPDXID: SPDXRef-47-jsonschema-specifications
+SPDXID: SPDXRef-49-jsonschema-specifications
PackageVersion: 2024.10.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549
+PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
+ReleaseDate: 2024-10-08T12:29:30Z
+ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*
#####
PackageName: referencing
-SPDXID: SPDXRef-48-referencing
+SPDXID: SPDXRef-50-referencing
PackageVersion: 0.35.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
+PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
+ReleaseDate: 2024-05-01T20:26:02Z
+ExternalRef: OTHER documentation https://referencing.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
-SPDXID: SPDXRef-49-rpds-py
-PackageVersion: 0.21.0
+SPDXID: SPDXRef-51-rpds-py
+PackageVersion: 0.22.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T15:31:31Z
+ExternalRef: OTHER documentation https://rpds.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/crate-py/rpds
+ExternalRef: OTHER other https://github.com/orium/rpds
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
-SPDXID: SPDXRef-50-lib4sbom
-PackageVersion: 0.7.5
+SPDXID: SPDXRef-52-lib4sbom
+PackageVersion: 0.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
+PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-09T20:13:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
-SPDXID: SPDXRef-51-pyyaml
+SPDXID: SPDXRef-53-pyyaml
PackageVersion: 6.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/PyYAML/
FilesAnalyzed: false
PackageHomePage: https://pyyaml.org/
+PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
+ReleaseDate: 2024-08-06T20:31:40Z
+ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
+ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
+ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
+ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
+ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
PackageName: semantic-version
-SPDXID: SPDXRef-52-semantic-version
+SPDXID: SPDXRef-54-semantic-version
PackageVersion: 2.10.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
+PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
+ReleaseDate: 2022-05-26T13:35:21Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
PackageName: lib4vex
-SPDXID: SPDXRef-53-lib4vex
+SPDXID: SPDXRef-55-lib4vex
PackageVersion: 0.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
+PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
+ReleaseDate: 2024-08-29T20:36:52Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
#####
PackageName: csaf-tool
-SPDXID: SPDXRef-54-csaf-tool
+SPDXID: SPDXRef-56-csaf-tool
PackageVersion: 0.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4
+PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CSAF generator and analyser
+ReleaseDate: 2024-06-12T20:10:06Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
#####
PackageName: packageurl-python
-SPDXID: SPDXRef-55-packageurl-python
+SPDXID: SPDXRef-57-packageurl-python
PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
+ReleaseDate: 2024-10-22T05:51:23Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
-SPDXID: SPDXRef-56-rich
+SPDXID: SPDXRef-58-rich
PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
+PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ReleaseDate: 2024-11-01T16:43:55Z
+ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
-SPDXID: SPDXRef-57-markdown-it-py
+SPDXID: SPDXRef-59-markdown-it-py
PackageVersion: 3.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/markdown-it-py
-PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
+PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ReleaseDate: 2023-06-03T06:41:11Z
+ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
PackageName: mdurl
-SPDXID: SPDXRef-58-mdurl
+SPDXID: SPDXRef-60-mdurl
PackageVersion: 0.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/mdurl
-PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
+PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
+ReleaseDate: 2022-08-14T12:40:09Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
PackageName: pygments
-SPDXID: SPDXRef-59-pygments
+SPDXID: SPDXRef-61-pygments
PackageVersion: 2.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
+PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
+ReleaseDate: 2024-05-04T13:41:57Z
+ExternalRef: OTHER documentation https://pygments.org/docs
+ExternalRef: OTHER vcs https://github.com/pygments/pygments
+ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
+ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
+PackageName: python-gnupg
+SPDXID: SPDXRef-62-python-gnupg
+PackageVersion: 0.5.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/vsajip/python-gnupg
+PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ReleaseDate: 2024-09-20T16:43:47Z
+ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
+ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-60-packaging
+SPDXID: SPDXRef-63-packaging
PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
+ReleaseDate: 2024-11-08T09:47:44Z
+ExternalRef: OTHER documentation https://packaging.pypa.io/
+ExternalRef: OTHER vcs https://github.com/pypa/packaging
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-61-plotly
+SPDXID: SPDXRef-64-plotly
PackageVersion: 5.24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
+PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
+ReleaseDate: 2024-09-12T15:36:24Z
+ExternalRef: OTHER documentation https://plotly.com/python/
+ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
+ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-62-tenacity
+SPDXID: SPDXRef-65-tenacity
PackageVersion: 9.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/jd/tenacity
-PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb
+PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
+ReleaseDate: 2024-07-29T12:12:25Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
#####
-PackageName: python-gnupg
-SPDXID: SPDXRef-63-python-gnupg
-PackageVersion: 0.5.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
-#####
-
PackageName: requests
-SPDXID: SPDXRef-64-requests
+SPDXID: SPDXRef-66-requests
PackageVersion: 2.32.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068
+PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
+ReleaseDate: 2024-05-29T15:37:47Z
+ExternalRef: OTHER documentation https://requests.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/psf/requests
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
#####
-PackageName: certifi
-SPDXID: SPDXRef-65-certifi
-PackageVersion: 2024.8.30
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*
-#####
-
PackageName: charset-normalizer
-SPDXID: SPDXRef-66-charset-normalizer
+SPDXID: SPDXRef-67-charset-normalizer
PackageVersion: 3.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Ousret/charset_normalizer
+PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ReleaseDate: 2024-10-09T07:38:02Z
+ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-67-urllib3
+SPDXID: SPDXRef-68-urllib3
PackageVersion: 2.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ReleaseDate: 2024-09-12T10:52:16Z
+ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
+ExternalRef: OTHER documentation https://urllib3.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
+ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
#####
+PackageName: certifi
+SPDXID: SPDXRef-69-certifi
+PackageVersion: 2024.12.14
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/certifi/python-certifi
+PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56
+PackageLicenseDeclared: MPL-2.0
+PackageLicenseConcluded: MPL-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python package for providing Mozilla's CA Bundle.
+ReleaseDate: 2024-12-14T13:52:36Z
+ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
+#####
+
PackageName: rpmfile
-SPDXID: SPDXRef-68-rpmfile
+SPDXID: SPDXRef-70-rpmfile
PackageVersion: 2.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/srossross/rpmfile
-PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5
+PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
+ReleaseDate: 2024-07-24T21:57:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
PackageName: setuptools
-SPDXID: SPDXRef-69-setuptools
-PackageVersion: 75.3.0
+SPDXID: SPDXRef-71-setuptools
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-20T18:16:10Z
+ExternalRef: OTHER vcs https://github.com/pypa/setuptools
+ExternalRef: OTHER documentation https://setuptools.pypa.io/
+ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: toml
-SPDXID: SPDXRef-70-toml
+SPDXID: SPDXRef-72-toml
PackageVersion: 0.10.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: William Pearson (uiri@xqz.ca)
PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/uiri/toml
-PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471
+PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python Library for Tom's Obvious, Minimal Language
+ReleaseDate: 2020-11-01T01:40:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
#####
PackageName: xmlschema
-SPDXID: SPDXRef-71-xmlschema
+SPDXID: SPDXRef-73-xmlschema
PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
+PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
+ReleaseDate: 2024-10-31T09:47:12Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-72-elementpath
+SPDXID: SPDXRef-74-elementpath
PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ReleaseDate: 2024-10-27T21:52:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
-PackageName: zipp
-SPDXID: SPDXRef-73-zipp
-PackageVersion: 3.21.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
-#####
-
PackageName: zstandard
-SPDXID: SPDXRef-74-zstandard
+SPDXID: SPDXRef-75-zstandard
PackageVersion: 0.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
+ReleaseDate: 2024-07-15T00:13:27Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jinja2
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jsonschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-50-lib4sbom
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-pyyaml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-lib4vex
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-packageurl-python
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-plotly
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-python-gnupg
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-requests
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-rpmfile
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-setuptools
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-toml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zipp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-zstandard
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict
-Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-lib4sbom
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-pyyaml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-lib4vex
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-packageurl-python
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-rich
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-python-gnupg
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-packaging
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-requests
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-urllib3
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-rpmfile
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-setuptools
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-toml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-xmlschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-zstandard
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-importlib-metadata
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-9-zipp
+Relationship: SPDXRef-11-multidict DEPENDS_ON SPDXRef-10-typing-extensions
+Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-11-multidict
+Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-12-propcache
+Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-14-idna
+Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-multidict
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-propcache
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-13-yarl
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2
+Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f
+Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six
Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing
-Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f
-Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography
-Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi
-Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules
+Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography
+Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi
+Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser
Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-44-jinja2 DEPENDS_ON SPDXRef-45-markupsafe
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-47-jsonschema-specifications
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-48-referencing
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-49-rpds-py
-Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-47-jsonschema-specifications DEPENDS_ON SPDXRef-48-referencing
-Relationship: SPDXRef-48-referencing DEPENDS_ON SPDXRef-49-rpds-py
-Relationship: SPDXRef-48-referencing DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-50-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml
-Relationship: SPDXRef-50-lib4sbom DEPENDS_ON SPDXRef-51-pyyaml
-Relationship: SPDXRef-50-lib4sbom DEPENDS_ON SPDXRef-52-semantic-version
-Relationship: SPDXRef-53-lib4vex DEPENDS_ON SPDXRef-50-lib4sbom
-Relationship: SPDXRef-53-lib4vex DEPENDS_ON SPDXRef-54-csaf-tool
-Relationship: SPDXRef-53-lib4vex DEPENDS_ON SPDXRef-55-packageurl-python
-Relationship: SPDXRef-54-csaf-tool DEPENDS_ON SPDXRef-55-packageurl-python
-Relationship: SPDXRef-54-csaf-tool DEPENDS_ON SPDXRef-56-rich
-Relationship: SPDXRef-56-rich DEPENDS_ON SPDXRef-57-markdown-it-py
-Relationship: SPDXRef-56-rich DEPENDS_ON SPDXRef-59-pygments
-Relationship: SPDXRef-56-rich DEPENDS_ON SPDXRef-9-typing-extensions
-Relationship: SPDXRef-57-markdown-it-py DEPENDS_ON SPDXRef-58-mdurl
-Relationship: SPDXRef-61-plotly DEPENDS_ON SPDXRef-60-packaging
-Relationship: SPDXRef-61-plotly DEPENDS_ON SPDXRef-62-tenacity
-Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-11-idna
-Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-65-certifi
-Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-66-charset-normalizer
-Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-67-urllib3
-Relationship: SPDXRef-71-xmlschema DEPENDS_ON SPDXRef-72-elementpath
-Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools
+Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client
+Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-referencing
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-51-rpds-py
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-7-attrs
+Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-50-referencing
+Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-51-rpds-py
+Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-7-attrs
+Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml
+Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-53-pyyaml
+Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-54-semantic-version
+Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-52-lib4sbom
+Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-56-csaf-tool
+Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-57-packageurl-python
+Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-57-packageurl-python
+Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-58-rich
+Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-10-typing-extensions
+Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-59-markdown-it-py
+Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-61-pygments
+Relationship: SPDXRef-59-markdown-it-py DEPENDS_ON SPDXRef-60-mdurl
+Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-63-packaging
+Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-65-tenacity
+Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-14-idna
+Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-charset-normalizer
+Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-urllib3
+Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-certifi
+Relationship: SPDXRef-7-attrs DEPENDS_ON SPDXRef-8-importlib-metadata
+Relationship: SPDXRef-73-xmlschema DEPENDS_ON SPDXRef-74-elementpath
+Relationship: SPDXRef-75-zstandard DEPENDS_ON SPDXRef-38-cffi
+Relationship: SPDXRef-8-importlib-metadata DEPENDS_ON SPDXRef-10-typing-extensions
+Relationship: SPDXRef-8-importlib-metadata DEPENDS_ON SPDXRef-9-zipp
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool
diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json
index 5ba8175fb4..afdb73a606 100644
--- a/sbom/cve-bin-tool-py3.11.json
+++ b/sbom/cve-bin-tool-py3.11.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:427b46ae-e987-4f40-8517-9a8d3fcec56e",
+ "serialNumber": "urn:uuid:e0e92f9a-bc0b-423c-bbdc-1130a4904e4f",
"version": 1,
"metadata": {
- "timestamp": "2024-11-11T00:37:40Z",
+ "timestamp": "2024-12-16T00:38:54Z",
"lifecycles": [
{
"phase": "build"
@@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
- "version": "0.11.3",
+ "version": "0.12.1",
"type": "application"
}
]
@@ -42,6 +42,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -65,13 +71,17 @@
],
"purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-17T18:57:44Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
@@ -79,8 +89,14 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.10",
+ "version": "3.11.10",
"description": "Async http client/server framework (asyncio)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -97,20 +113,56 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.10.10/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.10/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiohttp",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiohttp.org/en/stable/changes.html",
+ "type": "log"
+ },
+ {
+ "url": "https://docs.aiohttp.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.10",
+ "purl": "pkg:pypi/aiohttp@3.11.10",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-05T23:51:02Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
@@ -118,7 +170,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,12 +179,12 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ "alg": "SHA-256",
+ "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8"
}
],
"licenses": [
@@ -151,20 +203,40 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://aiohappyeyeballs.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
@@ -172,14 +244,8 @@
"type": "library",
"bom-ref": "4-aiosignal",
"name": "aiosignal",
- "version": "1.3.1",
+ "version": "1.3.2",
"description": "aiosignal: a list of registered asynchronous callbacks",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
- }
- ],
"licenses": [
{
"license": {
@@ -196,24 +262,48 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiosignal/1.3.1/#files",
+ "url": "https://pypi.org/project/aiosignal/1.3.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiosignal",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiosignal.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiosignal@1.3.1",
+ "purl": "pkg:pypi/aiosignal@1.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-08T16:03:57.000Z"
+ "value": "3.11.11"
}
]
},
@@ -223,6 +313,12 @@
"name": "frozenlist",
"version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -242,17 +338,57 @@
"url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/frozenlist",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog",
+ "type": "log"
+ },
+ {
+ "url": "https://frozenlist.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-23T09:46:20Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
@@ -273,8 +409,8 @@
"description": "Classes Without Boilerplate",
"hashes": [
{
- "alg": "SHA-1",
- "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ "alg": "SHA-256",
+ "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"
}
],
"externalReferences": [
@@ -282,155 +418,214 @@
"url": "https://pypi.org/project/attrs/24.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.attrs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://www.attrs.org/en/stable/changelog.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-attrs/attrs",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/sponsors/hynek",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi",
+ "type": "other"
}
],
"purl": "pkg:pypi/attrs@24.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T14:37:36Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "7-multidict",
- "name": "multidict",
- "version": "6.1.0",
+ "bom-ref": "7-importlib-metadata",
+ "name": "importlib-metadata",
+ "version": "8.0.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
- "licenses": [
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*",
+ "description": "Read metadata from Python packages",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
+ "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_metadata",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/multidict@6.1.0",
+ "purl": "pkg:pypi/importlib-metadata@8.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-25T18:38:02Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "8-yarl",
- "name": "yarl",
- "version": "1.17.1",
+ "bom-ref": "8-zipp",
+ "name": "zipp",
+ "version": "3.21.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
- "licenses": [
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
+ "description": "Backport of pathlib-compatible object wrapper for zip files",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/yarl",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/yarl/1.17.1/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/jaraco/zipp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/yarl@1.17.1",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-10T15:05:19Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "9-idna",
- "name": "idna",
- "version": "3.10",
+ "bom-ref": "9-typing-extensions",
+ "name": "typing-extensions",
+ "version": "4.12.2",
"supplier": {
- "name": "Kim Davies",
+ "name": "Guido van Jukka ukasz Michael",
"contact": [
{
- "email": "kim+pypi@gumleaf.org"
+ "email": "levkivskyi@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
+ "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
+ "description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/idna/3.10/#files",
+ "url": "https://github.com/python/typing_extensions",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://typing-extensions.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python/typing/discussions",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/typing-extensions@4.12.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-07T18:52:13Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "10-propcache",
- "name": "propcache",
- "version": "0.2.0",
+ "bom-ref": "10-multidict",
+ "name": "multidict",
+ "version": "6.1.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -439,8 +634,14 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
- "description": "Accelerated property cache",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
+ }
+ ],
"licenses": [
{
"license": {
@@ -452,89 +653,383 @@
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/propcache",
+ "url": "https://github.com/aio-libs/multidict",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/multidict/6.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/multidict",
+ "type": "other"
+ },
+ {
+ "url": "https://multidict.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://multidict.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/propcache@0.2.0",
+ "purl": "pkg:pypi/multidict@6.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T23:47:18Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "11-beautifulsoup4",
- "name": "beautifulsoup4",
- "version": "4.12.3",
+ "bom-ref": "11-propcache",
+ "name": "propcache",
+ "version": "0.2.1",
"supplier": {
- "name": "Leonard Richardson",
+ "name": "Andrew Svetlov",
"contact": [
{
- "email": "leonardr@segfault.org"
+ "email": "andrew.svetlov@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
- "description": "Screen-scraping library",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
+ "description": "Accelerated property cache",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
+ "url": "https://github.com/aio-libs/propcache",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/beautifulsoup4@4.12.3",
- "properties": [
+ },
{
- "name": "language",
- "value": "Python"
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
},
{
- "name": "python_version",
- "value": "3.11.10"
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
},
{
- "name": "package_release_date",
- "value": "2024-01-17T16:53:12.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "12-soupsieve",
- "name": "soupsieve",
- "version": "2.6",
- "supplier": {
- "name": "Isaac Muse",
- "contact": [
- {
+ "url": "https://github.com/aio-libs/propcache/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/propcache",
+ "type": "other"
+ },
+ {
+ "url": "https://propcache.readthedocs.io/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://propcache.readthedocs.io",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/propcache@0.2.1",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T18:27:02Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.11.11"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "12-yarl",
+ "name": "yarl",
+ "version": "1.18.3",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
+ "description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/yarl",
+ "type": "other"
+ },
+ {
+ "url": "https://yarl.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://yarl.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/yarl@1.18.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T20:32:32Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.11.11"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "13-idna",
+ "name": "idna",
+ "version": "3.10",
+ "supplier": {
+ "name": "Kim Davies",
+ "contact": [
+ {
+ "email": "kim+pypi@gumleaf.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
+ "description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/idna/3.10/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/kjd/idna/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kjd/idna",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/idna@3.10",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-15T18:07:37Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.11.11"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "14-beautifulsoup4",
+ "name": "beautifulsoup4",
+ "version": "4.12.3",
+ "supplier": {
+ "name": "Leonard Richardson",
+ "contact": [
+ {
+ "email": "leonardr@segfault.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
+ "description": "Screen-scraping library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/",
+ "type": "other"
+ }
+ ],
+ "purl": "pkg:pypi/beautifulsoup4@4.12.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-01-17T16:53:12Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.11.11"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "15-soupsieve",
+ "name": "soupsieve",
+ "version": "2.6",
+ "supplier": {
+ "name": "Isaac Muse",
+ "contact": [
+ {
"email": "Isaac.Muse@gmail.com"
}
]
@@ -543,8 +1038,8 @@
"description": "A modern CSS selector implementation for Beautiful Soup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ "alg": "SHA-256",
+ "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"
}
],
"externalReferences": [
@@ -561,19 +1056,23 @@
],
"purl": "pkg:pypi/soupsieve@2.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-13T13:39:10Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "13-cvss",
+ "bom-ref": "16-cvss",
"name": "cvss",
"version": "3.3",
"supplier": {
@@ -586,6 +1085,12 @@
},
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -605,23 +1110,43 @@
"url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/actions",
+ "type": "build-system"
}
],
"purl": "pkg:pypi/cvss@3.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T10:05:52Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "14-defusedxml",
+ "bom-ref": "17-defusedxml",
"name": "defusedxml",
"version": "0.7.1",
"supplier": {
@@ -636,8 +1161,8 @@
"description": "XML bomb protection for Python stdlib modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ "alg": "SHA-256",
+ "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
}
],
"licenses": [
@@ -656,30 +1181,30 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/defusedxml/0.7.1/#files",
+ "url": "https://pypi.python.org/pypi/defusedxml",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/defusedxml@0.7.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-03-08T10:59:24Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2021-03-08T10:59:24.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "15-distro",
+ "bom-ref": "18-distro",
"name": "distro",
"version": "1.9.0",
"supplier": {
@@ -692,6 +1217,12 @@
},
"cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
"description": "Distro - an OS platform information API",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
+ }
+ ],
"licenses": [
{
"license": {
@@ -715,23 +1246,23 @@
],
"purl": "pkg:pypi/distro@1.9.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-24T09:54:30Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-24T09:54:30.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "16-filetype",
+ "bom-ref": "19-filetype",
"name": "filetype",
"version": "1.2.0",
"supplier": {
@@ -746,15 +1277,15 @@
"description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ "alg": "SHA-256",
+ "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -766,32 +1297,32 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/filetype/1.2.0/#files",
+ "url": "https://github.com/h2non/filetype.py/tarball/master",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/filetype@1.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-02T17:34:01Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-02T17:34:01.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "17-gsutil",
+ "bom-ref": "20-gsutil",
"name": "gsutil",
- "version": "5.31",
+ "version": "5.33",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -800,8 +1331,14 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856"
+ }
+ ],
"licenses": [
{
"license": {
@@ -818,28 +1355,32 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.31/#files",
+ "url": "https://cloud.google.com/storage/docs/gsutil_install",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.31",
+ "purl": "pkg:pypi/gsutil@5.33",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-11T09:40:59Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "18-argcomplete",
+ "bom-ref": "21-argcomplete",
"name": "argcomplete",
- "version": "3.5.1",
+ "version": "3.5.2",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -848,8 +1389,14 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
+ }
+ ],
"licenses": [
{
"license": {
@@ -866,26 +1413,46 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.5.1/#files",
+ "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://kislyuk.github.io/argcomplete",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst",
+ "type": "log"
}
],
- "purl": "pkg:pypi/argcomplete@3.5.1",
+ "purl": "pkg:pypi/argcomplete@3.5.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-06T18:24:27Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "19-crcmod",
+ "bom-ref": "22-crcmod",
"name": "crcmod",
"version": "1.7",
"supplier": {
@@ -898,11 +1465,17 @@
},
"cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
"description": "CRC Generator",
- "licenses": [
+ "hashes": [
{
- "license": {
+ "alg": "SHA-256",
+ "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -914,26 +1487,30 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/crcmod/1.7/#files",
+ "url": "http://sourceforge.net/projects/crcmod",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/crcmod@1.7",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2010-06-27T14:35:29Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "20-fasteners",
+ "bom-ref": "23-fasteners",
"name": "fasteners",
"version": "0.19",
"supplier": {
@@ -943,8 +1520,8 @@
"description": "A python package that provides useful locks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ "alg": "SHA-256",
+ "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237"
}
],
"licenses": [
@@ -970,19 +1547,23 @@
],
"purl": "pkg:pypi/fasteners@0.19",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-09-19T17:11:18Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "21-gcs-oauth2-boto-plugin",
+ "bom-ref": "24-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
"version": "3.2",
"supplier": {
@@ -997,8 +1578,8 @@
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+ "alg": "SHA-256",
+ "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843"
}
],
"licenses": [
@@ -1017,569 +1598,645 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files",
+ "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-02T14:37:31Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-02T14:37:31.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "22-boto",
- "name": "boto",
- "version": "2.49.0",
+ "bom-ref": "25-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
"supplier": {
- "name": "Mitch Garnaat",
+ "name": "Sybren A . Stuvel",
"contact": [
{
- "email": "mitch@garnaat.com"
+ "email": "sybren@stuvel.eu"
}
]
},
- "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
- "description": "Amazon Web Services Library",
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
"hashes": [
{
- "alg": "SHA-1",
- "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ "alg": "SHA-256",
+ "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/boto/boto/",
+ "url": "https://stuvel.eu/rsa",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/boto/2.49.0/#files",
+ "url": "https://pypi.org/project/rsa/4.7.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/boto@2.49.0",
+ "purl": "pkg:pypi/rsa@4.7.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-02-24T10:55:03Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2018-07-11T20:58:55.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "23-google-auth",
- "name": "google-auth",
- "version": "2.17.0",
+ "bom-ref": "26-pyasn1",
+ "name": "pyasn1",
+ "version": "0.6.1",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243"
+ "alg": "SHA-256",
+ "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/googleapis/google-auth-library-python",
+ "url": "https://github.com/pyasn1/pyasn1",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth/2.17.0/#files",
+ "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/google-auth@2.17.0",
+ "purl": "pkg:pypi/pyasn1@0.6.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:41:42Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "24-cachetools",
- "name": "cachetools",
- "version": "5.5.0",
+ "bom-ref": "27-boto",
+ "name": "boto",
+ "version": "2.49.0",
"supplier": {
- "name": "Thomas Kemmer",
+ "name": "Mitch Garnaat",
"contact": [
{
- "email": "tkemmer@computer.org"
+ "email": "mitch@garnaat.com"
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
+ "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
+ "description": "Amazon Web Services Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/tkem/cachetools/",
+ "url": "https://github.com/boto/boto/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cachetools/5.5.0/#files",
+ "url": "https://pypi.org/project/boto/2.49.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.5.0",
+ "purl": "pkg:pypi/boto@2.49.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-07-11T20:58:55Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "25-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.1",
+ "bom-ref": "28-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "googleapis-publisher@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1-modules",
+ "url": "https://github.com/Google/google-reauth-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
+ "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.4.1",
+ "purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-12-01T17:35:45Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "26-pyasn1",
- "name": "pyasn1",
- "version": "0.6.1",
+ "bom-ref": "29-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google Inc .",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "pyu2f-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1",
+ "url": "https://github.com/google/pyu2f/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
+ "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.6.1",
+ "purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-10-30T20:03:07Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "27-rsa",
- "name": "rsa",
- "version": "4.7.2",
+ "bom-ref": "30-six",
+ "name": "six",
+ "version": "1.17.0",
"supplier": {
- "name": "Sybren A . Stuvel",
+ "name": "Benjamin Peterson",
"contact": [
{
- "email": "sybren@stuvel.eu"
+ "email": "benjamin@python.org"
}
]
},
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
+ "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
+ "description": "Python 2 and 3 compatibility utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ "alg": "SHA-256",
+ "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://stuvel.eu/rsa",
+ "url": "https://github.com/benjaminp/six",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rsa/4.7.2/#files",
+ "url": "https://pypi.org/project/six/1.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2",
+ "purl": "pkg:pypi/six@1.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T17:35:26Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2021-02-24T10:55:03.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "28-six",
- "name": "six",
- "version": "1.16.0",
+ "bom-ref": "31-httplib2",
+ "name": "httplib2",
+ "version": "0.20.4",
"supplier": {
- "name": "Benjamin Peterson",
+ "name": "Joe Gregorio",
"contact": [
{
- "email": "benjamin@python.org"
+ "email": "joe@bitworking.org"
}
]
},
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
- "description": "Python 2 and 3 compatibility utilities",
+ "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
+ "description": "A comprehensive HTTP client library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "65486e4383f9f411da95937451205d3c7b61b9e1"
+ "alg": "SHA-256",
+ "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/benjaminp/six",
+ "url": "https://github.com/httplib2/httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/six/1.16.0/#files",
+ "url": "https://pypi.org/project/httplib2/0.20.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/httplib2@0.20.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-02-03T00:00:29Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T14:18:17.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "29-google-auth-httplib2",
- "name": "google-auth-httplib2",
- "version": "0.2.0",
+ "bom-ref": "32-pyparsing",
+ "name": "pyparsing",
+ "version": "3.2.0",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Paul McGuire",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "ptmcg.gm+pyparsing@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library: httplib2 transport",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
+ "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"hashes": [
{
- "alg": "SHA-1",
- "content": "932ac88800dd6de004c1bd59867831ccf033f031"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84"
}
],
"externalReferences": [
{
- "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
+ "url": "https://github.com/pyparsing/pyparsing/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
+ "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
+ "purl": "pkg:pypi/pyparsing@3.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-13T10:01:13Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-12T17:40:13.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "30-httplib2",
- "name": "httplib2",
- "version": "0.20.4",
+ "bom-ref": "33-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
"supplier": {
- "name": "Joe Gregorio",
+ "name": "Google Inc .",
"contact": [
{
- "email": "joe@bitworking.org"
+ "email": "jonwayne+oauth2client@google.com"
}
]
},
- "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
- "description": "A comprehensive HTTP client library.",
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ "alg": "SHA-256",
+ "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/httplib2/httplib2",
+ "url": "http://github.com/google/oauth2client/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/httplib2/0.20.4/#files",
+ "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/httplib2@0.20.4",
+ "purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-09-07T21:38:16Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "31-pyparsing",
- "name": "pyparsing",
- "version": "3.2.0",
+ "bom-ref": "34-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.4.1",
"supplier": {
- "name": "Paul McGuire",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "ptmcg.gm+pyparsing@gmail.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://github.com/pyparsing/pyparsing/",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
+ "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt",
+ "type": "log"
}
],
- "purl": "pkg:pypi/pyparsing@3.2.0",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:42:08Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "32-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
+ "bom-ref": "35-pyopenssl",
+ "name": "pyopenssl",
+ "version": "24.2.1",
"supplier": {
- "name": "Google",
+ "name": "The pyOpenSSL developers",
"contact": [
{
- "email": "googleapis-publisher@google.com"
+ "email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "description": "Python wrapper module around the OpenSSL library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ "alg": "SHA-256",
+ "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d"
}
],
"licenses": [
@@ -1593,407 +2250,481 @@
],
"externalReferences": [
{
- "url": "https://github.com/Google/google-reauth-python",
+ "url": "https://pyopenssl.org/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyca/pyopenssl",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1",
+ "purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-20T17:26:29Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2020-12-01T17:35:45.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "33-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
+ "bom-ref": "36-cryptography",
+ "name": "cryptography",
+ "version": "43.0.3",
"supplier": {
- "name": "Google Inc .",
+ "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
{
- "email": "pyu2f-team@google.com"
+ "email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ "alg": "SHA-256",
+ "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"
}
],
"licenses": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "expression": "Apache-2.0 OR BSD-3-Clause"
}
],
"externalReferences": [
{
- "url": "https://github.com/google/pyu2f/",
+ "url": "https://github.com/pyca/cryptography",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
+ "url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://cryptography.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cryptography.io/en/latest/changelog/",
+ "type": "log"
}
],
- "purl": "pkg:pypi/pyu2f@0.1.5",
+ "purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:57:36Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2020-10-30T20:03:07.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "34-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
+ "bom-ref": "37-cffi",
+ "name": "cffi",
+ "version": "1.17.1",
"supplier": {
- "name": "Google Inc .",
+ "name": "Armin Maciej Fijalkowski",
"contact": [
{
- "email": "jonwayne+oauth2client@google.com"
+ "email": "python-cffi@googlegroups.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
+ "description": "Foreign Function Interface for Python calling C code.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
+ "alg": "SHA-256",
+ "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://github.com/google/oauth2client/",
+ "url": "http://cffi.readthedocs.org",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
+ "url": "https://pypi.org/project/cffi/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "http://cffi.readthedocs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/python-cffi",
+ "type": "other"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3",
+ "purl": "pkg:pypi/cffi@1.17.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-04T20:43:30Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2018-09-07T21:38:16.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "35-pyopenssl",
- "name": "pyopenssl",
- "version": "24.2.1",
+ "bom-ref": "38-pycparser",
+ "name": "pycparser",
+ "version": "2.22",
"supplier": {
- "name": "The pyOpenSSL developers",
+ "name": "Eli Bendersky",
"contact": [
{
- "email": "cryptography-dev@python.org"
+ "email": "eliben@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
- "description": "Python wrapper module around the OpenSSL library",
+ "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
+ "description": "C parser in Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pyopenssl.org/",
+ "url": "https://github.com/eliben/pycparser",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pycparser/2.22/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pycparser@2.22",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-03-30T13:22:20Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "36-cryptography",
- "name": "cryptography",
- "version": "43.0.3",
+ "bom-ref": "39-retry-decorator",
+ "name": "retry-decorator",
+ "version": "1.1.1",
"supplier": {
- "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
+ "name": "Patrick Ng",
"contact": [
{
- "email": "cryptography-dev@python.org"
+ "email": "pn.appdev@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
- "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
+ "description": "Retry Decorator",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe"
+ }
+ ],
"licenses": [
{
- "expression": "Apache-2.0 OR BSD-3-Clause"
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://github.com/pyca/cryptography",
+ "url": "https://github.com/pnpnpn/retry-decorator",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/retry-decorator@1.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-03-10T23:56:29Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "37-cffi",
- "name": "cffi",
- "version": "1.17.1",
+ "bom-ref": "40-google-auth",
+ "name": "google-auth",
+ "version": "2.17.0",
"supplier": {
- "name": "Armin Maciej Fijalkowski",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "python-cffi@googlegroups.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
- "description": "Foreign Function Interface for Python calling C code.",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://cffi.readthedocs.org",
+ "url": "https://github.com/googleapis/google-auth-library-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cffi/1.17.1/#files",
+ "url": "https://pypi.org/project/google-auth/2.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cffi@1.17.1",
+ "purl": "pkg:pypi/google-auth@2.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-03-28T19:51:30Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "38-pycparser",
- "name": "pycparser",
- "version": "2.22",
+ "bom-ref": "41-cachetools",
+ "name": "cachetools",
+ "version": "5.5.0",
"supplier": {
- "name": "Eli Bendersky",
+ "name": "Thomas Kemmer",
"contact": [
{
- "email": "eliben@gmail.com"
+ "email": "tkemmer@computer.org"
}
]
},
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
- "description": "C parser in Python",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
"hashes": [
{
- "alg": "SHA-1",
- "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+ "alg": "SHA-256",
+ "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
}
],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/eliben/pycparser",
+ "url": "https://github.com/tkem/cachetools/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pycparser/2.22/#files",
+ "url": "https://pypi.org/project/cachetools/5.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pycparser@2.22",
+ "purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-18T20:28:43Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-03-30T13:22:20.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "39-retry-decorator",
- "name": "retry-decorator",
- "version": "1.1.1",
+ "bom-ref": "42-google-auth-httplib2",
+ "name": "google-auth-httplib2",
+ "version": "0.2.0",
"supplier": {
- "name": "Patrick Ng",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "pn.appdev@gmail.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
- "description": "Retry Decorator",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ "alg": "SHA-256",
+ "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pnpnpn/retry-decorator",
+ "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/retry-decorator@1.1.1",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-12T17:40:13Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2020-03-10T23:56:29.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "40-google-apitools",
+ "bom-ref": "43-google-apitools",
"name": "google-apitools",
"version": "0.5.32",
"supplier": {
@@ -2008,8 +2739,8 @@
"description": "client libraries for humans",
"hashes": [
{
- "alg": "SHA-1",
- "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ "alg": "SHA-256",
+ "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
}
],
"licenses": [
@@ -2035,23 +2766,23 @@
],
"purl": "pkg:pypi/google-apitools@0.5.32",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-05-05T22:12:58Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T22:12:58.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "41-monotonic",
+ "bom-ref": "44-monotonic",
"name": "monotonic",
"version": "1.6",
"supplier": {
@@ -2066,8 +2797,8 @@
"description": "An implementation of time.monotonic() for Python 2 & < 3.3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ "alg": "SHA-256",
+ "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c"
}
],
"licenses": [
@@ -2093,30 +2824,30 @@
],
"purl": "pkg:pypi/monotonic@1.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-04-09T21:58:05Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2021-04-09T21:58:05.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "42-jinja2",
+ "bom-ref": "45-jinja2",
"name": "jinja2",
"version": "3.1.4",
"description": "A very fast and expressive template engine.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+ "alg": "SHA-256",
+ "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
}
],
"externalReferences": [
@@ -2124,34 +2855,54 @@
"url": "https://pypi.org/project/jinja2/3.1.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/pallets/jinja/",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jinja2@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-05T23:41:59Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-05T23:41:59.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "43-markupsafe",
+ "bom-ref": "46-markupsafe",
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ "alg": "SHA-256",
+ "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"
}
],
"externalReferences": [
@@ -2159,23 +2910,47 @@
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
}
],
"purl": "pkg:pypi/markupsafe@3.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:20:51Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "44-jsonschema",
+ "bom-ref": "47-jsonschema",
"name": "jsonschema",
"version": "4.23.0",
"supplier": {
@@ -2188,11 +2963,17 @@
},
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2207,23 +2988,51 @@
"url": "https://pypi.org/project/jsonschema/4.23.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://python-jsonschema.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema@4.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-08T18:40:00Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "45-jsonschema-specifications",
+ "bom-ref": "48-jsonschema-specifications",
"name": "jsonschema-specifications",
"version": "2024.10.1",
"supplier": {
@@ -2238,8 +3047,8 @@
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
- "alg": "SHA-1",
- "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549"
+ "alg": "SHA-256",
+ "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"
}
],
"externalReferences": [
@@ -2252,23 +3061,47 @@
"url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jsonschema-specifications.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema-specifications@2024.10.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-08T12:29:30Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "46-referencing",
+ "bom-ref": "49-referencing",
"name": "referencing",
"version": "0.35.1",
"supplier": {
@@ -2283,8 +3116,8 @@
"description": "JSON Referencing + Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ "alg": "SHA-256",
+ "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
}
],
"externalReferences": [
@@ -2297,29 +3130,53 @@
"url": "https://pypi.org/project/referencing/0.35.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/en/stable/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/referencing@0.35.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-01T20:26:02Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-01T20:26:02.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "47-rpds-py",
+ "bom-ref": "50-rpds-py",
"name": "rpds-py",
- "version": "0.21.0",
+ "version": "0.22.3",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2328,8 +3185,14 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2337,28 +3200,56 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.22.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rpds.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/orium/rpds",
+ "type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.21.0",
+ "purl": "pkg:pypi/rpds-py@0.22.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T15:31:31Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "48-lib4sbom",
+ "bom-ref": "51-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.5",
+ "version": "0.8.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2367,8 +3258,14 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2385,26 +3282,30 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.7.5/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.5",
+ "purl": "pkg:pypi/lib4sbom@0.8.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-09T20:13:26Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "49-pyyaml",
+ "bom-ref": "52-pyyaml",
"name": "pyyaml",
"version": "6.0.2",
"supplier": {
@@ -2417,11 +3318,17 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2433,26 +3340,50 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyyaml/6.0.2/#files",
+ "url": "https://pypi.org/project/PyYAML/",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://pyyaml.org/wiki/PyYAMLDocumentation",
+ "type": "documentation"
+ },
+ {
+ "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core",
+ "type": "mailing-list"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyyaml@6.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T20:31:40Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "50-semantic-version",
+ "bom-ref": "53-semantic-version",
"name": "semantic-version",
"version": "2.10.0",
"supplier": {
@@ -2467,8 +3398,8 @@
"description": "A library implementing the 'SemVer' scheme.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ "alg": "SHA-256",
+ "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177"
}
],
"licenses": [
@@ -2494,23 +3425,23 @@
],
"purl": "pkg:pypi/semantic-version@2.10.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-05-26T13:35:21Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2022-05-26T13:35:21.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "51-lib4vex",
+ "bom-ref": "54-lib4vex",
"name": "lib4vex",
"version": "0.2.0",
"supplier": {
@@ -2525,8 +3456,8 @@
"description": "VEX generator and consumer library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ "alg": "SHA-256",
+ "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
}
],
"licenses": [
@@ -2552,19 +3483,23 @@
],
"purl": "pkg:pypi/lib4vex@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-29T20:36:52Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "52-csaf-tool",
+ "bom-ref": "55-csaf-tool",
"name": "csaf-tool",
"version": "0.3.2",
"supplier": {
@@ -2579,15 +3514,15 @@
"description": "CSAF generator and analyser",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4"
+ "alg": "SHA-256",
+ "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2606,19 +3541,23 @@
],
"purl": "pkg:pypi/csaf-tool@0.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-12T20:10:06Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "53-packageurl-python",
+ "bom-ref": "56-packageurl-python",
"name": "packageurl-python",
"version": "0.16.0",
"supplier": {
@@ -2626,11 +3565,17 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2649,19 +3594,23 @@
],
"purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-22T05:51:23Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "54-rich",
+ "bom-ref": "57-rich",
"name": "rich",
"version": "13.9.4",
"supplier": {
@@ -2676,15 +3625,15 @@
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
- "alg": "SHA-1",
- "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ "alg": "SHA-256",
+ "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2699,23 +3648,31 @@
"url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rich.readthedocs.io/en/latest/",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/rich@13.9.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T16:43:55Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "55-markdown-it-py",
+ "bom-ref": "58-markdown-it-py",
"name": "markdown-it-py",
"version": "3.0.0",
"supplier": {
@@ -2730,8 +3687,8 @@
"description": "Python port of markdown-it. Markdown parsing, done right!",
"hashes": [
{
- "alg": "SHA-1",
- "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ "alg": "SHA-256",
+ "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"
}
],
"externalReferences": [
@@ -2744,27 +3701,31 @@
"url": "https://pypi.org/project/markdown-it-py/3.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://markdown-it-py.readthedocs.io",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/markdown-it-py@3.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-06-03T06:41:11Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2023-06-03T06:41:11.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "56-mdurl",
+ "bom-ref": "59-mdurl",
"name": "mdurl",
"version": "0.1.2",
"supplier": {
@@ -2779,8 +3740,8 @@
"description": "Markdown URL utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ "alg": "SHA-256",
+ "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"
}
],
"externalReferences": [
@@ -2797,23 +3758,23 @@
],
"purl": "pkg:pypi/mdurl@0.1.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-08-14T12:40:09Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
- },
- {
- "name": "package_release_date",
- "value": "2022-08-14T12:40:09.000Z"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "57-pygments",
+ "bom-ref": "60-pygments",
"name": "pygments",
"version": "2.18.0",
"supplier": {
@@ -2828,8 +3789,8 @@
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ "alg": "SHA-256",
+ "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
}
],
"licenses": [
@@ -2851,27 +3812,113 @@
"url": "https://pypi.org/project/pygments/2.18.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pygments.org/docs",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pygments/pygments",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/blob/master/CHANGES",
+ "type": "log"
}
],
"purl": "pkg:pypi/pygments@2.18.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-04T13:41:57Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "61-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.3",
+ "supplier": {
+ "name": "Vinay Sajip",
+ "contact": [
+ {
+ "email": "vinay_sajip@yahoo.co.uk"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://gnupg.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg/issues",
+ "type": "issue-tracker"
+ }
+ ],
+ "purl": "pkg:pypi/python-gnupg@0.5.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-20T16:43:47Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
},
{
- "name": "package_release_date",
- "value": "2024-05-04T13:41:57.000Z"
+ "name": "python_version",
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "58-packaging",
+ "bom-ref": "62-packaging",
"name": "packaging",
"version": "24.2",
"supplier": {
@@ -2884,28 +3931,46 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://packaging.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pypa/packaging",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/packaging@24.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-08T09:47:44Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "59-plotly",
+ "bom-ref": "63-plotly",
"name": "plotly",
"version": "5.24.1",
"supplier": {
@@ -2918,11 +3983,17 @@
},
"cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2937,23 +4008,39 @@
"url": "https://pypi.org/project/plotly/5.24.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://plotly.com/python/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
+ "type": "log"
}
],
"purl": "pkg:pypi/plotly@5.24.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T15:36:24Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "60-tenacity",
+ "bom-ref": "64-tenacity",
"name": "tenacity",
"version": "9.0.0",
"supplier": {
@@ -2968,8 +4055,8 @@
"description": "Retry code until it succeeds",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+ "alg": "SHA-256",
+ "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
}
],
"licenses": [
@@ -2996,66 +4083,22 @@
"purl": "pkg:pypi/tenacity@9.0.0",
"properties": [
{
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.11.10"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "61-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.3",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "website",
- "comment": "Home page for project"
+ "name": "release_date",
+ "value": "2024-07-29T12:12:25Z"
},
- {
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
- "properties": [
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "62-requests",
+ "bom-ref": "65-requests",
"name": "requests",
"version": "2.32.3",
"supplier": {
@@ -3070,8 +4113,8 @@
"description": "Python HTTP for Humans.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "0e322af87745eff34caffe4df68456ebc20d9068"
+ "alg": "SHA-256",
+ "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
}
],
"licenses": [
@@ -3093,153 +4136,223 @@
"url": "https://pypi.org/project/requests/2.32.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://requests.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/psf/requests",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/requests@2.32.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-29T15:37:47Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "63-certifi",
- "name": "certifi",
- "version": "2024.8.30",
+ "bom-ref": "66-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.4.0",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Ahmed TAHRI",
"contact": [
{
- "email": "me@kennethreitz.com"
+ "email": "tahri.ahmed@proton.me"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/certifi/python-certifi",
+ "url": "https://github.com/Ousret/charset_normalizer",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2024.8.30/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/Ousret/charset_normalizer/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://charset-normalizer.readthedocs.io/en/latest",
+ "type": "documentation"
}
],
- "purl": "pkg:pypi/certifi@2024.8.30",
+ "purl": "pkg:pypi/charset-normalizer@3.4.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-09T07:38:02Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "64-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.4.0",
+ "bom-ref": "67-urllib3",
+ "name": "urllib3",
+ "version": "2.2.3",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Andrey Petrov",
"contact": [
{
- "email": "tahri.ahmed@proton.me"
+ "email": "andrey.petrov@shazow.net"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
}
],
"externalReferences": [
{
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+ "url": "https://pypi.org/project/urllib3/2.2.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://urllib3.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
+ "purl": "pkg:pypi/urllib3@2.2.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T10:52:16Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "65-urllib3",
- "name": "urllib3",
- "version": "2.2.3",
+ "bom-ref": "68-certifi",
+ "name": "certifi",
+ "version": "2024.12.14",
"supplier": {
- "name": "Andrey Petrov",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "andrey.petrov@shazow.net"
+ "email": "me@kennethreitz.com"
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/certifi/2024.12.14/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/urllib3@2.2.3",
+ "purl": "pkg:pypi/certifi@2024.12.14",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-14T13:52:36Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "66-rpmfile",
+ "bom-ref": "69-rpmfile",
"name": "rpmfile",
"version": "2.1.0",
"supplier": {
@@ -3254,15 +4367,15 @@
"description": "Read rpm archive files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5"
+ "alg": "SHA-256",
+ "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3281,21 +4394,25 @@
],
"purl": "pkg:pypi/rpmfile@2.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-24T21:57:45Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "67-setuptools",
+ "bom-ref": "70-setuptools",
"name": "setuptools",
- "version": "75.3.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3304,30 +4421,52 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.3.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pypa/setuptools",
+ "type": "vcs"
+ },
+ {
+ "url": "https://setuptools.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://setuptools.pypa.io/en/stable/history.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/setuptools@75.3.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-20T18:16:10Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "68-xmlschema",
+ "bom-ref": "71-xmlschema",
"name": "xmlschema",
"version": "3.4.3",
"supplier": {
@@ -3340,11 +4479,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3363,19 +4508,23 @@
],
"purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T09:47:12Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "69-elementpath",
+ "bom-ref": "72-elementpath",
"name": "elementpath",
"version": "4.6.0",
"supplier": {
@@ -3388,11 +4537,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3412,52 +4567,22 @@
"purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
- "name": "language",
- "value": "Python"
+ "name": "release_date",
+ "value": "2024-10-27T21:52:58Z"
},
- {
- "name": "python_version",
- "value": "3.11.10"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "70-zipp",
- "name": "zipp",
- "version": "3.21.0",
- "supplier": {
- "name": "Jason R .",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/zipp/3.21.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/zipp@3.21.0",
- "properties": [
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
},
{
"type": "library",
- "bom-ref": "71-zstandard",
+ "bom-ref": "73-zstandard",
"name": "zstandard",
"version": "0.23.0",
"supplier": {
@@ -3470,6 +4595,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -3493,13 +4624,17 @@
],
"purl": "pkg:pypi/zstandard@0.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-15T00:13:27Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.11.10"
+ "value": "3.11.11"
}
]
}
@@ -3515,29 +4650,30 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "11-beautifulsoup4",
- "13-cvss",
- "14-defusedxml",
- "15-distro",
- "16-filetype",
- "17-gsutil",
- "42-jinja2",
- "44-jsonschema",
- "48-lib4sbom",
- "51-lib4vex",
- "53-packageurl-python",
- "58-packaging",
- "59-plotly",
+ "14-beautifulsoup4",
+ "16-cvss",
+ "17-defusedxml",
+ "18-distro",
+ "19-filetype",
+ "20-gsutil",
+ "7-importlib-metadata",
+ "45-jinja2",
+ "47-jsonschema",
+ "51-lib4sbom",
+ "54-lib4vex",
"61-python-gnupg",
- "49-pyyaml",
- "62-requests",
- "54-rich",
- "66-rpmfile",
- "67-setuptools",
- "65-urllib3",
- "68-xmlschema",
- "70-zipp",
- "71-zstandard"
+ "56-packageurl-python",
+ "62-packaging",
+ "63-plotly",
+ "52-pyyaml",
+ "65-requests",
+ "57-rich",
+ "69-rpmfile",
+ "70-setuptools",
+ "67-urllib3",
+ "71-xmlschema",
+ "73-zstandard",
+ "8-zipp"
]
},
{
@@ -3547,8 +4683,9 @@
"4-aiosignal",
"6-attrs",
"5-frozenlist",
- "7-multidict",
- "8-yarl"
+ "10-multidict",
+ "11-propcache",
+ "12-yarl"
]
},
{
@@ -3558,106 +4695,109 @@
]
},
{
- "ref": "8-yarl",
+ "ref": "6-attrs",
"dependsOn": [
- "9-idna",
- "7-multidict",
- "10-propcache"
+ "7-importlib-metadata"
]
},
{
- "ref": "11-beautifulsoup4",
+ "ref": "7-importlib-metadata",
"dependsOn": [
- "12-soupsieve"
+ "8-zipp",
+ "9-typing-extensions"
]
},
{
- "ref": "17-gsutil",
+ "ref": "10-multidict",
"dependsOn": [
- "18-argcomplete",
- "19-crcmod",
- "20-fasteners",
- "21-gcs-oauth2-boto-plugin",
- "40-google-apitools",
- "23-google-auth",
- "29-google-auth-httplib2",
- "32-google-reauth",
- "30-httplib2",
- "41-monotonic",
- "35-pyopenssl",
- "39-retry-decorator",
- "28-six"
+ "9-typing-extensions"
]
},
{
- "ref": "21-gcs-oauth2-boto-plugin",
+ "ref": "12-yarl",
"dependsOn": [
- "22-boto",
- "23-google-auth",
- "29-google-auth-httplib2",
- "32-google-reauth",
- "30-httplib2",
- "34-oauth2client",
- "35-pyopenssl",
- "39-retry-decorator",
- "27-rsa",
- "28-six"
+ "13-idna",
+ "10-multidict",
+ "11-propcache"
]
},
{
- "ref": "23-google-auth",
+ "ref": "14-beautifulsoup4",
"dependsOn": [
- "24-cachetools",
- "25-pyasn1-modules",
- "27-rsa",
- "28-six"
+ "15-soupsieve"
]
},
{
- "ref": "25-pyasn1-modules",
+ "ref": "20-gsutil",
"dependsOn": [
- "26-pyasn1"
+ "21-argcomplete",
+ "22-crcmod",
+ "23-fasteners",
+ "24-gcs-oauth2-boto-plugin",
+ "43-google-apitools",
+ "31-httplib2",
+ "28-google-reauth",
+ "44-monotonic",
+ "35-pyopenssl",
+ "39-retry-decorator",
+ "30-six",
+ "40-google-auth",
+ "42-google-auth-httplib2"
]
},
{
- "ref": "27-rsa",
+ "ref": "24-gcs-oauth2-boto-plugin",
"dependsOn": [
- "26-pyasn1"
+ "25-rsa",
+ "27-boto",
+ "28-google-reauth",
+ "31-httplib2",
+ "33-oauth2client",
+ "35-pyopenssl",
+ "39-retry-decorator",
+ "30-six",
+ "40-google-auth",
+ "42-google-auth-httplib2"
]
},
{
- "ref": "29-google-auth-httplib2",
+ "ref": "25-rsa",
"dependsOn": [
- "23-google-auth",
- "30-httplib2"
+ "26-pyasn1"
]
},
{
- "ref": "30-httplib2",
+ "ref": "28-google-reauth",
"dependsOn": [
- "31-pyparsing"
+ "29-pyu2f"
]
},
{
- "ref": "32-google-reauth",
+ "ref": "29-pyu2f",
"dependsOn": [
- "33-pyu2f"
+ "30-six"
]
},
{
- "ref": "33-pyu2f",
+ "ref": "31-httplib2",
"dependsOn": [
- "28-six"
+ "32-pyparsing"
]
},
{
- "ref": "34-oauth2client",
+ "ref": "33-oauth2client",
"dependsOn": [
- "30-httplib2",
+ "31-httplib2",
"26-pyasn1",
- "25-pyasn1-modules",
- "27-rsa",
- "28-six"
+ "34-pyasn1-modules",
+ "25-rsa",
+ "30-six"
+ ]
+ },
+ {
+ "ref": "34-pyasn1-modules",
+ "dependsOn": [
+ "26-pyasn1"
]
},
{
@@ -3679,98 +4819,121 @@
]
},
{
- "ref": "40-google-apitools",
+ "ref": "40-google-auth",
+ "dependsOn": [
+ "41-cachetools",
+ "34-pyasn1-modules",
+ "30-six",
+ "25-rsa"
+ ]
+ },
+ {
+ "ref": "42-google-auth-httplib2",
+ "dependsOn": [
+ "40-google-auth",
+ "31-httplib2"
+ ]
+ },
+ {
+ "ref": "43-google-apitools",
"dependsOn": [
- "20-fasteners",
- "30-httplib2",
- "34-oauth2client",
- "28-six"
+ "31-httplib2",
+ "23-fasteners",
+ "33-oauth2client",
+ "30-six"
]
},
{
- "ref": "42-jinja2",
+ "ref": "45-jinja2",
"dependsOn": [
- "43-markupsafe"
+ "46-markupsafe"
]
},
{
- "ref": "44-jsonschema",
+ "ref": "47-jsonschema",
"dependsOn": [
"6-attrs",
- "45-jsonschema-specifications",
- "46-referencing",
- "47-rpds-py"
+ "48-jsonschema-specifications",
+ "49-referencing",
+ "50-rpds-py"
]
},
{
- "ref": "45-jsonschema-specifications",
+ "ref": "48-jsonschema-specifications",
"dependsOn": [
- "46-referencing"
+ "49-referencing"
]
},
{
- "ref": "46-referencing",
+ "ref": "49-referencing",
"dependsOn": [
"6-attrs",
- "47-rpds-py"
+ "50-rpds-py"
+ ]
+ },
+ {
+ "ref": "51-lib4sbom",
+ "dependsOn": [
+ "52-pyyaml",
+ "53-semantic-version",
+ "17-defusedxml"
]
},
{
- "ref": "48-lib4sbom",
+ "ref": "54-lib4vex",
"dependsOn": [
- "14-defusedxml",
- "49-pyyaml",
- "50-semantic-version"
+ "51-lib4sbom",
+ "55-csaf-tool",
+ "56-packageurl-python"
]
},
{
- "ref": "51-lib4vex",
+ "ref": "55-csaf-tool",
"dependsOn": [
- "52-csaf-tool",
- "48-lib4sbom",
- "53-packageurl-python"
+ "56-packageurl-python",
+ "57-rich"
]
},
{
- "ref": "52-csaf-tool",
+ "ref": "57-rich",
"dependsOn": [
- "53-packageurl-python",
- "54-rich"
+ "58-markdown-it-py",
+ "60-pygments",
+ "9-typing-extensions"
]
},
{
- "ref": "54-rich",
+ "ref": "58-markdown-it-py",
"dependsOn": [
- "55-markdown-it-py",
- "57-pygments"
+ "59-mdurl"
]
},
{
- "ref": "55-markdown-it-py",
+ "ref": "63-plotly",
"dependsOn": [
- "56-mdurl"
+ "64-tenacity",
+ "62-packaging"
]
},
{
- "ref": "59-plotly",
+ "ref": "65-requests",
"dependsOn": [
- "58-packaging",
- "60-tenacity"
+ "66-charset-normalizer",
+ "13-idna",
+ "67-urllib3",
+ "68-certifi"
]
},
{
- "ref": "62-requests",
+ "ref": "71-xmlschema",
"dependsOn": [
- "63-certifi",
- "64-charset-normalizer",
- "9-idna",
- "65-urllib3"
+ "72-elementpath"
]
},
{
- "ref": "68-xmlschema",
+ "ref": "73-zstandard",
"dependsOn": [
- "69-elementpath"
+ "37-cffi"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx
index 272ff4e086..569bc038d9 100644
--- a/sbom/cve-bin-tool-py3.11.spdx
+++ b/sbom/cve-bin-tool-py3.11.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-efe4b143-b05c-44c4-852e-b6b21a68340f
-LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-11T00:37:01Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-479e7f06-c2d9-487c-8d53-2e39f567cb03
+LicenseListVersion: 3.25
+Creator: Tool: sbom4python-0.12.1
+Created: 2024-12-16T00:38:46Z
CreatorComment: This document has been automatically generated.
#####
@@ -17,62 +17,84 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/intel/cve-bin-tool
+PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
+ReleaseDate: 2024-09-17T18:57:44Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.10
+PackageVersion: 3.11.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10
+ReleaseDate: 2024-12-05T23:51:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp
+ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
+ExternalRef: OTHER other https://docs.aiohttp.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
+PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues
+ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
SPDXID: SPDXRef-4-aiosignal
-PackageVersion: 1.3.1
+PackageVersion: 1.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files
+PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: aiosignal: a list of registered asynchronous callbacks
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
+ExternalRef: OTHER other https://docs.aiosignal.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2
#####
PackageName: frozenlist
@@ -83,11 +105,22 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+ReleaseDate: 2024-10-23T09:46:20Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist
+ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog
+ExternalRef: OTHER other https://frozenlist.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
@@ -98,333 +131,413 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
+PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
+ReleaseDate: 2024-08-06T14:37:36Z
+ExternalRef: OTHER documentation https://www.attrs.org/
+ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
+ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
+ExternalRef: OTHER other https://github.com/sponsors/hynek
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
#####
+PackageName: importlib-metadata
+SPDXID: SPDXRef-7-importlib-metadata
+PackageVersion: 8.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read metadata from Python packages
+ReleaseDate: 2024-06-25T18:38:02Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zipp
+SPDXID: SPDXRef-8-zipp
+PackageVersion: 3.21.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backport of pathlib-compatible object wrapper for zip files
+ReleaseDate: 2024-11-10T15:05:19Z
+ExternalRef: OTHER vcs https://github.com/jaraco/zipp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
+#####
+
+PackageName: typing-extensions
+SPDXID: SPDXRef-9-typing-extensions
+PackageVersion: 4.12.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/python/typing_extensions
+PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ReleaseDate: 2024-06-07T18:52:13Z
+ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues
+ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
+ExternalRef: OTHER other https://github.com/python/typing/discussions
+ExternalRef: OTHER vcs https://github.com/python/typing_extensions
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+#####
+
PackageName: multidict
-SPDXID: SPDXRef-7-multidict
+SPDXID: SPDXRef-10-multidict
PackageVersion: 6.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: multidict implementation
+ReleaseDate: 2024-09-09T23:47:18Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
+ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://multidict.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
#####
+PackageName: propcache
+SPDXID: SPDXRef-11-propcache
+PackageVersion: 0.2.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/aio-libs/propcache
+PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6
+PackageLicenseDeclared: Apache-2.0
+PackageLicenseConcluded: Apache-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Accelerated property cache
+ReleaseDate: 2024-12-01T18:27:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache
+ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
+ExternalRef: OTHER other https://propcache.readthedocs.io
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
+#####
+
PackageName: yarl
-SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.17.1
+SPDXID: SPDXRef-12-yarl
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
+PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-01T20:32:32Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl
+ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://yarl.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-9-idna
+SPDXID: SPDXRef-13-idna
PackageVersion: 3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
+ReleaseDate: 2024-09-15T18:07:37Z
+ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
+ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
+ExternalRef: OTHER vcs https://github.com/kjd/idna
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
#####
-PackageName: propcache
-SPDXID: SPDXRef-10-propcache
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/propcache
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
-#####
-
PackageName: beautifulsoup4
-SPDXID: SPDXRef-11-beautifulsoup4
+SPDXID: SPDXRef-14-beautifulsoup4
PackageVersion: 4.12.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
+PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
+ReleaseDate: 2024-01-17T16:53:12Z
+ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
-SPDXID: SPDXRef-12-soupsieve
+SPDXID: SPDXRef-15-soupsieve
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
-PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
+PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ReleaseDate: 2024-08-13T13:39:10Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-13-cvss
+SPDXID: SPDXRef-16-cvss
PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
+PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
+ReleaseDate: 2024-11-01T10:05:52Z
+ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
+ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
+ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
+ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
-SPDXID: SPDXRef-14-defusedxml
+SPDXID: SPDXRef-17-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files
+PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml
FilesAnalyzed: false
PackageHomePage: https://github.com/tiran/defusedxml
-PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
+PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
+ReleaseDate: 2021-03-08T10:59:24Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
PackageName: distro
-SPDXID: SPDXRef-15-distro
+SPDXID: SPDXRef-18-distro
PackageVersion: 1.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-distro/distro
+PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
+ReleaseDate: 2023-12-24T09:54:30Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
PackageName: filetype
-SPDXID: SPDXRef-16-filetype
+SPDXID: SPDXRef-19-filetype
PackageVersion: 1.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
-PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files
+PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master
FilesAnalyzed: false
PackageHomePage: https://github.com/h2non/filetype.py
-PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
+PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
+ReleaseDate: 2022-11-02T17:34:01Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-17-gsutil
-PackageVersion: 5.31
+SPDXID: SPDXRef-20-gsutil
+PackageVersion: 5.33
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files
+PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
+PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-11T09:40:59Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-18-argcomplete
-PackageVersion: 3.5.1
+SPDXID: SPDXRef-21-argcomplete
+PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
+PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-06T18:24:27Z
+ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
+ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
+ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
+ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-19-crcmod
+SPDXID: SPDXRef-22-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files
+PackageDownloadLocation: http://sourceforge.net/projects/crcmod
FilesAnalyzed: false
PackageHomePage: http://crcmod.sourceforge.net/
+PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
+ReleaseDate: 2010-06-27T14:35:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-20-fasteners
+SPDXID: SPDXRef-23-fasteners
PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/harlowja/fasteners
-PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
+PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
+ReleaseDate: 2023-09-19T17:11:18Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-21-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-24-gcs-oauth2-boto-plugin
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files
+PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin
FilesAnalyzed: false
PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb
+PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+ReleaseDate: 2024-05-02T14:37:31Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
-PackageName: boto
-SPDXID: SPDXRef-22-boto
-PackageVersion: 2.49.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth
-SPDXID: SPDXRef-23-google-auth
-PackageVersion: 2.17.0
+PackageName: rsa
+SPDXID: SPDXRef-25-rsa
+PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243
+PackageHomePage: https://stuvel.eu/rsa
+PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
-#####
-
-PackageName: cachetools
-SPDXID: SPDXRef-24-cachetools
-PackageVersion: 5.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-25-pyasn1-modules
-PackageVersion: 0.4.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+PackageSummary: Pure-Python RSA implementation
+ReleaseDate: 2021-02-24T10:55:03Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
PackageName: pyasn1
@@ -435,154 +548,171 @@ PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ReleaseDate: 2024-09-10T22:41:42Z
+ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
+ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
#####
-PackageName: rsa
-SPDXID: SPDXRef-27-rsa
-PackageVersion: 4.7.2
+PackageName: boto
+SPDXID: SPDXRef-27-boto
+PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
+PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
+PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
+PackageHomePage: https://github.com/boto/boto/
+PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Amazon Web Services Library
+ReleaseDate: 2018-07-11T20:58:55Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-reauth
+SPDXID: SPDXRef-28-google-reauth
+PackageVersion: 0.1.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/Google/google-reauth-python
+PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+PackageSummary: Google Reauth Library
+ReleaseDate: 2020-12-01T17:35:45Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
+#####
+
+PackageName: pyu2f
+SPDXID: SPDXRef-29-pyu2f
+PackageVersion: 0.1.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/google/pyu2f/
+PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ReleaseDate: 2020-10-30T20:03:07Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-28-six
-PackageVersion: 1.16.0
+SPDXID: SPDXRef-30-six
+PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
-PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/benjaminp/six
-PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1
+PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth-httplib2
-SPDXID: SPDXRef-29-google-auth-httplib2
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library: httplib2 transport
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T17:35:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
PackageName: httplib2
-SPDXID: SPDXRef-30-httplib2
+SPDXID: SPDXRef-31-httplib2
PackageVersion: 0.20.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/httplib2/httplib2
-PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
+PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
+ReleaseDate: 2022-02-03T00:00:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
PackageName: pyparsing
-SPDXID: SPDXRef-31-pyparsing
+SPDXID: SPDXRef-32-pyparsing
PackageVersion: 3.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+ReleaseDate: 2024-10-13T10:01:13Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*
#####
-PackageName: google-reauth
-SPDXID: SPDXRef-32-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-33-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
PackageName: oauth2client
-SPDXID: SPDXRef-34-oauth2client
+SPDXID: SPDXRef-33-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/oauth2client/
-PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
+PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
+ReleaseDate: 2018-09-07T21:38:16Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-34-pyasn1-modules
+PackageVersion: 0.4.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ReleaseDate: 2024-09-10T22:42:08Z
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
+ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+#####
+
PackageName: pyopenssl
SPDXID: SPDXRef-35-pyopenssl
PackageVersion: 24.2.1
@@ -591,11 +721,14 @@ PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python
PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
+PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
+ReleaseDate: 2024-07-20T17:26:29Z
+ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
@@ -608,10 +741,16 @@ PackageSupplier: Organization: The cryptography developers The Python Cryptograp
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
+PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+ReleaseDate: 2024-10-18T15:57:36Z
+ExternalRef: OTHER documentation https://cryptography.io/
+ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
+ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
+ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
@@ -624,10 +763,18 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
+ReleaseDate: 2024-09-04T20:43:30Z
+ExternalRef: OTHER documentation http://cffi.readthedocs.org/
+ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
+ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
+ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
+ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
@@ -640,11 +787,12 @@ PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
+PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
+ReleaseDate: 2024-03-30T13:22:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
@@ -657,647 +805,835 @@ PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
+PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
+ReleaseDate: 2020-03-10T23:56:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
+PackageName: google-auth
+SPDXID: SPDXRef-40-google-auth
+PackageVersion: 2.17.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/googleapis/google-auth-library-python
+PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library
+ReleaseDate: 2023-03-28T19:51:30Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cachetools
+SPDXID: SPDXRef-41-cachetools
+PackageVersion: 5.5.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/tkem/cachetools/
+PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ReleaseDate: 2024-08-18T20:28:43Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-auth-httplib2
+SPDXID: SPDXRef-42-google-auth-httplib2
+PackageVersion: 0.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
+PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library: httplib2 transport
+ReleaseDate: 2023-12-12T17:40:13Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+#####
+
PackageName: google-apitools
-SPDXID: SPDXRef-40-google-apitools
+SPDXID: SPDXRef-43-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
+PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
+ReleaseDate: 2021-05-05T22:12:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-41-monotonic
+SPDXID: SPDXRef-44-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/atdt/monotonic
-PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
+PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+ReleaseDate: 2021-04-09T21:58:05Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
PackageName: jinja2
-SPDXID: SPDXRef-42-jinja2
+SPDXID: SPDXRef-45-jinja2
PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57
+PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
+ReleaseDate: 2024-05-05T23:41:59Z
+ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
+ExternalRef: OTHER chat https://discord.gg/pallets
+ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER vcs https://github.com/pallets/jinja/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
#####
PackageName: markupsafe
-SPDXID: SPDXRef-43-markupsafe
+SPDXID: SPDXRef-46-markupsafe
PackageVersion: 3.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
+PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
-PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: markupsafe declares Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
+ReleaseDate: 2024-10-18T15:20:51Z
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
+ExternalRef: OTHER chat https://discord.gg/pallets
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2
#####
PackageName: jsonschema
-SPDXID: SPDXRef-44-jsonschema
+SPDXID: SPDXRef-47-jsonschema
PackageVersion: 4.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema
+PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
+ReleaseDate: 2024-07-08T18:40:00Z
+ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
-SPDXID: SPDXRef-45-jsonschema-specifications
+SPDXID: SPDXRef-48-jsonschema-specifications
PackageVersion: 2024.10.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549
+PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
+ReleaseDate: 2024-10-08T12:29:30Z
+ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*
#####
PackageName: referencing
-SPDXID: SPDXRef-46-referencing
+SPDXID: SPDXRef-49-referencing
PackageVersion: 0.35.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
+PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
+ReleaseDate: 2024-05-01T20:26:02Z
+ExternalRef: OTHER documentation https://referencing.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
-SPDXID: SPDXRef-47-rpds-py
-PackageVersion: 0.21.0
+SPDXID: SPDXRef-50-rpds-py
+PackageVersion: 0.22.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T15:31:31Z
+ExternalRef: OTHER documentation https://rpds.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/crate-py/rpds
+ExternalRef: OTHER other https://github.com/orium/rpds
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
-SPDXID: SPDXRef-48-lib4sbom
-PackageVersion: 0.7.5
+SPDXID: SPDXRef-51-lib4sbom
+PackageVersion: 0.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
+PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-09T20:13:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
-SPDXID: SPDXRef-49-pyyaml
+SPDXID: SPDXRef-52-pyyaml
PackageVersion: 6.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/PyYAML/
FilesAnalyzed: false
PackageHomePage: https://pyyaml.org/
+PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
+ReleaseDate: 2024-08-06T20:31:40Z
+ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
+ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
+ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
+ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
+ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
PackageName: semantic-version
-SPDXID: SPDXRef-50-semantic-version
+SPDXID: SPDXRef-53-semantic-version
PackageVersion: 2.10.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
+PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
+ReleaseDate: 2022-05-26T13:35:21Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
PackageName: lib4vex
-SPDXID: SPDXRef-51-lib4vex
+SPDXID: SPDXRef-54-lib4vex
PackageVersion: 0.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
+PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
+ReleaseDate: 2024-08-29T20:36:52Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
#####
PackageName: csaf-tool
-SPDXID: SPDXRef-52-csaf-tool
+SPDXID: SPDXRef-55-csaf-tool
PackageVersion: 0.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4
+PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CSAF generator and analyser
+ReleaseDate: 2024-06-12T20:10:06Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
#####
PackageName: packageurl-python
-SPDXID: SPDXRef-53-packageurl-python
+SPDXID: SPDXRef-56-packageurl-python
PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
+ReleaseDate: 2024-10-22T05:51:23Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
-SPDXID: SPDXRef-54-rich
+SPDXID: SPDXRef-57-rich
PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
+PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ReleaseDate: 2024-11-01T16:43:55Z
+ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
-SPDXID: SPDXRef-55-markdown-it-py
+SPDXID: SPDXRef-58-markdown-it-py
PackageVersion: 3.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/markdown-it-py
-PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
+PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ReleaseDate: 2023-06-03T06:41:11Z
+ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
PackageName: mdurl
-SPDXID: SPDXRef-56-mdurl
+SPDXID: SPDXRef-59-mdurl
PackageVersion: 0.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/mdurl
-PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
+PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
+ReleaseDate: 2022-08-14T12:40:09Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
PackageName: pygments
-SPDXID: SPDXRef-57-pygments
+SPDXID: SPDXRef-60-pygments
PackageVersion: 2.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
+PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
+ReleaseDate: 2024-05-04T13:41:57Z
+ExternalRef: OTHER documentation https://pygments.org/docs
+ExternalRef: OTHER vcs https://github.com/pygments/pygments
+ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
+ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
+PackageName: python-gnupg
+SPDXID: SPDXRef-61-python-gnupg
+PackageVersion: 0.5.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/vsajip/python-gnupg
+PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ReleaseDate: 2024-09-20T16:43:47Z
+ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
+ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-58-packaging
+SPDXID: SPDXRef-62-packaging
PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
+ReleaseDate: 2024-11-08T09:47:44Z
+ExternalRef: OTHER documentation https://packaging.pypa.io/
+ExternalRef: OTHER vcs https://github.com/pypa/packaging
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-59-plotly
+SPDXID: SPDXRef-63-plotly
PackageVersion: 5.24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
+PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
+ReleaseDate: 2024-09-12T15:36:24Z
+ExternalRef: OTHER documentation https://plotly.com/python/
+ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
+ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-60-tenacity
+SPDXID: SPDXRef-64-tenacity
PackageVersion: 9.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/jd/tenacity
-PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb
+PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
+ReleaseDate: 2024-07-29T12:12:25Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
#####
-PackageName: python-gnupg
-SPDXID: SPDXRef-61-python-gnupg
-PackageVersion: 0.5.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
-#####
-
PackageName: requests
-SPDXID: SPDXRef-62-requests
+SPDXID: SPDXRef-65-requests
PackageVersion: 2.32.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068
+PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
+ReleaseDate: 2024-05-29T15:37:47Z
+ExternalRef: OTHER documentation https://requests.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/psf/requests
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
#####
-PackageName: certifi
-SPDXID: SPDXRef-63-certifi
-PackageVersion: 2024.8.30
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*
-#####
-
PackageName: charset-normalizer
-SPDXID: SPDXRef-64-charset-normalizer
+SPDXID: SPDXRef-66-charset-normalizer
PackageVersion: 3.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Ousret/charset_normalizer
+PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ReleaseDate: 2024-10-09T07:38:02Z
+ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-65-urllib3
+SPDXID: SPDXRef-67-urllib3
PackageVersion: 2.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ReleaseDate: 2024-09-12T10:52:16Z
+ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
+ExternalRef: OTHER documentation https://urllib3.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
+ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
#####
+PackageName: certifi
+SPDXID: SPDXRef-68-certifi
+PackageVersion: 2024.12.14
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/certifi/python-certifi
+PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56
+PackageLicenseDeclared: MPL-2.0
+PackageLicenseConcluded: MPL-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python package for providing Mozilla's CA Bundle.
+ReleaseDate: 2024-12-14T13:52:36Z
+ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
+#####
+
PackageName: rpmfile
-SPDXID: SPDXRef-66-rpmfile
+SPDXID: SPDXRef-69-rpmfile
PackageVersion: 2.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/srossross/rpmfile
-PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5
+PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
+ReleaseDate: 2024-07-24T21:57:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
PackageName: setuptools
-SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.3.0
+SPDXID: SPDXRef-70-setuptools
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-20T18:16:10Z
+ExternalRef: OTHER vcs https://github.com/pypa/setuptools
+ExternalRef: OTHER documentation https://setuptools.pypa.io/
+ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
-SPDXID: SPDXRef-68-xmlschema
+SPDXID: SPDXRef-71-xmlschema
PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
+PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
+ReleaseDate: 2024-10-31T09:47:12Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-69-elementpath
+SPDXID: SPDXRef-72-elementpath
PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ReleaseDate: 2024-10-27T21:52:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
-PackageName: zipp
-SPDXID: SPDXRef-70-zipp
-PackageVersion: 3.21.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
-#####
-
PackageName: zstandard
-SPDXID: SPDXRef-71-zstandard
+SPDXID: SPDXRef-73-zstandard
PackageVersion: 0.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
+ReleaseDate: 2024-07-15T00:13:27Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-11-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-filetype
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-beautifulsoup4
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-cvss
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-defusedxml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-distro
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-filetype
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-42-jinja2
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jsonschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-lib4sbom
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-pyyaml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4vex
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jinja2
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jsonschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4sbom
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-pyyaml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4vex
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-rich
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-python-gnupg
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-requests
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-urllib3
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-rpmfile
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-setuptools
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-xmlschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-zipp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-zstandard
-Relationship: SPDXRef-11-beautifulsoup4 DEPENDS_ON SPDXRef-12-soupsieve
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-18-argcomplete
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-19-crcmod
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-20-fasteners
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-21-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-29-google-auth-httplib2
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-32-google-reauth
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-35-pyopenssl
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-39-retry-decorator
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-40-google-apitools
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-41-monotonic
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-requests
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-rpmfile
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-setuptools
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zstandard
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-11-propcache
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-13-idna
+Relationship: SPDXRef-14-beautifulsoup4 DEPENDS_ON SPDXRef-15-soupsieve
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-propcache
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-yarl
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-yarl
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-auth-httplib2
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-google-reauth
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-24-cachetools
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-25-pyasn1-modules
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-25-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-27-rsa DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-30-httplib2 DEPENDS_ON SPDXRef-31-pyparsing
-Relationship: SPDXRef-32-google-reauth DEPENDS_ON SPDXRef-33-pyu2f
-Relationship: SPDXRef-33-pyu2f DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-25-pyasn1-modules
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-30-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-21-argcomplete
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-22-crcmod
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-23-fasteners
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-24-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-28-google-reauth
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-35-pyopenssl
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-39-retry-decorator
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-42-google-auth-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-43-google-apitools
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-44-monotonic
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-boto
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-google-reauth
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-oauth2client
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-42-google-auth-httplib2
+Relationship: SPDXRef-25-rsa DEPENDS_ON SPDXRef-26-pyasn1
+Relationship: SPDXRef-28-google-reauth DEPENDS_ON SPDXRef-29-pyu2f
+Relationship: SPDXRef-29-pyu2f DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-31-httplib2 DEPENDS_ON SPDXRef-32-pyparsing
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-26-pyasn1
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-34-pyasn1-modules
+Relationship: SPDXRef-34-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1
Relationship: SPDXRef-35-pyopenssl DEPENDS_ON SPDXRef-36-cryptography
Relationship: SPDXRef-36-cryptography DEPENDS_ON SPDXRef-37-cffi
Relationship: SPDXRef-37-cffi DEPENDS_ON SPDXRef-38-pycparser
Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-20-fasteners
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-34-oauth2client
-Relationship: SPDXRef-42-jinja2 DEPENDS_ON SPDXRef-43-markupsafe
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-45-jsonschema-specifications
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-46-referencing
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-47-rpds-py
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-45-jsonschema-specifications DEPENDS_ON SPDXRef-46-referencing
-Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-47-rpds-py
-Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-14-defusedxml
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-49-pyyaml
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-50-semantic-version
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-48-lib4sbom
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-52-csaf-tool
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-54-rich
-Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-55-markdown-it-py
-Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments
-Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl
-Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging
-Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-9-idna
-Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath
-Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-10-propcache
-Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-7-multidict
-Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-9-idna
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-34-pyasn1-modules
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-41-cachetools
+Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-23-fasteners
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-33-oauth2client
+Relationship: SPDXRef-45-jinja2 DEPENDS_ON SPDXRef-46-markupsafe
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-48-jsonschema-specifications
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-49-referencing
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-50-rpds-py
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-48-jsonschema-specifications DEPENDS_ON SPDXRef-49-referencing
+Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-50-rpds-py
+Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-17-defusedxml
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-52-pyyaml
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-53-semantic-version
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-51-lib4sbom
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-55-csaf-tool
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl
+Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata
+Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging
+Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-13-idna
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-66-charset-normalizer
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-67-urllib3
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-68-certifi
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-71-xmlschema DEPENDS_ON SPDXRef-72-elementpath
+Relationship: SPDXRef-73-zstandard DEPENDS_ON SPDXRef-37-cffi
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool
diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 60821f01a1..1d141c581a 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:473bf76a-fad4-4e1d-858c-96c7fb94c47b",
+ "serialNumber": "urn:uuid:2fbc005e-051d-4dd7-8f24-b4905f4d23f2",
"version": 1,
"metadata": {
- "timestamp": "2024-11-11T00:37:48Z",
+ "timestamp": "2024-12-16T00:38:53Z",
"lifecycles": [
{
"phase": "build"
@@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
- "version": "0.11.3",
+ "version": "0.12.1",
"type": "application"
}
]
@@ -42,6 +42,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -65,13 +71,17 @@
],
"purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-17T18:57:44Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
@@ -79,8 +89,14 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.10",
+ "version": "3.11.10",
"description": "Async http client/server framework (asyncio)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -97,20 +113,56 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.10.10/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.10/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiohttp",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiohttp.org/en/stable/changes.html",
+ "type": "log"
+ },
+ {
+ "url": "https://docs.aiohttp.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.10",
+ "purl": "pkg:pypi/aiohttp@3.11.10",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-05T23:51:02Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
@@ -118,7 +170,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,12 +179,12 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ "alg": "SHA-256",
+ "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8"
}
],
"licenses": [
@@ -151,20 +203,40 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://aiohappyeyeballs.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
@@ -172,14 +244,8 @@
"type": "library",
"bom-ref": "4-aiosignal",
"name": "aiosignal",
- "version": "1.3.1",
+ "version": "1.3.2",
"description": "aiosignal: a list of registered asynchronous callbacks",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
- }
- ],
"licenses": [
{
"license": {
@@ -196,24 +262,48 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiosignal/1.3.1/#files",
+ "url": "https://pypi.org/project/aiosignal/1.3.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiosignal",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiosignal.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiosignal@1.3.1",
+ "purl": "pkg:pypi/aiosignal@1.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-08T16:03:57.000Z"
+ "value": "3.12.8"
}
]
},
@@ -223,6 +313,12 @@
"name": "frozenlist",
"version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -242,17 +338,57 @@
"url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/frozenlist",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog",
+ "type": "log"
+ },
+ {
+ "url": "https://frozenlist.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-23T09:46:20Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
@@ -273,8 +409,8 @@
"description": "Classes Without Boilerplate",
"hashes": [
{
- "alg": "SHA-1",
- "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ "alg": "SHA-256",
+ "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"
}
],
"externalReferences": [
@@ -282,155 +418,214 @@
"url": "https://pypi.org/project/attrs/24.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.attrs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://www.attrs.org/en/stable/changelog.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-attrs/attrs",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/sponsors/hynek",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi",
+ "type": "other"
}
],
"purl": "pkg:pypi/attrs@24.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T14:37:36Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "7-multidict",
- "name": "multidict",
- "version": "6.1.0",
+ "bom-ref": "7-importlib-metadata",
+ "name": "importlib-metadata",
+ "version": "8.0.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
- "licenses": [
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*",
+ "description": "Read metadata from Python packages",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
+ "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_metadata",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/multidict@6.1.0",
+ "purl": "pkg:pypi/importlib-metadata@8.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-25T18:38:02Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "8-yarl",
- "name": "yarl",
- "version": "1.17.1",
+ "bom-ref": "8-zipp",
+ "name": "zipp",
+ "version": "3.21.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
- "licenses": [
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
+ "description": "Backport of pathlib-compatible object wrapper for zip files",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/yarl",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/yarl/1.17.1/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/jaraco/zipp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/yarl@1.17.1",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-10T15:05:19Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "9-idna",
- "name": "idna",
- "version": "3.10",
+ "bom-ref": "9-typing-extensions",
+ "name": "typing-extensions",
+ "version": "4.12.2",
"supplier": {
- "name": "Kim Davies",
+ "name": "Guido van Jukka ukasz Michael",
"contact": [
{
- "email": "kim+pypi@gumleaf.org"
+ "email": "levkivskyi@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
+ "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
+ "description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/idna/3.10/#files",
+ "url": "https://github.com/python/typing_extensions",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://typing-extensions.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python/typing/discussions",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/typing-extensions@4.12.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-07T18:52:13Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "10-propcache",
- "name": "propcache",
- "version": "0.2.0",
+ "bom-ref": "10-multidict",
+ "name": "multidict",
+ "version": "6.1.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -439,8 +634,14 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
- "description": "Accelerated property cache",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
+ }
+ ],
"licenses": [
{
"license": {
@@ -452,89 +653,383 @@
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/propcache",
+ "url": "https://github.com/aio-libs/multidict",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/multidict/6.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/multidict",
+ "type": "other"
+ },
+ {
+ "url": "https://multidict.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://multidict.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/propcache@0.2.0",
+ "purl": "pkg:pypi/multidict@6.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T23:47:18Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "11-beautifulsoup4",
- "name": "beautifulsoup4",
- "version": "4.12.3",
+ "bom-ref": "11-propcache",
+ "name": "propcache",
+ "version": "0.2.1",
"supplier": {
- "name": "Leonard Richardson",
+ "name": "Andrew Svetlov",
"contact": [
{
- "email": "leonardr@segfault.org"
+ "email": "andrew.svetlov@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
- "description": "Screen-scraping library",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
+ "description": "Accelerated property cache",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
+ "url": "https://github.com/aio-libs/propcache",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/beautifulsoup4@4.12.3",
- "properties": [
+ },
{
- "name": "language",
- "value": "Python"
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
},
{
- "name": "python_version",
- "value": "3.12.7"
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
},
{
- "name": "package_release_date",
- "value": "2024-01-17T16:53:12.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "12-soupsieve",
- "name": "soupsieve",
- "version": "2.6",
- "supplier": {
- "name": "Isaac Muse",
- "contact": [
- {
+ "url": "https://github.com/aio-libs/propcache/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/propcache",
+ "type": "other"
+ },
+ {
+ "url": "https://propcache.readthedocs.io/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://propcache.readthedocs.io",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/propcache@0.2.1",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T18:27:02Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "12-yarl",
+ "name": "yarl",
+ "version": "1.18.3",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
+ "description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/yarl",
+ "type": "other"
+ },
+ {
+ "url": "https://yarl.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://yarl.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/yarl@1.18.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T20:32:32Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "13-idna",
+ "name": "idna",
+ "version": "3.10",
+ "supplier": {
+ "name": "Kim Davies",
+ "contact": [
+ {
+ "email": "kim+pypi@gumleaf.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
+ "description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/idna/3.10/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/kjd/idna/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kjd/idna",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/idna@3.10",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-15T18:07:37Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "14-beautifulsoup4",
+ "name": "beautifulsoup4",
+ "version": "4.12.3",
+ "supplier": {
+ "name": "Leonard Richardson",
+ "contact": [
+ {
+ "email": "leonardr@segfault.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
+ "description": "Screen-scraping library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/",
+ "type": "other"
+ }
+ ],
+ "purl": "pkg:pypi/beautifulsoup4@4.12.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-01-17T16:53:12Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "15-soupsieve",
+ "name": "soupsieve",
+ "version": "2.6",
+ "supplier": {
+ "name": "Isaac Muse",
+ "contact": [
+ {
"email": "Isaac.Muse@gmail.com"
}
]
@@ -543,8 +1038,8 @@
"description": "A modern CSS selector implementation for Beautiful Soup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ "alg": "SHA-256",
+ "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"
}
],
"externalReferences": [
@@ -561,19 +1056,23 @@
],
"purl": "pkg:pypi/soupsieve@2.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-13T13:39:10Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "13-cvss",
+ "bom-ref": "16-cvss",
"name": "cvss",
"version": "3.3",
"supplier": {
@@ -586,6 +1085,12 @@
},
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -605,23 +1110,43 @@
"url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/actions",
+ "type": "build-system"
}
],
"purl": "pkg:pypi/cvss@3.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T10:05:52Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "14-defusedxml",
+ "bom-ref": "17-defusedxml",
"name": "defusedxml",
"version": "0.7.1",
"supplier": {
@@ -636,8 +1161,8 @@
"description": "XML bomb protection for Python stdlib modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ "alg": "SHA-256",
+ "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
}
],
"licenses": [
@@ -656,30 +1181,30 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/defusedxml/0.7.1/#files",
+ "url": "https://pypi.python.org/pypi/defusedxml",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/defusedxml@0.7.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-03-08T10:59:24Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2021-03-08T10:59:24.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "15-distro",
+ "bom-ref": "18-distro",
"name": "distro",
"version": "1.9.0",
"supplier": {
@@ -692,6 +1217,12 @@
},
"cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
"description": "Distro - an OS platform information API",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
+ }
+ ],
"licenses": [
{
"license": {
@@ -715,23 +1246,23 @@
],
"purl": "pkg:pypi/distro@1.9.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-24T09:54:30Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-24T09:54:30.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "16-filetype",
+ "bom-ref": "19-filetype",
"name": "filetype",
"version": "1.2.0",
"supplier": {
@@ -746,15 +1277,15 @@
"description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ "alg": "SHA-256",
+ "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -766,32 +1297,32 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/filetype/1.2.0/#files",
+ "url": "https://github.com/h2non/filetype.py/tarball/master",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/filetype@1.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-02T17:34:01Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-02T17:34:01.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "17-gsutil",
+ "bom-ref": "20-gsutil",
"name": "gsutil",
- "version": "5.31",
+ "version": "5.33",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -800,8 +1331,14 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856"
+ }
+ ],
"licenses": [
{
"license": {
@@ -818,28 +1355,32 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.31/#files",
+ "url": "https://cloud.google.com/storage/docs/gsutil_install",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.31",
+ "purl": "pkg:pypi/gsutil@5.33",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-11T09:40:59Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "18-argcomplete",
+ "bom-ref": "21-argcomplete",
"name": "argcomplete",
- "version": "3.5.1",
+ "version": "3.5.2",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -848,8 +1389,14 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
+ }
+ ],
"licenses": [
{
"license": {
@@ -866,26 +1413,46 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.5.1/#files",
+ "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://kislyuk.github.io/argcomplete",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst",
+ "type": "log"
}
],
- "purl": "pkg:pypi/argcomplete@3.5.1",
+ "purl": "pkg:pypi/argcomplete@3.5.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-06T18:24:27Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "19-crcmod",
+ "bom-ref": "22-crcmod",
"name": "crcmod",
"version": "1.7",
"supplier": {
@@ -898,11 +1465,17 @@
},
"cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
"description": "CRC Generator",
- "licenses": [
+ "hashes": [
{
- "license": {
+ "alg": "SHA-256",
+ "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -914,26 +1487,30 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/crcmod/1.7/#files",
+ "url": "http://sourceforge.net/projects/crcmod",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/crcmod@1.7",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2010-06-27T14:35:29Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "20-fasteners",
+ "bom-ref": "23-fasteners",
"name": "fasteners",
"version": "0.19",
"supplier": {
@@ -943,8 +1520,8 @@
"description": "A python package that provides useful locks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ "alg": "SHA-256",
+ "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237"
}
],
"licenses": [
@@ -970,19 +1547,23 @@
],
"purl": "pkg:pypi/fasteners@0.19",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-09-19T17:11:18Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "21-gcs-oauth2-boto-plugin",
+ "bom-ref": "24-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
"version": "3.2",
"supplier": {
@@ -997,8 +1578,8 @@
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+ "alg": "SHA-256",
+ "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843"
}
],
"licenses": [
@@ -1017,569 +1598,645 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files",
+ "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-02T14:37:31Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-02T14:37:31.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "22-boto",
- "name": "boto",
- "version": "2.49.0",
+ "bom-ref": "25-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
"supplier": {
- "name": "Mitch Garnaat",
+ "name": "Sybren A . Stuvel",
"contact": [
{
- "email": "mitch@garnaat.com"
+ "email": "sybren@stuvel.eu"
}
]
},
- "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
- "description": "Amazon Web Services Library",
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
"hashes": [
{
- "alg": "SHA-1",
- "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ "alg": "SHA-256",
+ "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/boto/boto/",
+ "url": "https://stuvel.eu/rsa",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/boto/2.49.0/#files",
+ "url": "https://pypi.org/project/rsa/4.7.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/boto@2.49.0",
+ "purl": "pkg:pypi/rsa@4.7.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-02-24T10:55:03Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2018-07-11T20:58:55.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "23-google-auth",
- "name": "google-auth",
- "version": "2.17.0",
+ "bom-ref": "26-pyasn1",
+ "name": "pyasn1",
+ "version": "0.6.1",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243"
+ "alg": "SHA-256",
+ "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/googleapis/google-auth-library-python",
+ "url": "https://github.com/pyasn1/pyasn1",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth/2.17.0/#files",
+ "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/google-auth@2.17.0",
+ "purl": "pkg:pypi/pyasn1@0.6.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:41:42Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "24-cachetools",
- "name": "cachetools",
- "version": "5.5.0",
+ "bom-ref": "27-boto",
+ "name": "boto",
+ "version": "2.49.0",
"supplier": {
- "name": "Thomas Kemmer",
+ "name": "Mitch Garnaat",
"contact": [
{
- "email": "tkemmer@computer.org"
+ "email": "mitch@garnaat.com"
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
+ "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
+ "description": "Amazon Web Services Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/tkem/cachetools/",
+ "url": "https://github.com/boto/boto/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cachetools/5.5.0/#files",
+ "url": "https://pypi.org/project/boto/2.49.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.5.0",
+ "purl": "pkg:pypi/boto@2.49.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-07-11T20:58:55Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "25-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.1",
+ "bom-ref": "28-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "googleapis-publisher@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1-modules",
+ "url": "https://github.com/Google/google-reauth-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
+ "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.4.1",
+ "purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-12-01T17:35:45Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "26-pyasn1",
- "name": "pyasn1",
- "version": "0.6.1",
+ "bom-ref": "29-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google Inc .",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "pyu2f-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1",
+ "url": "https://github.com/google/pyu2f/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
+ "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.6.1",
+ "purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-10-30T20:03:07Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "27-rsa",
- "name": "rsa",
- "version": "4.7.2",
+ "bom-ref": "30-six",
+ "name": "six",
+ "version": "1.17.0",
"supplier": {
- "name": "Sybren A . Stuvel",
+ "name": "Benjamin Peterson",
"contact": [
{
- "email": "sybren@stuvel.eu"
+ "email": "benjamin@python.org"
}
]
},
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
+ "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
+ "description": "Python 2 and 3 compatibility utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ "alg": "SHA-256",
+ "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://stuvel.eu/rsa",
+ "url": "https://github.com/benjaminp/six",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rsa/4.7.2/#files",
+ "url": "https://pypi.org/project/six/1.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2",
+ "purl": "pkg:pypi/six@1.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T17:35:26Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2021-02-24T10:55:03.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "28-six",
- "name": "six",
- "version": "1.16.0",
+ "bom-ref": "31-httplib2",
+ "name": "httplib2",
+ "version": "0.20.4",
"supplier": {
- "name": "Benjamin Peterson",
+ "name": "Joe Gregorio",
"contact": [
{
- "email": "benjamin@python.org"
+ "email": "joe@bitworking.org"
}
]
},
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
- "description": "Python 2 and 3 compatibility utilities",
+ "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
+ "description": "A comprehensive HTTP client library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "65486e4383f9f411da95937451205d3c7b61b9e1"
+ "alg": "SHA-256",
+ "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/benjaminp/six",
+ "url": "https://github.com/httplib2/httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/six/1.16.0/#files",
+ "url": "https://pypi.org/project/httplib2/0.20.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/httplib2@0.20.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-02-03T00:00:29Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T14:18:17.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "29-google-auth-httplib2",
- "name": "google-auth-httplib2",
- "version": "0.2.0",
+ "bom-ref": "32-pyparsing",
+ "name": "pyparsing",
+ "version": "3.2.0",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Paul McGuire",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "ptmcg.gm+pyparsing@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library: httplib2 transport",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
+ "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"hashes": [
{
- "alg": "SHA-1",
- "content": "932ac88800dd6de004c1bd59867831ccf033f031"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84"
}
],
"externalReferences": [
{
- "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
+ "url": "https://github.com/pyparsing/pyparsing/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
+ "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
+ "purl": "pkg:pypi/pyparsing@3.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-13T10:01:13Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-12T17:40:13.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "30-httplib2",
- "name": "httplib2",
- "version": "0.20.4",
+ "bom-ref": "33-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
"supplier": {
- "name": "Joe Gregorio",
+ "name": "Google Inc .",
"contact": [
{
- "email": "joe@bitworking.org"
+ "email": "jonwayne+oauth2client@google.com"
}
]
},
- "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
- "description": "A comprehensive HTTP client library.",
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ "alg": "SHA-256",
+ "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/httplib2/httplib2",
+ "url": "http://github.com/google/oauth2client/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/httplib2/0.20.4/#files",
+ "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/httplib2@0.20.4",
+ "purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-09-07T21:38:16Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "31-pyparsing",
- "name": "pyparsing",
- "version": "3.2.0",
+ "bom-ref": "34-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.4.1",
"supplier": {
- "name": "Paul McGuire",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "ptmcg.gm+pyparsing@gmail.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://github.com/pyparsing/pyparsing/",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
+ "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt",
+ "type": "log"
}
],
- "purl": "pkg:pypi/pyparsing@3.2.0",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:42:08Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "32-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
+ "bom-ref": "35-pyopenssl",
+ "name": "pyopenssl",
+ "version": "24.2.1",
"supplier": {
- "name": "Google",
+ "name": "The pyOpenSSL developers",
"contact": [
{
- "email": "googleapis-publisher@google.com"
+ "email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "description": "Python wrapper module around the OpenSSL library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ "alg": "SHA-256",
+ "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d"
}
],
"licenses": [
@@ -1593,407 +2250,481 @@
],
"externalReferences": [
{
- "url": "https://github.com/Google/google-reauth-python",
+ "url": "https://pyopenssl.org/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyca/pyopenssl",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1",
+ "purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-20T17:26:29Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2020-12-01T17:35:45.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "33-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
+ "bom-ref": "36-cryptography",
+ "name": "cryptography",
+ "version": "43.0.3",
"supplier": {
- "name": "Google Inc .",
+ "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
{
- "email": "pyu2f-team@google.com"
+ "email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ "alg": "SHA-256",
+ "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"
}
],
"licenses": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "expression": "Apache-2.0 OR BSD-3-Clause"
}
],
"externalReferences": [
{
- "url": "https://github.com/google/pyu2f/",
+ "url": "https://github.com/pyca/cryptography",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
+ "url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://cryptography.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cryptography.io/en/latest/changelog/",
+ "type": "log"
}
],
- "purl": "pkg:pypi/pyu2f@0.1.5",
+ "purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:57:36Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2020-10-30T20:03:07.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "34-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
+ "bom-ref": "37-cffi",
+ "name": "cffi",
+ "version": "1.17.1",
"supplier": {
- "name": "Google Inc .",
+ "name": "Armin Maciej Fijalkowski",
"contact": [
{
- "email": "jonwayne+oauth2client@google.com"
+ "email": "python-cffi@googlegroups.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
+ "description": "Foreign Function Interface for Python calling C code.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
+ "alg": "SHA-256",
+ "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://github.com/google/oauth2client/",
+ "url": "http://cffi.readthedocs.org",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
+ "url": "https://pypi.org/project/cffi/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "http://cffi.readthedocs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/python-cffi",
+ "type": "other"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3",
+ "purl": "pkg:pypi/cffi@1.17.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-04T20:43:30Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2018-09-07T21:38:16.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "35-pyopenssl",
- "name": "pyopenssl",
- "version": "24.2.1",
+ "bom-ref": "38-pycparser",
+ "name": "pycparser",
+ "version": "2.22",
"supplier": {
- "name": "The pyOpenSSL developers",
+ "name": "Eli Bendersky",
"contact": [
{
- "email": "cryptography-dev@python.org"
+ "email": "eliben@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
- "description": "Python wrapper module around the OpenSSL library",
+ "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
+ "description": "C parser in Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pyopenssl.org/",
+ "url": "https://github.com/eliben/pycparser",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
+ "url": "https://pypi.org/project/pycparser/2.22/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.2.1",
+ "purl": "pkg:pypi/pycparser@2.22",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-03-30T13:22:20Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "36-cryptography",
- "name": "cryptography",
- "version": "43.0.3",
+ "bom-ref": "39-retry-decorator",
+ "name": "retry-decorator",
+ "version": "1.1.1",
"supplier": {
- "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
+ "name": "Patrick Ng",
"contact": [
{
- "email": "cryptography-dev@python.org"
+ "email": "pn.appdev@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
- "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
+ "description": "Retry Decorator",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe"
+ }
+ ],
"licenses": [
{
- "expression": "Apache-2.0 OR BSD-3-Clause"
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://github.com/pyca/cryptography",
+ "url": "https://github.com/pnpnpn/retry-decorator",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/43.0.3/#files",
+ "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@43.0.3",
+ "purl": "pkg:pypi/retry-decorator@1.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-03-10T23:56:29Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "37-cffi",
- "name": "cffi",
- "version": "1.17.1",
+ "bom-ref": "40-google-auth",
+ "name": "google-auth",
+ "version": "2.17.0",
"supplier": {
- "name": "Armin Maciej Fijalkowski",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "python-cffi@googlegroups.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
- "description": "Foreign Function Interface for Python calling C code.",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://cffi.readthedocs.org",
+ "url": "https://github.com/googleapis/google-auth-library-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cffi/1.17.1/#files",
+ "url": "https://pypi.org/project/google-auth/2.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cffi@1.17.1",
+ "purl": "pkg:pypi/google-auth@2.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-03-28T19:51:30Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "38-pycparser",
- "name": "pycparser",
- "version": "2.22",
+ "bom-ref": "41-cachetools",
+ "name": "cachetools",
+ "version": "5.5.0",
"supplier": {
- "name": "Eli Bendersky",
+ "name": "Thomas Kemmer",
"contact": [
{
- "email": "eliben@gmail.com"
+ "email": "tkemmer@computer.org"
}
]
},
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
- "description": "C parser in Python",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
"hashes": [
{
- "alg": "SHA-1",
- "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+ "alg": "SHA-256",
+ "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
}
],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/eliben/pycparser",
+ "url": "https://github.com/tkem/cachetools/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pycparser/2.22/#files",
+ "url": "https://pypi.org/project/cachetools/5.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pycparser@2.22",
+ "purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-18T20:28:43Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2024-03-30T13:22:20.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "39-retry-decorator",
- "name": "retry-decorator",
- "version": "1.1.1",
+ "bom-ref": "42-google-auth-httplib2",
+ "name": "google-auth-httplib2",
+ "version": "0.2.0",
"supplier": {
- "name": "Patrick Ng",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "pn.appdev@gmail.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
- "description": "Retry Decorator",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ "alg": "SHA-256",
+ "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pnpnpn/retry-decorator",
+ "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/retry-decorator@1.1.1",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-12T17:40:13Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2020-03-10T23:56:29.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "40-google-apitools",
+ "bom-ref": "43-google-apitools",
"name": "google-apitools",
"version": "0.5.32",
"supplier": {
@@ -2008,8 +2739,8 @@
"description": "client libraries for humans",
"hashes": [
{
- "alg": "SHA-1",
- "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ "alg": "SHA-256",
+ "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
}
],
"licenses": [
@@ -2035,23 +2766,23 @@
],
"purl": "pkg:pypi/google-apitools@0.5.32",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-05-05T22:12:58Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T22:12:58.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "41-monotonic",
+ "bom-ref": "44-monotonic",
"name": "monotonic",
"version": "1.6",
"supplier": {
@@ -2066,8 +2797,8 @@
"description": "An implementation of time.monotonic() for Python 2 & < 3.3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ "alg": "SHA-256",
+ "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c"
}
],
"licenses": [
@@ -2093,30 +2824,30 @@
],
"purl": "pkg:pypi/monotonic@1.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-04-09T21:58:05Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2021-04-09T21:58:05.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "42-jinja2",
+ "bom-ref": "45-jinja2",
"name": "jinja2",
"version": "3.1.4",
"description": "A very fast and expressive template engine.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+ "alg": "SHA-256",
+ "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
}
],
"externalReferences": [
@@ -2124,34 +2855,54 @@
"url": "https://pypi.org/project/jinja2/3.1.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/pallets/jinja/",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jinja2@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-05T23:41:59Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-05T23:41:59.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "43-markupsafe",
+ "bom-ref": "46-markupsafe",
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ "alg": "SHA-256",
+ "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"
}
],
"externalReferences": [
@@ -2159,23 +2910,47 @@
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
}
],
"purl": "pkg:pypi/markupsafe@3.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:20:51Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "44-jsonschema",
+ "bom-ref": "47-jsonschema",
"name": "jsonschema",
"version": "4.23.0",
"supplier": {
@@ -2188,11 +2963,17 @@
},
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2207,23 +2988,51 @@
"url": "https://pypi.org/project/jsonschema/4.23.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://python-jsonschema.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema@4.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-08T18:40:00Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "45-jsonschema-specifications",
+ "bom-ref": "48-jsonschema-specifications",
"name": "jsonschema-specifications",
"version": "2024.10.1",
"supplier": {
@@ -2238,8 +3047,8 @@
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
- "alg": "SHA-1",
- "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549"
+ "alg": "SHA-256",
+ "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"
}
],
"externalReferences": [
@@ -2252,23 +3061,47 @@
"url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jsonschema-specifications.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema-specifications@2024.10.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-08T12:29:30Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "46-referencing",
+ "bom-ref": "49-referencing",
"name": "referencing",
"version": "0.35.1",
"supplier": {
@@ -2283,8 +3116,8 @@
"description": "JSON Referencing + Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ "alg": "SHA-256",
+ "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
}
],
"externalReferences": [
@@ -2297,29 +3130,53 @@
"url": "https://pypi.org/project/referencing/0.35.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/en/stable/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/referencing@0.35.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-01T20:26:02Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-01T20:26:02.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "47-rpds-py",
+ "bom-ref": "50-rpds-py",
"name": "rpds-py",
- "version": "0.21.0",
+ "version": "0.22.3",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2328,8 +3185,14 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2337,28 +3200,56 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.22.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rpds.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/orium/rpds",
+ "type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.21.0",
+ "purl": "pkg:pypi/rpds-py@0.22.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T15:31:31Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "48-lib4sbom",
+ "bom-ref": "51-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.5",
+ "version": "0.8.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2367,8 +3258,14 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2385,26 +3282,30 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.7.5/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.5",
+ "purl": "pkg:pypi/lib4sbom@0.8.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-09T20:13:26Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "49-pyyaml",
+ "bom-ref": "52-pyyaml",
"name": "pyyaml",
"version": "6.0.2",
"supplier": {
@@ -2417,11 +3318,17 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2433,26 +3340,50 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyyaml/6.0.2/#files",
+ "url": "https://pypi.org/project/PyYAML/",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://pyyaml.org/wiki/PyYAMLDocumentation",
+ "type": "documentation"
+ },
+ {
+ "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core",
+ "type": "mailing-list"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyyaml@6.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T20:31:40Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "50-semantic-version",
+ "bom-ref": "53-semantic-version",
"name": "semantic-version",
"version": "2.10.0",
"supplier": {
@@ -2467,8 +3398,8 @@
"description": "A library implementing the 'SemVer' scheme.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ "alg": "SHA-256",
+ "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177"
}
],
"licenses": [
@@ -2494,23 +3425,23 @@
],
"purl": "pkg:pypi/semantic-version@2.10.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-05-26T13:35:21Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2022-05-26T13:35:21.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "51-lib4vex",
+ "bom-ref": "54-lib4vex",
"name": "lib4vex",
"version": "0.2.0",
"supplier": {
@@ -2525,8 +3456,8 @@
"description": "VEX generator and consumer library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ "alg": "SHA-256",
+ "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
}
],
"licenses": [
@@ -2552,19 +3483,23 @@
],
"purl": "pkg:pypi/lib4vex@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-29T20:36:52Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "52-csaf-tool",
+ "bom-ref": "55-csaf-tool",
"name": "csaf-tool",
"version": "0.3.2",
"supplier": {
@@ -2579,15 +3514,15 @@
"description": "CSAF generator and analyser",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4"
+ "alg": "SHA-256",
+ "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2606,19 +3541,23 @@
],
"purl": "pkg:pypi/csaf-tool@0.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-12T20:10:06Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "53-packageurl-python",
+ "bom-ref": "56-packageurl-python",
"name": "packageurl-python",
"version": "0.16.0",
"supplier": {
@@ -2626,11 +3565,17 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2649,19 +3594,23 @@
],
"purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-22T05:51:23Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "54-rich",
+ "bom-ref": "57-rich",
"name": "rich",
"version": "13.9.4",
"supplier": {
@@ -2676,15 +3625,15 @@
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
- "alg": "SHA-1",
- "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ "alg": "SHA-256",
+ "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2699,23 +3648,31 @@
"url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rich.readthedocs.io/en/latest/",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/rich@13.9.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T16:43:55Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "55-markdown-it-py",
+ "bom-ref": "58-markdown-it-py",
"name": "markdown-it-py",
"version": "3.0.0",
"supplier": {
@@ -2730,8 +3687,8 @@
"description": "Python port of markdown-it. Markdown parsing, done right!",
"hashes": [
{
- "alg": "SHA-1",
- "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ "alg": "SHA-256",
+ "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"
}
],
"externalReferences": [
@@ -2744,27 +3701,31 @@
"url": "https://pypi.org/project/markdown-it-py/3.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://markdown-it-py.readthedocs.io",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/markdown-it-py@3.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-06-03T06:41:11Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2023-06-03T06:41:11.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "56-mdurl",
+ "bom-ref": "59-mdurl",
"name": "mdurl",
"version": "0.1.2",
"supplier": {
@@ -2779,8 +3740,8 @@
"description": "Markdown URL utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ "alg": "SHA-256",
+ "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"
}
],
"externalReferences": [
@@ -2797,23 +3758,23 @@
],
"purl": "pkg:pypi/mdurl@0.1.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-08-14T12:40:09Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
- },
- {
- "name": "package_release_date",
- "value": "2022-08-14T12:40:09.000Z"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "57-pygments",
+ "bom-ref": "60-pygments",
"name": "pygments",
"version": "2.18.0",
"supplier": {
@@ -2828,8 +3789,8 @@
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ "alg": "SHA-256",
+ "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
}
],
"licenses": [
@@ -2851,27 +3812,113 @@
"url": "https://pypi.org/project/pygments/2.18.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pygments.org/docs",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pygments/pygments",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/blob/master/CHANGES",
+ "type": "log"
}
],
"purl": "pkg:pypi/pygments@2.18.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-04T13:41:57Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "61-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.3",
+ "supplier": {
+ "name": "Vinay Sajip",
+ "contact": [
+ {
+ "email": "vinay_sajip@yahoo.co.uk"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://gnupg.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg/issues",
+ "type": "issue-tracker"
+ }
+ ],
+ "purl": "pkg:pypi/python-gnupg@0.5.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-20T16:43:47Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
},
{
- "name": "package_release_date",
- "value": "2024-05-04T13:41:57.000Z"
+ "name": "python_version",
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "58-packaging",
+ "bom-ref": "62-packaging",
"name": "packaging",
"version": "24.2",
"supplier": {
@@ -2884,28 +3931,46 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://packaging.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pypa/packaging",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/packaging@24.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-08T09:47:44Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "59-plotly",
+ "bom-ref": "63-plotly",
"name": "plotly",
"version": "5.24.1",
"supplier": {
@@ -2918,11 +3983,17 @@
},
"cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2937,23 +4008,39 @@
"url": "https://pypi.org/project/plotly/5.24.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://plotly.com/python/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
+ "type": "log"
}
],
"purl": "pkg:pypi/plotly@5.24.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T15:36:24Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "60-tenacity",
+ "bom-ref": "64-tenacity",
"name": "tenacity",
"version": "9.0.0",
"supplier": {
@@ -2968,8 +4055,8 @@
"description": "Retry code until it succeeds",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+ "alg": "SHA-256",
+ "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
}
],
"licenses": [
@@ -2996,66 +4083,22 @@
"purl": "pkg:pypi/tenacity@9.0.0",
"properties": [
{
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.12.7"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "61-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.3",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "website",
- "comment": "Home page for project"
+ "name": "release_date",
+ "value": "2024-07-29T12:12:25Z"
},
- {
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
- "properties": [
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "62-requests",
+ "bom-ref": "65-requests",
"name": "requests",
"version": "2.32.3",
"supplier": {
@@ -3070,8 +4113,8 @@
"description": "Python HTTP for Humans.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "0e322af87745eff34caffe4df68456ebc20d9068"
+ "alg": "SHA-256",
+ "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
}
],
"licenses": [
@@ -3093,153 +4136,223 @@
"url": "https://pypi.org/project/requests/2.32.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://requests.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/psf/requests",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/requests@2.32.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-29T15:37:47Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "63-certifi",
- "name": "certifi",
- "version": "2024.8.30",
+ "bom-ref": "66-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.4.0",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Ahmed TAHRI",
"contact": [
{
- "email": "me@kennethreitz.com"
+ "email": "tahri.ahmed@proton.me"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/certifi/python-certifi",
+ "url": "https://github.com/Ousret/charset_normalizer",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2024.8.30/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/Ousret/charset_normalizer/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://charset-normalizer.readthedocs.io/en/latest",
+ "type": "documentation"
}
],
- "purl": "pkg:pypi/certifi@2024.8.30",
+ "purl": "pkg:pypi/charset-normalizer@3.4.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-09T07:38:02Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "64-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.4.0",
+ "bom-ref": "67-urllib3",
+ "name": "urllib3",
+ "version": "2.2.3",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Andrey Petrov",
"contact": [
{
- "email": "tahri.ahmed@proton.me"
+ "email": "andrey.petrov@shazow.net"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
}
],
"externalReferences": [
{
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+ "url": "https://pypi.org/project/urllib3/2.2.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://urllib3.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
+ "purl": "pkg:pypi/urllib3@2.2.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T10:52:16Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "65-urllib3",
- "name": "urllib3",
- "version": "2.2.3",
+ "bom-ref": "68-certifi",
+ "name": "certifi",
+ "version": "2024.12.14",
"supplier": {
- "name": "Andrey Petrov",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "andrey.petrov@shazow.net"
+ "email": "me@kennethreitz.com"
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/certifi/2024.12.14/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/urllib3@2.2.3",
+ "purl": "pkg:pypi/certifi@2024.12.14",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-14T13:52:36Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "66-rpmfile",
+ "bom-ref": "69-rpmfile",
"name": "rpmfile",
"version": "2.1.0",
"supplier": {
@@ -3254,15 +4367,15 @@
"description": "Read rpm archive files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5"
+ "alg": "SHA-256",
+ "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3281,21 +4394,25 @@
],
"purl": "pkg:pypi/rpmfile@2.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-24T21:57:45Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "67-setuptools",
+ "bom-ref": "70-setuptools",
"name": "setuptools",
- "version": "75.3.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3304,30 +4421,52 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.3.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pypa/setuptools",
+ "type": "vcs"
+ },
+ {
+ "url": "https://setuptools.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://setuptools.pypa.io/en/stable/history.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/setuptools@75.3.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-20T18:16:10Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "68-xmlschema",
+ "bom-ref": "71-xmlschema",
"name": "xmlschema",
"version": "3.4.3",
"supplier": {
@@ -3340,11 +4479,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3363,19 +4508,23 @@
],
"purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T09:47:12Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "69-elementpath",
+ "bom-ref": "72-elementpath",
"name": "elementpath",
"version": "4.6.0",
"supplier": {
@@ -3388,11 +4537,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3412,52 +4567,22 @@
"purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
- "name": "language",
- "value": "Python"
+ "name": "release_date",
+ "value": "2024-10-27T21:52:58Z"
},
- {
- "name": "python_version",
- "value": "3.12.7"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "70-zipp",
- "name": "zipp",
- "version": "3.21.0",
- "supplier": {
- "name": "Jason R .",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/zipp/3.21.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/zipp@3.21.0",
- "properties": [
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "71-zstandard",
+ "bom-ref": "73-zstandard",
"name": "zstandard",
"version": "0.23.0",
"supplier": {
@@ -3470,6 +4595,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -3493,13 +4624,17 @@
],
"purl": "pkg:pypi/zstandard@0.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-15T00:13:27Z"
+ },
{
"name": "language",
"value": "Python"
},
{
"name": "python_version",
- "value": "3.12.7"
+ "value": "3.12.8"
}
]
}
@@ -3515,29 +4650,30 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "11-beautifulsoup4",
- "13-cvss",
- "14-defusedxml",
- "15-distro",
- "16-filetype",
- "17-gsutil",
- "42-jinja2",
- "44-jsonschema",
- "48-lib4sbom",
- "51-lib4vex",
- "53-packageurl-python",
- "58-packaging",
- "59-plotly",
+ "14-beautifulsoup4",
+ "16-cvss",
+ "17-defusedxml",
+ "18-distro",
+ "19-filetype",
+ "20-gsutil",
+ "7-importlib-metadata",
+ "45-jinja2",
+ "47-jsonschema",
+ "51-lib4sbom",
+ "54-lib4vex",
"61-python-gnupg",
- "49-pyyaml",
- "62-requests",
- "54-rich",
- "66-rpmfile",
- "67-setuptools",
- "65-urllib3",
- "68-xmlschema",
- "70-zipp",
- "71-zstandard"
+ "56-packageurl-python",
+ "62-packaging",
+ "63-plotly",
+ "52-pyyaml",
+ "65-requests",
+ "57-rich",
+ "69-rpmfile",
+ "70-setuptools",
+ "67-urllib3",
+ "71-xmlschema",
+ "73-zstandard",
+ "8-zipp"
]
},
{
@@ -3547,8 +4683,9 @@
"4-aiosignal",
"6-attrs",
"5-frozenlist",
- "7-multidict",
- "8-yarl"
+ "10-multidict",
+ "11-propcache",
+ "12-yarl"
]
},
{
@@ -3558,106 +4695,109 @@
]
},
{
- "ref": "8-yarl",
+ "ref": "6-attrs",
"dependsOn": [
- "9-idna",
- "7-multidict",
- "10-propcache"
+ "7-importlib-metadata"
]
},
{
- "ref": "11-beautifulsoup4",
+ "ref": "7-importlib-metadata",
"dependsOn": [
- "12-soupsieve"
+ "8-zipp",
+ "9-typing-extensions"
]
},
{
- "ref": "17-gsutil",
+ "ref": "10-multidict",
"dependsOn": [
- "18-argcomplete",
- "19-crcmod",
- "20-fasteners",
- "21-gcs-oauth2-boto-plugin",
- "40-google-apitools",
- "23-google-auth",
- "29-google-auth-httplib2",
- "32-google-reauth",
- "30-httplib2",
- "41-monotonic",
- "35-pyopenssl",
- "39-retry-decorator",
- "28-six"
+ "9-typing-extensions"
]
},
{
- "ref": "21-gcs-oauth2-boto-plugin",
+ "ref": "12-yarl",
"dependsOn": [
- "22-boto",
- "23-google-auth",
- "29-google-auth-httplib2",
- "32-google-reauth",
- "30-httplib2",
- "34-oauth2client",
- "35-pyopenssl",
- "39-retry-decorator",
- "27-rsa",
- "28-six"
+ "13-idna",
+ "10-multidict",
+ "11-propcache"
]
},
{
- "ref": "23-google-auth",
+ "ref": "14-beautifulsoup4",
"dependsOn": [
- "24-cachetools",
- "25-pyasn1-modules",
- "27-rsa",
- "28-six"
+ "15-soupsieve"
]
},
{
- "ref": "25-pyasn1-modules",
+ "ref": "20-gsutil",
"dependsOn": [
- "26-pyasn1"
+ "21-argcomplete",
+ "22-crcmod",
+ "23-fasteners",
+ "24-gcs-oauth2-boto-plugin",
+ "43-google-apitools",
+ "31-httplib2",
+ "28-google-reauth",
+ "44-monotonic",
+ "35-pyopenssl",
+ "39-retry-decorator",
+ "30-six",
+ "40-google-auth",
+ "42-google-auth-httplib2"
]
},
{
- "ref": "27-rsa",
+ "ref": "24-gcs-oauth2-boto-plugin",
"dependsOn": [
- "26-pyasn1"
+ "25-rsa",
+ "27-boto",
+ "28-google-reauth",
+ "31-httplib2",
+ "33-oauth2client",
+ "35-pyopenssl",
+ "39-retry-decorator",
+ "30-six",
+ "40-google-auth",
+ "42-google-auth-httplib2"
]
},
{
- "ref": "29-google-auth-httplib2",
+ "ref": "25-rsa",
"dependsOn": [
- "23-google-auth",
- "30-httplib2"
+ "26-pyasn1"
]
},
{
- "ref": "30-httplib2",
+ "ref": "28-google-reauth",
"dependsOn": [
- "31-pyparsing"
+ "29-pyu2f"
]
},
{
- "ref": "32-google-reauth",
+ "ref": "29-pyu2f",
"dependsOn": [
- "33-pyu2f"
+ "30-six"
]
},
{
- "ref": "33-pyu2f",
+ "ref": "31-httplib2",
"dependsOn": [
- "28-six"
+ "32-pyparsing"
]
},
{
- "ref": "34-oauth2client",
+ "ref": "33-oauth2client",
"dependsOn": [
- "30-httplib2",
+ "31-httplib2",
"26-pyasn1",
- "25-pyasn1-modules",
- "27-rsa",
- "28-six"
+ "34-pyasn1-modules",
+ "25-rsa",
+ "30-six"
+ ]
+ },
+ {
+ "ref": "34-pyasn1-modules",
+ "dependsOn": [
+ "26-pyasn1"
]
},
{
@@ -3679,98 +4819,121 @@
]
},
{
- "ref": "40-google-apitools",
+ "ref": "40-google-auth",
+ "dependsOn": [
+ "41-cachetools",
+ "34-pyasn1-modules",
+ "30-six",
+ "25-rsa"
+ ]
+ },
+ {
+ "ref": "42-google-auth-httplib2",
+ "dependsOn": [
+ "40-google-auth",
+ "31-httplib2"
+ ]
+ },
+ {
+ "ref": "43-google-apitools",
"dependsOn": [
- "20-fasteners",
- "30-httplib2",
- "34-oauth2client",
- "28-six"
+ "31-httplib2",
+ "23-fasteners",
+ "33-oauth2client",
+ "30-six"
]
},
{
- "ref": "42-jinja2",
+ "ref": "45-jinja2",
"dependsOn": [
- "43-markupsafe"
+ "46-markupsafe"
]
},
{
- "ref": "44-jsonschema",
+ "ref": "47-jsonschema",
"dependsOn": [
"6-attrs",
- "45-jsonschema-specifications",
- "46-referencing",
- "47-rpds-py"
+ "48-jsonschema-specifications",
+ "49-referencing",
+ "50-rpds-py"
]
},
{
- "ref": "45-jsonschema-specifications",
+ "ref": "48-jsonschema-specifications",
"dependsOn": [
- "46-referencing"
+ "49-referencing"
]
},
{
- "ref": "46-referencing",
+ "ref": "49-referencing",
"dependsOn": [
"6-attrs",
- "47-rpds-py"
+ "50-rpds-py"
+ ]
+ },
+ {
+ "ref": "51-lib4sbom",
+ "dependsOn": [
+ "52-pyyaml",
+ "53-semantic-version",
+ "17-defusedxml"
]
},
{
- "ref": "48-lib4sbom",
+ "ref": "54-lib4vex",
"dependsOn": [
- "14-defusedxml",
- "49-pyyaml",
- "50-semantic-version"
+ "51-lib4sbom",
+ "55-csaf-tool",
+ "56-packageurl-python"
]
},
{
- "ref": "51-lib4vex",
+ "ref": "55-csaf-tool",
"dependsOn": [
- "52-csaf-tool",
- "48-lib4sbom",
- "53-packageurl-python"
+ "56-packageurl-python",
+ "57-rich"
]
},
{
- "ref": "52-csaf-tool",
+ "ref": "57-rich",
"dependsOn": [
- "53-packageurl-python",
- "54-rich"
+ "58-markdown-it-py",
+ "60-pygments",
+ "9-typing-extensions"
]
},
{
- "ref": "54-rich",
+ "ref": "58-markdown-it-py",
"dependsOn": [
- "55-markdown-it-py",
- "57-pygments"
+ "59-mdurl"
]
},
{
- "ref": "55-markdown-it-py",
+ "ref": "63-plotly",
"dependsOn": [
- "56-mdurl"
+ "64-tenacity",
+ "62-packaging"
]
},
{
- "ref": "59-plotly",
+ "ref": "65-requests",
"dependsOn": [
- "58-packaging",
- "60-tenacity"
+ "66-charset-normalizer",
+ "13-idna",
+ "67-urllib3",
+ "68-certifi"
]
},
{
- "ref": "62-requests",
+ "ref": "71-xmlschema",
"dependsOn": [
- "63-certifi",
- "64-charset-normalizer",
- "9-idna",
- "65-urllib3"
+ "72-elementpath"
]
},
{
- "ref": "68-xmlschema",
+ "ref": "73-zstandard",
"dependsOn": [
- "69-elementpath"
+ "37-cffi"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 132341bedb..a5c39654ae 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-780d67c5-e334-4774-85fc-7ad1e1961493
-LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-11T00:37:00Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c6831ef6-a03c-48eb-a9a4-f1950eb624d9
+LicenseListVersion: 3.25
+Creator: Tool: sbom4python-0.12.1
+Created: 2024-12-16T00:38:46Z
CreatorComment: This document has been automatically generated.
#####
@@ -17,62 +17,84 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/intel/cve-bin-tool
+PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
+ReleaseDate: 2024-09-17T18:57:44Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.10
+PackageVersion: 3.11.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10
+ReleaseDate: 2024-12-05T23:51:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp
+ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
+ExternalRef: OTHER other https://docs.aiohttp.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
+PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues
+ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
SPDXID: SPDXRef-4-aiosignal
-PackageVersion: 1.3.1
+PackageVersion: 1.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files
+PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: aiosignal: a list of registered asynchronous callbacks
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
+ExternalRef: OTHER other https://docs.aiosignal.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2
#####
PackageName: frozenlist
@@ -83,11 +105,22 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+ReleaseDate: 2024-10-23T09:46:20Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist
+ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog
+ExternalRef: OTHER other https://frozenlist.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
@@ -98,333 +131,413 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
+PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
+ReleaseDate: 2024-08-06T14:37:36Z
+ExternalRef: OTHER documentation https://www.attrs.org/
+ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
+ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
+ExternalRef: OTHER other https://github.com/sponsors/hynek
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
#####
+PackageName: importlib-metadata
+SPDXID: SPDXRef-7-importlib-metadata
+PackageVersion: 8.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read metadata from Python packages
+ReleaseDate: 2024-06-25T18:38:02Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zipp
+SPDXID: SPDXRef-8-zipp
+PackageVersion: 3.21.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backport of pathlib-compatible object wrapper for zip files
+ReleaseDate: 2024-11-10T15:05:19Z
+ExternalRef: OTHER vcs https://github.com/jaraco/zipp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
+#####
+
+PackageName: typing-extensions
+SPDXID: SPDXRef-9-typing-extensions
+PackageVersion: 4.12.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/python/typing_extensions
+PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ReleaseDate: 2024-06-07T18:52:13Z
+ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues
+ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
+ExternalRef: OTHER other https://github.com/python/typing/discussions
+ExternalRef: OTHER vcs https://github.com/python/typing_extensions
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+#####
+
PackageName: multidict
-SPDXID: SPDXRef-7-multidict
+SPDXID: SPDXRef-10-multidict
PackageVersion: 6.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: multidict implementation
+ReleaseDate: 2024-09-09T23:47:18Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
+ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://multidict.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
#####
+PackageName: propcache
+SPDXID: SPDXRef-11-propcache
+PackageVersion: 0.2.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/aio-libs/propcache
+PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6
+PackageLicenseDeclared: Apache-2.0
+PackageLicenseConcluded: Apache-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Accelerated property cache
+ReleaseDate: 2024-12-01T18:27:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache
+ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
+ExternalRef: OTHER other https://propcache.readthedocs.io
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
+#####
+
PackageName: yarl
-SPDXID: SPDXRef-8-yarl
-PackageVersion: 1.17.1
+SPDXID: SPDXRef-12-yarl
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
+PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-01T20:32:32Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl
+ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://yarl.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-9-idna
+SPDXID: SPDXRef-13-idna
PackageVersion: 3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
+ReleaseDate: 2024-09-15T18:07:37Z
+ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
+ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
+ExternalRef: OTHER vcs https://github.com/kjd/idna
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
#####
-PackageName: propcache
-SPDXID: SPDXRef-10-propcache
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/propcache
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
-#####
-
PackageName: beautifulsoup4
-SPDXID: SPDXRef-11-beautifulsoup4
+SPDXID: SPDXRef-14-beautifulsoup4
PackageVersion: 4.12.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
+PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
+ReleaseDate: 2024-01-17T16:53:12Z
+ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
-SPDXID: SPDXRef-12-soupsieve
+SPDXID: SPDXRef-15-soupsieve
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
-PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
+PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ReleaseDate: 2024-08-13T13:39:10Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-13-cvss
+SPDXID: SPDXRef-16-cvss
PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
+PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
+ReleaseDate: 2024-11-01T10:05:52Z
+ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
+ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
+ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
+ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
-SPDXID: SPDXRef-14-defusedxml
+SPDXID: SPDXRef-17-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files
+PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml
FilesAnalyzed: false
PackageHomePage: https://github.com/tiran/defusedxml
-PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
+PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
+ReleaseDate: 2021-03-08T10:59:24Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
PackageName: distro
-SPDXID: SPDXRef-15-distro
+SPDXID: SPDXRef-18-distro
PackageVersion: 1.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-distro/distro
+PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
+ReleaseDate: 2023-12-24T09:54:30Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
PackageName: filetype
-SPDXID: SPDXRef-16-filetype
+SPDXID: SPDXRef-19-filetype
PackageVersion: 1.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
-PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files
+PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master
FilesAnalyzed: false
PackageHomePage: https://github.com/h2non/filetype.py
-PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
+PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
+ReleaseDate: 2022-11-02T17:34:01Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-17-gsutil
-PackageVersion: 5.31
+SPDXID: SPDXRef-20-gsutil
+PackageVersion: 5.33
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files
+PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
+PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-11T09:40:59Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-18-argcomplete
-PackageVersion: 3.5.1
+SPDXID: SPDXRef-21-argcomplete
+PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
+PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-06T18:24:27Z
+ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
+ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
+ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
+ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-19-crcmod
+SPDXID: SPDXRef-22-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files
+PackageDownloadLocation: http://sourceforge.net/projects/crcmod
FilesAnalyzed: false
PackageHomePage: http://crcmod.sourceforge.net/
+PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
+ReleaseDate: 2010-06-27T14:35:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-20-fasteners
+SPDXID: SPDXRef-23-fasteners
PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/harlowja/fasteners
-PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
+PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
+ReleaseDate: 2023-09-19T17:11:18Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-21-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-24-gcs-oauth2-boto-plugin
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files
+PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin
FilesAnalyzed: false
PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb
+PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+ReleaseDate: 2024-05-02T14:37:31Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
-PackageName: boto
-SPDXID: SPDXRef-22-boto
-PackageVersion: 2.49.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth
-SPDXID: SPDXRef-23-google-auth
-PackageVersion: 2.17.0
+PackageName: rsa
+SPDXID: SPDXRef-25-rsa
+PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243
+PackageHomePage: https://stuvel.eu/rsa
+PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
-#####
-
-PackageName: cachetools
-SPDXID: SPDXRef-24-cachetools
-PackageVersion: 5.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-25-pyasn1-modules
-PackageVersion: 0.4.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+PackageSummary: Pure-Python RSA implementation
+ReleaseDate: 2021-02-24T10:55:03Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
PackageName: pyasn1
@@ -435,154 +548,171 @@ PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ReleaseDate: 2024-09-10T22:41:42Z
+ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
+ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
#####
-PackageName: rsa
-SPDXID: SPDXRef-27-rsa
-PackageVersion: 4.7.2
+PackageName: boto
+SPDXID: SPDXRef-27-boto
+PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
+PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
+PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
+PackageHomePage: https://github.com/boto/boto/
+PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Amazon Web Services Library
+ReleaseDate: 2018-07-11T20:58:55Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-reauth
+SPDXID: SPDXRef-28-google-reauth
+PackageVersion: 0.1.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/Google/google-reauth-python
+PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+PackageSummary: Google Reauth Library
+ReleaseDate: 2020-12-01T17:35:45Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
+#####
+
+PackageName: pyu2f
+SPDXID: SPDXRef-29-pyu2f
+PackageVersion: 0.1.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/google/pyu2f/
+PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ReleaseDate: 2020-10-30T20:03:07Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-28-six
-PackageVersion: 1.16.0
+SPDXID: SPDXRef-30-six
+PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
-PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/benjaminp/six
-PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1
+PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth-httplib2
-SPDXID: SPDXRef-29-google-auth-httplib2
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library: httplib2 transport
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T17:35:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
PackageName: httplib2
-SPDXID: SPDXRef-30-httplib2
+SPDXID: SPDXRef-31-httplib2
PackageVersion: 0.20.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/httplib2/httplib2
-PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
+PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
+ReleaseDate: 2022-02-03T00:00:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
PackageName: pyparsing
-SPDXID: SPDXRef-31-pyparsing
+SPDXID: SPDXRef-32-pyparsing
PackageVersion: 3.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+ReleaseDate: 2024-10-13T10:01:13Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*
#####
-PackageName: google-reauth
-SPDXID: SPDXRef-32-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-33-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
PackageName: oauth2client
-SPDXID: SPDXRef-34-oauth2client
+SPDXID: SPDXRef-33-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/oauth2client/
-PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
+PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
+ReleaseDate: 2018-09-07T21:38:16Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-34-pyasn1-modules
+PackageVersion: 0.4.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ReleaseDate: 2024-09-10T22:42:08Z
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
+ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+#####
+
PackageName: pyopenssl
SPDXID: SPDXRef-35-pyopenssl
PackageVersion: 24.2.1
@@ -591,11 +721,14 @@ PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python
PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
+PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
+ReleaseDate: 2024-07-20T17:26:29Z
+ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
@@ -608,10 +741,16 @@ PackageSupplier: Organization: The cryptography developers The Python Cryptograp
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
+PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+ReleaseDate: 2024-10-18T15:57:36Z
+ExternalRef: OTHER documentation https://cryptography.io/
+ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
+ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
+ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
@@ -624,10 +763,18 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
+ReleaseDate: 2024-09-04T20:43:30Z
+ExternalRef: OTHER documentation http://cffi.readthedocs.org/
+ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
+ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
+ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
+ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
@@ -640,11 +787,12 @@ PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
+PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
+ReleaseDate: 2024-03-30T13:22:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
@@ -657,647 +805,835 @@ PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
+PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
+ReleaseDate: 2020-03-10T23:56:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
+PackageName: google-auth
+SPDXID: SPDXRef-40-google-auth
+PackageVersion: 2.17.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/googleapis/google-auth-library-python
+PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library
+ReleaseDate: 2023-03-28T19:51:30Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cachetools
+SPDXID: SPDXRef-41-cachetools
+PackageVersion: 5.5.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/tkem/cachetools/
+PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ReleaseDate: 2024-08-18T20:28:43Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-auth-httplib2
+SPDXID: SPDXRef-42-google-auth-httplib2
+PackageVersion: 0.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
+PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library: httplib2 transport
+ReleaseDate: 2023-12-12T17:40:13Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+#####
+
PackageName: google-apitools
-SPDXID: SPDXRef-40-google-apitools
+SPDXID: SPDXRef-43-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
+PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
+ReleaseDate: 2021-05-05T22:12:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-41-monotonic
+SPDXID: SPDXRef-44-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/atdt/monotonic
-PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
+PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+ReleaseDate: 2021-04-09T21:58:05Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
PackageName: jinja2
-SPDXID: SPDXRef-42-jinja2
+SPDXID: SPDXRef-45-jinja2
PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57
+PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
+ReleaseDate: 2024-05-05T23:41:59Z
+ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
+ExternalRef: OTHER chat https://discord.gg/pallets
+ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER vcs https://github.com/pallets/jinja/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
#####
PackageName: markupsafe
-SPDXID: SPDXRef-43-markupsafe
+SPDXID: SPDXRef-46-markupsafe
PackageVersion: 3.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
+PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
-PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: markupsafe declares Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
+ReleaseDate: 2024-10-18T15:20:51Z
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
+ExternalRef: OTHER chat https://discord.gg/pallets
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2
#####
PackageName: jsonschema
-SPDXID: SPDXRef-44-jsonschema
+SPDXID: SPDXRef-47-jsonschema
PackageVersion: 4.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema
+PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
+ReleaseDate: 2024-07-08T18:40:00Z
+ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
-SPDXID: SPDXRef-45-jsonschema-specifications
+SPDXID: SPDXRef-48-jsonschema-specifications
PackageVersion: 2024.10.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549
+PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
+ReleaseDate: 2024-10-08T12:29:30Z
+ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*
#####
PackageName: referencing
-SPDXID: SPDXRef-46-referencing
+SPDXID: SPDXRef-49-referencing
PackageVersion: 0.35.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
+PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
+ReleaseDate: 2024-05-01T20:26:02Z
+ExternalRef: OTHER documentation https://referencing.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
-SPDXID: SPDXRef-47-rpds-py
-PackageVersion: 0.21.0
+SPDXID: SPDXRef-50-rpds-py
+PackageVersion: 0.22.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T15:31:31Z
+ExternalRef: OTHER documentation https://rpds.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/crate-py/rpds
+ExternalRef: OTHER other https://github.com/orium/rpds
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
-SPDXID: SPDXRef-48-lib4sbom
-PackageVersion: 0.7.5
+SPDXID: SPDXRef-51-lib4sbom
+PackageVersion: 0.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
+PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-09T20:13:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
-SPDXID: SPDXRef-49-pyyaml
+SPDXID: SPDXRef-52-pyyaml
PackageVersion: 6.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/PyYAML/
FilesAnalyzed: false
PackageHomePage: https://pyyaml.org/
+PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
+ReleaseDate: 2024-08-06T20:31:40Z
+ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
+ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
+ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
+ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
+ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
PackageName: semantic-version
-SPDXID: SPDXRef-50-semantic-version
+SPDXID: SPDXRef-53-semantic-version
PackageVersion: 2.10.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
+PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
+ReleaseDate: 2022-05-26T13:35:21Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
PackageName: lib4vex
-SPDXID: SPDXRef-51-lib4vex
+SPDXID: SPDXRef-54-lib4vex
PackageVersion: 0.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
+PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
+ReleaseDate: 2024-08-29T20:36:52Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
#####
PackageName: csaf-tool
-SPDXID: SPDXRef-52-csaf-tool
+SPDXID: SPDXRef-55-csaf-tool
PackageVersion: 0.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4
+PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CSAF generator and analyser
+ReleaseDate: 2024-06-12T20:10:06Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
#####
PackageName: packageurl-python
-SPDXID: SPDXRef-53-packageurl-python
+SPDXID: SPDXRef-56-packageurl-python
PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
+ReleaseDate: 2024-10-22T05:51:23Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
-SPDXID: SPDXRef-54-rich
+SPDXID: SPDXRef-57-rich
PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
+PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ReleaseDate: 2024-11-01T16:43:55Z
+ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
-SPDXID: SPDXRef-55-markdown-it-py
+SPDXID: SPDXRef-58-markdown-it-py
PackageVersion: 3.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/markdown-it-py
-PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
+PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ReleaseDate: 2023-06-03T06:41:11Z
+ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
PackageName: mdurl
-SPDXID: SPDXRef-56-mdurl
+SPDXID: SPDXRef-59-mdurl
PackageVersion: 0.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/mdurl
-PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
+PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
+ReleaseDate: 2022-08-14T12:40:09Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
PackageName: pygments
-SPDXID: SPDXRef-57-pygments
+SPDXID: SPDXRef-60-pygments
PackageVersion: 2.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
+PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
+ReleaseDate: 2024-05-04T13:41:57Z
+ExternalRef: OTHER documentation https://pygments.org/docs
+ExternalRef: OTHER vcs https://github.com/pygments/pygments
+ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
+ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
+PackageName: python-gnupg
+SPDXID: SPDXRef-61-python-gnupg
+PackageVersion: 0.5.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/vsajip/python-gnupg
+PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ReleaseDate: 2024-09-20T16:43:47Z
+ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
+ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-58-packaging
+SPDXID: SPDXRef-62-packaging
PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
+ReleaseDate: 2024-11-08T09:47:44Z
+ExternalRef: OTHER documentation https://packaging.pypa.io/
+ExternalRef: OTHER vcs https://github.com/pypa/packaging
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-59-plotly
+SPDXID: SPDXRef-63-plotly
PackageVersion: 5.24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
+PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
+ReleaseDate: 2024-09-12T15:36:24Z
+ExternalRef: OTHER documentation https://plotly.com/python/
+ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
+ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-60-tenacity
+SPDXID: SPDXRef-64-tenacity
PackageVersion: 9.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/jd/tenacity
-PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb
+PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
+ReleaseDate: 2024-07-29T12:12:25Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
#####
-PackageName: python-gnupg
-SPDXID: SPDXRef-61-python-gnupg
-PackageVersion: 0.5.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
-#####
-
PackageName: requests
-SPDXID: SPDXRef-62-requests
+SPDXID: SPDXRef-65-requests
PackageVersion: 2.32.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068
+PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
+ReleaseDate: 2024-05-29T15:37:47Z
+ExternalRef: OTHER documentation https://requests.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/psf/requests
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
#####
-PackageName: certifi
-SPDXID: SPDXRef-63-certifi
-PackageVersion: 2024.8.30
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*
-#####
-
PackageName: charset-normalizer
-SPDXID: SPDXRef-64-charset-normalizer
+SPDXID: SPDXRef-66-charset-normalizer
PackageVersion: 3.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Ousret/charset_normalizer
+PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ReleaseDate: 2024-10-09T07:38:02Z
+ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-65-urllib3
+SPDXID: SPDXRef-67-urllib3
PackageVersion: 2.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ReleaseDate: 2024-09-12T10:52:16Z
+ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
+ExternalRef: OTHER documentation https://urllib3.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
+ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
#####
+PackageName: certifi
+SPDXID: SPDXRef-68-certifi
+PackageVersion: 2024.12.14
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/certifi/python-certifi
+PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56
+PackageLicenseDeclared: MPL-2.0
+PackageLicenseConcluded: MPL-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python package for providing Mozilla's CA Bundle.
+ReleaseDate: 2024-12-14T13:52:36Z
+ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
+#####
+
PackageName: rpmfile
-SPDXID: SPDXRef-66-rpmfile
+SPDXID: SPDXRef-69-rpmfile
PackageVersion: 2.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/srossross/rpmfile
-PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5
+PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
+ReleaseDate: 2024-07-24T21:57:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
PackageName: setuptools
-SPDXID: SPDXRef-67-setuptools
-PackageVersion: 75.3.0
+SPDXID: SPDXRef-70-setuptools
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-20T18:16:10Z
+ExternalRef: OTHER vcs https://github.com/pypa/setuptools
+ExternalRef: OTHER documentation https://setuptools.pypa.io/
+ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
-SPDXID: SPDXRef-68-xmlschema
+SPDXID: SPDXRef-71-xmlschema
PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
+PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
+ReleaseDate: 2024-10-31T09:47:12Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-69-elementpath
+SPDXID: SPDXRef-72-elementpath
PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ReleaseDate: 2024-10-27T21:52:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
-PackageName: zipp
-SPDXID: SPDXRef-70-zipp
-PackageVersion: 3.21.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
-#####
-
PackageName: zstandard
-SPDXID: SPDXRef-71-zstandard
+SPDXID: SPDXRef-73-zstandard
PackageVersion: 0.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
+ReleaseDate: 2024-07-15T00:13:27Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-11-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-filetype
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-beautifulsoup4
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-cvss
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-defusedxml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-distro
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-filetype
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-42-jinja2
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jsonschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-lib4sbom
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-pyyaml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4vex
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jinja2
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jsonschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4sbom
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-pyyaml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4vex
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-rich
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-python-gnupg
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-requests
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-urllib3
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-rpmfile
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-setuptools
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-xmlschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-zipp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-zstandard
-Relationship: SPDXRef-11-beautifulsoup4 DEPENDS_ON SPDXRef-12-soupsieve
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-18-argcomplete
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-19-crcmod
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-20-fasteners
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-21-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-29-google-auth-httplib2
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-32-google-reauth
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-35-pyopenssl
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-39-retry-decorator
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-40-google-apitools
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-41-monotonic
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-requests
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-rpmfile
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-setuptools
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zstandard
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-11-propcache
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-13-idna
+Relationship: SPDXRef-14-beautifulsoup4 DEPENDS_ON SPDXRef-15-soupsieve
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-propcache
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-yarl
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-yarl
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-auth-httplib2
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-google-reauth
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-24-cachetools
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-25-pyasn1-modules
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-25-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-27-rsa DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-30-httplib2 DEPENDS_ON SPDXRef-31-pyparsing
-Relationship: SPDXRef-32-google-reauth DEPENDS_ON SPDXRef-33-pyu2f
-Relationship: SPDXRef-33-pyu2f DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-25-pyasn1-modules
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-30-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-21-argcomplete
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-22-crcmod
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-23-fasteners
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-24-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-28-google-reauth
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-35-pyopenssl
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-39-retry-decorator
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-42-google-auth-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-43-google-apitools
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-44-monotonic
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-boto
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-google-reauth
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-oauth2client
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-42-google-auth-httplib2
+Relationship: SPDXRef-25-rsa DEPENDS_ON SPDXRef-26-pyasn1
+Relationship: SPDXRef-28-google-reauth DEPENDS_ON SPDXRef-29-pyu2f
+Relationship: SPDXRef-29-pyu2f DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-31-httplib2 DEPENDS_ON SPDXRef-32-pyparsing
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-26-pyasn1
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-34-pyasn1-modules
+Relationship: SPDXRef-34-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1
Relationship: SPDXRef-35-pyopenssl DEPENDS_ON SPDXRef-36-cryptography
Relationship: SPDXRef-36-cryptography DEPENDS_ON SPDXRef-37-cffi
Relationship: SPDXRef-37-cffi DEPENDS_ON SPDXRef-38-pycparser
Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-20-fasteners
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-34-oauth2client
-Relationship: SPDXRef-42-jinja2 DEPENDS_ON SPDXRef-43-markupsafe
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-45-jsonschema-specifications
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-46-referencing
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-47-rpds-py
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-45-jsonschema-specifications DEPENDS_ON SPDXRef-46-referencing
-Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-47-rpds-py
-Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-14-defusedxml
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-49-pyyaml
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-50-semantic-version
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-48-lib4sbom
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-52-csaf-tool
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-54-rich
-Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-55-markdown-it-py
-Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments
-Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl
-Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging
-Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-9-idna
-Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath
-Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-10-propcache
-Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-7-multidict
-Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-9-idna
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-34-pyasn1-modules
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-41-cachetools
+Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-23-fasteners
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-33-oauth2client
+Relationship: SPDXRef-45-jinja2 DEPENDS_ON SPDXRef-46-markupsafe
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-48-jsonschema-specifications
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-49-referencing
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-50-rpds-py
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-48-jsonschema-specifications DEPENDS_ON SPDXRef-49-referencing
+Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-50-rpds-py
+Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-17-defusedxml
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-52-pyyaml
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-53-semantic-version
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-51-lib4sbom
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-55-csaf-tool
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl
+Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata
+Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging
+Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-13-idna
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-66-charset-normalizer
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-67-urllib3
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-68-certifi
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-71-xmlschema DEPENDS_ON SPDXRef-72-elementpath
+Relationship: SPDXRef-73-zstandard DEPENDS_ON SPDXRef-37-cffi
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool
diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 8e6c4b88f2..e6a506694b 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:09185e60-2171-4493-a4fd-eaadb9d689b9",
+ "serialNumber": "urn:uuid:f9224672-5e3f-460a-8fd4-51f97229adfe",
"version": 1,
"metadata": {
- "timestamp": "2024-11-11T00:37:58Z",
+ "timestamp": "2024-12-16T00:39:25Z",
"lifecycles": [
{
"phase": "build"
@@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
- "version": "0.11.3",
+ "version": "0.12.1",
"type": "application"
}
]
@@ -42,6 +42,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -65,6 +71,10 @@
],
"purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-17T18:57:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -79,8 +89,14 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.10",
+ "version": "3.10.11",
"description": "Async http client/server framework (asyncio)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e"
+ }
+ ],
"licenses": [
{
"license": {
@@ -97,13 +113,49 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.10.10/#files",
+ "url": "https://pypi.org/project/aiohttp/3.10.11/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiohttp",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiohttp.org/en/stable/changes.html",
+ "type": "log"
+ },
+ {
+ "url": "https://docs.aiohttp.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.10",
+ "purl": "pkg:pypi/aiohttp@3.10.11",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-13T16:36:38Z"
+ },
{
"name": "language",
"value": "Python"
@@ -118,7 +170,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,12 +179,12 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ "alg": "SHA-256",
+ "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8"
}
],
"licenses": [
@@ -151,13 +203,33 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://aiohappyeyeballs.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
@@ -176,8 +248,8 @@
"description": "aiosignal: a list of registered asynchronous callbacks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
+ "alg": "SHA-256",
+ "content": "f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17"
}
],
"licenses": [
@@ -199,10 +271,38 @@
"url": "https://pypi.org/project/aiosignal/1.3.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiosignal",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiosignal.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/aiosignal@1.3.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-08T16:03:57Z"
+ },
{
"name": "language",
"value": "Python"
@@ -210,10 +310,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-08T16:03:57.000Z"
}
]
},
@@ -223,6 +319,12 @@
"name": "frozenlist",
"version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -242,10 +344,50 @@
"url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/frozenlist",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog",
+ "type": "log"
+ },
+ {
+ "url": "https://frozenlist.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-23T09:46:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -258,48 +400,58 @@
},
{
"type": "library",
- "bom-ref": "6-async-timeout",
- "name": "async-timeout",
- "version": "4.0.3",
+ "bom-ref": "6-attrs",
+ "name": "attrs",
+ "version": "24.2.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Hynek Schlawack",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "hs@ox.cx"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*",
- "description": "Timeout context manager for asyncio programs",
+ "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
+ "description": "Classes Without Boilerplate",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a48974404c746593f78c116faceb56a0db50309e"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/async-timeout",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/async-timeout/4.0.3/#files",
+ "url": "https://pypi.org/project/attrs/24.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.attrs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://www.attrs.org/en/stable/changelog.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-attrs/attrs",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/sponsors/hynek",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi",
+ "type": "other"
}
],
- "purl": "pkg:pypi/async-timeout@4.0.3",
+ "purl": "pkg:pypi/attrs@24.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T14:37:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -307,43 +459,47 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-08-10T16:35:55.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "7-attrs",
- "name": "attrs",
- "version": "24.2.0",
+ "bom-ref": "7-importlib-metadata",
+ "name": "importlib-metadata",
+ "version": "8.5.0",
"supplier": {
- "name": "Hynek Schlawack",
+ "name": "Jason R .",
"contact": [
{
- "email": "hs@ox.cx"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
- "description": "Classes Without Boilerplate",
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
+ "description": "Read metadata from Python packages",
"hashes": [
{
- "alg": "SHA-1",
- "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ "alg": "SHA-256",
+ "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/attrs/24.2.0/#files",
+ "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_metadata",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/attrs@24.2.0",
+ "purl": "pkg:pypi/importlib-metadata@8.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-11T14:56:07Z"
+ },
{
"name": "language",
"value": "Python"
@@ -356,42 +512,42 @@
},
{
"type": "library",
- "bom-ref": "8-multidict",
- "name": "multidict",
- "version": "6.1.0",
+ "bom-ref": "8-zipp",
+ "name": "zipp",
+ "version": "3.20.2",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
- "licenses": [
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "description": "Backport of pathlib-compatible object wrapper for zip files",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
+ "url": "https://pypi.org/project/zipp/3.20.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/jaraco/zipp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/multidict@6.1.0",
+ "purl": "pkg:pypi/zipp@3.20.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-13T13:44:14Z"
+ },
{
"name": "language",
"value": "Python"
@@ -419,19 +575,48 @@
"description": "Backported and Experimental Type Hints for Python 3.8+",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ "alg": "SHA-256",
+ "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
}
],
"externalReferences": [
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "website",
+ "comment": "Home page for project"
+ },
{
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://typing-extensions.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python/typing/discussions",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/typing-extensions@4.12.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-07T18:52:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -444,9 +629,9 @@
},
{
"type": "library",
- "bom-ref": "10-yarl",
- "name": "yarl",
- "version": "1.15.2",
+ "bom-ref": "10-multidict",
+ "name": "multidict",
+ "version": "6.1.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -455,12 +640,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
"hashes": [
{
- "alg": "SHA-1",
- "content": "33294bf084d2dde1ac1e8133b0125e1f142a8274"
+ "alg": "SHA-256",
+ "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
}
],
"licenses": [
@@ -474,52 +659,58 @@
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/yarl",
+ "url": "https://github.com/aio-libs/multidict",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.15.2/#files",
+ "url": "https://pypi.org/project/multidict/6.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/yarl@1.15.2",
- "properties": [
+ },
{
- "name": "language",
- "value": "Python"
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
},
{
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "11-idna",
- "name": "idna",
- "version": "3.10",
- "supplier": {
- "name": "Kim Davies",
- "contact": [
- {
- "email": "kim+pypi@gumleaf.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
- "externalReferences": [
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
{
- "url": "https://pypi.org/project/idna/3.10/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://github.com/aio-libs/multidict/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/multidict",
+ "type": "other"
+ },
+ {
+ "url": "https://multidict.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://multidict.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/multidict@6.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T23:47:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -532,9 +723,9 @@
},
{
"type": "library",
- "bom-ref": "12-propcache",
- "name": "propcache",
- "version": "0.2.0",
+ "bom-ref": "11-yarl",
+ "name": "yarl",
+ "version": "1.15.2",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -543,8 +734,164 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
- "description": "Accelerated property cache",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
+ "description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/yarl/1.15.2/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/yarl",
+ "type": "other"
+ },
+ {
+ "url": "https://yarl.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://yarl.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/yarl@1.15.2",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-13T18:44:32Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "12-idna",
+ "name": "idna",
+ "version": "3.10",
+ "supplier": {
+ "name": "Kim Davies",
+ "contact": [
+ {
+ "email": "kim+pypi@gumleaf.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
+ "description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/idna/3.10/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/kjd/idna/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kjd/idna",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/idna@3.10",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-15T18:07:37Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "13-propcache",
+ "name": "propcache",
+ "version": "0.2.0",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
+ "description": "Accelerated property cache",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58"
+ }
+ ],
"licenses": [
{
"license": {
@@ -564,10 +911,128 @@
"url": "https://pypi.org/project/propcache/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/propcache",
+ "type": "other"
+ },
+ {
+ "url": "https://propcache.readthedocs.io/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://propcache.readthedocs.io",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/propcache@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-07T12:54:02Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "14-async-timeout",
+ "name": "async-timeout",
+ "version": "5.0.1",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*",
+ "description": "Timeout context manager for asyncio programs",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/async-timeout",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/async-timeout/5.0.1/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/async-timeout",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/async-timeout@5.0.1",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-06T16:41:37Z"
+ },
{
"name": "language",
"value": "Python"
@@ -580,7 +1045,7 @@
},
{
"type": "library",
- "bom-ref": "13-beautifulsoup4",
+ "bom-ref": "15-beautifulsoup4",
"name": "beautifulsoup4",
"version": "4.12.3",
"supplier": {
@@ -593,11 +1058,17 @@
},
"cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
"description": "Screen-scraping library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -612,10 +1083,18 @@
"url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/",
+ "type": "other"
}
],
"purl": "pkg:pypi/beautifulsoup4@4.12.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-01-17T16:53:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -623,16 +1102,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-01-17T16:53:12.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "14-soupsieve",
+ "bom-ref": "16-soupsieve",
"name": "soupsieve",
"version": "2.6",
"supplier": {
@@ -647,8 +1122,8 @@
"description": "A modern CSS selector implementation for Beautiful Soup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ "alg": "SHA-256",
+ "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"
}
],
"externalReferences": [
@@ -665,6 +1140,10 @@
],
"purl": "pkg:pypi/soupsieve@2.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-13T13:39:10Z"
+ },
{
"name": "language",
"value": "Python"
@@ -677,7 +1156,7 @@
},
{
"type": "library",
- "bom-ref": "15-cvss",
+ "bom-ref": "17-cvss",
"name": "cvss",
"version": "3.3",
"supplier": {
@@ -690,6 +1169,12 @@
},
"cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
+ }
+ ],
"licenses": [
{
"license": {
@@ -709,10 +1194,30 @@
"url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/actions",
+ "type": "build-system"
}
],
"purl": "pkg:pypi/cvss@3.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T10:05:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -725,7 +1230,7 @@
},
{
"type": "library",
- "bom-ref": "16-defusedxml",
+ "bom-ref": "18-defusedxml",
"name": "defusedxml",
"version": "0.7.1",
"supplier": {
@@ -740,8 +1245,8 @@
"description": "XML bomb protection for Python stdlib modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ "alg": "SHA-256",
+ "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
}
],
"licenses": [
@@ -760,13 +1265,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/defusedxml/0.7.1/#files",
+ "url": "https://pypi.python.org/pypi/defusedxml",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/defusedxml@0.7.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-03-08T10:59:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -774,16 +1283,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-03-08T10:59:24.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "17-distro",
+ "bom-ref": "19-distro",
"name": "distro",
"version": "1.9.0",
"supplier": {
@@ -796,6 +1301,12 @@
},
"cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
"description": "Distro - an OS platform information API",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
+ }
+ ],
"licenses": [
{
"license": {
@@ -819,6 +1330,10 @@
],
"purl": "pkg:pypi/distro@1.9.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-24T09:54:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -826,16 +1341,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-24T09:54:30.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "18-filetype",
+ "bom-ref": "20-filetype",
"name": "filetype",
"version": "1.2.0",
"supplier": {
@@ -850,15 +1361,15 @@
"description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ "alg": "SHA-256",
+ "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -870,13 +1381,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/filetype/1.2.0/#files",
+ "url": "https://github.com/h2non/filetype.py/tarball/master",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/filetype@1.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-02T17:34:01Z"
+ },
{
"name": "language",
"value": "Python"
@@ -884,18 +1399,14 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-02T17:34:01.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "19-gsutil",
+ "bom-ref": "21-gsutil",
"name": "gsutil",
- "version": "5.31",
+ "version": "5.33",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -904,8 +1415,14 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856"
+ }
+ ],
"licenses": [
{
"license": {
@@ -922,13 +1439,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.31/#files",
+ "url": "https://cloud.google.com/storage/docs/gsutil_install",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.31",
+ "purl": "pkg:pypi/gsutil@5.33",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-11T09:40:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -941,9 +1462,9 @@
},
{
"type": "library",
- "bom-ref": "20-argcomplete",
+ "bom-ref": "22-argcomplete",
"name": "argcomplete",
- "version": "3.5.1",
+ "version": "3.5.2",
"supplier": {
"name": "Andrey Kislyuk",
"contact": [
@@ -952,11 +1473,17 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
"description": "Bash tab completion for argparse",
- "licenses": [
+ "hashes": [
{
- "license": {
+ "alg": "SHA-256",
+ "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
"id": "Apache-2.0",
"url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
@@ -970,13 +1497,33 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.5.1/#files",
+ "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://kislyuk.github.io/argcomplete",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst",
+ "type": "log"
}
],
- "purl": "pkg:pypi/argcomplete@3.5.1",
+ "purl": "pkg:pypi/argcomplete@3.5.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-06T18:24:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -989,7 +1536,7 @@
},
{
"type": "library",
- "bom-ref": "21-crcmod",
+ "bom-ref": "23-crcmod",
"name": "crcmod",
"version": "1.7",
"supplier": {
@@ -1002,11 +1549,17 @@
},
"cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
"description": "CRC Generator",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1018,13 +1571,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/crcmod/1.7/#files",
+ "url": "http://sourceforge.net/projects/crcmod",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/crcmod@1.7",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2010-06-27T14:35:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1037,7 +1594,7 @@
},
{
"type": "library",
- "bom-ref": "22-fasteners",
+ "bom-ref": "24-fasteners",
"name": "fasteners",
"version": "0.19",
"supplier": {
@@ -1047,8 +1604,8 @@
"description": "A python package that provides useful locks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ "alg": "SHA-256",
+ "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237"
}
],
"licenses": [
@@ -1074,6 +1631,10 @@
],
"purl": "pkg:pypi/fasteners@0.19",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-09-19T17:11:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1086,7 +1647,7 @@
},
{
"type": "library",
- "bom-ref": "23-gcs-oauth2-boto-plugin",
+ "bom-ref": "25-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
"version": "3.2",
"supplier": {
@@ -1101,8 +1662,8 @@
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+ "alg": "SHA-256",
+ "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843"
}
],
"licenses": [
@@ -1121,13 +1682,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files",
+ "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-02T14:37:31Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1135,57 +1700,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-02T14:37:31.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "24-boto",
- "name": "boto",
- "version": "2.49.0",
+ "bom-ref": "26-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
"supplier": {
- "name": "Mitch Garnaat",
+ "name": "Sybren A . Stuvel",
"contact": [
{
- "email": "mitch@garnaat.com"
+ "email": "sybren@stuvel.eu"
}
]
},
- "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
- "description": "Amazon Web Services Library",
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
"hashes": [
{
- "alg": "SHA-1",
- "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ "alg": "SHA-256",
+ "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/boto/boto/",
+ "url": "https://stuvel.eu/rsa",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/boto/2.49.0/#files",
+ "url": "https://pypi.org/project/rsa/4.7.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/boto@2.49.0",
+ "purl": "pkg:pypi/rsa@4.7.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-02-24T10:55:03Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1193,105 +1758,73 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2018-07-11T20:58:55.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "25-google-auth",
- "name": "google-auth",
- "version": "2.17.0",
+ "bom-ref": "27-pyasn1",
+ "name": "pyasn1",
+ "version": "0.6.1",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243"
+ "alg": "SHA-256",
+ "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/googleapis/google-auth-library-python",
+ "url": "https://github.com/pyasn1/pyasn1",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth/2.17.0/#files",
+ "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-auth@2.17.0",
- "properties": [
- {
- "name": "language",
- "value": "Python"
},
{
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "26-cachetools",
- "name": "cachetools",
- "version": "5.5.0",
- "supplier": {
- "name": "Thomas Kemmer",
- "contact": [
- {
- "email": "tkemmer@computer.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
- "licenses": [
+ "url": "https://pyasn1.readthedocs.io",
+ "type": "documentation"
+ },
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "vcs"
+ },
{
- "url": "https://github.com/tkem/cachetools/",
- "type": "website",
- "comment": "Home page for project"
+ "url": "https://github.com/pyasn1/pyasn1/issues",
+ "type": "issue-tracker"
},
{
- "url": "https://pypi.org/project/cachetools/5.5.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/cachetools@5.5.0",
+ "purl": "pkg:pypi/pyasn1@0.6.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:41:42Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1304,42 +1837,52 @@
},
{
"type": "library",
- "bom-ref": "27-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.1",
+ "bom-ref": "28-boto",
+ "name": "boto",
+ "version": "2.49.0",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Mitch Garnaat",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "mitch@garnaat.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
+ "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
+ "description": "Amazon Web Services Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1-modules",
+ "url": "https://github.com/boto/boto/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
+ "url": "https://pypi.org/project/boto/2.49.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.4.1",
+ "purl": "pkg:pypi/boto@2.49.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-07-11T20:58:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1352,42 +1895,52 @@
},
{
"type": "library",
- "bom-ref": "28-pyasn1",
- "name": "pyasn1",
- "version": "0.6.1",
+ "bom-ref": "29-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "googleapis-publisher@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1",
+ "url": "https://github.com/Google/google-reauth-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
+ "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.6.1",
+ "purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-12-01T17:35:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1400,23 +1953,23 @@
},
{
"type": "library",
- "bom-ref": "29-rsa",
- "name": "rsa",
- "version": "4.7.2",
+ "bom-ref": "30-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
"supplier": {
- "name": "Sybren A . Stuvel",
+ "name": "Google Inc .",
"contact": [
{
- "email": "sybren@stuvel.eu"
+ "email": "pyu2f-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ "alg": "SHA-256",
+ "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b"
}
],
"licenses": [
@@ -1430,18 +1983,22 @@
],
"externalReferences": [
{
- "url": "https://stuvel.eu/rsa",
+ "url": "https://github.com/google/pyu2f/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rsa/4.7.2/#files",
+ "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2",
+ "purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-10-30T20:03:07Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1449,18 +2006,14 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-02-24T10:55:03.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "30-six",
+ "bom-ref": "31-six",
"name": "six",
- "version": "1.16.0",
+ "version": "1.17.0",
"supplier": {
"name": "Benjamin Peterson",
"contact": [
@@ -1469,19 +2022,19 @@
}
]
},
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
"description": "Python 2 and 3 compatibility utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "65486e4383f9f411da95937451205d3c7b61b9e1"
+ "alg": "SHA-256",
+ "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1493,71 +2046,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/six/1.16.0/#files",
+ "url": "https://pypi.org/project/six/1.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/six@1.17.0",
"properties": [
{
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T14:18:17.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "31-google-auth-httplib2",
- "name": "google-auth-httplib2",
- "version": "0.2.0",
- "supplier": {
- "name": "Google Cloud Platform",
- "contact": [
- {
- "email": "googleapis-packages@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library: httplib2 transport",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "932ac88800dd6de004c1bd59867831ccf033f031"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
- "type": "website",
- "comment": "Home page for project"
+ "name": "release_date",
+ "value": "2024-12-04T17:35:26Z"
},
- {
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
- "properties": [
{
"name": "language",
"value": "Python"
@@ -1565,10 +2064,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-12T17:40:13.000Z"
}
]
},
@@ -1589,15 +2084,15 @@
"description": "A comprehensive HTTP client library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ "alg": "SHA-256",
+ "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1616,6 +2111,10 @@
],
"purl": "pkg:pypi/httplib2@0.20.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-02-03T00:00:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1641,6 +2140,12 @@
},
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/pyparsing/pyparsing/",
@@ -1655,6 +2160,10 @@
],
"purl": "pkg:pypi/pyparsing@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-25T15:00:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1667,23 +2176,23 @@
},
{
"type": "library",
- "bom-ref": "34-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
+ "bom-ref": "34-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
"supplier": {
- "name": "Google",
+ "name": "Google Inc .",
"contact": [
{
- "email": "googleapis-publisher@google.com"
+ "email": "jonwayne+oauth2client@google.com"
}
]
},
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ "alg": "SHA-256",
+ "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac"
}
],
"licenses": [
@@ -1697,18 +2206,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/Google/google-reauth-python",
+ "url": "http://github.com/google/oauth2client/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
+ "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1",
+ "purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-09-07T21:38:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1716,115 +2229,69 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2020-12-01T17:35:45.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "35-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
+ "bom-ref": "35-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.4.1",
"supplier": {
- "name": "Google Inc .",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "pyu2f-team@google.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ "alg": "SHA-256",
+ "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/google/pyu2f/",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
+ "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyu2f@0.1.5",
- "properties": [
- {
- "name": "language",
- "value": "Python"
},
{
- "name": "python_version",
- "value": "3.8.18"
+ "url": "https://github.com/pyasn1/pyasn1-modules",
+ "type": "vcs"
},
{
- "name": "package_release_date",
- "value": "2020-10-30T20:03:07.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "36-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
- "supplier": {
- "name": "Google Inc .",
- "contact": [
- {
- "email": "jonwayne+oauth2client@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://github.com/google/oauth2client/",
- "type": "website",
- "comment": "Home page for project"
+ "url": "https://github.com/pyasn1/pyasn1-modules/issues",
+ "type": "issue-tracker"
},
{
- "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt",
+ "type": "log"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:42:08Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1832,16 +2299,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2018-09-07T21:38:16.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "37-pyopenssl",
+ "bom-ref": "36-pyopenssl",
"name": "pyopenssl",
"version": "24.2.1",
"supplier": {
@@ -1854,6 +2317,12 @@
},
"cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1873,10 +2342,18 @@
"url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyca/pyopenssl",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-20T17:26:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1889,7 +2366,7 @@
},
{
"type": "library",
- "bom-ref": "38-cryptography",
+ "bom-ref": "37-cryptography",
"name": "cryptography",
"version": "43.0.3",
"supplier": {
@@ -1902,6 +2379,12 @@
},
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"
+ }
+ ],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
@@ -1917,10 +2400,30 @@
"url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://cryptography.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cryptography.io/en/latest/changelog/",
+ "type": "log"
}
],
"purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:57:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1933,7 +2436,7 @@
},
{
"type": "library",
- "bom-ref": "39-cffi",
+ "bom-ref": "38-cffi",
"name": "cffi",
"version": "1.17.1",
"supplier": {
@@ -1946,11 +2449,17 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1965,10 +2474,38 @@
"url": "https://pypi.org/project/cffi/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "http://cffi.readthedocs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/python-cffi",
+ "type": "other"
}
],
"purl": "pkg:pypi/cffi@1.17.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-04T20:43:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1981,7 +2518,7 @@
},
{
"type": "library",
- "bom-ref": "40-pycparser",
+ "bom-ref": "39-pycparser",
"name": "pycparser",
"version": "2.22",
"supplier": {
@@ -1996,8 +2533,8 @@
"description": "C parser in Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+ "alg": "SHA-256",
+ "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
}
],
"licenses": [
@@ -2023,6 +2560,10 @@
],
"purl": "pkg:pypi/pycparser@2.22",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-03-30T13:22:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2030,16 +2571,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-03-30T13:22:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "41-retry-decorator",
+ "bom-ref": "40-retry-decorator",
"name": "retry-decorator",
"version": "1.1.1",
"supplier": {
@@ -2054,15 +2591,15 @@
"description": "Retry Decorator",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ "alg": "SHA-256",
+ "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2081,6 +2618,10 @@
],
"purl": "pkg:pypi/retry-decorator@1.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-03-10T23:56:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2088,32 +2629,28 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2020-03-10T23:56:29.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "42-google-apitools",
- "name": "google-apitools",
- "version": "0.5.32",
+ "bom-ref": "41-google-auth",
+ "name": "google-auth",
+ "version": "2.17.0",
"supplier": {
- "name": "Craig Citro",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "craigcitro@google.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
- "description": "client libraries for humans",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ "alg": "SHA-256",
+ "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94"
}
],
"licenses": [
@@ -2127,18 +2664,22 @@
],
"externalReferences": [
{
- "url": "http://github.com/google/apitools",
+ "url": "https://github.com/googleapis/google-auth-library-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
+ "url": "https://pypi.org/project/google-auth/2.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-apitools@0.5.32",
+ "purl": "pkg:pypi/google-auth@2.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-03-28T19:51:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2146,57 +2687,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T22:12:58.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "43-monotonic",
- "name": "monotonic",
- "version": "1.6",
+ "bom-ref": "42-cachetools",
+ "name": "cachetools",
+ "version": "5.5.0",
"supplier": {
- "name": "Ori Livneh",
+ "name": "Thomas Kemmer",
"contact": [
{
- "email": "ori@wikimedia.org"
+ "email": "tkemmer@computer.org"
}
]
},
- "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
- "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
"hashes": [
{
- "alg": "SHA-1",
- "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ "alg": "SHA-256",
+ "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/atdt/monotonic",
+ "url": "https://github.com/tkem/cachetools/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/monotonic/1.6/#files",
+ "url": "https://pypi.org/project/cachetools/5.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/monotonic@1.6",
+ "purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-18T20:28:43Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2204,43 +2745,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-04-09T21:58:05.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "44-importlib-metadata",
- "name": "importlib-metadata",
- "version": "8.5.0",
+ "bom-ref": "43-google-auth-httplib2",
+ "name": "google-auth-httplib2",
+ "version": "0.2.0",
"supplier": {
- "name": "Jason R .",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "jaraco@jaraco.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
- "description": "Read metadata from Python packages",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
+ "alg": "SHA-256",
+ "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
+ "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-metadata@8.5.0",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-12T17:40:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2253,28 +2808,52 @@
},
{
"type": "library",
- "bom-ref": "45-zipp",
- "name": "zipp",
- "version": "3.20.2",
+ "bom-ref": "44-google-apitools",
+ "name": "google-apitools",
+ "version": "0.5.32",
"supplier": {
- "name": "Jason R .",
+ "name": "Craig Citro",
"contact": [
{
- "email": "jaraco@jaraco.com"
+ "email": "craigcitro@google.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
+ "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
+ "description": "client libraries for humans",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "http://github.com/google/apitools",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/google-apitools@0.5.32",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-05-05T22:12:58Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2287,34 +2866,52 @@
},
{
"type": "library",
- "bom-ref": "46-importlib-resources",
- "name": "importlib-resources",
- "version": "6.4.5",
+ "bom-ref": "45-monotonic",
+ "name": "monotonic",
+ "version": "1.6",
"supplier": {
- "name": "Barry Warsaw",
+ "name": "Ori Livneh",
"contact": [
{
- "email": "barry@python.org"
+ "email": "ori@wikimedia.org"
}
]
},
- "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*",
- "description": "Read resources from Python packages",
+ "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
+ "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "284148b005b57031a354402c446473f53cab2c49"
+ "alg": "SHA-256",
+ "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-resources/6.4.5/#files",
+ "url": "https://github.com/atdt/monotonic",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/monotonic/1.6/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-resources@6.4.5",
+ "purl": "pkg:pypi/monotonic@1.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-04-09T21:58:05Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2327,14 +2924,14 @@
},
{
"type": "library",
- "bom-ref": "47-jinja2",
+ "bom-ref": "46-jinja2",
"name": "jinja2",
"version": "3.1.4",
"description": "A very fast and expressive template engine.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+ "alg": "SHA-256",
+ "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
}
],
"externalReferences": [
@@ -2342,10 +2939,34 @@
"url": "https://pypi.org/project/jinja2/3.1.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/pallets/jinja/",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jinja2@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-05T23:41:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2353,23 +2974,19 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-05T23:41:59.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "48-markupsafe",
+ "bom-ref": "47-markupsafe",
"name": "markupsafe",
"version": "2.1.5",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "fbba4acd0312826cec9cfe18371c7df07962cb65"
+ "alg": "SHA-256",
+ "content": "a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"
}
],
"licenses": [
@@ -2391,10 +3008,120 @@
"url": "https://pypi.org/project/markupsafe/2.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
+ }
+ ],
+ "purl": "pkg:pypi/markupsafe@2.1.5",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-02-02T16:30:04Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "48-jsonschema",
+ "name": "jsonschema",
+ "version": "4.23.0",
+ "supplier": {
+ "name": "Julian Berman",
+ "contact": [
+ {
+ "email": "Julian+jsonschema@GrayVines.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
+ "description": "An implementation of JSON Schema validation for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/jsonschema/4.23.0/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://python-jsonschema.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/markupsafe@2.1.5",
+ "purl": "pkg:pypi/jsonschema@4.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-08T18:40:00Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2402,51 +3129,47 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-02-02T16:30:04.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "49-jsonschema",
- "name": "jsonschema",
- "version": "4.23.0",
+ "bom-ref": "49-importlib-resources",
+ "name": "importlib-resources",
+ "version": "6.4.5",
"supplier": {
- "name": "Julian Berman",
+ "name": "Barry Warsaw",
"contact": [
{
- "email": "Julian+jsonschema@GrayVines.com"
+ "email": "barry@python.org"
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
- "description": "An implementation of JSON Schema validation for Python",
- "licenses": [
+ "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*",
+ "description": "Read resources from Python packages",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717"
}
],
"externalReferences": [
{
- "url": "https://github.com/python-jsonschema/jsonschema",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/jsonschema/4.23.0/#files",
+ "url": "https://pypi.org/project/importlib-resources/6.4.5/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_resources",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/jsonschema@4.23.0",
+ "purl": "pkg:pypi/importlib-resources@6.4.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T17:03:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2474,15 +3197,15 @@
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
- "alg": "SHA-1",
- "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76"
+ "alg": "SHA-256",
+ "content": "87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2497,10 +3220,34 @@
"url": "https://pypi.org/project/jsonschema-specifications/2023.12.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jsonschema-specifications.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema-specifications@2023.12.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-25T15:16:51Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2508,10 +3255,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-25T15:16:51.000Z"
}
]
},
@@ -2532,8 +3275,8 @@
"description": "JSON Referencing + Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ "alg": "SHA-256",
+ "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
}
],
"externalReferences": [
@@ -2546,10 +3289,38 @@
"url": "https://pypi.org/project/referencing/0.35.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/en/stable/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/referencing@0.35.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-01T20:26:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2557,10 +3328,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-01T20:26:02.000Z"
}
]
},
@@ -2579,11 +3346,17 @@
},
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2598,10 +3371,34 @@
"url": "https://pypi.org/project/rpds-py/0.20.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rpds.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/rpds-py@0.20.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T14:26:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2641,6 +3438,10 @@
],
"purl": "pkg:pypi/pkgutil-resolve-name@1.3.10",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T14:26:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2648,10 +3449,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-07-21T08:19:03.000Z"
}
]
},
@@ -2659,7 +3456,7 @@
"type": "library",
"bom-ref": "54-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.5",
+ "version": "0.8.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2668,8 +3465,14 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2686,13 +3489,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.7.5/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.5",
+ "purl": "pkg:pypi/lib4sbom@0.8.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-09T20:13:26Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2718,11 +3525,17 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2734,13 +3547,37 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyyaml/6.0.2/#files",
+ "url": "https://pypi.org/project/PyYAML/",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://pyyaml.org/wiki/PyYAMLDocumentation",
+ "type": "documentation"
+ },
+ {
+ "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core",
+ "type": "mailing-list"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyyaml@6.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T20:31:40Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2768,8 +3605,8 @@
"description": "A library implementing the 'SemVer' scheme.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ "alg": "SHA-256",
+ "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177"
}
],
"licenses": [
@@ -2795,6 +3632,10 @@
],
"purl": "pkg:pypi/semantic-version@2.10.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-05-26T13:35:21Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2802,10 +3643,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2022-05-26T13:35:21.000Z"
}
]
},
@@ -2826,8 +3663,8 @@
"description": "VEX generator and consumer library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ "alg": "SHA-256",
+ "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
}
],
"licenses": [
@@ -2853,6 +3690,10 @@
],
"purl": "pkg:pypi/lib4vex@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-29T20:36:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2880,15 +3721,15 @@
"description": "CSAF generator and analyser",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4"
+ "alg": "SHA-256",
+ "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2907,6 +3748,10 @@
],
"purl": "pkg:pypi/csaf-tool@0.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-12T20:10:06Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2927,11 +3772,17 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2950,6 +3801,10 @@
],
"purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-22T05:51:23Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2977,15 +3832,15 @@
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
- "alg": "SHA-1",
- "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ "alg": "SHA-256",
+ "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3000,10 +3855,18 @@
"url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rich.readthedocs.io/en/latest/",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/rich@13.9.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T16:43:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3031,8 +3894,8 @@
"description": "Python port of markdown-it. Markdown parsing, done right!",
"hashes": [
{
- "alg": "SHA-1",
- "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ "alg": "SHA-256",
+ "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"
}
],
"externalReferences": [
@@ -3045,10 +3908,18 @@
"url": "https://pypi.org/project/markdown-it-py/3.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://markdown-it-py.readthedocs.io",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/markdown-it-py@3.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-06-03T06:41:11Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3056,10 +3927,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-06-03T06:41:11.000Z"
}
]
},
@@ -3080,8 +3947,8 @@
"description": "Markdown URL utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ "alg": "SHA-256",
+ "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"
}
],
"externalReferences": [
@@ -3098,6 +3965,10 @@
],
"purl": "pkg:pypi/mdurl@0.1.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-08-14T12:40:09Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3105,10 +3976,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2022-08-14T12:40:09.000Z"
}
]
},
@@ -3129,8 +3996,8 @@
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ "alg": "SHA-256",
+ "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
}
],
"licenses": [
@@ -3152,10 +4019,30 @@
"url": "https://pypi.org/project/pygments/2.18.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pygments.org/docs",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pygments/pygments",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/blob/master/CHANGES",
+ "type": "log"
}
],
"purl": "pkg:pypi/pygments@2.18.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-04T13:41:57Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3163,37 +4050,69 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-04T13:41:57.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "64-packaging",
- "name": "packaging",
- "version": "24.2",
+ "bom-ref": "64-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.3",
"supplier": {
- "name": "Donald Stufft",
+ "name": "Vinay Sajip",
"contact": [
{
- "email": "donald@stufft.io"
+ "email": "vinay_sajip@yahoo.co.uk"
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
- "description": "Core utilities for Python packages",
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.2/#files",
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gnupg.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/packaging@24.2",
+ "purl": "pkg:pypi/python-gnupg@0.5.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-20T16:43:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3206,42 +4125,46 @@
},
{
"type": "library",
- "bom-ref": "65-plotly",
- "name": "plotly",
- "version": "5.24.1",
+ "bom-ref": "65-packaging",
+ "name": "packaging",
+ "version": "24.2",
"supplier": {
- "name": "Chris P",
+ "name": "Donald Stufft",
"contact": [
{
- "email": "chris@plot.ly"
+ "email": "donald@stufft.io"
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
- "description": "An open-source, interactive data visualization library for Python",
- "licenses": [
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
+ "description": "Core utilities for Python packages",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
}
],
"externalReferences": [
{
- "url": "https://plotly.com/python/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/plotly/5.24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://packaging.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pypa/packaging",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/plotly@5.24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-08T09:47:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3254,48 +4177,64 @@
},
{
"type": "library",
- "bom-ref": "66-tenacity",
- "name": "tenacity",
- "version": "9.0.0",
+ "bom-ref": "66-plotly",
+ "name": "plotly",
+ "version": "5.24.1",
"supplier": {
- "name": "Julien Danjou",
+ "name": "Chris P",
"contact": [
{
- "email": "julien@danjou.info"
+ "email": "chris@plot.ly"
}
]
},
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
- "description": "Retry code until it succeeds",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
+ "description": "An open-source, interactive data visualization library for Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+ "alg": "SHA-256",
+ "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/jd/tenacity",
+ "url": "https://plotly.com/python/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/tenacity/9.0.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://pypi.org/project/plotly/5.24.1/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://plotly.com/python/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
+ "type": "log"
}
],
- "purl": "pkg:pypi/tenacity@9.0.0",
+ "purl": "pkg:pypi/plotly@5.24.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T15:36:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3308,42 +4247,52 @@
},
{
"type": "library",
- "bom-ref": "67-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.3",
+ "bom-ref": "67-tenacity",
+ "name": "tenacity",
+ "version": "9.0.0",
"supplier": {
- "name": "Vinay Sajip",
+ "name": "Julien Danjou",
"contact": [
{
- "email": "vinay_sajip@yahoo.co.uk"
+ "email": "julien@danjou.info"
}
]
},
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
+ "description": "Retry code until it succeeds",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/vsajip/python-gnupg",
+ "url": "https://github.com/jd/tenacity",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
+ "url": "https://pypi.org/project/tenacity/9.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
+ "purl": "pkg:pypi/tenacity@9.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-29T12:12:25Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3371,8 +4320,8 @@
"description": "Python HTTP for Humans.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "0e322af87745eff34caffe4df68456ebc20d9068"
+ "alg": "SHA-256",
+ "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
}
],
"licenses": [
@@ -3394,10 +4343,22 @@
"url": "https://pypi.org/project/requests/2.32.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://requests.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/psf/requests",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/requests@2.32.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-29T15:37:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3410,42 +4371,60 @@
},
{
"type": "library",
- "bom-ref": "69-certifi",
- "name": "certifi",
- "version": "2024.8.30",
+ "bom-ref": "69-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.4.0",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Ahmed TAHRI",
"contact": [
{
- "email": "me@kennethreitz.com"
+ "email": "tahri.ahmed@proton.me"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/certifi/python-certifi",
+ "url": "https://github.com/Ousret/charset_normalizer",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2024.8.30/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/Ousret/charset_normalizer/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://charset-normalizer.readthedocs.io/en/latest",
+ "type": "documentation"
}
],
- "purl": "pkg:pypi/certifi@2024.8.30",
+ "purl": "pkg:pypi/charset-normalizer@3.4.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-09T07:38:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3458,42 +4437,54 @@
},
{
"type": "library",
- "bom-ref": "70-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.4.0",
+ "bom-ref": "70-urllib3",
+ "name": "urllib3",
+ "version": "2.2.3",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Andrey Petrov",
"contact": [
{
- "email": "tahri.ahmed@proton.me"
+ "email": "andrey.petrov@shazow.net"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
}
],
"externalReferences": [
{
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+ "url": "https://pypi.org/project/urllib3/2.2.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://urllib3.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
+ "purl": "pkg:pypi/urllib3@2.2.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T10:52:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3506,28 +4497,56 @@
},
{
"type": "library",
- "bom-ref": "71-urllib3",
- "name": "urllib3",
- "version": "2.2.3",
+ "bom-ref": "71-certifi",
+ "name": "certifi",
+ "version": "2024.12.14",
"supplier": {
- "name": "Andrey Petrov",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "andrey.petrov@shazow.net"
+ "email": "me@kennethreitz.com"
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/certifi/2024.12.14/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/urllib3@2.2.3",
+ "purl": "pkg:pypi/certifi@2024.12.14",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-14T13:52:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3555,15 +4574,15 @@
"description": "Read rpm archive files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5"
+ "alg": "SHA-256",
+ "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3582,6 +4601,10 @@
],
"purl": "pkg:pypi/rpmfile@2.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-24T21:57:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3607,15 +4630,37 @@
},
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pypa/setuptools",
+ "type": "vcs"
+ },
+ {
+ "url": "https://setuptools.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://setuptools.pypa.io/en/stable/history.html",
+ "type": "log"
}
],
"purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-29T10:23:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3628,48 +4673,52 @@
},
{
"type": "library",
- "bom-ref": "74-toml",
- "name": "toml",
- "version": "0.10.2",
+ "bom-ref": "74-xmlschema",
+ "name": "xmlschema",
+ "version": "3.4.3",
"supplier": {
- "name": "William Pearson",
+ "name": "Davide Brunato",
"contact": [
{
- "email": "uiri@xqz.ca"
+ "email": "brunato@sissa.it"
}
]
},
- "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*",
- "description": "Python Library for Tom's Obvious, Minimal Language",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
+ "description": "An XML Schema validator and decoder",
"hashes": [
{
- "alg": "SHA-1",
- "content": "3f637dba5f68db63d4b30967fedda51c82459471"
+ "alg": "SHA-256",
+ "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/uiri/toml",
+ "url": "https://github.com/sissaschool/xmlschema",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/toml/0.10.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/toml@0.10.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T09:47:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3677,18 +4726,14 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2020-11-01T01:40:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "75-xmlschema",
- "name": "xmlschema",
- "version": "3.4.3",
+ "bom-ref": "75-elementpath",
+ "name": "elementpath",
+ "version": "4.6.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3697,31 +4742,41 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
- "description": "An XML Schema validator and decoder",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
+ "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/sissaschool/xmlschema",
+ "url": "https://github.com/sissaschool/elementpath",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
+ "url": "https://pypi.org/project/elementpath/4.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.3",
+ "purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-27T21:52:58Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3734,42 +4789,52 @@
},
{
"type": "library",
- "bom-ref": "76-elementpath",
- "name": "elementpath",
- "version": "4.6.0",
+ "bom-ref": "76-toml",
+ "name": "toml",
+ "version": "0.10.2",
"supplier": {
- "name": "Davide Brunato",
+ "name": "William Pearson",
"contact": [
{
- "email": "brunato@sissa.it"
+ "email": "uiri@xqz.ca"
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
- "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*",
+ "description": "Python Library for Tom's Obvious, Minimal Language",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/sissaschool/elementpath",
+ "url": "https://github.com/uiri/toml",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.6.0/#files",
+ "url": "https://pypi.org/project/toml/0.10.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.6.0",
+ "purl": "pkg:pypi/toml@0.10.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-11-01T01:40:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3795,6 +4860,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -3818,6 +4889,10 @@
],
"purl": "pkg:pypi/zstandard@0.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-15T00:13:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3840,31 +4915,31 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "13-beautifulsoup4",
- "15-cvss",
- "16-defusedxml",
- "17-distro",
- "18-filetype",
- "19-gsutil",
- "44-importlib-metadata",
- "46-importlib-resources",
- "47-jinja2",
- "49-jsonschema",
+ "15-beautifulsoup4",
+ "17-cvss",
+ "18-defusedxml",
+ "19-distro",
+ "20-filetype",
+ "21-gsutil",
+ "46-jinja2",
+ "48-jsonschema",
"54-lib4sbom",
"57-lib4vex",
+ "64-python-gnupg",
"59-packageurl-python",
- "64-packaging",
- "65-plotly",
- "67-python-gnupg",
+ "65-packaging",
+ "66-plotly",
"55-pyyaml",
"68-requests",
"60-rich",
"72-rpmfile",
"73-setuptools",
- "74-toml",
- "71-urllib3",
- "75-xmlschema",
- "45-zipp",
+ "70-urllib3",
+ "74-xmlschema",
+ "8-zipp",
+ "7-importlib-metadata",
+ "76-toml",
+ "49-importlib-resources",
"77-zstandard"
]
},
@@ -3873,11 +4948,11 @@
"dependsOn": [
"3-aiohappyeyeballs",
"4-aiosignal",
- "6-async-timeout",
- "7-attrs",
+ "6-attrs",
"5-frozenlist",
- "8-multidict",
- "10-yarl"
+ "10-multidict",
+ "11-yarl",
+ "14-async-timeout"
]
},
{
@@ -3887,197 +4962,204 @@
]
},
{
- "ref": "8-multidict",
+ "ref": "6-attrs",
"dependsOn": [
- "9-typing-extensions"
+ "7-importlib-metadata"
]
},
{
- "ref": "10-yarl",
+ "ref": "7-importlib-metadata",
"dependsOn": [
- "11-idna",
- "8-multidict",
- "12-propcache"
+ "8-zipp",
+ "9-typing-extensions"
]
},
{
- "ref": "13-beautifulsoup4",
+ "ref": "10-multidict",
"dependsOn": [
- "14-soupsieve"
+ "9-typing-extensions"
]
},
{
- "ref": "19-gsutil",
+ "ref": "11-yarl",
"dependsOn": [
- "20-argcomplete",
- "21-crcmod",
- "22-fasteners",
- "23-gcs-oauth2-boto-plugin",
- "42-google-apitools",
- "25-google-auth",
- "31-google-auth-httplib2",
- "34-google-reauth",
- "32-httplib2",
- "43-monotonic",
- "37-pyopenssl",
- "41-retry-decorator",
- "30-six"
+ "12-idna",
+ "10-multidict",
+ "13-propcache"
]
},
{
- "ref": "23-gcs-oauth2-boto-plugin",
+ "ref": "15-beautifulsoup4",
"dependsOn": [
- "24-boto",
- "25-google-auth",
- "31-google-auth-httplib2",
- "34-google-reauth",
- "32-httplib2",
- "36-oauth2client",
- "37-pyopenssl",
- "41-retry-decorator",
- "29-rsa",
- "30-six"
+ "16-soupsieve"
]
},
{
- "ref": "25-google-auth",
+ "ref": "21-gsutil",
"dependsOn": [
- "26-cachetools",
- "27-pyasn1-modules",
- "29-rsa",
- "30-six"
+ "22-argcomplete",
+ "23-crcmod",
+ "24-fasteners",
+ "25-gcs-oauth2-boto-plugin",
+ "44-google-apitools",
+ "32-httplib2",
+ "29-google-reauth",
+ "45-monotonic",
+ "36-pyopenssl",
+ "40-retry-decorator",
+ "31-six",
+ "41-google-auth",
+ "43-google-auth-httplib2"
]
},
{
- "ref": "27-pyasn1-modules",
+ "ref": "25-gcs-oauth2-boto-plugin",
"dependsOn": [
- "28-pyasn1"
+ "26-rsa",
+ "28-boto",
+ "29-google-reauth",
+ "32-httplib2",
+ "34-oauth2client",
+ "36-pyopenssl",
+ "40-retry-decorator",
+ "31-six",
+ "41-google-auth",
+ "43-google-auth-httplib2"
]
},
{
- "ref": "29-rsa",
+ "ref": "26-rsa",
"dependsOn": [
- "28-pyasn1"
+ "27-pyasn1"
]
},
{
- "ref": "31-google-auth-httplib2",
+ "ref": "29-google-reauth",
"dependsOn": [
- "25-google-auth",
- "32-httplib2"
+ "30-pyu2f"
]
},
{
- "ref": "32-httplib2",
+ "ref": "30-pyu2f",
"dependsOn": [
- "33-pyparsing"
+ "31-six"
]
},
{
- "ref": "34-google-reauth",
+ "ref": "32-httplib2",
"dependsOn": [
- "35-pyu2f"
+ "33-pyparsing"
]
},
{
- "ref": "35-pyu2f",
+ "ref": "34-oauth2client",
"dependsOn": [
- "30-six"
+ "32-httplib2",
+ "27-pyasn1",
+ "35-pyasn1-modules",
+ "26-rsa",
+ "31-six"
]
},
{
- "ref": "36-oauth2client",
+ "ref": "35-pyasn1-modules",
"dependsOn": [
- "32-httplib2",
- "28-pyasn1",
- "27-pyasn1-modules",
- "29-rsa",
- "30-six"
+ "27-pyasn1"
]
},
{
- "ref": "37-pyopenssl",
+ "ref": "36-pyopenssl",
"dependsOn": [
- "38-cryptography"
+ "37-cryptography"
]
},
{
- "ref": "38-cryptography",
+ "ref": "37-cryptography",
"dependsOn": [
- "39-cffi"
+ "38-cffi"
]
},
{
- "ref": "39-cffi",
+ "ref": "38-cffi",
"dependsOn": [
- "40-pycparser"
+ "39-pycparser"
]
},
{
- "ref": "42-google-apitools",
+ "ref": "41-google-auth",
"dependsOn": [
- "22-fasteners",
- "32-httplib2",
- "36-oauth2client",
- "30-six"
+ "42-cachetools",
+ "35-pyasn1-modules",
+ "31-six",
+ "26-rsa"
]
},
{
- "ref": "44-importlib-metadata",
+ "ref": "43-google-auth-httplib2",
"dependsOn": [
- "45-zipp"
+ "41-google-auth",
+ "32-httplib2"
]
},
{
- "ref": "46-importlib-resources",
+ "ref": "44-google-apitools",
"dependsOn": [
- "45-zipp"
+ "32-httplib2",
+ "24-fasteners",
+ "34-oauth2client",
+ "31-six"
]
},
{
- "ref": "47-jinja2",
+ "ref": "46-jinja2",
"dependsOn": [
- "48-markupsafe"
+ "47-markupsafe"
]
},
{
- "ref": "49-jsonschema",
+ "ref": "48-jsonschema",
"dependsOn": [
- "7-attrs",
- "46-importlib-resources",
+ "6-attrs",
+ "49-importlib-resources",
"50-jsonschema-specifications",
"53-pkgutil-resolve-name",
"51-referencing",
"52-rpds-py"
]
},
+ {
+ "ref": "49-importlib-resources",
+ "dependsOn": [
+ "8-zipp"
+ ]
+ },
{
"ref": "50-jsonschema-specifications",
"dependsOn": [
- "46-importlib-resources",
+ "49-importlib-resources",
"51-referencing"
]
},
{
"ref": "51-referencing",
"dependsOn": [
- "7-attrs",
+ "6-attrs",
"52-rpds-py"
]
},
{
"ref": "54-lib4sbom",
"dependsOn": [
- "16-defusedxml",
"55-pyyaml",
- "56-semantic-version"
+ "56-semantic-version",
+ "18-defusedxml"
]
},
{
"ref": "57-lib4vex",
"dependsOn": [
- "58-csaf-tool",
"54-lib4sbom",
+ "58-csaf-tool",
"59-packageurl-python"
]
},
@@ -4103,25 +5185,31 @@
]
},
{
- "ref": "65-plotly",
+ "ref": "66-plotly",
"dependsOn": [
- "64-packaging",
- "66-tenacity"
+ "67-tenacity",
+ "65-packaging"
]
},
{
"ref": "68-requests",
"dependsOn": [
- "69-certifi",
- "70-charset-normalizer",
- "11-idna",
- "71-urllib3"
+ "69-charset-normalizer",
+ "12-idna",
+ "70-urllib3",
+ "71-certifi"
+ ]
+ },
+ {
+ "ref": "74-xmlschema",
+ "dependsOn": [
+ "75-elementpath"
]
},
{
- "ref": "75-xmlschema",
+ "ref": "77-zstandard",
"dependsOn": [
- "76-elementpath"
+ "38-cffi"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index c66cbe5150..c16f44a4b3 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d29612d-e195-4775-b376-646cc2514ac4
-LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-11T00:36:58Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4e74e1a-9904-46ec-beab-1e3d7d1af7ba
+LicenseListVersion: 3.25
+Creator: Tool: sbom4python-0.12.1
+Created: 2024-12-16T00:39:17Z
CreatorComment: This document has been automatically generated.
#####
@@ -17,45 +17,62 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/intel/cve-bin-tool
+PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
+ReleaseDate: 2024-09-17T18:57:44Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.10
+PackageVersion: 3.10.11
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.11/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
+PackageChecksum: SHA256: 5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10
+ReleaseDate: 2024-11-13T16:36:38Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp
+ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
+ExternalRef: OTHER other https://docs.aiohttp.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
+PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues
+ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
@@ -66,12 +83,19 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
+PackageChecksum: SHA256: f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: aiosignal: a list of registered asynchronous callbacks
+ReleaseDate: 2022-11-08T16:03:57Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
+ExternalRef: OTHER other https://docs.aiosignal.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
#####
@@ -83,63 +107,81 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+ReleaseDate: 2024-10-23T09:46:20Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist
+ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog
+ExternalRef: OTHER other https://frozenlist.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
-PackageName: async-timeout
-SPDXID: SPDXRef-6-async-timeout
-PackageVersion: 4.0.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/async-timeout
-PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*
-#####
-
PackageName: attrs
-SPDXID: SPDXRef-7-attrs
+SPDXID: SPDXRef-6-attrs
PackageVersion: 24.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
+PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
+ReleaseDate: 2024-08-06T14:37:36Z
+ExternalRef: OTHER documentation https://www.attrs.org/
+ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
+ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
+ExternalRef: OTHER other https://github.com/sponsors/hynek
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
#####
-PackageName: multidict
-SPDXID: SPDXRef-8-multidict
-PackageVersion: 6.1.0
+PackageName: importlib-metadata
+SPDXID: SPDXRef-7-importlib-metadata
+PackageVersion: 8.5.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: multidict implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
+PackageSummary: Read metadata from Python packages
+ReleaseDate: 2024-09-11T14:56:07Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zipp
+SPDXID: SPDXRef-8-zipp
+PackageVersion: 3.20.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backport of pathlib-compatible object wrapper for zip files
+ReleaseDate: 2024-09-13T13:44:14Z
+ExternalRef: OTHER vcs https://github.com/jaraco/zipp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
#####
PackageName: typing-extensions
@@ -149,386 +191,475 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
+PackageHomePage: https://github.com/python/typing_extensions
+PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ReleaseDate: 2024-06-07T18:52:13Z
+ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues
+ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
+ExternalRef: OTHER other https://github.com/python/typing/discussions
+ExternalRef: OTHER vcs https://github.com/python/typing_extensions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
#####
+PackageName: multidict
+SPDXID: SPDXRef-10-multidict
+PackageVersion: 6.1.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: multidict implementation
+ReleaseDate: 2024-09-09T23:47:18Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
+ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://multidict.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
+#####
+
PackageName: yarl
-SPDXID: SPDXRef-10-yarl
+SPDXID: SPDXRef-11-yarl
PackageVersion: 1.15.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
-PackageChecksum: SHA1: 33294bf084d2dde1ac1e8133b0125e1f142a8274
+PackageChecksum: SHA256: e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
+ReleaseDate: 2024-10-13T18:44:32Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl
+ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://yarl.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-11-idna
+SPDXID: SPDXRef-12-idna
PackageVersion: 3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
+ReleaseDate: 2024-09-15T18:07:37Z
+ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
+ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
+ExternalRef: OTHER vcs https://github.com/kjd/idna
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
#####
PackageName: propcache
-SPDXID: SPDXRef-12-propcache
+SPDXID: SPDXRef-13-propcache
PackageVersion: 0.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
+PackageChecksum: SHA256: c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
+ReleaseDate: 2024-10-07T12:54:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache
+ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
+ExternalRef: OTHER other https://propcache.readthedocs.io
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
#####
+PackageName: async-timeout
+SPDXID: SPDXRef-14-async-timeout
+PackageVersion: 5.0.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/aio-libs/async-timeout
+PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Timeout context manager for asyncio programs
+ReleaseDate: 2024-11-06T16:41:37Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*
+#####
+
PackageName: beautifulsoup4
-SPDXID: SPDXRef-13-beautifulsoup4
+SPDXID: SPDXRef-15-beautifulsoup4
PackageVersion: 4.12.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
+PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
+ReleaseDate: 2024-01-17T16:53:12Z
+ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
-SPDXID: SPDXRef-14-soupsieve
+SPDXID: SPDXRef-16-soupsieve
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
-PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
+PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ReleaseDate: 2024-08-13T13:39:10Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-15-cvss
+SPDXID: SPDXRef-17-cvss
PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
+PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
+ReleaseDate: 2024-11-01T10:05:52Z
+ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
+ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
+ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
+ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
-SPDXID: SPDXRef-16-defusedxml
+SPDXID: SPDXRef-18-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files
+PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml
FilesAnalyzed: false
PackageHomePage: https://github.com/tiran/defusedxml
-PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
+PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
+ReleaseDate: 2021-03-08T10:59:24Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
PackageName: distro
-SPDXID: SPDXRef-17-distro
+SPDXID: SPDXRef-19-distro
PackageVersion: 1.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-distro/distro
+PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
+ReleaseDate: 2023-12-24T09:54:30Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
PackageName: filetype
-SPDXID: SPDXRef-18-filetype
+SPDXID: SPDXRef-20-filetype
PackageVersion: 1.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
-PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files
+PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master
FilesAnalyzed: false
PackageHomePage: https://github.com/h2non/filetype.py
-PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
+PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
+ReleaseDate: 2022-11-02T17:34:01Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-19-gsutil
-PackageVersion: 5.31
+SPDXID: SPDXRef-21-gsutil
+PackageVersion: 5.33
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files
+PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
+PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-11T09:40:59Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-20-argcomplete
-PackageVersion: 3.5.1
+SPDXID: SPDXRef-22-argcomplete
+PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
+PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-06T18:24:27Z
+ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
+ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
+ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
+ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-21-crcmod
+SPDXID: SPDXRef-23-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files
+PackageDownloadLocation: http://sourceforge.net/projects/crcmod
FilesAnalyzed: false
PackageHomePage: http://crcmod.sourceforge.net/
+PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
+ReleaseDate: 2010-06-27T14:35:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-22-fasteners
+SPDXID: SPDXRef-24-fasteners
PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/harlowja/fasteners
-PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
+PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
+ReleaseDate: 2023-09-19T17:11:18Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files
+PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin
FilesAnalyzed: false
PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb
+PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+ReleaseDate: 2024-05-02T14:37:31Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
-PackageName: boto
-SPDXID: SPDXRef-24-boto
-PackageVersion: 2.49.0
+PackageName: rsa
+SPDXID: SPDXRef-26-rsa
+PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageHomePage: https://stuvel.eu/rsa
+PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
+PackageSummary: Pure-Python RSA implementation
+ReleaseDate: 2021-02-24T10:55:03Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
-PackageName: google-auth
-SPDXID: SPDXRef-25-google-auth
-PackageVersion: 2.17.0
+PackageName: pyasn1
+SPDXID: SPDXRef-27-pyasn1
+PackageVersion: 0.6.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ReleaseDate: 2024-09-10T22:41:42Z
+ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
+ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
#####
-PackageName: cachetools
-SPDXID: SPDXRef-26-cachetools
-PackageVersion: 5.5.0
+PackageName: boto
+SPDXID: SPDXRef-28-boto
+PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
+PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
+PackageHomePage: https://github.com/boto/boto/
+PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+PackageSummary: Amazon Web Services Library
+ReleaseDate: 2018-07-11T20:58:55Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-27-pyasn1-modules
-PackageVersion: 0.4.1
+PackageName: google-reauth
+SPDXID: SPDXRef-29-google-reauth
+PackageVersion: 0.1.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageHomePage: https://github.com/Google/google-reauth-python
+PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1
-SPDXID: SPDXRef-28-pyasn1
-PackageVersion: 0.6.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
+PackageSummary: Google Reauth Library
+ReleaseDate: 2020-12-01T17:35:45Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
-PackageName: rsa
-SPDXID: SPDXRef-29-rsa
-PackageVersion: 4.7.2
+PackageName: pyu2f
+SPDXID: SPDXRef-30-pyu2f
+PackageVersion: 0.1.5
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
+PackageHomePage: https://github.com/google/pyu2f/
+PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ReleaseDate: 2020-10-30T20:03:07Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-30-six
-PackageVersion: 1.16.0
+SPDXID: SPDXRef-31-six
+PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
-PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/benjaminp/six
-PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1
+PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth-httplib2
-SPDXID: SPDXRef-31-google-auth-httplib2
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library: httplib2 transport
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T17:35:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
PackageName: httplib2
@@ -539,11 +670,12 @@ PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/httplib2/httplib2
-PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
+PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
+ReleaseDate: 2022-02-03T00:00:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
@@ -556,281 +688,339 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+ReleaseDate: 2024-08-25T15:00:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*
#####
-PackageName: google-reauth
-SPDXID: SPDXRef-34-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-35-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
PackageName: oauth2client
-SPDXID: SPDXRef-36-oauth2client
+SPDXID: SPDXRef-34-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/oauth2client/
-PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
+PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
+ReleaseDate: 2018-09-07T21:38:16Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-35-pyasn1-modules
+PackageVersion: 0.4.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ReleaseDate: 2024-09-10T22:42:08Z
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
+ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+#####
+
PackageName: pyopenssl
-SPDXID: SPDXRef-37-pyopenssl
+SPDXID: SPDXRef-36-pyopenssl
PackageVersion: 24.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
+PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
+ReleaseDate: 2024-07-20T17:26:29Z
+ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
-SPDXID: SPDXRef-38-cryptography
+SPDXID: SPDXRef-37-cryptography
PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
+PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+ReleaseDate: 2024-10-18T15:57:36Z
+ExternalRef: OTHER documentation https://cryptography.io/
+ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
+ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
+ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
-SPDXID: SPDXRef-39-cffi
+SPDXID: SPDXRef-38-cffi
PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
+ReleaseDate: 2024-09-04T20:43:30Z
+ExternalRef: OTHER documentation http://cffi.readthedocs.org/
+ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
+ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
+ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
+ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
PackageName: pycparser
-SPDXID: SPDXRef-40-pycparser
+SPDXID: SPDXRef-39-pycparser
PackageVersion: 2.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
+PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
+ReleaseDate: 2024-03-30T13:22:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
PackageName: retry-decorator
-SPDXID: SPDXRef-41-retry-decorator
+SPDXID: SPDXRef-40-retry-decorator
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
+PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
+ReleaseDate: 2020-03-10T23:56:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
+PackageName: google-auth
+SPDXID: SPDXRef-41-google-auth
+PackageVersion: 2.17.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/googleapis/google-auth-library-python
+PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library
+ReleaseDate: 2023-03-28T19:51:30Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cachetools
+SPDXID: SPDXRef-42-cachetools
+PackageVersion: 5.5.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/tkem/cachetools/
+PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ReleaseDate: 2024-08-18T20:28:43Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-auth-httplib2
+SPDXID: SPDXRef-43-google-auth-httplib2
+PackageVersion: 0.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
+PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library: httplib2 transport
+ReleaseDate: 2023-12-12T17:40:13Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+#####
+
PackageName: google-apitools
-SPDXID: SPDXRef-42-google-apitools
+SPDXID: SPDXRef-44-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
+PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
+ReleaseDate: 2021-05-05T22:12:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-43-monotonic
+SPDXID: SPDXRef-45-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/atdt/monotonic
-PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
+PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+ReleaseDate: 2021-04-09T21:58:05Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
-PackageName: importlib-metadata
-SPDXID: SPDXRef-44-importlib-metadata
-PackageVersion: 8.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
-FilesAnalyzed: false
-PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: zipp
-SPDXID: SPDXRef-45-zipp
-PackageVersion: 3.20.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
-#####
-
-PackageName: importlib-resources
-SPDXID: SPDXRef-46-importlib-resources
-PackageVersion: 6.4.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Barry Warsaw (barry@python.org)
-PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files
-FilesAnalyzed: false
-PackageChecksum: SHA1: 284148b005b57031a354402c446473f53cab2c49
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read resources from Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*
-#####
-
PackageName: jinja2
-SPDXID: SPDXRef-47-jinja2
+SPDXID: SPDXRef-46-jinja2
PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57
+PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
+ReleaseDate: 2024-05-05T23:41:59Z
+ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
+ExternalRef: OTHER chat https://discord.gg/pallets
+ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER vcs https://github.com/pallets/jinja/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
#####
PackageName: markupsafe
-SPDXID: SPDXRef-48-markupsafe
+SPDXID: SPDXRef-47-markupsafe
PackageVersion: 2.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5/#files
FilesAnalyzed: false
PackageHomePage: https://palletsprojects.com/p/markupsafe/
-PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65
+PackageChecksum: SHA256: a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
+ReleaseDate: 2024-02-02T16:30:04Z
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
+ExternalRef: OTHER issue-tracker https://github.com/pallets/markupsafe/issues/
+ExternalRef: OTHER chat https://discord.gg/pallets
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5
#####
PackageName: jsonschema
-SPDXID: SPDXRef-49-jsonschema
+SPDXID: SPDXRef-48-jsonschema
PackageVersion: 4.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema
+PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
+ReleaseDate: 2024-07-08T18:40:00Z
+ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
+PackageName: importlib-resources
+SPDXID: SPDXRef-49-importlib-resources
+PackageVersion: 6.4.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Barry Warsaw (barry@python.org)
+PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read resources from Python packages
+ReleaseDate: 2024-09-09T17:03:13Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_resources
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*
+#####
+
PackageName: jsonschema-specifications
SPDXID: SPDXRef-50-jsonschema-specifications
PackageVersion: 2023.12.1
@@ -839,11 +1029,17 @@ PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVin
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76
+PackageChecksum: SHA256: 87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
+ReleaseDate: 2023-12-25T15:16:51Z
+ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
#####
@@ -856,11 +1052,18 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
+PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
+ReleaseDate: 2024-05-01T20:26:02Z
+ExternalRef: OTHER documentation https://referencing.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
@@ -873,10 +1076,17 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA256: a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
+ReleaseDate: 2024-10-31T14:26:20Z
+ExternalRef: OTHER documentation https://rpds.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*
#####
@@ -893,24 +1103,27 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Resolve a name to an object.
+ReleaseDate: 2024-10-31T14:26:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-54-lib4sbom
-PackageVersion: 0.7.5
+PackageVersion: 0.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
+PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-09T20:13:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -918,13 +1131,20 @@ SPDXID: SPDXRef-55-pyyaml
PackageVersion: 6.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/PyYAML/
FilesAnalyzed: false
PackageHomePage: https://pyyaml.org/
+PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
+ReleaseDate: 2024-08-06T20:31:40Z
+ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
+ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
+ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
+ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
+ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
@@ -937,12 +1157,13 @@ PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.o
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
+PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
+ReleaseDate: 2022-05-26T13:35:21Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
@@ -955,11 +1176,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
+PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
+ReleaseDate: 2024-08-29T20:36:52Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
#####
@@ -972,11 +1194,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4
+PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CSAF generator and analyser
+ReleaseDate: 2024-06-12T20:10:06Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
#####
@@ -989,10 +1212,12 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
+ReleaseDate: 2024-10-22T05:51:23Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
@@ -1005,11 +1230,13 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
+PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ReleaseDate: 2024-11-01T16:43:55Z
+ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
@@ -1022,11 +1249,13 @@ PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/markdown-it-py
-PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
+PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ReleaseDate: 2023-06-03T06:41:11Z
+ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
@@ -1039,11 +1268,12 @@ PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/mdurl
-PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
+PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
+ReleaseDate: 2022-08-14T12:40:09Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
@@ -1056,81 +1286,101 @@ PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
+PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
+ReleaseDate: 2024-05-04T13:41:57Z
+ExternalRef: OTHER documentation https://pygments.org/docs
+ExternalRef: OTHER vcs https://github.com/pygments/pygments
+ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
+ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
+PackageName: python-gnupg
+SPDXID: SPDXRef-64-python-gnupg
+PackageVersion: 0.5.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/vsajip/python-gnupg
+PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ReleaseDate: 2024-09-20T16:43:47Z
+ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
+ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-64-packaging
+SPDXID: SPDXRef-65-packaging
PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
+ReleaseDate: 2024-11-08T09:47:44Z
+ExternalRef: OTHER documentation https://packaging.pypa.io/
+ExternalRef: OTHER vcs https://github.com/pypa/packaging
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-65-plotly
+SPDXID: SPDXRef-66-plotly
PackageVersion: 5.24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
+PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
+ReleaseDate: 2024-09-12T15:36:24Z
+ExternalRef: OTHER documentation https://plotly.com/python/
+ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
+ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-66-tenacity
+SPDXID: SPDXRef-67-tenacity
PackageVersion: 9.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/jd/tenacity
-PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb
+PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
+ReleaseDate: 2024-07-29T12:12:25Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
#####
-PackageName: python-gnupg
-SPDXID: SPDXRef-67-python-gnupg
-PackageVersion: 0.5.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
-#####
-
PackageName: requests
SPDXID: SPDXRef-68-requests
PackageVersion: 2.32.3
@@ -1139,62 +1389,78 @@ PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068
+PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
+ReleaseDate: 2024-05-29T15:37:47Z
+ExternalRef: OTHER documentation https://requests.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/psf/requests
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
#####
-PackageName: certifi
-SPDXID: SPDXRef-69-certifi
-PackageVersion: 2024.8.30
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*
-#####
-
PackageName: charset-normalizer
-SPDXID: SPDXRef-70-charset-normalizer
+SPDXID: SPDXRef-69-charset-normalizer
PackageVersion: 3.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Ousret/charset_normalizer
+PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ReleaseDate: 2024-10-09T07:38:02Z
+ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-71-urllib3
+SPDXID: SPDXRef-70-urllib3
PackageVersion: 2.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ReleaseDate: 2024-09-12T10:52:16Z
+ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
+ExternalRef: OTHER documentation https://urllib3.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
+ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
#####
+PackageName: certifi
+SPDXID: SPDXRef-71-certifi
+PackageVersion: 2024.12.14
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/certifi/python-certifi
+PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56
+PackageLicenseDeclared: MPL-2.0
+PackageLicenseConcluded: MPL-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python package for providing Mozilla's CA Bundle.
+ReleaseDate: 2024-12-14T13:52:36Z
+ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
+#####
+
PackageName: rpmfile
SPDXID: SPDXRef-72-rpmfile
PackageVersion: 2.1.0
@@ -1203,11 +1469,12 @@ PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/srossross/rpmfile
-PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5
+PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
+ReleaseDate: 2024-07-24T21:57:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
@@ -1219,63 +1486,73 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
+ReleaseDate: 2024-10-29T10:23:24Z
+ExternalRef: OTHER vcs https://github.com/pypa/setuptools
+ExternalRef: OTHER documentation https://setuptools.pypa.io/
+ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
-PackageName: toml
-SPDXID: SPDXRef-74-toml
-PackageVersion: 0.10.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: William Pearson (uiri@xqz.ca)
-PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/uiri/toml
-PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python Library for Tom's Obvious, Minimal Language
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
-#####
-
PackageName: xmlschema
-SPDXID: SPDXRef-75-xmlschema
+SPDXID: SPDXRef-74-xmlschema
PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
+PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
+ReleaseDate: 2024-10-31T09:47:12Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-76-elementpath
+SPDXID: SPDXRef-75-elementpath
PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ReleaseDate: 2024-10-27T21:52:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
+PackageName: toml
+SPDXID: SPDXRef-76-toml
+PackageVersion: 0.10.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: William Pearson (uiri@xqz.ca)
+PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/uiri/toml
+PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python Library for Tom's Obvious, Minimal Language
+ReleaseDate: 2020-11-01T01:40:20Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
+#####
+
PackageName: zstandard
SPDXID: SPDXRef-77-zstandard
PackageVersion: 0.23.0
@@ -1284,114 +1561,116 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
+ReleaseDate: 2024-07-15T00:13:27Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-importlib-metadata
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-zipp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-importlib-resources
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jinja2
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-jsonschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-importlib-resources
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4sbom
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-pyyaml
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-lib4vex
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-packageurl-python
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-plotly
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-python-gnupg
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-python-gnupg
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-packaging
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-plotly
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-requests
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-urllib3
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-urllib3
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-rpmfile
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-setuptools
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-toml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-xmlschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-xmlschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-76-toml
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-77-zstandard
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict
-Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna
+Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-13-propcache
+Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-14-async-timeout
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2
+Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f
+Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six
Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing
-Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f
-Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography
-Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi
-Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules
+Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography
+Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi
+Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser
Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-44-importlib-metadata DEPENDS_ON SPDXRef-45-zipp
-Relationship: SPDXRef-46-importlib-resources DEPENDS_ON SPDXRef-45-zipp
-Relationship: SPDXRef-47-jinja2 DEPENDS_ON SPDXRef-48-markupsafe
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-46-importlib-resources
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-51-referencing
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-52-rpds-py
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-46-importlib-resources
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools
+Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client
+Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-importlib-resources
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-51-referencing
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-52-rpds-py
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-49-importlib-resources DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-49-importlib-resources
Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-51-referencing
Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-52-rpds-py
-Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml
+Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml
Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-55-pyyaml
Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-56-semantic-version
Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-54-lib4sbom
@@ -1399,16 +1678,19 @@ Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-58-csaf-tool
Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-59-packageurl-python
Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-59-packageurl-python
Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-60-rich
+Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata
Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-61-markdown-it-py
Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-63-pygments
Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-9-typing-extensions
Relationship: SPDXRef-61-markdown-it-py DEPENDS_ON SPDXRef-62-mdurl
-Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-64-packaging
-Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-66-tenacity
-Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-11-idna
-Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-certifi
-Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-charset-normalizer
-Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-urllib3
-Relationship: SPDXRef-75-xmlschema DEPENDS_ON SPDXRef-76-elementpath
-Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-65-packaging
+Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-67-tenacity
+Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-12-idna
+Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-charset-normalizer
+Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-urllib3
+Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-certifi
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-74-xmlschema DEPENDS_ON SPDXRef-75-elementpath
+Relationship: SPDXRef-77-zstandard DEPENDS_ON SPDXRef-38-cffi
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool
diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index 2f66f324d6..496e740e5c 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:b533a6a5-37a1-49d0-ac98-ad45000656d8",
+ "serialNumber": "urn:uuid:7980739c-277f-4abd-b471-6eb4c197e206",
"version": 1,
"metadata": {
- "timestamp": "2024-11-11T00:38:15Z",
+ "timestamp": "2024-12-16T00:39:37Z",
"lifecycles": [
{
"phase": "build"
@@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
- "version": "0.11.3",
+ "version": "0.12.1",
"type": "application"
}
]
@@ -42,6 +42,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -65,6 +71,10 @@
],
"purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-17T18:57:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -79,8 +89,14 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.10.10",
+ "version": "3.11.10",
"description": "Async http client/server framework (asyncio)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -97,13 +113,49 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.10.10/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.10/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiohttp",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiohttp.org/en/stable/changes.html",
+ "type": "log"
+ },
+ {
+ "url": "https://docs.aiohttp.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.10.10",
+ "purl": "pkg:pypi/aiohttp@3.11.10",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-05T23:51:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -118,7 +170,7 @@
"type": "library",
"bom-ref": "3-aiohappyeyeballs",
"name": "aiohappyeyeballs",
- "version": "2.4.3",
+ "version": "2.4.4",
"supplier": {
"name": "J. Nick Koston",
"contact": [
@@ -127,12 +179,12 @@
}
]
},
- "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f"
+ "alg": "SHA-256",
+ "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8"
}
],
"licenses": [
@@ -151,13 +203,33 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files",
+ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://aiohappyeyeballs.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiohappyeyeballs@2.4.3",
+ "purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
@@ -172,14 +244,8 @@
"type": "library",
"bom-ref": "4-aiosignal",
"name": "aiosignal",
- "version": "1.3.1",
+ "version": "1.3.2",
"description": "aiosignal: a list of registered asynchronous callbacks",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
- }
- ],
"licenses": [
{
"license": {
@@ -196,13 +262,41 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiosignal/1.3.1/#files",
+ "url": "https://pypi.org/project/aiosignal/1.3.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiosignal",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiosignal.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiosignal@1.3.1",
+ "purl": "pkg:pypi/aiosignal@1.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
@@ -210,10 +304,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-08T16:03:57.000Z"
}
]
},
@@ -223,6 +313,12 @@
"name": "frozenlist",
"version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -242,10 +338,50 @@
"url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/frozenlist",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog",
+ "type": "log"
+ },
+ {
+ "url": "https://frozenlist.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-23T09:46:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -260,7 +396,7 @@
"type": "library",
"bom-ref": "6-async-timeout",
"name": "async-timeout",
- "version": "4.0.3",
+ "version": "5.0.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -269,12 +405,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*",
"description": "Timeout context manager for asyncio programs",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a48974404c746593f78c116faceb56a0db50309e"
+ "alg": "SHA-256",
+ "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c"
}
],
"licenses": [
@@ -293,13 +429,37 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/async-timeout/4.0.3/#files",
+ "url": "https://pypi.org/project/async-timeout/5.0.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/async-timeout",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/async-timeout@4.0.3",
+ "purl": "pkg:pypi/async-timeout@5.0.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-06T16:41:37Z"
+ },
{
"name": "language",
"value": "Python"
@@ -307,10 +467,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2023-08-10T16:35:55.000Z"
}
]
},
@@ -331,8 +487,8 @@
"description": "Classes Without Boilerplate",
"hashes": [
{
- "alg": "SHA-1",
- "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ "alg": "SHA-256",
+ "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"
}
],
"externalReferences": [
@@ -340,10 +496,34 @@
"url": "https://pypi.org/project/attrs/24.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.attrs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://www.attrs.org/en/stable/changelog.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-attrs/attrs",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/sponsors/hynek",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi",
+ "type": "other"
}
],
"purl": "pkg:pypi/attrs@24.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T14:37:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -356,42 +536,42 @@
},
{
"type": "library",
- "bom-ref": "8-multidict",
- "name": "multidict",
- "version": "6.1.0",
+ "bom-ref": "8-importlib-metadata",
+ "name": "importlib-metadata",
+ "version": "8.5.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
- "licenses": [
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
+ "description": "Read metadata from Python packages",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
+ "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_metadata",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/multidict@6.1.0",
+ "purl": "pkg:pypi/importlib-metadata@8.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-11T14:56:07Z"
+ },
{
"name": "language",
"value": "Python"
@@ -404,34 +584,42 @@
},
{
"type": "library",
- "bom-ref": "9-typing-extensions",
- "name": "typing-extensions",
- "version": "4.12.2",
+ "bom-ref": "9-zipp",
+ "name": "zipp",
+ "version": "3.21.0",
"supplier": {
- "name": "Guido van Jukka ukasz Michael",
+ "name": "Jason R .",
"contact": [
{
- "email": "levkivskyi@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
- "description": "Backported and Experimental Type Hints for Python 3.8+",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
+ "description": "Backport of pathlib-compatible object wrapper for zip files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ "alg": "SHA-256",
+ "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/jaraco/zipp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/typing-extensions@4.12.2",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-10T15:05:19Z"
+ },
{
"name": "language",
"value": "Python"
@@ -444,42 +632,63 @@
},
{
"type": "library",
- "bom-ref": "10-yarl",
- "name": "yarl",
- "version": "1.17.1",
+ "bom-ref": "10-typing-extensions",
+ "name": "typing-extensions",
+ "version": "4.12.2",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Guido van Jukka ukasz Michael",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "levkivskyi@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
- "licenses": [
+ "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
+ "description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/yarl",
+ "url": "https://github.com/python/typing_extensions",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.17.1/#files",
+ "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://typing-extensions.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python/typing/discussions",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/yarl@1.17.1",
+ "purl": "pkg:pypi/typing-extensions@4.12.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-07T18:52:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -492,28 +701,88 @@
},
{
"type": "library",
- "bom-ref": "11-idna",
- "name": "idna",
- "version": "3.10",
+ "bom-ref": "11-multidict",
+ "name": "multidict",
+ "version": "6.1.0",
"supplier": {
- "name": "Kim Davies",
+ "name": "Andrew Svetlov",
"contact": [
{
- "email": "kim+pypi@gumleaf.org"
+ "email": "andrew.svetlov@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/idna/3.10/#files",
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/multidict/6.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/multidict",
+ "type": "other"
+ },
+ {
+ "url": "https://multidict.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://multidict.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/multidict@6.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T23:47:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -528,7 +797,7 @@
"type": "library",
"bom-ref": "12-propcache",
"name": "propcache",
- "version": "0.2.0",
+ "version": "0.2.1",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -537,9 +806,15 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
"description": "Accelerated property cache",
- "licenses": [
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6"
+ }
+ ],
+ "licenses": [
{
"license": {
"id": "Apache-2.0",
@@ -555,13 +830,53 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/propcache/0.2.0/#files",
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/propcache",
+ "type": "other"
+ },
+ {
+ "url": "https://propcache.readthedocs.io/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://propcache.readthedocs.io",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/propcache@0.2.0",
+ "purl": "pkg:pypi/propcache@0.2.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T18:27:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -574,91 +889,88 @@
},
{
"type": "library",
- "bom-ref": "13-beautifulsoup4",
- "name": "beautifulsoup4",
- "version": "4.12.3",
+ "bom-ref": "13-yarl",
+ "name": "yarl",
+ "version": "1.18.3",
"supplier": {
- "name": "Leonard Richardson",
+ "name": "Andrew Svetlov",
"contact": [
{
- "email": "leonardr@segfault.org"
+ "email": "andrew.svetlov@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
- "description": "Screen-scraping library",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
+ "description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
+ "url": "https://github.com/aio-libs/yarl",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/beautifulsoup4@4.12.3",
- "properties": [
+ },
{
- "name": "language",
- "value": "Python"
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
},
{
- "name": "python_version",
- "value": "3.9.20"
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
},
{
- "name": "package_release_date",
- "value": "2024-01-17T16:53:12.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "14-soupsieve",
- "name": "soupsieve",
- "version": "2.6",
- "supplier": {
- "name": "Isaac Muse",
- "contact": [
- {
- "email": "Isaac.Muse@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
- "description": "A modern CSS selector implementation for Beautiful Soup.",
- "hashes": [
+ "url": "https://github.com/aio-libs/yarl/actions?query=branch:master",
+ "type": "other"
+ },
{
- "alg": "SHA-1",
- "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
- }
- ],
- "externalReferences": [
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
{
- "url": "https://github.com/facelessuser/soupsieve",
- "type": "website",
- "comment": "Home page for project"
+ "url": "https://codecov.io/github/aio-libs/yarl",
+ "type": "other"
},
{
- "url": "https://pypi.org/project/soupsieve/2.6/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://yarl.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://yarl.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/soupsieve@2.6",
+ "purl": "pkg:pypi/yarl@1.18.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T20:32:32Z"
+ },
{
"name": "language",
"value": "Python"
@@ -671,42 +983,50 @@
},
{
"type": "library",
- "bom-ref": "15-cvss",
- "name": "cvss",
- "version": "3.3",
+ "bom-ref": "14-idna",
+ "name": "idna",
+ "version": "3.10",
"supplier": {
- "name": "Stanislav Red Hat Product Security",
+ "name": "Kim Davies",
"contact": [
{
- "email": "skontar@redhat.com"
+ "email": "kim+pypi@gumleaf.org"
}
]
},
- "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
- "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
- "licenses": [
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
+ "description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
{
- "license": {
- "id": "LGPL-3.0-or-later",
- "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
}
],
"externalReferences": [
{
- "url": "https://github.com/RedHatProductSecurity/cvss",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/cvss/3.3/#files",
+ "url": "https://pypi.org/project/idna/3.10/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/kjd/idna/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kjd/idna",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/cvss@3.3",
+ "purl": "pkg:pypi/idna@3.10",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-15T18:07:37Z"
+ },
{
"name": "language",
"value": "Python"
@@ -719,48 +1039,56 @@
},
{
"type": "library",
- "bom-ref": "16-defusedxml",
- "name": "defusedxml",
- "version": "0.7.1",
+ "bom-ref": "15-beautifulsoup4",
+ "name": "beautifulsoup4",
+ "version": "4.12.3",
"supplier": {
- "name": "Christian Heimes",
+ "name": "Leonard Richardson",
"contact": [
{
- "email": "christian@python.org"
+ "email": "leonardr@segfault.org"
}
]
},
- "cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*",
- "description": "XML bomb protection for Python stdlib modules",
+ "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
+ "description": "Screen-scraping library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ "alg": "SHA-256",
+ "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
}
],
"licenses": [
{
"license": {
- "id": "PSF-2.0",
- "url": "https://opensource.org/licenses/Python-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/tiran/defusedxml",
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/defusedxml/0.7.1/#files",
+ "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/",
+ "type": "other"
}
],
- "purl": "pkg:pypi/defusedxml@0.7.1",
+ "purl": "pkg:pypi/beautifulsoup4@4.12.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-01-17T16:53:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -768,51 +1096,48 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2021-03-08T10:59:24.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "17-distro",
- "name": "distro",
- "version": "1.9.0",
+ "bom-ref": "16-soupsieve",
+ "name": "soupsieve",
+ "version": "2.6",
"supplier": {
- "name": "Nir Cohen",
+ "name": "Isaac Muse",
"contact": [
{
- "email": "nir36g@gmail.com"
+ "email": "Isaac.Muse@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
- "description": "Distro - an OS platform information API",
- "licenses": [
+ "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*",
+ "description": "A modern CSS selector implementation for Beautiful Soup.",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"
}
],
"externalReferences": [
{
- "url": "https://github.com/python-distro/distro",
+ "url": "https://github.com/facelessuser/soupsieve",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/distro/1.9.0/#files",
+ "url": "https://pypi.org/project/soupsieve/2.6/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/distro@1.9.0",
+ "purl": "pkg:pypi/soupsieve@2.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-13T13:39:10Z"
+ },
{
"name": "language",
"value": "Python"
@@ -820,57 +1145,73 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-24T09:54:30.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "18-filetype",
- "name": "filetype",
- "version": "1.2.0",
+ "bom-ref": "17-cvss",
+ "name": "cvss",
+ "version": "3.3",
"supplier": {
- "name": "Tomas Aparicio",
+ "name": "Stanislav Red Hat Product Security",
"contact": [
{
- "email": "tomas@aparicio.me"
+ "email": "skontar@redhat.com"
}
]
},
- "cpe": "cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*",
- "description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
+ "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*",
+ "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ "alg": "SHA-256",
+ "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "LGPL-3.0-or-later",
+ "url": "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/h2non/filetype.py",
+ "url": "https://github.com/RedHatProductSecurity/cvss",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/filetype/1.2.0/#files",
+ "url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/actions",
+ "type": "build-system"
}
],
- "purl": "pkg:pypi/filetype@1.2.0",
+ "purl": "pkg:pypi/cvss@3.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T10:05:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -878,51 +1219,57 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-02T17:34:01.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "19-gsutil",
- "name": "gsutil",
- "version": "5.31",
+ "bom-ref": "18-defusedxml",
+ "name": "defusedxml",
+ "version": "0.7.1",
"supplier": {
- "name": "Google Inc .",
+ "name": "Christian Heimes",
"contact": [
{
- "email": "buganizer-system+187143@google.com"
+ "email": "christian@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*",
- "description": "A command line tool for interacting with cloud storage services.",
+ "cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*",
+ "description": "XML bomb protection for Python stdlib modules",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "PSF-2.0",
+ "url": "https://opensource.org/licenses/Python-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://cloud.google.com/storage/docs/gsutil",
+ "url": "https://github.com/tiran/defusedxml",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.31/#files",
+ "url": "https://pypi.python.org/pypi/defusedxml",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.31",
+ "purl": "pkg:pypi/defusedxml@0.7.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-03-08T10:59:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -935,19 +1282,25 @@
},
{
"type": "library",
- "bom-ref": "20-argcomplete",
- "name": "argcomplete",
- "version": "3.5.1",
+ "bom-ref": "19-distro",
+ "name": "distro",
+ "version": "1.9.0",
"supplier": {
- "name": "Andrey Kislyuk",
+ "name": "Nir Cohen",
"contact": [
{
- "email": "kislyuk@gmail.com"
+ "email": "nir36g@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*",
- "description": "Bash tab completion for argparse",
+ "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
+ "description": "Distro - an OS platform information API",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
+ }
+ ],
"licenses": [
{
"license": {
@@ -959,18 +1312,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/kislyuk/argcomplete",
+ "url": "https://github.com/python-distro/distro",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/argcomplete/3.5.1/#files",
+ "url": "https://pypi.org/project/distro/1.9.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/argcomplete@3.5.1",
+ "purl": "pkg:pypi/distro@1.9.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-24T09:54:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -983,42 +1340,52 @@
},
{
"type": "library",
- "bom-ref": "21-crcmod",
- "name": "crcmod",
- "version": "1.7",
+ "bom-ref": "20-filetype",
+ "name": "filetype",
+ "version": "1.2.0",
"supplier": {
- "name": "Ray Buvel",
+ "name": "Tomas Aparicio",
"contact": [
{
- "email": "rlbuvel@gmail.com"
+ "email": "tomas@aparicio.me"
}
]
},
- "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
- "description": "CRC Generator",
+ "cpe": "cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*",
+ "description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://crcmod.sourceforge.net/",
+ "url": "https://github.com/h2non/filetype.py",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/crcmod/1.7/#files",
+ "url": "https://github.com/h2non/filetype.py/tarball/master",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/crcmod@1.7",
+ "purl": "pkg:pypi/filetype@1.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-02T17:34:01Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1031,18 +1398,23 @@
},
{
"type": "library",
- "bom-ref": "22-fasteners",
- "name": "fasteners",
- "version": "0.19",
+ "bom-ref": "21-gsutil",
+ "name": "gsutil",
+ "version": "5.33",
"supplier": {
- "name": "Joshua Harlow"
+ "name": "Google Inc .",
+ "contact": [
+ {
+ "email": "buganizer-system+187143@google.com"
+ }
+ ]
},
- "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
- "description": "A python package that provides useful locks",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*",
+ "description": "A command line tool for interacting with cloud storage services.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ "alg": "SHA-256",
+ "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856"
}
],
"licenses": [
@@ -1056,18 +1428,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/harlowja/fasteners",
+ "url": "https://cloud.google.com/storage/docs/gsutil",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/fasteners/0.19/#files",
+ "url": "https://cloud.google.com/storage/docs/gsutil_install",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/fasteners@0.19",
+ "purl": "pkg:pypi/gsutil@5.33",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-11T09:40:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1080,23 +1456,23 @@
},
{
"type": "library",
- "bom-ref": "23-gcs-oauth2-boto-plugin",
- "name": "gcs-oauth2-boto-plugin",
- "version": "3.2",
+ "bom-ref": "22-argcomplete",
+ "name": "argcomplete",
+ "version": "3.5.2",
"supplier": {
- "name": "Google Inc .",
+ "name": "Andrey Kislyuk",
"contact": [
{
- "email": "gs-team@google.com"
+ "email": "kislyuk@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*",
- "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
+ "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*",
+ "description": "Bash tab completion for argparse",
"hashes": [
{
- "alg": "SHA-1",
- "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+ "alg": "SHA-256",
+ "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
}
],
"licenses": [
@@ -1110,18 +1486,38 @@
],
"externalReferences": [
{
- "url": "https://developers.google.com/storage/docs/gspythonlibrary",
+ "url": "https://github.com/kislyuk/argcomplete",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files",
+ "url": "https://pypi.org/project/argcomplete/3.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://kislyuk.github.io/argcomplete",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst",
+ "type": "log"
}
],
- "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
+ "purl": "pkg:pypi/argcomplete@3.5.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-06T18:24:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1129,57 +1525,57 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-02T14:37:31.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "24-boto",
- "name": "boto",
- "version": "2.49.0",
+ "bom-ref": "23-crcmod",
+ "name": "crcmod",
+ "version": "1.7",
"supplier": {
- "name": "Mitch Garnaat",
+ "name": "Ray Buvel",
"contact": [
{
- "email": "mitch@garnaat.com"
+ "email": "rlbuvel@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
- "description": "Amazon Web Services Library",
+ "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
+ "description": "CRC Generator",
"hashes": [
{
- "alg": "SHA-1",
- "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ "alg": "SHA-256",
+ "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/boto/boto/",
+ "url": "http://crcmod.sourceforge.net/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/boto/2.49.0/#files",
+ "url": "http://sourceforge.net/projects/crcmod",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/boto@2.49.0",
+ "purl": "pkg:pypi/crcmod@1.7",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2010-06-27T14:35:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1187,32 +1583,23 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2018-07-11T20:58:55.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "25-google-auth",
- "name": "google-auth",
- "version": "2.17.0",
+ "bom-ref": "24-fasteners",
+ "name": "fasteners",
+ "version": "0.19",
"supplier": {
- "name": "Google Cloud Platform",
- "contact": [
- {
- "email": "googleapis-packages@google.com"
- }
- ]
+ "name": "Joshua Harlow"
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
+ "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*",
+ "description": "A python package that provides useful locks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243"
+ "alg": "SHA-256",
+ "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237"
}
],
"licenses": [
@@ -1226,18 +1613,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/googleapis/google-auth-library-python",
+ "url": "https://github.com/harlowja/fasteners",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth/2.17.0/#files",
+ "url": "https://pypi.org/project/fasteners/0.19/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.17.0",
+ "purl": "pkg:pypi/fasteners@0.19",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-09-19T17:11:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1250,42 +1641,52 @@
},
{
"type": "library",
- "bom-ref": "26-cachetools",
- "name": "cachetools",
- "version": "5.5.0",
+ "bom-ref": "25-gcs-oauth2-boto-plugin",
+ "name": "gcs-oauth2-boto-plugin",
+ "version": "3.2",
"supplier": {
- "name": "Thomas Kemmer",
+ "name": "Google Inc .",
"contact": [
{
- "email": "tkemmer@computer.org"
+ "email": "gs-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
+ "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*",
+ "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/tkem/cachetools/",
+ "url": "https://developers.google.com/storage/docs/gspythonlibrary",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cachetools/5.5.0/#files",
+ "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cachetools@5.5.0",
+ "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-02T14:37:31Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1298,42 +1699,52 @@
},
{
"type": "library",
- "bom-ref": "27-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.1",
+ "bom-ref": "26-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Sybren A . Stuvel",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "sybren@stuvel.eu"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1-modules",
+ "url": "https://stuvel.eu/rsa",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
+ "url": "https://pypi.org/project/rsa/4.7.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.4.1",
+ "purl": "pkg:pypi/rsa@4.7.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-02-24T10:55:03Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1346,7 +1757,7 @@
},
{
"type": "library",
- "bom-ref": "28-pyasn1",
+ "bom-ref": "27-pyasn1",
"name": "pyasn1",
"version": "0.6.1",
"supplier": {
@@ -1359,6 +1770,12 @@
},
"cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
"description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1378,10 +1795,30 @@
"url": "https://pypi.org/project/pyasn1/0.6.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html",
+ "type": "log"
}
],
"purl": "pkg:pypi/pyasn1@0.6.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:41:42Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1394,48 +1831,52 @@
},
{
"type": "library",
- "bom-ref": "29-rsa",
- "name": "rsa",
- "version": "4.7.2",
+ "bom-ref": "28-boto",
+ "name": "boto",
+ "version": "2.49.0",
"supplier": {
- "name": "Sybren A . Stuvel",
+ "name": "Mitch Garnaat",
"contact": [
{
- "email": "sybren@stuvel.eu"
+ "email": "mitch@garnaat.com"
}
]
},
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
+ "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
+ "description": "Amazon Web Services Library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ "alg": "SHA-256",
+ "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://stuvel.eu/rsa",
+ "url": "https://github.com/boto/boto/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rsa/4.7.2/#files",
+ "url": "https://pypi.org/project/boto/2.49.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2",
+ "purl": "pkg:pypi/boto@2.49.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-07-11T20:58:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1443,57 +1884,57 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2021-02-24T10:55:03.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "30-six",
- "name": "six",
- "version": "1.16.0",
+ "bom-ref": "29-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
"supplier": {
- "name": "Benjamin Peterson",
+ "name": "Google",
"contact": [
{
- "email": "benjamin@python.org"
+ "email": "googleapis-publisher@google.com"
}
]
},
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*",
- "description": "Python 2 and 3 compatibility utilities",
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "65486e4383f9f411da95937451205d3c7b61b9e1"
+ "alg": "SHA-256",
+ "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/benjaminp/six",
+ "url": "https://github.com/Google/google-reauth-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/six/1.16.0/#files",
+ "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/six@1.16.0",
+ "purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-12-01T17:35:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1501,32 +1942,28 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T14:18:17.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "31-google-auth-httplib2",
- "name": "google-auth-httplib2",
- "version": "0.2.0",
+ "bom-ref": "30-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Google Inc .",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "pyu2f-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library: httplib2 transport",
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "932ac88800dd6de004c1bd59867831ccf033f031"
+ "alg": "SHA-256",
+ "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b"
}
],
"licenses": [
@@ -1540,18 +1977,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
+ "url": "https://github.com/google/pyu2f/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
+ "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
+ "purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-10-30T20:03:07Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1559,57 +2000,57 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-12T17:40:13.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "32-httplib2",
- "name": "httplib2",
- "version": "0.20.4",
+ "bom-ref": "31-six",
+ "name": "six",
+ "version": "1.17.0",
"supplier": {
- "name": "Joe Gregorio",
+ "name": "Benjamin Peterson",
"contact": [
{
- "email": "joe@bitworking.org"
+ "email": "benjamin@python.org"
}
]
},
- "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
- "description": "A comprehensive HTTP client library.",
+ "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
+ "description": "Python 2 and 3 compatibility utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ "alg": "SHA-256",
+ "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/httplib2/httplib2",
+ "url": "https://github.com/benjaminp/six",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/httplib2/0.20.4/#files",
+ "url": "https://pypi.org/project/six/1.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/httplib2@0.20.4",
+ "purl": "pkg:pypi/six@1.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T17:35:26Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1622,33 +2063,52 @@
},
{
"type": "library",
- "bom-ref": "33-pyparsing",
- "name": "pyparsing",
- "version": "3.2.0",
+ "bom-ref": "32-httplib2",
+ "name": "httplib2",
+ "version": "0.20.4",
"supplier": {
- "name": "Paul McGuire",
+ "name": "Joe Gregorio",
"contact": [
{
- "email": "ptmcg.gm+pyparsing@gmail.com"
+ "email": "joe@bitworking.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
+ "description": "A comprehensive HTTP client library.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
}
- ]
- },
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ }
+ ],
"externalReferences": [
{
- "url": "https://github.com/pyparsing/pyparsing/",
+ "url": "https://github.com/httplib2/httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
+ "url": "https://pypi.org/project/httplib2/0.20.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyparsing@3.2.0",
+ "purl": "pkg:pypi/httplib2@0.20.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-02-03T00:00:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1661,48 +2121,43 @@
},
{
"type": "library",
- "bom-ref": "34-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
+ "bom-ref": "33-pyparsing",
+ "name": "pyparsing",
+ "version": "3.2.0",
"supplier": {
- "name": "Google",
+ "name": "Paul McGuire",
"contact": [
{
- "email": "googleapis-publisher@google.com"
+ "email": "ptmcg.gm+pyparsing@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
+ "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84"
}
],
"externalReferences": [
{
- "url": "https://github.com/Google/google-reauth-python",
+ "url": "https://github.com/pyparsing/pyparsing/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
+ "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1",
+ "purl": "pkg:pypi/pyparsing@3.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-13T10:01:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1710,32 +2165,28 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2020-12-01T17:35:45.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "35-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
+ "bom-ref": "34-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
"supplier": {
"name": "Google Inc .",
"contact": [
{
- "email": "pyu2f-team@google.com"
+ "email": "jonwayne+oauth2client@google.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ "alg": "SHA-256",
+ "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac"
}
],
"licenses": [
@@ -1749,18 +2200,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/google/pyu2f/",
+ "url": "http://github.com/google/oauth2client/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
+ "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyu2f@0.1.5",
+ "purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-09-07T21:38:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1768,57 +2223,69 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2020-10-30T20:03:07.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "36-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
+ "bom-ref": "35-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.4.1",
"supplier": {
- "name": "Google Inc .",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "jonwayne+oauth2client@google.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
+ "alg": "SHA-256",
+ "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://github.com/google/oauth2client/",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
+ "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt",
+ "type": "log"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:42:08Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1826,16 +2293,12 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2018-09-07T21:38:16.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "37-pyopenssl",
+ "bom-ref": "36-pyopenssl",
"name": "pyopenssl",
"version": "24.2.1",
"supplier": {
@@ -1848,6 +2311,12 @@
},
"cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1867,10 +2336,18 @@
"url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyca/pyopenssl",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-20T17:26:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1883,7 +2360,7 @@
},
{
"type": "library",
- "bom-ref": "38-cryptography",
+ "bom-ref": "37-cryptography",
"name": "cryptography",
"version": "43.0.3",
"supplier": {
@@ -1896,6 +2373,12 @@
},
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"
+ }
+ ],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
@@ -1911,10 +2394,30 @@
"url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://cryptography.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cryptography.io/en/latest/changelog/",
+ "type": "log"
}
],
"purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:57:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1927,7 +2430,7 @@
},
{
"type": "library",
- "bom-ref": "39-cffi",
+ "bom-ref": "38-cffi",
"name": "cffi",
"version": "1.17.1",
"supplier": {
@@ -1940,11 +2443,17 @@
},
"cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
"description": "Foreign Function Interface for Python calling C code.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1959,10 +2468,38 @@
"url": "https://pypi.org/project/cffi/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "http://cffi.readthedocs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/python-cffi",
+ "type": "other"
}
],
"purl": "pkg:pypi/cffi@1.17.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-04T20:43:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1975,7 +2512,7 @@
},
{
"type": "library",
- "bom-ref": "40-pycparser",
+ "bom-ref": "39-pycparser",
"name": "pycparser",
"version": "2.22",
"supplier": {
@@ -1990,8 +2527,8 @@
"description": "C parser in Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+ "alg": "SHA-256",
+ "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
}
],
"licenses": [
@@ -2017,6 +2554,10 @@
],
"purl": "pkg:pypi/pycparser@2.22",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-03-30T13:22:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2024,16 +2565,12 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2024-03-30T13:22:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "41-retry-decorator",
+ "bom-ref": "40-retry-decorator",
"name": "retry-decorator",
"version": "1.1.1",
"supplier": {
@@ -2048,15 +2585,15 @@
"description": "Retry Decorator",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ "alg": "SHA-256",
+ "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2075,6 +2612,10 @@
],
"purl": "pkg:pypi/retry-decorator@1.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-03-10T23:56:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2082,32 +2623,28 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2020-03-10T23:56:29.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "42-google-apitools",
- "name": "google-apitools",
- "version": "0.5.32",
+ "bom-ref": "41-google-auth",
+ "name": "google-auth",
+ "version": "2.17.0",
"supplier": {
- "name": "Craig Citro",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "craigcitro@google.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
- "description": "client libraries for humans",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ "alg": "SHA-256",
+ "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94"
}
],
"licenses": [
@@ -2121,18 +2658,22 @@
],
"externalReferences": [
{
- "url": "http://github.com/google/apitools",
+ "url": "https://github.com/googleapis/google-auth-library-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
+ "url": "https://pypi.org/project/google-auth/2.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-apitools@0.5.32",
+ "purl": "pkg:pypi/google-auth@2.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-03-28T19:51:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2140,32 +2681,86 @@
{
"name": "python_version",
"value": "3.9.20"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "42-cachetools",
+ "name": "cachetools",
+ "version": "5.5.0",
+ "supplier": {
+ "name": "Thomas Kemmer",
+ "contact": [
+ {
+ "email": "tkemmer@computer.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/tkem/cachetools/",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/cachetools/5.5.0/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/cachetools@5.5.0",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-18T20:28:43Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
},
{
- "name": "package_release_date",
- "value": "2021-05-05T22:12:58.000Z"
+ "name": "python_version",
+ "value": "3.9.20"
}
]
},
{
"type": "library",
- "bom-ref": "43-monotonic",
- "name": "monotonic",
- "version": "1.6",
+ "bom-ref": "43-google-auth-httplib2",
+ "name": "google-auth-httplib2",
+ "version": "0.2.0",
"supplier": {
- "name": "Ori Livneh",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "ori@wikimedia.org"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
- "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
- "alg": "SHA-1",
- "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ "alg": "SHA-256",
+ "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
}
],
"licenses": [
@@ -2179,18 +2774,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/atdt/monotonic",
+ "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/monotonic/1.6/#files",
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/monotonic@1.6",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-12T17:40:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2198,43 +2797,57 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2021-04-09T21:58:05.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "44-importlib-metadata",
- "name": "importlib-metadata",
- "version": "8.5.0",
+ "bom-ref": "44-google-apitools",
+ "name": "google-apitools",
+ "version": "0.5.32",
"supplier": {
- "name": "Jason R .",
+ "name": "Craig Citro",
"contact": [
{
- "email": "jaraco@jaraco.com"
+ "email": "craigcitro@google.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
- "description": "Read metadata from Python packages",
+ "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
+ "description": "client libraries for humans",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
+ "alg": "SHA-256",
+ "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
+ "url": "http://github.com/google/apitools",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-metadata@8.5.0",
+ "purl": "pkg:pypi/google-apitools@0.5.32",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-05-05T22:12:58Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2247,28 +2860,52 @@
},
{
"type": "library",
- "bom-ref": "45-zipp",
- "name": "zipp",
- "version": "3.21.0",
+ "bom-ref": "45-monotonic",
+ "name": "monotonic",
+ "version": "1.6",
"supplier": {
- "name": "Jason R .",
+ "name": "Ori Livneh",
"contact": [
{
- "email": "jaraco@jaraco.com"
+ "email": "ori@wikimedia.org"
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
+ "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
+ "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.21.0/#files",
+ "url": "https://github.com/atdt/monotonic",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/monotonic/1.6/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.21.0",
+ "purl": "pkg:pypi/monotonic@1.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-04-09T21:58:05Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2287,8 +2924,8 @@
"description": "A very fast and expressive template engine.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+ "alg": "SHA-256",
+ "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
}
],
"externalReferences": [
@@ -2296,10 +2933,34 @@
"url": "https://pypi.org/project/jinja2/3.1.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/pallets/jinja/",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jinja2@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-05T23:41:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2307,10 +2968,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-05T23:41:59.000Z"
}
]
},
@@ -2322,8 +2979,8 @@
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ "alg": "SHA-256",
+ "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"
}
],
"externalReferences": [
@@ -2331,10 +2988,34 @@
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
}
],
"purl": "pkg:pypi/markupsafe@3.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:20:51Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2360,11 +3041,17 @@
},
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2379,10 +3066,38 @@
"url": "https://pypi.org/project/jsonschema/4.23.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://python-jsonschema.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema@4.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-08T18:40:00Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2410,8 +3125,8 @@
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
- "alg": "SHA-1",
- "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549"
+ "alg": "SHA-256",
+ "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"
}
],
"externalReferences": [
@@ -2424,10 +3139,34 @@
"url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jsonschema-specifications.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema-specifications@2024.10.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-08T12:29:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2455,8 +3194,8 @@
"description": "JSON Referencing + Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ "alg": "SHA-256",
+ "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
}
],
"externalReferences": [
@@ -2469,10 +3208,38 @@
"url": "https://pypi.org/project/referencing/0.35.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/en/stable/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/referencing@0.35.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-01T20:26:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2480,10 +3247,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-01T20:26:02.000Z"
}
]
},
@@ -2491,7 +3254,7 @@
"type": "library",
"bom-ref": "51-rpds-py",
"name": "rpds-py",
- "version": "0.21.0",
+ "version": "0.22.3",
"supplier": {
"name": "Julian Berman",
"contact": [
@@ -2500,8 +3263,14 @@
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2509,13 +3278,41 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rpds-py/0.21.0/#files",
+ "url": "https://pypi.org/project/rpds-py/0.22.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rpds.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/orium/rpds",
+ "type": "other"
}
],
- "purl": "pkg:pypi/rpds-py@0.21.0",
+ "purl": "pkg:pypi/rpds-py@0.22.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T15:31:31Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2530,7 +3327,7 @@
"type": "library",
"bom-ref": "52-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.5",
+ "version": "0.8.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2539,8 +3336,14 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2557,13 +3360,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.7.5/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.5",
+ "purl": "pkg:pypi/lib4sbom@0.8.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-09T20:13:26Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2589,11 +3396,17 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2605,13 +3418,37 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyyaml/6.0.2/#files",
+ "url": "https://pypi.org/project/PyYAML/",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://pyyaml.org/wiki/PyYAMLDocumentation",
+ "type": "documentation"
+ },
+ {
+ "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core",
+ "type": "mailing-list"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyyaml@6.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T20:31:40Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2639,8 +3476,8 @@
"description": "A library implementing the 'SemVer' scheme.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ "alg": "SHA-256",
+ "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177"
}
],
"licenses": [
@@ -2666,6 +3503,10 @@
],
"purl": "pkg:pypi/semantic-version@2.10.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-05-26T13:35:21Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2673,10 +3514,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2022-05-26T13:35:21.000Z"
}
]
},
@@ -2697,8 +3534,8 @@
"description": "VEX generator and consumer library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ "alg": "SHA-256",
+ "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
}
],
"licenses": [
@@ -2724,6 +3561,10 @@
],
"purl": "pkg:pypi/lib4vex@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-29T20:36:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2751,15 +3592,15 @@
"description": "CSAF generator and analyser",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4"
+ "alg": "SHA-256",
+ "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2778,6 +3619,10 @@
],
"purl": "pkg:pypi/csaf-tool@0.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-12T20:10:06Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2798,11 +3643,17 @@
},
"cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*",
"description": "A purl aka. Package URL parser and builder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2821,6 +3672,10 @@
],
"purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-22T05:51:23Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2848,15 +3703,15 @@
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
- "alg": "SHA-1",
- "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ "alg": "SHA-256",
+ "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2871,10 +3726,18 @@
"url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rich.readthedocs.io/en/latest/",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/rich@13.9.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T16:43:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2902,8 +3765,8 @@
"description": "Python port of markdown-it. Markdown parsing, done right!",
"hashes": [
{
- "alg": "SHA-1",
- "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ "alg": "SHA-256",
+ "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"
}
],
"externalReferences": [
@@ -2916,10 +3779,18 @@
"url": "https://pypi.org/project/markdown-it-py/3.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://markdown-it-py.readthedocs.io",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/markdown-it-py@3.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-06-03T06:41:11Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2927,10 +3798,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2023-06-03T06:41:11.000Z"
}
]
},
@@ -2951,8 +3818,8 @@
"description": "Markdown URL utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ "alg": "SHA-256",
+ "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"
}
],
"externalReferences": [
@@ -2969,6 +3836,10 @@
],
"purl": "pkg:pypi/mdurl@0.1.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-08-14T12:40:09Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2976,10 +3847,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2022-08-14T12:40:09.000Z"
}
]
},
@@ -2996,37 +3863,127 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
- "description": "Pygments is a syntax highlighting package written in Python.",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
+ "description": "Pygments is a syntax highlighting package written in Python.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pygments.org",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/pygments/2.18.0/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://pygments.org/docs",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pygments/pygments",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/blob/master/CHANGES",
+ "type": "log"
+ }
+ ],
+ "purl": "pkg:pypi/pygments@2.18.0",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-04T13:41:57Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.9.20"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "62-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.3",
+ "supplier": {
+ "name": "Vinay Sajip",
+ "contact": [
+ {
+ "email": "vinay_sajip@yahoo.co.uk"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ "alg": "SHA-256",
+ "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
}
],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pygments.org",
+ "url": "https://github.com/vsajip/python-gnupg",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pygments/2.18.0/#files",
+ "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gnupg.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/pygments@2.18.0",
+ "purl": "pkg:pypi/python-gnupg@0.5.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-20T16:43:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3034,16 +3991,12 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-04T13:41:57.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "62-packaging",
+ "bom-ref": "63-packaging",
"name": "packaging",
"version": "24.2",
"supplier": {
@@ -3056,15 +4009,33 @@
},
"cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
"description": "Core utilities for Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://packaging.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pypa/packaging",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/packaging@24.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-08T09:47:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3077,7 +4048,7 @@
},
{
"type": "library",
- "bom-ref": "63-plotly",
+ "bom-ref": "64-plotly",
"name": "plotly",
"version": "5.24.1",
"supplier": {
@@ -3090,11 +4061,17 @@
},
"cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3109,10 +4086,26 @@
"url": "https://pypi.org/project/plotly/5.24.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://plotly.com/python/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
+ "type": "log"
}
],
"purl": "pkg:pypi/plotly@5.24.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T15:36:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3125,7 +4118,7 @@
},
{
"type": "library",
- "bom-ref": "64-tenacity",
+ "bom-ref": "65-tenacity",
"name": "tenacity",
"version": "9.0.0",
"supplier": {
@@ -3140,8 +4133,8 @@
"description": "Retry code until it succeeds",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+ "alg": "SHA-256",
+ "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
}
],
"licenses": [
@@ -3168,53 +4161,9 @@
"purl": "pkg:pypi/tenacity@9.0.0",
"properties": [
{
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.9.20"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "65-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.3",
- "supplier": {
- "name": "Vinay Sajip",
- "contact": [
- {
- "email": "vinay_sajip@yahoo.co.uk"
- }
- ]
- },
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/vsajip/python-gnupg",
- "type": "website",
- "comment": "Home page for project"
+ "name": "release_date",
+ "value": "2024-07-29T12:12:25Z"
},
- {
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
- "properties": [
{
"name": "language",
"value": "Python"
@@ -3242,8 +4191,8 @@
"description": "Python HTTP for Humans.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "0e322af87745eff34caffe4df68456ebc20d9068"
+ "alg": "SHA-256",
+ "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
}
],
"licenses": [
@@ -3265,10 +4214,22 @@
"url": "https://pypi.org/project/requests/2.32.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://requests.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/psf/requests",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/requests@2.32.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-29T15:37:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3281,42 +4242,60 @@
},
{
"type": "library",
- "bom-ref": "67-certifi",
- "name": "certifi",
- "version": "2024.8.30",
+ "bom-ref": "67-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.4.0",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Ahmed TAHRI",
"contact": [
{
- "email": "me@kennethreitz.com"
+ "email": "tahri.ahmed@proton.me"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/certifi/python-certifi",
+ "url": "https://github.com/Ousret/charset_normalizer",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2024.8.30/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/Ousret/charset_normalizer/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://charset-normalizer.readthedocs.io/en/latest",
+ "type": "documentation"
}
],
- "purl": "pkg:pypi/certifi@2024.8.30",
+ "purl": "pkg:pypi/charset-normalizer@3.4.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-09T07:38:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3329,42 +4308,54 @@
},
{
"type": "library",
- "bom-ref": "68-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.4.0",
+ "bom-ref": "68-urllib3",
+ "name": "urllib3",
+ "version": "2.2.3",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Andrey Petrov",
"contact": [
{
- "email": "tahri.ahmed@proton.me"
+ "email": "andrey.petrov@shazow.net"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
}
],
"externalReferences": [
{
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+ "url": "https://pypi.org/project/urllib3/2.2.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://urllib3.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
+ "purl": "pkg:pypi/urllib3@2.2.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T10:52:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3377,28 +4368,56 @@
},
{
"type": "library",
- "bom-ref": "69-urllib3",
- "name": "urllib3",
- "version": "2.2.3",
+ "bom-ref": "69-certifi",
+ "name": "certifi",
+ "version": "2024.12.14",
"supplier": {
- "name": "Andrey Petrov",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "andrey.petrov@shazow.net"
+ "email": "me@kennethreitz.com"
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/certifi/2024.12.14/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/urllib3@2.2.3",
+ "purl": "pkg:pypi/certifi@2024.12.14",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-14T13:52:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3426,15 +4445,15 @@
"description": "Read rpm archive files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5"
+ "alg": "SHA-256",
+ "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3453,6 +4472,10 @@
],
"purl": "pkg:pypi/rpmfile@2.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-24T21:57:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3467,7 +4490,7 @@
"type": "library",
"bom-ref": "71-setuptools",
"name": "setuptools",
- "version": "75.3.0",
+ "version": "75.6.0",
"supplier": {
"name": "Python Packaging Authority",
"contact": [
@@ -3476,17 +4499,39 @@
}
]
},
- "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/setuptools/75.3.0/#files",
+ "url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pypa/setuptools",
+ "type": "vcs"
+ },
+ {
+ "url": "https://setuptools.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://setuptools.pypa.io/en/stable/history.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/setuptools@75.3.0",
+ "purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-20T18:16:10Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3514,15 +4559,15 @@
"description": "Python Library for Tom's Obvious, Minimal Language",
"hashes": [
{
- "alg": "SHA-1",
- "content": "3f637dba5f68db63d4b30967fedda51c82459471"
+ "alg": "SHA-256",
+ "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3541,6 +4586,10 @@
],
"purl": "pkg:pypi/toml@0.10.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-11-01T01:40:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3548,10 +4597,6 @@
{
"name": "python_version",
"value": "3.9.20"
- },
- {
- "name": "package_release_date",
- "value": "2020-11-01T01:40:20.000Z"
}
]
},
@@ -3570,11 +4615,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3593,6 +4644,10 @@
],
"purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T09:47:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3618,11 +4673,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3641,6 +4702,10 @@
],
"purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-27T21:52:58Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3666,6 +4731,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -3689,6 +4760,10 @@
],
"purl": "pkg:pypi/zstandard@0.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-15T00:13:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3711,31 +4786,31 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "13-beautifulsoup4",
- "15-cvss",
- "16-defusedxml",
- "17-distro",
- "18-filetype",
- "19-gsutil",
- "44-importlib-metadata",
+ "15-beautifulsoup4",
+ "17-cvss",
+ "18-defusedxml",
+ "19-distro",
+ "20-filetype",
+ "21-gsutil",
+ "8-importlib-metadata",
"46-jinja2",
"48-jsonschema",
"52-lib4sbom",
"55-lib4vex",
+ "62-python-gnupg",
"57-packageurl-python",
- "62-packaging",
- "63-plotly",
- "65-python-gnupg",
+ "63-packaging",
+ "64-plotly",
"53-pyyaml",
"66-requests",
"58-rich",
"70-rpmfile",
"71-setuptools",
"72-toml",
- "69-urllib3",
+ "68-urllib3",
"73-xmlschema",
- "45-zipp",
- "75-zstandard"
+ "75-zstandard",
+ "9-zipp"
]
},
{
@@ -3746,8 +4821,9 @@
"6-async-timeout",
"7-attrs",
"5-frozenlist",
- "8-multidict",
- "10-yarl"
+ "11-multidict",
+ "12-propcache",
+ "13-yarl"
]
},
{
@@ -3757,84 +4833,87 @@
]
},
{
- "ref": "8-multidict",
+ "ref": "7-attrs",
"dependsOn": [
- "9-typing-extensions"
+ "8-importlib-metadata"
]
},
{
- "ref": "10-yarl",
+ "ref": "8-importlib-metadata",
"dependsOn": [
- "11-idna",
- "8-multidict",
- "12-propcache"
+ "9-zipp",
+ "10-typing-extensions"
]
},
{
- "ref": "13-beautifulsoup4",
+ "ref": "11-multidict",
"dependsOn": [
- "14-soupsieve"
+ "10-typing-extensions"
]
},
{
- "ref": "19-gsutil",
+ "ref": "13-yarl",
"dependsOn": [
- "20-argcomplete",
- "21-crcmod",
- "22-fasteners",
- "23-gcs-oauth2-boto-plugin",
- "42-google-apitools",
- "25-google-auth",
- "31-google-auth-httplib2",
- "34-google-reauth",
- "32-httplib2",
- "43-monotonic",
- "37-pyopenssl",
- "41-retry-decorator",
- "30-six"
+ "14-idna",
+ "11-multidict",
+ "12-propcache"
+ ]
+ },
+ {
+ "ref": "15-beautifulsoup4",
+ "dependsOn": [
+ "16-soupsieve"
]
},
{
- "ref": "23-gcs-oauth2-boto-plugin",
+ "ref": "21-gsutil",
"dependsOn": [
- "24-boto",
- "25-google-auth",
- "31-google-auth-httplib2",
- "34-google-reauth",
+ "22-argcomplete",
+ "23-crcmod",
+ "24-fasteners",
+ "25-gcs-oauth2-boto-plugin",
+ "44-google-apitools",
"32-httplib2",
- "36-oauth2client",
- "37-pyopenssl",
- "41-retry-decorator",
- "29-rsa",
- "30-six"
+ "29-google-reauth",
+ "45-monotonic",
+ "36-pyopenssl",
+ "40-retry-decorator",
+ "31-six",
+ "41-google-auth",
+ "43-google-auth-httplib2"
]
},
{
- "ref": "25-google-auth",
+ "ref": "25-gcs-oauth2-boto-plugin",
"dependsOn": [
- "26-cachetools",
- "27-pyasn1-modules",
- "29-rsa",
- "30-six"
+ "26-rsa",
+ "28-boto",
+ "29-google-reauth",
+ "32-httplib2",
+ "34-oauth2client",
+ "36-pyopenssl",
+ "40-retry-decorator",
+ "31-six",
+ "41-google-auth",
+ "43-google-auth-httplib2"
]
},
{
- "ref": "27-pyasn1-modules",
+ "ref": "26-rsa",
"dependsOn": [
- "28-pyasn1"
+ "27-pyasn1"
]
},
{
- "ref": "29-rsa",
+ "ref": "29-google-reauth",
"dependsOn": [
- "28-pyasn1"
+ "30-pyu2f"
]
},
{
- "ref": "31-google-auth-httplib2",
+ "ref": "30-pyu2f",
"dependsOn": [
- "25-google-auth",
- "32-httplib2"
+ "31-six"
]
},
{
@@ -3844,58 +4923,62 @@
]
},
{
- "ref": "34-google-reauth",
+ "ref": "34-oauth2client",
"dependsOn": [
- "35-pyu2f"
+ "32-httplib2",
+ "27-pyasn1",
+ "35-pyasn1-modules",
+ "26-rsa",
+ "31-six"
]
},
{
- "ref": "35-pyu2f",
+ "ref": "35-pyasn1-modules",
"dependsOn": [
- "30-six"
+ "27-pyasn1"
]
},
{
- "ref": "36-oauth2client",
+ "ref": "36-pyopenssl",
"dependsOn": [
- "32-httplib2",
- "28-pyasn1",
- "27-pyasn1-modules",
- "29-rsa",
- "30-six"
+ "37-cryptography"
]
},
{
- "ref": "37-pyopenssl",
+ "ref": "37-cryptography",
"dependsOn": [
- "38-cryptography"
+ "38-cffi"
]
},
{
- "ref": "38-cryptography",
+ "ref": "38-cffi",
"dependsOn": [
- "39-cffi"
+ "39-pycparser"
]
},
{
- "ref": "39-cffi",
+ "ref": "41-google-auth",
"dependsOn": [
- "40-pycparser"
+ "42-cachetools",
+ "35-pyasn1-modules",
+ "31-six",
+ "26-rsa"
]
},
{
- "ref": "42-google-apitools",
+ "ref": "43-google-auth-httplib2",
"dependsOn": [
- "22-fasteners",
- "32-httplib2",
- "36-oauth2client",
- "30-six"
+ "41-google-auth",
+ "32-httplib2"
]
},
{
- "ref": "44-importlib-metadata",
+ "ref": "44-google-apitools",
"dependsOn": [
- "45-zipp"
+ "32-httplib2",
+ "24-fasteners",
+ "34-oauth2client",
+ "31-six"
]
},
{
@@ -3929,16 +5012,16 @@
{
"ref": "52-lib4sbom",
"dependsOn": [
- "16-defusedxml",
"53-pyyaml",
- "54-semantic-version"
+ "54-semantic-version",
+ "18-defusedxml"
]
},
{
"ref": "55-lib4vex",
"dependsOn": [
- "56-csaf-tool",
"52-lib4sbom",
+ "56-csaf-tool",
"57-packageurl-python"
]
},
@@ -3954,7 +5037,7 @@
"dependsOn": [
"59-markdown-it-py",
"61-pygments",
- "9-typing-extensions"
+ "10-typing-extensions"
]
},
{
@@ -3964,19 +5047,19 @@
]
},
{
- "ref": "63-plotly",
+ "ref": "64-plotly",
"dependsOn": [
- "62-packaging",
- "64-tenacity"
+ "65-tenacity",
+ "63-packaging"
]
},
{
"ref": "66-requests",
"dependsOn": [
- "67-certifi",
- "68-charset-normalizer",
- "11-idna",
- "69-urllib3"
+ "67-charset-normalizer",
+ "14-idna",
+ "68-urllib3",
+ "69-certifi"
]
},
{
@@ -3984,6 +5067,12 @@
"dependsOn": [
"74-elementpath"
]
+ },
+ {
+ "ref": "75-zstandard",
+ "dependsOn": [
+ "38-cffi"
+ ]
}
]
}
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index e3fee52bd3..d4dae4efe8 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9649f957-449f-4148-b2c1-9a5ec28d0ff8
-LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.3
-Created: 2024-11-11T00:37:24Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-760aa8bc-559a-4597-a2fe-bd897ceb6610
+LicenseListVersion: 3.25
+Creator: Tool: sbom4python-0.12.1
+Created: 2024-12-16T00:39:29Z
CreatorComment: This document has been automatically generated.
#####
@@ -17,62 +17,84 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/intel/cve-bin-tool
+PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
+ReleaseDate: 2024-09-17T18:57:44Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.10.10
+PackageVersion: 3.11.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageLicenseDeclared: NOASSERTION
+PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d
+PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10
+ReleaseDate: 2024-12-05T23:51:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp
+ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
+ExternalRef: OTHER other https://docs.aiohttp.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10
#####
PackageName: aiohappyeyeballs
SPDXID: SPDXRef-3-aiohappyeyeballs
-PackageVersion: 2.4.3
+PackageVersion: 2.4.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
-PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files
+PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
-PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f
+PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues
+ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
SPDXID: SPDXRef-4-aiosignal
-PackageVersion: 1.3.1
+PackageVersion: 1.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files
+PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: aiosignal: a list of registered asynchronous callbacks
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
+ExternalRef: OTHER other https://docs.aiosignal.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2
#####
PackageName: frozenlist
@@ -83,30 +105,47 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+ReleaseDate: 2024-10-23T09:46:20Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist
+ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog
+ExternalRef: OTHER other https://frozenlist.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
PackageName: async-timeout
SPDXID: SPDXRef-6-async-timeout
-PackageVersion: 4.0.3
+PackageVersion: 5.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files
+PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/async-timeout
-PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e
+PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-06T16:41:37Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*
#####
PackageName: attrs
@@ -116,418 +155,509 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
+PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
+ReleaseDate: 2024-08-06T14:37:36Z
+ExternalRef: OTHER documentation https://www.attrs.org/
+ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
+ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
+ExternalRef: OTHER other https://github.com/sponsors/hynek
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
#####
+PackageName: importlib-metadata
+SPDXID: SPDXRef-8-importlib-metadata
+PackageVersion: 8.5.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read metadata from Python packages
+ReleaseDate: 2024-09-11T14:56:07Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zipp
+SPDXID: SPDXRef-9-zipp
+PackageVersion: 3.21.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backport of pathlib-compatible object wrapper for zip files
+ReleaseDate: 2024-11-10T15:05:19Z
+ExternalRef: OTHER vcs https://github.com/jaraco/zipp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
+#####
+
+PackageName: typing-extensions
+SPDXID: SPDXRef-10-typing-extensions
+PackageVersion: 4.12.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/python/typing_extensions
+PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ReleaseDate: 2024-06-07T18:52:13Z
+ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues
+ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
+ExternalRef: OTHER other https://github.com/python/typing/discussions
+ExternalRef: OTHER vcs https://github.com/python/typing_extensions
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+#####
+
PackageName: multidict
-SPDXID: SPDXRef-8-multidict
+SPDXID: SPDXRef-11-multidict
PackageVersion: 6.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: multidict implementation
+ReleaseDate: 2024-09-09T23:47:18Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
+ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://multidict.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
#####
-PackageName: typing-extensions
-SPDXID: SPDXRef-9-typing-extensions
-PackageVersion: 4.12.2
+PackageName: propcache
+SPDXID: SPDXRef-12-propcache
+PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
+PackageHomePage: https://github.com/aio-libs/propcache
+PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6
+PackageLicenseDeclared: Apache-2.0
+PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
-PackageSummary: Backported and Experimental Type Hints for Python 3.8+
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+PackageSummary: Accelerated property cache
+ReleaseDate: 2024-12-01T18:27:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache
+ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
+ExternalRef: OTHER other https://propcache.readthedocs.io
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
-SPDXID: SPDXRef-10-yarl
-PackageVersion: 1.17.1
+SPDXID: SPDXRef-13-yarl
+PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files
+PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
+PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-01T20:32:32Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl
+ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://yarl.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-11-idna
+SPDXID: SPDXRef-14-idna
PackageVersion: 3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
+ReleaseDate: 2024-09-15T18:07:37Z
+ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
+ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
+ExternalRef: OTHER vcs https://github.com/kjd/idna
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
#####
-PackageName: propcache
-SPDXID: SPDXRef-12-propcache
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/propcache
-PackageLicenseDeclared: Apache-2.0
-PackageLicenseConcluded: Apache-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Accelerated property cache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
-#####
-
PackageName: beautifulsoup4
-SPDXID: SPDXRef-13-beautifulsoup4
+SPDXID: SPDXRef-15-beautifulsoup4
PackageVersion: 4.12.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
+PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
+ReleaseDate: 2024-01-17T16:53:12Z
+ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
-SPDXID: SPDXRef-14-soupsieve
+SPDXID: SPDXRef-16-soupsieve
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
-PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
+PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ReleaseDate: 2024-08-13T13:39:10Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-15-cvss
+SPDXID: SPDXRef-17-cvss
PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
+PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
+ReleaseDate: 2024-11-01T10:05:52Z
+ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
+ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
+ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
+ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
-SPDXID: SPDXRef-16-defusedxml
+SPDXID: SPDXRef-18-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files
+PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml
FilesAnalyzed: false
PackageHomePage: https://github.com/tiran/defusedxml
-PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
+PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
+ReleaseDate: 2021-03-08T10:59:24Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
PackageName: distro
-SPDXID: SPDXRef-17-distro
+SPDXID: SPDXRef-19-distro
PackageVersion: 1.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-distro/distro
+PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
+ReleaseDate: 2023-12-24T09:54:30Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
PackageName: filetype
-SPDXID: SPDXRef-18-filetype
+SPDXID: SPDXRef-20-filetype
PackageVersion: 1.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
-PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files
+PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master
FilesAnalyzed: false
PackageHomePage: https://github.com/h2non/filetype.py
-PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
+PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
+ReleaseDate: 2022-11-02T17:34:01Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-19-gsutil
-PackageVersion: 5.31
+SPDXID: SPDXRef-21-gsutil
+PackageVersion: 5.33
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files
+PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
+PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-11T09:40:59Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-20-argcomplete
-PackageVersion: 3.5.1
+SPDXID: SPDXRef-22-argcomplete
+PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files
+PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
+PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-06T18:24:27Z
+ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
+ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
+ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
+ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-21-crcmod
+SPDXID: SPDXRef-23-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files
+PackageDownloadLocation: http://sourceforge.net/projects/crcmod
FilesAnalyzed: false
PackageHomePage: http://crcmod.sourceforge.net/
+PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
+ReleaseDate: 2010-06-27T14:35:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-22-fasteners
+SPDXID: SPDXRef-24-fasteners
PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/harlowja/fasteners
-PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
+PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
+ReleaseDate: 2023-09-19T17:11:18Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files
+PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin
FilesAnalyzed: false
PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb
+PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+ReleaseDate: 2024-05-02T14:37:31Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
-PackageName: boto
-SPDXID: SPDXRef-24-boto
-PackageVersion: 2.49.0
+PackageName: rsa
+SPDXID: SPDXRef-26-rsa
+PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageHomePage: https://stuvel.eu/rsa
+PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
+PackageSummary: Pure-Python RSA implementation
+ReleaseDate: 2021-02-24T10:55:03Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
-PackageName: google-auth
-SPDXID: SPDXRef-25-google-auth
-PackageVersion: 2.17.0
+PackageName: pyasn1
+SPDXID: SPDXRef-27-pyasn1
+PackageVersion: 0.6.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ReleaseDate: 2024-09-10T22:41:42Z
+ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
+ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
#####
-PackageName: cachetools
-SPDXID: SPDXRef-26-cachetools
-PackageVersion: 5.5.0
+PackageName: boto
+SPDXID: SPDXRef-28-boto
+PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
+PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
+PackageHomePage: https://github.com/boto/boto/
+PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+PackageSummary: Amazon Web Services Library
+ReleaseDate: 2018-07-11T20:58:55Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-27-pyasn1-modules
-PackageVersion: 0.4.1
+PackageName: google-reauth
+SPDXID: SPDXRef-29-google-reauth
+PackageVersion: 0.1.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageHomePage: https://github.com/Google/google-reauth-python
+PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1
-SPDXID: SPDXRef-28-pyasn1
-PackageVersion: 0.6.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
+PackageSummary: Google Reauth Library
+ReleaseDate: 2020-12-01T17:35:45Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
-PackageName: rsa
-SPDXID: SPDXRef-29-rsa
-PackageVersion: 4.7.2
+PackageName: pyu2f
+SPDXID: SPDXRef-30-pyu2f
+PackageVersion: 0.1.5
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
+PackageHomePage: https://github.com/google/pyu2f/
+PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ReleaseDate: 2020-10-30T20:03:07Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-30-six
-PackageVersion: 1.16.0
+SPDXID: SPDXRef-31-six
+PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
-PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files
+PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/benjaminp/six
-PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1
+PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth-httplib2
-SPDXID: SPDXRef-31-google-auth-httplib2
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library: httplib2 transport
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T17:35:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
PackageName: httplib2
@@ -538,11 +668,12 @@ PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/httplib2/httplib2
-PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
+PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
+ReleaseDate: 2022-02-03T00:00:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
@@ -555,218 +686,253 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+ReleaseDate: 2024-10-13T10:01:13Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*
#####
-PackageName: google-reauth
-SPDXID: SPDXRef-34-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-35-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
PackageName: oauth2client
-SPDXID: SPDXRef-36-oauth2client
+SPDXID: SPDXRef-34-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/oauth2client/
-PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
+PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
+ReleaseDate: 2018-09-07T21:38:16Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-35-pyasn1-modules
+PackageVersion: 0.4.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ReleaseDate: 2024-09-10T22:42:08Z
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
+ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+#####
+
PackageName: pyopenssl
-SPDXID: SPDXRef-37-pyopenssl
+SPDXID: SPDXRef-36-pyopenssl
PackageVersion: 24.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
+PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
+ReleaseDate: 2024-07-20T17:26:29Z
+ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
-SPDXID: SPDXRef-38-cryptography
+SPDXID: SPDXRef-37-cryptography
PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
+PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+ReleaseDate: 2024-10-18T15:57:36Z
+ExternalRef: OTHER documentation https://cryptography.io/
+ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
+ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
+ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
-SPDXID: SPDXRef-39-cffi
+SPDXID: SPDXRef-38-cffi
PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
+PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
+ReleaseDate: 2024-09-04T20:43:30Z
+ExternalRef: OTHER documentation http://cffi.readthedocs.org/
+ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
+ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
+ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
+ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
PackageName: pycparser
-SPDXID: SPDXRef-40-pycparser
+SPDXID: SPDXRef-39-pycparser
PackageVersion: 2.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
+PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
+ReleaseDate: 2024-03-30T13:22:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
PackageName: retry-decorator
-SPDXID: SPDXRef-41-retry-decorator
+SPDXID: SPDXRef-40-retry-decorator
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
+PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
+ReleaseDate: 2020-03-10T23:56:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
+PackageName: google-auth
+SPDXID: SPDXRef-41-google-auth
+PackageVersion: 2.17.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/googleapis/google-auth-library-python
+PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library
+ReleaseDate: 2023-03-28T19:51:30Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cachetools
+SPDXID: SPDXRef-42-cachetools
+PackageVersion: 5.5.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/tkem/cachetools/
+PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ReleaseDate: 2024-08-18T20:28:43Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-auth-httplib2
+SPDXID: SPDXRef-43-google-auth-httplib2
+PackageVersion: 0.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
+PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library: httplib2 transport
+ReleaseDate: 2023-12-12T17:40:13Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+#####
+
PackageName: google-apitools
-SPDXID: SPDXRef-42-google-apitools
+SPDXID: SPDXRef-44-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
+PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
+ReleaseDate: 2021-05-05T22:12:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-43-monotonic
+SPDXID: SPDXRef-45-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/atdt/monotonic
-PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
+PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+ReleaseDate: 2021-04-09T21:58:05Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
-PackageName: importlib-metadata
-SPDXID: SPDXRef-44-importlib-metadata
-PackageVersion: 8.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
-FilesAnalyzed: false
-PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: zipp
-SPDXID: SPDXRef-45-zipp
-PackageVersion: 3.21.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
-#####
-
PackageName: jinja2
SPDXID: SPDXRef-46-jinja2
PackageVersion: 3.1.4
@@ -774,11 +940,17 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57
+PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
+ReleaseDate: 2024-05-05T23:41:59Z
+ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
+ExternalRef: OTHER chat https://discord.gg/pallets
+ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER vcs https://github.com/pallets/jinja/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
#####
@@ -789,12 +961,46 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
+PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
-PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: markupsafe declares Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
+ReleaseDate: 2024-10-18T15:20:51Z
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
+ExternalRef: OTHER chat https://discord.gg/pallets
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2
#####
@@ -806,10 +1012,18 @@ PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema
+PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
+ReleaseDate: 2024-07-08T18:40:00Z
+ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
@@ -822,11 +1036,17 @@ PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVin
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549
+PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
+ReleaseDate: 2024-10-08T12:29:30Z
+ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*
#####
@@ -839,45 +1059,62 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
+PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
+ReleaseDate: 2024-05-01T20:26:02Z
+ExternalRef: OTHER documentation https://referencing.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
SPDXID: SPDXRef-51-rpds-py
-PackageVersion: 0.21.0
+PackageVersion: 0.22.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-04T15:31:31Z
+ExternalRef: OTHER documentation https://rpds.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/crate-py/rpds
+ExternalRef: OTHER other https://github.com/orium/rpds
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-52-lib4sbom
-PackageVersion: 0.7.5
+PackageVersion: 0.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
+PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-09T20:13:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -885,13 +1122,20 @@ SPDXID: SPDXRef-53-pyyaml
PackageVersion: 6.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/PyYAML/
FilesAnalyzed: false
PackageHomePage: https://pyyaml.org/
+PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
+ReleaseDate: 2024-08-06T20:31:40Z
+ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
+ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
+ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
+ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
+ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
@@ -904,12 +1148,13 @@ PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.o
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
+PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
+ReleaseDate: 2022-05-26T13:35:21Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
@@ -922,11 +1167,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
+PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
+ReleaseDate: 2024-08-29T20:36:52Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
#####
@@ -939,11 +1185,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4
+PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CSAF generator and analyser
+ReleaseDate: 2024-06-12T20:10:06Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
#####
@@ -956,10 +1203,12 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
+PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
+ReleaseDate: 2024-10-22T05:51:23Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
@@ -972,11 +1221,13 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
+PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ReleaseDate: 2024-11-01T16:43:55Z
+ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
@@ -989,11 +1240,13 @@ PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/markdown-it-py
-PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
+PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ReleaseDate: 2023-06-03T06:41:11Z
+ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
@@ -1006,11 +1259,12 @@ PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/mdurl
-PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
+PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
+ReleaseDate: 2022-08-14T12:40:09Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
@@ -1023,81 +1277,101 @@ PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
+PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
+ReleaseDate: 2024-05-04T13:41:57Z
+ExternalRef: OTHER documentation https://pygments.org/docs
+ExternalRef: OTHER vcs https://github.com/pygments/pygments
+ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
+ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
+PackageName: python-gnupg
+SPDXID: SPDXRef-62-python-gnupg
+PackageVersion: 0.5.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/vsajip/python-gnupg
+PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ReleaseDate: 2024-09-20T16:43:47Z
+ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
+ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-62-packaging
+SPDXID: SPDXRef-63-packaging
PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
+ReleaseDate: 2024-11-08T09:47:44Z
+ExternalRef: OTHER documentation https://packaging.pypa.io/
+ExternalRef: OTHER vcs https://github.com/pypa/packaging
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-63-plotly
+SPDXID: SPDXRef-64-plotly
PackageVersion: 5.24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
+PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
+ReleaseDate: 2024-09-12T15:36:24Z
+ExternalRef: OTHER documentation https://plotly.com/python/
+ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
+ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-64-tenacity
+SPDXID: SPDXRef-65-tenacity
PackageVersion: 9.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/jd/tenacity
-PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb
+PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
+ReleaseDate: 2024-07-29T12:12:25Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
#####
-PackageName: python-gnupg
-SPDXID: SPDXRef-65-python-gnupg
-PackageVersion: 0.5.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
-#####
-
PackageName: requests
SPDXID: SPDXRef-66-requests
PackageVersion: 2.32.3
@@ -1106,62 +1380,78 @@ PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068
+PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
+ReleaseDate: 2024-05-29T15:37:47Z
+ExternalRef: OTHER documentation https://requests.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/psf/requests
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
#####
-PackageName: certifi
-SPDXID: SPDXRef-67-certifi
-PackageVersion: 2024.8.30
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*
-#####
-
PackageName: charset-normalizer
-SPDXID: SPDXRef-68-charset-normalizer
+SPDXID: SPDXRef-67-charset-normalizer
PackageVersion: 3.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Ousret/charset_normalizer
+PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ReleaseDate: 2024-10-09T07:38:02Z
+ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-69-urllib3
+SPDXID: SPDXRef-68-urllib3
PackageVersion: 2.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ReleaseDate: 2024-09-12T10:52:16Z
+ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
+ExternalRef: OTHER documentation https://urllib3.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
+ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
#####
+PackageName: certifi
+SPDXID: SPDXRef-69-certifi
+PackageVersion: 2024.12.14
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/certifi/python-certifi
+PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56
+PackageLicenseDeclared: MPL-2.0
+PackageLicenseConcluded: MPL-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python package for providing Mozilla's CA Bundle.
+ReleaseDate: 2024-12-14T13:52:36Z
+ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
+#####
+
PackageName: rpmfile
SPDXID: SPDXRef-70-rpmfile
PackageVersion: 2.1.0
@@ -1170,28 +1460,34 @@ PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/srossross/rpmfile
-PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5
+PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
+ReleaseDate: 2024-07-24T21:57:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
PackageName: setuptools
SPDXID: SPDXRef-71-setuptools
-PackageVersion: 75.3.0
+PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
-PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-11-20T18:16:10Z
+ExternalRef: OTHER vcs https://github.com/pypa/setuptools
+ExternalRef: OTHER documentation https://setuptools.pypa.io/
+ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: toml
@@ -1202,11 +1498,12 @@ PackageSupplier: Person: William Pearson (uiri@xqz.ca)
PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/uiri/toml
-PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471
+PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python Library for Tom's Obvious, Minimal Language
+ReleaseDate: 2020-11-01T01:40:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
#####
@@ -1219,10 +1516,12 @@ PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
+PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
+ReleaseDate: 2024-10-31T09:47:12Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
@@ -1235,10 +1534,12 @@ PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ReleaseDate: 2024-10-27T21:52:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
@@ -1251,24 +1552,24 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
+ReleaseDate: 2024-07-15T00:13:27Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-importlib-metadata
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-zipp
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-lib4sbom
@@ -1276,75 +1577,78 @@ Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-pyyaml
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-lib4vex
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-packageurl-python
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-python-gnupg
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-python-gnupg
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-packaging
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-plotly
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-requests
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-urllib3
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-urllib3
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-rpmfile
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-setuptools
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-toml
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-xmlschema
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-zstandard
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict
-Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-importlib-metadata
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-9-zipp
+Relationship: SPDXRef-11-multidict DEPENDS_ON SPDXRef-10-typing-extensions
+Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-11-multidict
+Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-12-propcache
+Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-14-idna
+Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-multidict
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-propcache
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-13-yarl
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2
+Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f
+Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six
Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing
-Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f
-Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography
-Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi
-Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules
+Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography
+Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi
+Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser
Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-44-importlib-metadata DEPENDS_ON SPDXRef-45-zipp
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools
+Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client
Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe
Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications
Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-referencing
@@ -1353,7 +1657,7 @@ Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-7-attrs
Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-50-referencing
Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-51-rpds-py
Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml
+Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml
Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-53-pyyaml
Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-54-semantic-version
Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-52-lib4sbom
@@ -1361,16 +1665,19 @@ Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-56-csaf-tool
Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-57-packageurl-python
Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-57-packageurl-python
Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-58-rich
+Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-10-typing-extensions
Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-59-markdown-it-py
Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-61-pygments
-Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-9-typing-extensions
Relationship: SPDXRef-59-markdown-it-py DEPENDS_ON SPDXRef-60-mdurl
-Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging
-Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity
-Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-11-idna
-Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-certifi
-Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-charset-normalizer
-Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-urllib3
+Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-63-packaging
+Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-65-tenacity
+Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-14-idna
+Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-charset-normalizer
+Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-urllib3
+Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-certifi
+Relationship: SPDXRef-7-attrs DEPENDS_ON SPDXRef-8-importlib-metadata
Relationship: SPDXRef-73-xmlschema DEPENDS_ON SPDXRef-74-elementpath
-Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-75-zstandard DEPENDS_ON SPDXRef-38-cffi
+Relationship: SPDXRef-8-importlib-metadata DEPENDS_ON SPDXRef-10-typing-extensions
+Relationship: SPDXRef-8-importlib-metadata DEPENDS_ON SPDXRef-9-zipp
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool
diff --git a/test/language_data/conan.lock b/test/language_data/conan.lock
new file mode 100644
index 0000000000..19bd5cdf56
--- /dev/null
+++ b/test/language_data/conan.lock
@@ -0,0 +1,12 @@
+{
+ "version": "0.5",
+ "requires": [
+ "zlib/1.2.11#fca992a7d96a1b92bd956caa8a97d18f%1705999194.642",
+ "openssl/3.0.1w#a8f0792d7c5121b954578a7149d23e03%1717541485.78"
+ ],
+ "build_requires": [
+ "cmake/3.22.6#f305019023c2db74d1001c5afa5cf362"
+ ],
+ "python_requires": [],
+ "config_requires": []
+}
\ No newline at end of file
diff --git a/test/test_data/acpid.py b/test/test_data/acpid.py
index 944b7f84cc..afb0e3091a 100644
--- a/test/test_data/acpid.py
+++ b/test/test_data/acpid.py
@@ -18,13 +18,13 @@
"version": "2.0.34",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/acpid/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/acpid/",
"package_name": "acpid_2.0.23-2_amd64.deb",
"product": "acpid2",
"version": "2.0.23",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/acpid/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/acpid/",
"package_name": "acpid_2.0.23-2_armel.deb",
"product": "acpid2",
"version": "2.0.23",
diff --git a/test/test_data/apache_http_server.py b/test/test_data/apache_http_server.py
index 7f3c8d08fb..c1f28b88fd 100644
--- a/test/test_data/apache_http_server.py
+++ b/test/test_data/apache_http_server.py
@@ -17,7 +17,7 @@
"version": "2.4.51",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/apache2/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/apache2/",
"package_name": "apache2-bin_2.4.10-10+deb8u12_amd64.deb",
"product": "http_server",
"version": "2.4.10",
diff --git a/test/test_data/apcupsd.py b/test/test_data/apcupsd.py
index 42060ded21..bf0fee56f0 100644
--- a/test/test_data/apcupsd.py
+++ b/test/test_data/apcupsd.py
@@ -22,13 +22,13 @@
"version": "3.14.14",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/apcupsd/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/apcupsd/",
"package_name": "apcupsd_3.14.12-1.1_amd64.deb",
"product": "apcupsd",
"version": "3.14.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/apcupsd/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/apcupsd/",
"package_name": "apcupsd_3.14.12-1.1_armel.deb",
"product": "apcupsd",
"version": "3.14.12",
diff --git a/test/test_data/apparmor.py b/test/test_data/apparmor.py
index bea99f5f4f..1e4b987715 100644
--- a/test/test_data/apparmor.py
+++ b/test/test_data/apparmor.py
@@ -10,7 +10,7 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/apparmor/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/apparmor/",
"package_name": "apparmor_2.9.0-3_amd64.deb",
"product": "apparmor",
"version": "2.9.0",
diff --git a/test/test_data/asn1c.py b/test/test_data/asn1c.py
index d482ff606d..64edbc351e 100644
--- a/test/test_data/asn1c.py
+++ b/test/test_data/asn1c.py
@@ -18,13 +18,13 @@
"version": "0.9.28",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/asn1c/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/asn1c/",
"package_name": "asn1c_0.9.24+dfsg-1_amd64.deb",
"product": "asn1c",
"version": "0.9.24",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/asn1c/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/asn1c/",
"package_name": "asn1c_0.9.24+dfsg-1_armel.deb",
"product": "asn1c",
"version": "0.9.24",
diff --git a/test/test_data/avahi.py b/test/test_data/avahi.py
index b19926e3bd..2667c32c77 100644
--- a/test/test_data/avahi.py
+++ b/test/test_data/avahi.py
@@ -25,7 +25,7 @@
"version": "0.6.31",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/avahi/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/avahi/",
"package_name": "avahi-daemon_0.6.31-5_amd64.deb",
"product": "avahi",
"version": "0.6.31",
diff --git a/test/test_data/axel.py b/test/test_data/axel.py
index 07a12b0522..48e083433c 100644
--- a/test/test_data/axel.py
+++ b/test/test_data/axel.py
@@ -12,7 +12,7 @@
"version": "2.17.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/a/axel/",
+ "url": "http://ftp.debian.org/debian/pool/main/a/axel/",
"package_name": "axel_2.16.1-4_amd64.deb",
"product": "axel",
"version": "2.16.1",
diff --git a/test/test_data/bind.py b/test/test_data/bind.py
index 0bdcb4a6ac..e70d8e5221 100644
--- a/test/test_data/bind.py
+++ b/test/test_data/bind.py
@@ -24,7 +24,7 @@
"version": "9.11.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/bind9/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/bind9/",
"package_name": "bind9-libs_9.16.27-1~deb11u1~bpo10+1_amd64.deb",
"product": "bind",
"version": "9.16.27",
diff --git a/test/test_data/bison.py b/test/test_data/bison.py
index 18567a9aa9..0d76a7b126 100644
--- a/test/test_data/bison.py
+++ b/test/test_data/bison.py
@@ -18,13 +18,13 @@
"version": "3.8.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/bison/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/bison/",
"package_name": "bison_3.0.2.dfsg-2_amd64.deb",
"product": "bison",
"version": "3.0.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/bison/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/bison/",
"package_name": "bison_3.0.2.dfsg-2_armel.deb",
"product": "bison",
"version": "3.0.2",
diff --git a/test/test_data/bluez.py b/test/test_data/bluez.py
index b3d2ae8f68..6ffaaed843 100644
--- a/test/test_data/bluez.py
+++ b/test/test_data/bluez.py
@@ -19,7 +19,7 @@
"version": "5.66",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/bluez/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/bluez/",
"package_name": "bluez_5.50-1.2~deb10u2_amd64.deb",
"product": "bluez",
"version": "5.50",
diff --git a/test/test_data/boinc.py b/test/test_data/boinc.py
index 26370eca4f..16e20dbc8a 100644
--- a/test/test_data/boinc.py
+++ b/test/test_data/boinc.py
@@ -13,7 +13,7 @@
"version": "7.20.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/boinc/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/boinc/",
"package_name": "boinc-client_7.10.2+dfsg-2~bpo9+1_amd64.deb",
"product": "boinc",
"version": "7.10.2",
diff --git a/test/test_data/botan.py b/test/test_data/botan.py
index 37ce16c503..df1e2888e7 100644
--- a/test/test_data/botan.py
+++ b/test/test_data/botan.py
@@ -12,7 +12,7 @@
"version": "2.19.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/botan/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/botan/",
"package_name": "libbotan-2-4_2.4.0-5~bpo9+1_amd64.deb",
"product": "botan",
"version": "2.4.0",
diff --git a/test/test_data/bro.py b/test/test_data/bro.py
index dd1e1484b7..f10ffc4544 100644
--- a/test/test_data/bro.py
+++ b/test/test_data/bro.py
@@ -14,13 +14,13 @@
"other_products": ["sqlite"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/bro/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/bro/",
"package_name": "bro_2.5-1_amd64.deb",
"product": "bro",
"version": "2.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/bro/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/bro/",
"package_name": "bro_2.5.5-1+deb10u1_arm64.deb",
"product": "bro",
"version": "2.5.5",
diff --git a/test/test_data/bwm_ng.py b/test/test_data/bwm_ng.py
index 36ec23cc83..8191aa4314 100644
--- a/test/test_data/bwm_ng.py
+++ b/test/test_data/bwm_ng.py
@@ -12,7 +12,7 @@
"version": "0.6.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/b/bwm-ng/",
+ "url": "http://ftp.debian.org/debian/pool/main/b/bwm-ng/",
"package_name": "bwm-ng_0.6.1-6_amd64.deb",
"product": "bwm-ng",
"version": "0.6.1",
diff --git a/test/test_data/c_ares.py b/test/test_data/c_ares.py
index 04cd7198d7..10e2bdce70 100644
--- a/test/test_data/c_ares.py
+++ b/test/test_data/c_ares.py
@@ -25,7 +25,7 @@
"version": "1.17.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/c-ares/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/c-ares/",
"package_name": "libc-ares2_1.10.0-2%2Bdeb8u2_amd64.deb",
"product": "c-ares",
"version": "1.10.0",
diff --git a/test/test_data/capnproto.py b/test/test_data/capnproto.py
index 1c8f42de3e..887db158d6 100644
--- a/test/test_data/capnproto.py
+++ b/test/test_data/capnproto.py
@@ -17,7 +17,7 @@
"version": "0.10.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/capnproto/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/capnproto/",
"package_name": "libcapnp-0.5.3_0.5.3-2_amd64.deb",
"product": "capnproto",
"version": "0.5.3",
diff --git a/test/test_data/ceph.py b/test/test_data/ceph.py
index 16524d6a60..edbd364d3c 100644
--- a/test/test_data/ceph.py
+++ b/test/test_data/ceph.py
@@ -13,7 +13,7 @@
"version": "18.2.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/ceph/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/ceph/",
"package_name": "ceph-base_12.2.11+dfsg1-2.1+b1_amd64.deb",
"product": "ceph",
"version": "12.2.11",
diff --git a/test/test_data/chess.py b/test/test_data/chess.py
index 2ecbd0eb75..a3c5926c1b 100644
--- a/test/test_data/chess.py
+++ b/test/test_data/chess.py
@@ -18,13 +18,13 @@
"version": "6.2.9",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gnuchess/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gnuchess/",
"package_name": "gnuchess_6.1.2-1_amd64.deb",
"product": "chess",
"version": "6.1.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gnuchess/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gnuchess/",
"package_name": "gnuchess_6.1.2-1_armel.deb",
"product": "chess",
"version": "6.1.2",
diff --git a/test/test_data/chrony.py b/test/test_data/chrony.py
index 52d1d247c4..9727407813 100644
--- a/test/test_data/chrony.py
+++ b/test/test_data/chrony.py
@@ -7,13 +7,13 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/chrony/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/chrony/",
"package_name": "chrony_1.30-2+deb8u2_amd64.deb",
"product": "chrony",
"version": "1.30",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/chrony/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/chrony/",
"package_name": "chrony_1.30-2+deb8u2_armel.deb",
"product": "chrony",
"version": "1.30",
diff --git a/test/test_data/civetweb.py b/test/test_data/civetweb.py
index ebbc98a12e..3a26c673a7 100644
--- a/test/test_data/civetweb.py
+++ b/test/test_data/civetweb.py
@@ -12,7 +12,7 @@
"version": "1.16",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/civetweb/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/civetweb/",
"package_name": "libcivetweb1_1.13+dfsg-5_amd64.deb",
"product": "civetweb",
"version": "1.13",
diff --git a/test/test_data/clamav.py b/test/test_data/clamav.py
index 76d7551a17..829ac25d29 100644
--- a/test/test_data/clamav.py
+++ b/test/test_data/clamav.py
@@ -27,7 +27,7 @@
"other_products": ["rust"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/clamav/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/clamav/",
"package_name": "clamav_0.102.3+dfsg-0~deb9u1_arm64.deb",
"product": "clamav",
"version": "0.102.3",
diff --git a/test/test_data/collectd.py b/test/test_data/collectd.py
index 4daaf4afb5..c0be1a8786 100644
--- a/test/test_data/collectd.py
+++ b/test/test_data/collectd.py
@@ -18,13 +18,13 @@
"version": "5.12.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/collectd/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/collectd/",
"package_name": "collectd-core_5.11.0-7~bpo9+1_amd64.deb",
"product": "collectd",
"version": "5.11.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/collectd/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/collectd/",
"package_name": "collectd-core_5.11.0-7~bpo9+1_arm64.deb",
"product": "collectd",
"version": "5.11.0",
diff --git a/test/test_data/coreutils.py b/test/test_data/coreutils.py
index fcd78ddf10..2908fc631d 100644
--- a/test/test_data/coreutils.py
+++ b/test/test_data/coreutils.py
@@ -13,7 +13,7 @@
"version": "9.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/coreutils/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/coreutils/",
"package_name": "coreutils_8.30-3_amd64.deb",
"product": "coreutils",
"version": "8.30",
diff --git a/test/test_data/cpio.py b/test/test_data/cpio.py
index ea291e59b7..ea2674b959 100644
--- a/test/test_data/cpio.py
+++ b/test/test_data/cpio.py
@@ -12,7 +12,7 @@
"version": "2.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/cpio/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/cpio/",
"package_name": "cpio_2.12+dfsg-9_amd64.deb",
"product": "cpio",
"version": "2.12",
diff --git a/test/test_data/cryptsetup.py b/test/test_data/cryptsetup.py
index 018e788f5e..bdb5f837d0 100644
--- a/test/test_data/cryptsetup.py
+++ b/test/test_data/cryptsetup.py
@@ -35,7 +35,7 @@
"version": "2.0.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/cryptsetup/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/cryptsetup/",
"package_name": "libcryptsetup12_2.1.0-5+deb10u2_arm64.deb",
"product": "cryptsetup",
"version": "2.1.0",
diff --git a/test/test_data/cvs.py b/test/test_data/cvs.py
index 2154618302..854e7ba5cb 100644
--- a/test/test_data/cvs.py
+++ b/test/test_data/cvs.py
@@ -22,13 +22,13 @@
"version": "1.12.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/cvs/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/cvs/",
"package_name": "cvs_1.12.13+real-15+deb8u1_amd64.deb",
"product": "cvs",
"version": "1.12.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/c/cvs/",
+ "url": "http://ftp.debian.org/debian/pool/main/c/cvs/",
"package_name": "cvs_1.12.13+real-15+deb8u1_armel.deb",
"product": "cvs",
"version": "1.12.13",
diff --git a/test/test_data/dav1d.py b/test/test_data/dav1d.py
index da0d8bb29d..92dd59748f 100644
--- a/test/test_data/dav1d.py
+++ b/test/test_data/dav1d.py
@@ -12,7 +12,7 @@
"version": "1.2.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/dav1d/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/dav1d/",
"package_name": "dav1d_0.7.1-3_amd64.deb",
"product": "dav1d",
"version": "0.7.1",
diff --git a/test/test_data/davfs2.py b/test/test_data/davfs2.py
index a37c94b2e9..e52faf59e8 100644
--- a/test/test_data/davfs2.py
+++ b/test/test_data/davfs2.py
@@ -18,13 +18,13 @@
"version": "1.6.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/davfs2/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/davfs2/",
"package_name": "davfs2_1.5.2-1_amd64.deb",
"product": "davfs2",
"version": "1.5.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/davfs2/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/davfs2/",
"package_name": "davfs2_1.5.2-1_armel.deb",
"product": "davfs2",
"version": "1.5.2",
diff --git a/test/test_data/dbus.py b/test/test_data/dbus.py
index c04dc2d6dc..88cfad5517 100644
--- a/test/test_data/dbus.py
+++ b/test/test_data/dbus.py
@@ -37,7 +37,7 @@
"other_products": ["libdbus"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/dbus/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/dbus/",
"package_name": "dbus_1.8.22-0+deb8u1_amd64.deb",
"product": "dbus",
"version": "1.8.22",
diff --git a/test/test_data/dhclient.py b/test/test_data/dhclient.py
index bc6fb47f64..af4a198544 100644
--- a/test/test_data/dhclient.py
+++ b/test/test_data/dhclient.py
@@ -13,7 +13,7 @@
"version": "4.4.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/isc-dhcp/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/isc-dhcp/",
"package_name": "isc-dhcp-client_4.3.1-6+deb8u3_amd64.deb",
"product": "dhcp",
"version": "4.3.1",
diff --git a/test/test_data/dhcpcd.py b/test/test_data/dhcpcd.py
index 7fc809c9c2..aa45271d13 100644
--- a/test/test_data/dhcpcd.py
+++ b/test/test_data/dhcpcd.py
@@ -12,7 +12,7 @@
"version": "9.4.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/dhcpcd5/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/dhcpcd5/",
"package_name": "dhcpcd5_7.1.0-2+b1_amd64.deb",
"product": "dhcpcd",
"version": "7.1.0",
diff --git a/test/test_data/dhcpd.py b/test/test_data/dhcpd.py
index af05fdcb4a..cfb13a37ba 100644
--- a/test/test_data/dhcpd.py
+++ b/test/test_data/dhcpd.py
@@ -18,7 +18,7 @@
"other_products": ["dhcp"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/isc-dhcp/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/isc-dhcp/",
"package_name": "isc-dhcp-server_4.3.5-3+deb9u1_arm64.deb",
"product": "dhcpd",
"version": "4.3.5",
diff --git a/test/test_data/dmidecode.py b/test/test_data/dmidecode.py
index eda89711af..72f61d21cb 100644
--- a/test/test_data/dmidecode.py
+++ b/test/test_data/dmidecode.py
@@ -13,7 +13,7 @@
"version": "3.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/dmidecode/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/dmidecode/",
"package_name": "dmidecode_3.0-4_amd64.deb",
"product": "dmidecode",
"version": "3.0",
diff --git a/test/test_data/dnsmasq.py b/test/test_data/dnsmasq.py
index 72e507256a..a47499252c 100644
--- a/test/test_data/dnsmasq.py
+++ b/test/test_data/dnsmasq.py
@@ -36,7 +36,7 @@
"version": "2.84",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/dnsmasq/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/dnsmasq/",
"package_name": "dnsmasq-base_2.72-3+deb8u2_amd64.deb",
"product": "dnsmasq",
"version": "2.72",
diff --git a/test/test_data/dovecot.py b/test/test_data/dovecot.py
index 653990acd4..77730ca144 100644
--- a/test/test_data/dovecot.py
+++ b/test/test_data/dovecot.py
@@ -39,7 +39,7 @@
"version": "2.3.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/dovecot/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/dovecot/",
"package_name": "dovecot-core_2.3.21.1%2Bdfsg1-1_arm64.deb",
"product": "dovecot",
"version": "2.3.21.1",
diff --git a/test/test_data/doxygen.py b/test/test_data/doxygen.py
index ad6af79ba8..7324064a5f 100644
--- a/test/test_data/doxygen.py
+++ b/test/test_data/doxygen.py
@@ -12,7 +12,7 @@
"version": "1.9.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/doxygen/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/doxygen/",
"package_name": "doxygen_1.8.13-4+b1_amd64.deb",
"product": "doxygen",
"version": "1.8.13",
diff --git a/test/test_data/dropbear.py b/test/test_data/dropbear.py
index 51ed10621d..7eb09d95d6 100644
--- a/test/test_data/dropbear.py
+++ b/test/test_data/dropbear.py
@@ -21,7 +21,7 @@
"version": "2022.82",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/d/dropbear/",
+ "url": "http://ftp.debian.org/debian/pool/main/d/dropbear/",
"package_name": "dropbear_2014.65-1+deb8u2_amd64.deb",
"product": "dropbear_ssh",
"version": "2014.65",
diff --git a/test/test_data/e2fsprogs.py b/test/test_data/e2fsprogs.py
index 7778ddb3d0..1b08287514 100644
--- a/test/test_data/e2fsprogs.py
+++ b/test/test_data/e2fsprogs.py
@@ -37,13 +37,13 @@
"version": "1.46.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/e/e2fsprogs/",
+ "url": "http://ftp.debian.org/debian/pool/main/e/e2fsprogs/",
"package_name": "e2fsprogs_1.42.12-2+b1_amd64.deb",
"product": "e2fsprogs",
"version": "1.42.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/e/e2fsprogs/",
+ "url": "http://ftp.debian.org/debian/pool/main/e/e2fsprogs/",
"package_name": "libext2fs2_1.46.2-2_arm64.deb",
"product": "e2fsprogs",
"version": "1.46.2",
diff --git a/test/test_data/ed.py b/test/test_data/ed.py
index 1d625753f9..31ae953d2e 100644
--- a/test/test_data/ed.py
+++ b/test/test_data/ed.py
@@ -13,7 +13,7 @@
"version": "1.19",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/e/ed/",
+ "url": "http://ftp.debian.org/debian/pool/main/e/ed/",
"package_name": "ed_1.15-1_amd64.deb",
"product": "ed",
"version": "1.15",
diff --git a/test/test_data/elfutils.py b/test/test_data/elfutils.py
index 797874c0d4..7870e3db55 100644
--- a/test/test_data/elfutils.py
+++ b/test/test_data/elfutils.py
@@ -19,13 +19,13 @@
"version": "0.187",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/e/elfutils/",
+ "url": "http://ftp.debian.org/debian/pool/main/e/elfutils/",
"package_name": "elfutils_0.159-4.2_amd64.deb",
"product": "elfutils",
"version": "0.159",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/e/elfutils/",
+ "url": "http://ftp.debian.org/debian/pool/main/e/elfutils/",
"package_name": "elfutils_0.159-4.2_armel.deb",
"product": "elfutils",
"version": "0.159",
diff --git a/test/test_data/exfatprogs.py b/test/test_data/exfatprogs.py
index c005e37e6f..1d09b90a3b 100644
--- a/test/test_data/exfatprogs.py
+++ b/test/test_data/exfatprogs.py
@@ -16,7 +16,7 @@
"version": "1.2.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/e/exfatprogs/",
+ "url": "http://ftp.debian.org/debian/pool/main/e/exfatprogs/",
"package_name": "exfatprogs_1.1.0-1_amd64.deb",
"product": "exfatprogs",
"version": "1.1.0",
diff --git a/test/test_data/f2fs_tools.py b/test/test_data/f2fs_tools.py
index 3568d1c451..b7ece93dcf 100644
--- a/test/test_data/f2fs_tools.py
+++ b/test/test_data/f2fs_tools.py
@@ -21,13 +21,13 @@
"version": "1.15.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/f2fs-tools/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/f2fs-tools/",
"package_name": "f2fs-tools_1.4.0-2_amd64.deb",
"product": "f2fs-tools",
"version": "1.4.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/f2fs-tools/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/f2fs-tools/",
"package_name": "f2fs-tools_1.15.0-1_amd64.deb",
"product": "f2fs-tools",
"version": "1.15.0",
diff --git a/test/test_data/faad2.py b/test/test_data/faad2.py
index 86ea85550f..8c25cb887b 100644
--- a/test/test_data/faad2.py
+++ b/test/test_data/faad2.py
@@ -25,7 +25,7 @@
"version": "2.10.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/faad2/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/faad2/",
"package_name": "libfaad2_2.10.0-1_amd64.deb",
"product": "freeware_advanced_audio_decoder_2",
"version": "2.10.0",
diff --git a/test/test_data/fastd.py b/test/test_data/fastd.py
index bd5fabd782..06629b8cb8 100644
--- a/test/test_data/fastd.py
+++ b/test/test_data/fastd.py
@@ -18,13 +18,13 @@
"version": "22",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/fastd/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/fastd/",
"package_name": "fastd_18-2+b1_amd64.deb",
"product": "fastd",
"version": "18",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/fastd/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/fastd/",
"package_name": "fastd_18-2+b1_arm64.deb",
"product": "fastd",
"version": "18",
diff --git a/test/test_data/ffmpeg.py b/test/test_data/ffmpeg.py
index fcff6cd8a5..9300de70e6 100644
--- a/test/test_data/ffmpeg.py
+++ b/test/test_data/ffmpeg.py
@@ -37,7 +37,7 @@
"version": "4.3.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/ffmpeg/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/ffmpeg/",
"package_name": "ffmpeg_3.2.14-1~deb9u1_amd64.deb",
"product": "ffmpeg",
"version": "3.2.14",
diff --git a/test/test_data/file.py b/test/test_data/file.py
index 34df1faa66..3a24d7a7a1 100644
--- a/test/test_data/file.py
+++ b/test/test_data/file.py
@@ -23,13 +23,13 @@
"version": "5.43",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/file/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/file/",
"package_name": "file_5.22+15-2+deb8u4_amd64.deb",
"product": "file",
"version": "5.22",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/file/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/file/",
"package_name": "file_5.22+15-2+deb8u4_armel.deb",
"product": "file",
"version": "5.22",
diff --git a/test/test_data/firefox.py b/test/test_data/firefox.py
index 737a3bb99c..1a8368aeeb 100644
--- a/test/test_data/firefox.py
+++ b/test/test_data/firefox.py
@@ -24,7 +24,7 @@
],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/firefox/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/firefox/",
"package_name": "firefox_83.0-1_mipsel.deb",
"product": "firefox",
"version": "83.0",
diff --git a/test/test_data/flac.py b/test/test_data/flac.py
index 4dead22efa..d29437dee7 100644
--- a/test/test_data/flac.py
+++ b/test/test_data/flac.py
@@ -17,7 +17,7 @@
"version": "1.4.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/flac/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/flac/",
"package_name": "libflac8_1.3.0-3_amd64.deb",
"product": "flac",
"version": "1.3.0",
diff --git a/test/test_data/fluidsynth.py b/test/test_data/fluidsynth.py
index 41c843c8de..5b71ec0743 100644
--- a/test/test_data/fluidsynth.py
+++ b/test/test_data/fluidsynth.py
@@ -26,13 +26,13 @@
"version": "2.3.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/fluidsynth/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/fluidsynth/",
"package_name": "fluidsynth_1.1.11-1+deb10u1_amd64.deb",
"product": "fluidsynth",
"version": "1.1.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/fluidsynth/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/fluidsynth/",
"package_name": "libfluidsynth1_1.1.11-1+deb10u1_arm64.deb",
"product": "fluidsynth",
"version": "1.1.11",
diff --git a/test/test_data/freerdp.py b/test/test_data/freerdp.py
index 1c65d2223b..60eba373a3 100644
--- a/test/test_data/freerdp.py
+++ b/test/test_data/freerdp.py
@@ -13,7 +13,7 @@
"version": "2.8.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/freerdp2/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/freerdp2/",
"package_name": "libfreerdp-client2-2_2.0.0~git20190204.1.2693389a%2Bdfsg1-1~bpo9%2B1_amd64.deb",
"product": "freerdp",
"version": "2.0.0",
diff --git a/test/test_data/fribidi.py b/test/test_data/fribidi.py
index d7eb3396c5..fdd14f6b41 100644
--- a/test/test_data/fribidi.py
+++ b/test/test_data/fribidi.py
@@ -17,13 +17,13 @@
"version": "0.10.7",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/fribidi/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/fribidi/",
"package_name": "libfribidi0_0.19.6-3_amd64.deb",
"product": "fribidi",
"version": "0.19.6",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/fribidi/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/fribidi/",
"package_name": "libfribidi0_1.0.8-2.1_mips64el.deb",
"product": "fribidi",
"version": "1.0.8",
diff --git a/test/test_data/frr.py b/test/test_data/frr.py
index f1a3fc2791..2b83bbd637 100644
--- a/test/test_data/frr.py
+++ b/test/test_data/frr.py
@@ -21,7 +21,7 @@
"version": "8.4.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/f/frr/",
+ "url": "http://ftp.debian.org/debian/pool/main/f/frr/",
"package_name": "frr_6.0.2-2+deb10u1_amd64.deb",
"product": "free_range_routing",
"version": "6.0.2",
diff --git a/test/test_data/gdal.py b/test/test_data/gdal.py
index 74e4438f35..54052b24fe 100644
--- a/test/test_data/gdal.py
+++ b/test/test_data/gdal.py
@@ -12,7 +12,7 @@
"version": "3.7.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdal/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gdal/",
"package_name": "libgdal20_2.4.0+dfsg-1+b1_amd64.deb",
"product": "gdal",
"version": "2.4.0",
diff --git a/test/test_data/gdb.py b/test/test_data/gdb.py
index b150527f36..b220cb4077 100644
--- a/test/test_data/gdb.py
+++ b/test/test_data/gdb.py
@@ -13,13 +13,13 @@
"version": "12.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdb/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gdb/",
"package_name": "gdb_7.12-6_amd64.deb",
"product": "gdb",
"version": "7.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdb/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gdb/",
"package_name": "gdb_8.2.1-2+b3_mips64el.deb",
"product": "gdb",
"version": "8.2.1",
diff --git a/test/test_data/gdk_pixbuf.py b/test/test_data/gdk_pixbuf.py
index c05a68ec9d..2918ec0e45 100644
--- a/test/test_data/gdk_pixbuf.py
+++ b/test/test_data/gdk_pixbuf.py
@@ -16,7 +16,7 @@
"version": "2.42.10",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdk-pixbuf/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gdk-pixbuf/",
"package_name": "libgdk-pixbuf2.0-0_2.38.1+dfsg-1_amd64.deb",
"product": "gdk-pixbuf",
"version": "2.38.1",
diff --git a/test/test_data/ghostscript.py b/test/test_data/ghostscript.py
index a91aab916b..ff391233ed 100644
--- a/test/test_data/ghostscript.py
+++ b/test/test_data/ghostscript.py
@@ -15,7 +15,7 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/ghostscript/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/ghostscript/",
"package_name": "libgs9_9.27~dfsg-2+deb10u5_amd64.deb",
"product": "ghostscript",
"version": "9.27",
diff --git a/test/test_data/git.py b/test/test_data/git.py
index e441a70bf3..f068b018b9 100644
--- a/test/test_data/git.py
+++ b/test/test_data/git.py
@@ -13,7 +13,7 @@
"version": "1.8.5.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/git/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/git/",
"package_name": "git_2.1.4-2.1+deb8u6_amd64.deb",
"product": "git",
"version": "2.1.4",
diff --git a/test/test_data/glib.py b/test/test_data/glib.py
index af78ea8918..240fdd5789 100644
--- a/test/test_data/glib.py
+++ b/test/test_data/glib.py
@@ -19,7 +19,7 @@
"version": "2.74.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/glib2.0/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/glib2.0/",
"package_name": "libglib2.0-0_2.50.3-2+deb9u2_arm64.deb",
"product": "glib",
"version": "2.50.3",
diff --git a/test/test_data/glibc.py b/test/test_data/glibc.py
index 286a599e6a..41ec7ff28a 100644
--- a/test/test_data/glibc.py
+++ b/test/test_data/glibc.py
@@ -29,13 +29,13 @@
"other_products": ["gcc"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/glibc/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/glibc/",
"package_name": "libc-bin_2.19-18+deb8u10_amd64.deb",
"product": "glibc",
"version": "2.19",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/glibc/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/glibc/",
"package_name": "libc6-amd64_2.24-11+deb9u4_i386.deb",
"product": "glibc",
"version": "2.24",
diff --git a/test/test_data/gmp.py b/test/test_data/gmp.py
index ea4d5e425b..2379660add 100644
--- a/test/test_data/gmp.py
+++ b/test/test_data/gmp.py
@@ -29,13 +29,13 @@
"version": "6.2.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gmp/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gmp/",
"package_name": "libgmp10_6.0.0+dfsg-6_amd64.deb",
"product": "gmp",
"version": "6.0.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gmp/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gmp/",
"package_name": "libgmp10_6.2.1+dfsg-1+deb11u1_mipsel.deb",
"product": "gmp",
"version": "6.2.1",
diff --git a/test/test_data/go.py b/test/test_data/go.py
index 1264cb8ff0..689f282dc5 100644
--- a/test/test_data/go.py
+++ b/test/test_data/go.py
@@ -6,7 +6,7 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/golang-1.11/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/golang-1.11/",
"package_name": "golang-1.11-go_1.11.6-1+deb10u4_amd64.deb",
"product": "go",
"version": "1.11.6",
diff --git a/test/test_data/gpsd.py b/test/test_data/gpsd.py
index b6af87ecb8..ad42142b05 100644
--- a/test/test_data/gpsd.py
+++ b/test/test_data/gpsd.py
@@ -18,13 +18,13 @@
"version": "3.24",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gpsd/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gpsd/",
"package_name": "gpsd_3.11-3_amd64.deb",
"product": "gpsd",
"version": "3.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gpsd/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gpsd/",
"package_name": "gpsd_3.11-3_armel.deb",
"product": "gpsd",
"version": "3.11",
diff --git a/test/test_data/grep.py b/test/test_data/grep.py
index f0a7eaa15b..68eaadc6bd 100644
--- a/test/test_data/grep.py
+++ b/test/test_data/grep.py
@@ -13,7 +13,7 @@
"version": "3.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/grep/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/grep/",
"package_name": "grep_3.3-1_amd64.deb",
"product": "grep",
"version": "3.3",
diff --git a/test/test_data/grub2.py b/test/test_data/grub2.py
index 05e51c7bc0..7684d3ace8 100644
--- a/test/test_data/grub2.py
+++ b/test/test_data/grub2.py
@@ -20,13 +20,13 @@
"other_products": ["zstandard"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/grub2/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/grub2/",
"package_name": "grub-common_2.02+dfsg1-20+deb10u1_amd64.deb",
"product": "grub2",
"version": "2.02",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/grub2/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/grub2/",
"package_name": "grub-common_2.02+dfsg1-20+deb10u1_arm64.deb",
"product": "grub2",
"version": "2.02",
diff --git a/test/test_data/gstreamer.py b/test/test_data/gstreamer.py
index ec26826bc1..77e0fd319d 100644
--- a/test/test_data/gstreamer.py
+++ b/test/test_data/gstreamer.py
@@ -21,7 +21,7 @@
"version": "0.10.36",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gstreamer1.0/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gstreamer1.0/",
"package_name": "libgstreamer1.0-0_1.10.4-1_amd64.deb",
"product": "gstreamer",
"version": "1.10.4",
diff --git a/test/test_data/gvfs.py b/test/test_data/gvfs.py
index 7bce403192..c79671c0f2 100644
--- a/test/test_data/gvfs.py
+++ b/test/test_data/gvfs.py
@@ -19,13 +19,13 @@
"version": "1.50.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gvfs/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gvfs/",
"package_name": "gvfs-backends_1.22.2-1_amd64.deb",
"product": "gvfs",
"version": "1.22.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gvfs/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gvfs/",
"package_name": "gvfs-backends_1.22.2-1_armel.deb",
"product": "gvfs",
"version": "1.22.2",
diff --git a/test/test_data/gzip.py b/test/test_data/gzip.py
index bed87b1512..076b721e6e 100644
--- a/test/test_data/gzip.py
+++ b/test/test_data/gzip.py
@@ -21,7 +21,7 @@
"version": "1.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/g/gzip/",
+ "url": "http://ftp.debian.org/debian/pool/main/g/gzip/",
"package_name": "gzip_1.9-3+deb10u1_amd64.deb",
"product": "gzip",
"version": "1.9",
diff --git a/test/test_data/harfbuzz.py b/test/test_data/harfbuzz.py
index a372d162d0..3111fcaff9 100644
--- a/test/test_data/harfbuzz.py
+++ b/test/test_data/harfbuzz.py
@@ -23,19 +23,19 @@
"version": "7.0.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/",
"package_name": "libharfbuzz0b_0.9.35-2_amd64.deb",
"product": "harfbuzz",
"version": "0.9.35",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/",
"package_name": "libharfbuzz-bin_1.4.2-1_amd64.deb",
"product": "harfbuzz",
"version": "1.4.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/",
"package_name": "libharfbuzz0b_6.0.0+dfsg-3_amd64.deb",
"product": "harfbuzz",
"version": "6.0.0",
diff --git a/test/test_data/haserl.py b/test/test_data/haserl.py
index 3d4f9feeeb..79cef24223 100644
--- a/test/test_data/haserl.py
+++ b/test/test_data/haserl.py
@@ -22,13 +22,13 @@
"version": "0.9.36",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/haserl/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/haserl/",
"package_name": "haserl_0.9.33-1_amd64.deb",
"product": "haserl",
"version": "0.9.33",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/haserl/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/haserl/",
"package_name": "haserl_0.9.33-1_armel.deb",
"product": "haserl",
"version": "0.9.33",
diff --git a/test/test_data/heimdal.py b/test/test_data/heimdal.py
index 936089f05c..47dc24502e 100644
--- a/test/test_data/heimdal.py
+++ b/test/test_data/heimdal.py
@@ -12,7 +12,7 @@
"version": "7.7.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/heimdal/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/heimdal/",
"package_name": "libkrb5-26-heimdal_7.5.0+dfsg-3_amd64.deb",
"product": "heimdal",
"version": "7.5.0",
diff --git a/test/test_data/hwloc.py b/test/test_data/hwloc.py
index 4a145e7220..6473a23961 100644
--- a/test/test_data/hwloc.py
+++ b/test/test_data/hwloc.py
@@ -12,7 +12,7 @@
"version": "2.9.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/hwloc/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/hwloc/",
"package_name": "libhwloc15_2.4.1+dfsg-1_amd64.deb",
"product": "hwloc",
"version": "2.4.1",
diff --git a/test/test_data/i2pd.py b/test/test_data/i2pd.py
index 00d65cdd3b..3daf1650c9 100644
--- a/test/test_data/i2pd.py
+++ b/test/test_data/i2pd.py
@@ -19,13 +19,13 @@
"version": "2.42.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/i2pd/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/i2pd/",
"package_name": "i2pd_2.23.0-1_amd64.deb",
"product": "i2pd",
"version": "2.23.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/i2pd/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/i2pd/",
"package_name": "i2pd_2.23.0-1_arm64.deb",
"product": "i2pd",
"version": "2.23.0",
diff --git a/test/test_data/icecast.py b/test/test_data/icecast.py
index 161c98a47c..54ecfd4e5e 100644
--- a/test/test_data/icecast.py
+++ b/test/test_data/icecast.py
@@ -22,7 +22,7 @@
"version": "2.4.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/icecast2/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/icecast2/",
"package_name": "icecast2_2.4.0-1.1+deb8u1_amd64.deb",
"product": "icecast",
"version": "2.4.0",
diff --git a/test/test_data/iperf3.py b/test/test_data/iperf3.py
index 058411f527..59f7556c5a 100644
--- a/test/test_data/iperf3.py
+++ b/test/test_data/iperf3.py
@@ -19,7 +19,7 @@
"version": "3.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/iperf3/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/iperf3/",
"package_name": "libiperf0_3.0.7-1_amd64.deb",
"product": "iperf3",
"version": "3.0.7",
diff --git a/test/test_data/ipmitool.py b/test/test_data/ipmitool.py
index 63df29b338..adc5ea240d 100644
--- a/test/test_data/ipmitool.py
+++ b/test/test_data/ipmitool.py
@@ -16,7 +16,7 @@
"version": "1.8.19",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/ipmitool/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/ipmitool/",
"package_name": "ipmitool_1.8.14-4_amd64.deb",
"product": "ipmitool",
"version": "1.8.14",
diff --git a/test/test_data/ipsec_tools.py b/test/test_data/ipsec_tools.py
index 1972e67492..3eb7a04bb9 100644
--- a/test/test_data/ipsec_tools.py
+++ b/test/test_data/ipsec_tools.py
@@ -16,7 +16,7 @@
"version": "0.8.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/ipsec-tools/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/ipsec-tools/",
"package_name": "ipsec-tools_0.8.2+20140711-2+deb8u1_amd64.deb",
"product": "ipsec-tools",
"version": "0.8.2",
diff --git a/test/test_data/iptables.py b/test/test_data/iptables.py
index 7afc447f65..b2bfae518a 100644
--- a/test/test_data/iptables.py
+++ b/test/test_data/iptables.py
@@ -40,13 +40,13 @@
"version": "1.8.8",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/iptables/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/iptables/",
"package_name": "iptables-nftables-compat_1.6.2-1.1~bpo9+1_i386.deb",
"product": "iptables",
"version": "1.6.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/iptables/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/iptables/",
"package_name": "iptables-nftables-compat_1.6.2-1.1~bpo9+1_mips.deb",
"product": "iptables",
"version": "1.6.2",
diff --git a/test/test_data/iucode_tool.py b/test/test_data/iucode_tool.py
index cd56997080..5857d2a86a 100644
--- a/test/test_data/iucode_tool.py
+++ b/test/test_data/iucode_tool.py
@@ -22,13 +22,13 @@
"version": "2.3.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/contrib/i/iucode-tool/",
+ "url": "http://ftp.debian.org/debian/pool/contrib/i/iucode-tool/",
"package_name": "iucode-tool_1.1.1-1_amd64.deb",
"product": "iucode-tool",
"version": "1.1.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/contrib/i/iucode-tool/",
+ "url": "http://ftp.debian.org/debian/pool/contrib/i/iucode-tool/",
"package_name": "iucode-tool_1.1.1-1_i386.deb",
"product": "iucode-tool",
"version": "1.1.1",
diff --git a/test/test_data/iwd.py b/test/test_data/iwd.py
index 43806d4c80..3f5b58102d 100644
--- a/test/test_data/iwd.py
+++ b/test/test_data/iwd.py
@@ -21,7 +21,7 @@
"version": "2.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/i/iwd/",
+ "url": "http://ftp.debian.org/debian/pool/main/i/iwd/",
"package_name": "iwd_0.14-2_amd64.deb",
"product": "inet_wireless_daemon",
"version": "0.14",
diff --git a/test/test_data/jack2.py b/test/test_data/jack2.py
index d28663e211..5ca9ea957f 100644
--- a/test/test_data/jack2.py
+++ b/test/test_data/jack2.py
@@ -18,7 +18,7 @@
"version": "1.9.21",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/j/jackd2/",
+ "url": "http://ftp.debian.org/debian/pool/main/j/jackd2/",
"package_name": "jackd2_1.9.12~dfsg-2_amd64.deb",
"product": "jack2",
"version": "1.9.12",
diff --git a/test/test_data/janus.py b/test/test_data/janus.py
index 472b585a61..82c4fbfe9e 100644
--- a/test/test_data/janus.py
+++ b/test/test_data/janus.py
@@ -23,7 +23,7 @@
"version": "1.1.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/j/janus/",
+ "url": "http://ftp.debian.org/debian/pool/main/j/janus/",
"package_name": "janus_0.9.2-1~bpo10+1_amd64.deb",
"product": "janus",
"version": "0.9.2",
diff --git a/test/test_data/jhead.py b/test/test_data/jhead.py
index c301b96aa2..93c77a67d1 100644
--- a/test/test_data/jhead.py
+++ b/test/test_data/jhead.py
@@ -12,13 +12,13 @@
"version": "3.04",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/j/jhead/",
+ "url": "http://ftp.debian.org/debian/pool/main/j/jhead/",
"package_name": "jhead_2.97-1+deb8u1_amd64.deb",
"product": "jhead",
"version": "2.97",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/j/jhead/",
+ "url": "http://ftp.debian.org/debian/pool/main/j/jhead/",
"package_name": "jhead_2.97-1+deb8u1_armel.deb",
"product": "jhead",
"version": "2.97",
diff --git a/test/test_data/jq.py b/test/test_data/jq.py
index 9baf6ccfa9..b54d9c5526 100644
--- a/test/test_data/jq.py
+++ b/test/test_data/jq.py
@@ -13,13 +13,13 @@
"version": "1.6",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/",
+ "url": "http://ftp.debian.org/debian/pool/main/j/jq/",
"package_name": "jq_1.5+dfsg-2+b1_amd64.deb",
"product": "jq",
"version": "1.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/",
+ "url": "http://ftp.debian.org/debian/pool/main/j/jq/",
"package_name": "jq_1.7.1-3_arm64.deb",
"product": "jq",
"version": "1.7.1",
diff --git a/test/test_data/json_c.py b/test/test_data/json_c.py
index 9236e8c31e..f0ca525802 100644
--- a/test/test_data/json_c.py
+++ b/test/test_data/json_c.py
@@ -26,13 +26,13 @@
"version": "0.16",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/j/json-c/",
+ "url": "http://ftp.debian.org/debian/pool/main/j/json-c/",
"package_name": "libjson-c5_0.15-2_amd64.deb",
"product": "json-c",
"version": "0.15",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/j/json-c/",
+ "url": "http://ftp.debian.org/debian/pool/main/j/json-c/",
"package_name": "libjson-c3_0.12.1-1.1_ppc64el.deb",
"product": "json-c",
"version": "0.12.1",
diff --git a/test/test_data/keepalived.py b/test/test_data/keepalived.py
index ad31d9e604..402d8d9e03 100644
--- a/test/test_data/keepalived.py
+++ b/test/test_data/keepalived.py
@@ -22,13 +22,13 @@
"version": "2.2.7",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/k/keepalived/",
+ "url": "http://ftp.debian.org/debian/pool/main/k/keepalived/",
"package_name": "keepalived_1.2.13-1_amd64.deb",
"product": "keepalived",
"version": "1.2.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/k/keepalived/",
+ "url": "http://ftp.debian.org/debian/pool/main/k/keepalived/",
"package_name": "keepalived_1.2.13-1_armel.deb",
"product": "keepalived",
"version": "1.2.13",
diff --git a/test/test_data/kerberos.py b/test/test_data/kerberos.py
index b629c0d465..6686ee258f 100644
--- a/test/test_data/kerberos.py
+++ b/test/test_data/kerberos.py
@@ -29,7 +29,7 @@
"version": "1.15.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/k/krb5/",
+ "url": "http://ftp.debian.org/debian/pool/main/k/krb5/",
"package_name": "libkrb5-3_1.12.1+dfsg-19+deb8u4_amd64.deb",
"product": "kerberos_5",
"version": "1.12.1",
diff --git a/test/test_data/kodi.py b/test/test_data/kodi.py
index bf0c1f8273..cdd214cca1 100644
--- a/test/test_data/kodi.py
+++ b/test/test_data/kodi.py
@@ -13,7 +13,7 @@
"version": "20.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/k/kodi/",
+ "url": "http://ftp.debian.org/debian/pool/main/k/kodi/",
"package_name": "kodi-bin_17.1+dfsg1-3_amd64.deb",
"product": "kodi",
"version": "17.1",
diff --git a/test/test_data/kubernetes.py b/test/test_data/kubernetes.py
index eff9776d36..49c3e39d65 100644
--- a/test/test_data/kubernetes.py
+++ b/test/test_data/kubernetes.py
@@ -17,7 +17,7 @@
"other_products": ["go"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/k/kubernetes/",
+ "url": "http://ftp.debian.org/debian/pool/main/k/kubernetes/",
"package_name": "kubernetes-client_1.20.5+really1.20.2-1_amd64.deb",
"product": "kubernetes",
"version": "1.20.5",
diff --git a/test/test_data/ldns.py b/test/test_data/ldns.py
index a4f6f49f69..4be609453e 100644
--- a/test/test_data/ldns.py
+++ b/test/test_data/ldns.py
@@ -16,7 +16,7 @@
"version": "1.8.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/ldns/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/ldns/",
"package_name": "libldns2_1.7.0-4_amd64.deb",
"product": "ldns",
"version": "1.7.0",
diff --git a/test/test_data/lftp.py b/test/test_data/lftp.py
index d53f17f37a..3a2e496e39 100644
--- a/test/test_data/lftp.py
+++ b/test/test_data/lftp.py
@@ -18,13 +18,13 @@
"version": "4.9.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lftp/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lftp/",
"package_name": "lftp_4.6.0-1+deb8u1_amd64.deb",
"product": "lftp",
"version": "4.6.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lftp/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lftp/",
"package_name": "lftp_4.6.0-1+deb8u1_armel.deb",
"product": "lftp",
"version": "4.6.0",
diff --git a/test/test_data/libass.py b/test/test_data/libass.py
index 0f54ef80c6..c880d95085 100644
--- a/test/test_data/libass.py
+++ b/test/test_data/libass.py
@@ -18,7 +18,7 @@
"version": "0.16.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/liba/libass/",
+ "url": "http://ftp.debian.org/debian/pool/main/liba/libass/",
"package_name": "libass9_0.16.0-1_amd64.deb",
"product": "libass",
"version": "0.16.0",
diff --git a/test/test_data/libcoap.py b/test/test_data/libcoap.py
index 7896d46405..fc4b4833b6 100644
--- a/test/test_data/libcoap.py
+++ b/test/test_data/libcoap.py
@@ -12,13 +12,13 @@
"version": "4.3.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libcoap/",
+ "url": "http://ftp.debian.org/debian/pool/main/libc/libcoap/",
"package_name": "libcoap-1-0_4.1.2-1_amd64.deb",
"product": "libcoap",
"version": "4.1.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libcoap3/",
+ "url": "http://ftp.debian.org/debian/pool/main/libc/libcoap3/",
"package_name": "libcoap3_4.3.1-1_amd64.deb",
"product": "libcoap",
"version": "4.3.1",
diff --git a/test/test_data/libconfuse.py b/test/test_data/libconfuse.py
index 232d92036d..d7a37938d7 100644
--- a/test/test_data/libconfuse.py
+++ b/test/test_data/libconfuse.py
@@ -18,7 +18,7 @@
"version": "3.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libconfuse/",
+ "url": "http://ftp.debian.org/debian/pool/main/libc/libconfuse/",
"package_name": "libconfuse2_3.3-2_arm64.deb",
"product": "libconfuse",
"version": "3.3",
diff --git a/test/test_data/libde265.py b/test/test_data/libde265.py
index 5246bacf22..eb37dc4ae7 100644
--- a/test/test_data/libde265.py
+++ b/test/test_data/libde265.py
@@ -12,7 +12,7 @@
"version": "1.0.14",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libd/libde265/",
+ "url": "http://ftp.debian.org/debian/pool/main/libd/libde265/",
"package_name": "libde265-0_1.0.3-1+b1_amd64.deb",
"product": "libde265",
"version": "1.0.3",
diff --git a/test/test_data/libevent.py b/test/test_data/libevent.py
index ae0f6ebe95..57c14e7071 100644
--- a/test/test_data/libevent.py
+++ b/test/test_data/libevent.py
@@ -16,7 +16,7 @@
"version": "2.1.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libe/libevent/",
+ "url": "http://ftp.debian.org/debian/pool/main/libe/libevent/",
"package_name": "libevent-2.0-5_2.0.21-stable-3_amd64.deb",
"product": "libevent",
"version": "2.0.21",
diff --git a/test/test_data/libgd.py b/test/test_data/libgd.py
index 9593100e96..62edff4c58 100644
--- a/test/test_data/libgd.py
+++ b/test/test_data/libgd.py
@@ -16,7 +16,7 @@
"version": "2.3.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgd2/",
+ "url": "http://ftp.debian.org/debian/pool/main/libg/libgd2/",
"package_name": "libgd3_2.2.5-5.2_amd64.deb",
"product": "libgd",
"version": "2.2.5",
diff --git a/test/test_data/libgit2.py b/test/test_data/libgit2.py
index 9c81a4e8e6..ad55698702 100644
--- a/test/test_data/libgit2.py
+++ b/test/test_data/libgit2.py
@@ -18,13 +18,13 @@
"version": "1.5.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgit2/",
+ "url": "http://ftp.debian.org/debian/pool/main/libg/libgit2/",
"package_name": "libgit2-1.1_1.1.0+dfsg.1-4.1+b1_amd64.deb",
"product": "libgit2",
"version": "1.1.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgit2/",
+ "url": "http://ftp.debian.org/debian/pool/main/libg/libgit2/",
"package_name": "libgit2-1.1_1.1.0+dfsg.1-4.1+b1_arm64.deb",
"product": "libgit2",
"version": "1.1.0",
diff --git a/test/test_data/libheif.py b/test/test_data/libheif.py
index 510315a53f..7a5b329adc 100644
--- a/test/test_data/libheif.py
+++ b/test/test_data/libheif.py
@@ -12,7 +12,7 @@
"version": "1.17.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libh/libheif/",
+ "url": "http://ftp.debian.org/debian/pool/main/libh/libheif/",
"package_name": "libheif1_1.3.2-2~deb10u1_amd64.deb",
"product": "libheif",
"version": "1.3.2",
diff --git a/test/test_data/libidn2.py b/test/test_data/libidn2.py
index 786c087f0e..cb84e6e6db 100644
--- a/test/test_data/libidn2.py
+++ b/test/test_data/libidn2.py
@@ -32,13 +32,13 @@
"version": "2.3.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libidn2/",
+ "url": "http://ftp.debian.org/debian/pool/main/libi/libidn2/",
"package_name": "libidn2-0_2.0.5-1+deb10u1_amd64.deb",
"product": "libidn2",
"version": "2.0.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libidn2/",
+ "url": "http://ftp.debian.org/debian/pool/main/libi/libidn2/",
"package_name": "libidn2-0_2.3.0-5_mips64el.deb",
"product": "libidn2",
"version": "2.3.0",
diff --git a/test/test_data/libinput.py b/test/test_data/libinput.py
index 5a23ed492f..5111aacce5 100644
--- a/test/test_data/libinput.py
+++ b/test/test_data/libinput.py
@@ -22,7 +22,7 @@
"version": "1.21.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libinput/",
+ "url": "http://ftp.debian.org/debian/pool/main/libi/libinput/",
"package_name": "libinput10_1.12.6-2+deb10u1_arm64.deb",
"product": "libinput",
"version": "1.12.6",
diff --git a/test/test_data/libjpeg.py b/test/test_data/libjpeg.py
index c749a8fe0c..b3a71f6680 100644
--- a/test/test_data/libjpeg.py
+++ b/test/test_data/libjpeg.py
@@ -6,7 +6,7 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libj/libjpeg9/",
+ "url": "http://ftp.debian.org/debian/pool/main/libj/libjpeg9/",
"package_name": "libjpeg9_9d-1_amd64.deb",
"product": "libjpeg",
"version": "9d",
diff --git a/test/test_data/libjpeg_turbo.py b/test/test_data/libjpeg_turbo.py
index 2e5a94280b..cd72f73bce 100644
--- a/test/test_data/libjpeg_turbo.py
+++ b/test/test_data/libjpeg_turbo.py
@@ -20,7 +20,7 @@
"other_products": ["libjpeg"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libj/libjpeg-turbo/",
+ "url": "http://ftp.debian.org/debian/pool/main/libj/libjpeg-turbo/",
"package_name": "libjpeg62-turbo_1.5.1-2_amd64.deb",
"product": "libjpeg-turbo",
"version": "1.5.1",
diff --git a/test/test_data/libksba.py b/test/test_data/libksba.py
index 389e82162a..8b96b5088f 100644
--- a/test/test_data/libksba.py
+++ b/test/test_data/libksba.py
@@ -12,7 +12,7 @@
"version": "1.6.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libk/libksba/",
+ "url": "http://ftp.debian.org/debian/pool/main/libk/libksba/",
"package_name": "libksba8_1.5.0-3_amd64.deb",
"product": "libksba",
"version": "1.5.0",
diff --git a/test/test_data/libmatroska.py b/test/test_data/libmatroska.py
index 41d1fbc3ec..dc3fa07331 100644
--- a/test/test_data/libmatroska.py
+++ b/test/test_data/libmatroska.py
@@ -22,13 +22,13 @@
"version": "1.6.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmatroska/",
+ "url": "http://ftp.debian.org/debian/pool/main/libm/libmatroska/",
"package_name": "libmatroska6_1.4.1-2+deb8u1_amd64.deb",
"product": "libmatroska",
"version": "1.4.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmatroska/",
+ "url": "http://ftp.debian.org/debian/pool/main/libm/libmatroska/",
"package_name": "libmatroska6_1.4.1-2+deb8u1_armel.deb",
"product": "libmatroska",
"version": "1.4.1",
diff --git a/test/test_data/libmemcached.py b/test/test_data/libmemcached.py
index f26ba23c0f..69fed6c25d 100644
--- a/test/test_data/libmemcached.py
+++ b/test/test_data/libmemcached.py
@@ -21,13 +21,13 @@
"version": "1.0.18",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmemcached/",
+ "url": "http://ftp.debian.org/debian/pool/main/libm/libmemcached/",
"package_name": "libmemcached11_1.0.18-4.1_amd64.deb",
"product": "libmemcached",
"version": "1.0.18",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmemcached/",
+ "url": "http://ftp.debian.org/debian/pool/main/libm/libmemcached/",
"package_name": "libmemcached11_1.1.4-1_arm64.deb",
"product": "libmemcached",
"version": "1.1.4",
diff --git a/test/test_data/libmicrohttpd.py b/test/test_data/libmicrohttpd.py
index afe092c86e..4bf31ee5f9 100644
--- a/test/test_data/libmicrohttpd.py
+++ b/test/test_data/libmicrohttpd.py
@@ -16,7 +16,7 @@
"version": "0.9.76",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmicrohttpd/",
+ "url": "http://ftp.debian.org/debian/pool/main/libm/libmicrohttpd/",
"package_name": "libmicrohttpd12_0.9.62-1_amd64.deb",
"product": "libmicrohttpd",
"version": "0.9.62",
diff --git a/test/test_data/libmodbus.py b/test/test_data/libmodbus.py
index 8c3a2c0f52..9b9615f543 100644
--- a/test/test_data/libmodbus.py
+++ b/test/test_data/libmodbus.py
@@ -12,7 +12,7 @@
"version": "3.1.6",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmodbus/",
+ "url": "http://ftp.debian.org/debian/pool/main/libm/libmodbus/",
"package_name": "libmodbus5_3.1.4-2+deb10u1_amd64.deb",
"product": "libmodbus",
"version": "3.1.4",
diff --git a/test/test_data/libopenmpt.py b/test/test_data/libopenmpt.py
index c407d6734f..776966e908 100644
--- a/test/test_data/libopenmpt.py
+++ b/test/test_data/libopenmpt.py
@@ -16,7 +16,7 @@
"version": "0.7.8",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libo/libopenmpt/",
+ "url": "http://ftp.debian.org/debian/pool/main/libo/libopenmpt/",
"package_name": "libopenmpt0_0.4.3-1+deb10u1_amd64.deb",
"product": "libopenmpt",
"version": "0.4.3",
diff --git a/test/test_data/libpcap.py b/test/test_data/libpcap.py
index 1e3af4f380..a9dc5e0465 100644
--- a/test/test_data/libpcap.py
+++ b/test/test_data/libpcap.py
@@ -22,13 +22,13 @@
"version": "1.10.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpcap/",
+ "url": "http://ftp.debian.org/debian/pool/main/libp/libpcap/",
"package_name": "libpcap0.8_1.10.0-2_amd64.deb",
"product": "libpcap",
"version": "1.10.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpcap/",
+ "url": "http://ftp.debian.org/debian/pool/main/libp/libpcap/",
"package_name": "libpcap0.8_1.10.0-2_arm64.deb",
"product": "libpcap",
"version": "1.10.0",
diff --git a/test/test_data/libraw.py b/test/test_data/libraw.py
index bba00e8cd1..22af8af34f 100644
--- a/test/test_data/libraw.py
+++ b/test/test_data/libraw.py
@@ -31,13 +31,13 @@
"version": "0.20.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libr/libraw/",
+ "url": "http://ftp.debian.org/debian/pool/main/libr/libraw/",
"package_name": "libraw10_0.16.0-9+deb8u3_armel.deb",
"product": "libraw",
"version": "0.16.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libr/libraw/",
+ "url": "http://ftp.debian.org/debian/pool/main/libr/libraw/",
"package_name": "libraw20_0.20.2-2+b1_arm64.deb",
"product": "libraw",
"version": "0.20.2",
diff --git a/test/test_data/librsync.py b/test/test_data/librsync.py
index a5f8a03539..bc344bd3c3 100644
--- a/test/test_data/librsync.py
+++ b/test/test_data/librsync.py
@@ -18,13 +18,13 @@
"version": "2.3.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libr/librsync/",
+ "url": "http://ftp.debian.org/debian/pool/main/libr/librsync/",
"package_name": "librsync1_0.9.7-10+b1_amd64.deb",
"product": "librsync",
"version": "0.9.7",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libr/librsync/",
+ "url": "http://ftp.debian.org/debian/pool/main/libr/librsync/",
"package_name": "librsync1_0.9.7-10+b1_arm64.deb",
"product": "librsync",
"version": "0.9.7",
diff --git a/test/test_data/libsamplerate.py b/test/test_data/libsamplerate.py
index 74be72ad54..e4503534eb 100644
--- a/test/test_data/libsamplerate.py
+++ b/test/test_data/libsamplerate.py
@@ -22,13 +22,13 @@
"version": "0.2.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsamplerate/",
+ "url": "http://ftp.debian.org/debian/pool/main/libs/libsamplerate/",
"package_name": "libsamplerate0_0.1.8-8+b2_amd64.deb",
"product": "libsamplerate",
"version": "0.1.8",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsamplerate/",
+ "url": "http://ftp.debian.org/debian/pool/main/libs/libsamplerate/",
"package_name": "libsamplerate0_0.1.8-8+b2_arm64.deb",
"product": "libsamplerate",
"version": "0.1.8",
diff --git a/test/test_data/libssh.py b/test/test_data/libssh.py
index d4853ed13a..8c71de48b7 100644
--- a/test/test_data/libssh.py
+++ b/test/test_data/libssh.py
@@ -27,13 +27,13 @@
"version": "0.10.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libssh/",
+ "url": "http://ftp.debian.org/debian/pool/main/libs/libssh/",
"package_name": "libssh-4_0.10.4-2_amd64.deb",
"product": "libssh",
"version": "0.10.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libssh/",
+ "url": "http://ftp.debian.org/debian/pool/main/libs/libssh/",
"package_name": "libssh-4_0.10.4-2_arm64.deb",
"product": "libssh",
"version": "0.10.4",
diff --git a/test/test_data/libtasn1.py b/test/test_data/libtasn1.py
index 06156d2f17..fca0f286f9 100644
--- a/test/test_data/libtasn1.py
+++ b/test/test_data/libtasn1.py
@@ -16,7 +16,7 @@
"version": "4.19.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtasn1-6/",
+ "url": "http://ftp.debian.org/debian/pool/main/libt/libtasn1-6/",
"package_name": "libtasn1-6_4.13-3_arm64.deb",
"product": "libtasn1",
"version": "4.13",
diff --git a/test/test_data/libtiff.py b/test/test_data/libtiff.py
index f8e07a8c90..6e078880ba 100644
--- a/test/test_data/libtiff.py
+++ b/test/test_data/libtiff.py
@@ -25,7 +25,7 @@
"version": "4.0.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tiff/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tiff/",
"package_name": "libtiff5_4.2.0-1+deb11u4_amd64.deb",
"product": "libtiff",
"version": "4.2.0",
diff --git a/test/test_data/libtomcrypt.py b/test/test_data/libtomcrypt.py
index b428a71bf8..cf317b8e99 100644
--- a/test/test_data/libtomcrypt.py
+++ b/test/test_data/libtomcrypt.py
@@ -27,13 +27,13 @@
"version": "1.18.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtomcrypt/",
+ "url": "http://ftp.debian.org/debian/pool/main/libt/libtomcrypt/",
"package_name": "libtomcrypt0_1.17-6_amd64.deb",
"product": "libtomcrypt",
"version": "1.17",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtomcrypt/",
+ "url": "http://ftp.debian.org/debian/pool/main/libt/libtomcrypt/",
"package_name": "libtomcrypt0_1.17-6_armel.deb",
"product": "libtomcrypt",
"version": "1.17",
diff --git a/test/test_data/libupnp.py b/test/test_data/libupnp.py
index f2476905e1..b85f99ecc2 100644
--- a/test/test_data/libupnp.py
+++ b/test/test_data/libupnp.py
@@ -18,7 +18,7 @@
"version": "1.14.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/pupnp-1.8/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/pupnp-1.8/",
"package_name": "libupnp-dev_1.8.4-2_amd64.deb",
"product": "libupnp",
"version": "1.8.4",
diff --git a/test/test_data/libuv.py b/test/test_data/libuv.py
index 32016f8ba7..104f9989fe 100644
--- a/test/test_data/libuv.py
+++ b/test/test_data/libuv.py
@@ -12,7 +12,7 @@
"version": "1.48.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libu/libuv1/",
+ "url": "http://ftp.debian.org/debian/pool/main/libu/libuv1/",
"package_name": "libuv1_1.24.1-1+deb10u1_amd64.deb",
"product": "libuv",
"version": "1.24.1",
diff --git a/test/test_data/libvips.py b/test/test_data/libvips.py
index 2324a4ade9..bace09dbec 100644
--- a/test/test_data/libvips.py
+++ b/test/test_data/libvips.py
@@ -12,7 +12,7 @@
"version": "8.15.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/v/vips/",
+ "url": "http://ftp.debian.org/debian/pool/main/v/vips/",
"package_name": "libvips42_8.7.4-1%2Bdeb10u1_amd64.deb",
"product": "libvips",
"version": "8.7.4",
diff --git a/test/test_data/libvirt.py b/test/test_data/libvirt.py
index 7da24104b6..d831e31e5b 100644
--- a/test/test_data/libvirt.py
+++ b/test/test_data/libvirt.py
@@ -21,7 +21,7 @@
"version": "1.2.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvirt/",
+ "url": "http://ftp.debian.org/debian/pool/main/libv/libvirt/",
"package_name": "libvirt0_1.2.9-9+deb8u5_amd64.deb",
"product": "libvirt",
"version": "1.2.9",
diff --git a/test/test_data/libvorbis.py b/test/test_data/libvorbis.py
index c0b8e3595d..1a77e5d6ea 100644
--- a/test/test_data/libvorbis.py
+++ b/test/test_data/libvorbis.py
@@ -18,13 +18,13 @@
"version": "1.3.7",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvorbis/",
+ "url": "http://ftp.debian.org/debian/pool/main/libv/libvorbis/",
"package_name": "libvorbis0a_1.3.4-2+deb8u1_amd64.deb",
"product": "libvorbis",
"version": "1.3.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvorbis/",
+ "url": "http://ftp.debian.org/debian/pool/main/libv/libvorbis/",
"package_name": "libvorbis0a_1.3.4-2+deb8u1_armel.deb",
"product": "libvorbis",
"version": "1.3.4",
diff --git a/test/test_data/libvpx.py b/test/test_data/libvpx.py
index 16be89b61e..6d31979be6 100644
--- a/test/test_data/libvpx.py
+++ b/test/test_data/libvpx.py
@@ -16,7 +16,7 @@
"version": "1.13.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvpx/",
+ "url": "http://ftp.debian.org/debian/pool/main/libv/libvpx/",
"package_name": "libvpx5_1.7.0-3+deb10u1_amd64.deb",
"product": "libvpx",
"version": "1.7.0",
diff --git a/test/test_data/libyaml.py b/test/test_data/libyaml.py
index 21ee950e3a..41df08e6e1 100644
--- a/test/test_data/libyaml.py
+++ b/test/test_data/libyaml.py
@@ -12,7 +12,7 @@
"version": "0.2.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/liby/libyaml/",
+ "url": "http://ftp.debian.org/debian/pool/main/liby/libyaml/",
"package_name": "libyaml-0-2_0.2.1-1_amd64.deb",
"product": "libyaml",
"version": "0.2.1",
diff --git a/test/test_data/linux_kernel.py b/test/test_data/linux_kernel.py
index 43e0ab2d3d..98f1951ade 100644
--- a/test/test_data/linux_kernel.py
+++ b/test/test_data/linux_kernel.py
@@ -23,13 +23,13 @@
"version": "2.6.18",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/linux/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/linux/",
"package_name": "linux-image-3.16.0-6-586_3.16.56-1+deb8u1_i386.deb",
"product": "linux_kernel",
"version": "3.16.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/linux/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/linux/",
"package_name": "linux-image-5.10.0-21-s390x_5.10.162-1_s390x.deb",
"product": "linux_kernel",
"version": "5.10.0",
diff --git a/test/test_data/lldpd.py b/test/test_data/lldpd.py
index 049d9105c6..c0bae85f19 100644
--- a/test/test_data/lldpd.py
+++ b/test/test_data/lldpd.py
@@ -18,13 +18,13 @@
"version": "1.0.15",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lldpd/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lldpd/",
"package_name": "lldpd_0.7.11-2+deb8u1_amd64.deb",
"product": "lldpd",
"version": "0.7.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lldpd/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lldpd/",
"package_name": "lldpd_0.7.11-2+deb8u1_armel.deb",
"product": "lldpd",
"version": "0.7.11",
diff --git a/test/test_data/logrotate.py b/test/test_data/logrotate.py
index 59f9aacf24..2332f40422 100644
--- a/test/test_data/logrotate.py
+++ b/test/test_data/logrotate.py
@@ -35,7 +35,7 @@
"version": "3.14.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/logrotate/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/logrotate/",
"package_name": "logrotate_3.11.0-0.1_amd64.deb",
"product": "logrotate",
"version": "3.11.0",
diff --git a/test/test_data/lrzip.py b/test/test_data/lrzip.py
index d1da3259ac..97e64d5056 100644
--- a/test/test_data/lrzip.py
+++ b/test/test_data/lrzip.py
@@ -21,7 +21,7 @@
"version": "0.651",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lrzip/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lrzip/",
"package_name": "lrzip_0.631+git180528-1+deb10u1_amd64.deb",
"product": "long_range_zip",
"version": "0.631",
diff --git a/test/test_data/lxc.py b/test/test_data/lxc.py
index ed8cb6705d..15db01ea83 100644
--- a/test/test_data/lxc.py
+++ b/test/test_data/lxc.py
@@ -22,13 +22,13 @@
"version": "4.0.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lxc/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lxc/",
"package_name": "liblxc-common_5.0.1-1+b1_amd64.deb",
"product": "lxc",
"version": "5.0.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lxc/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lxc/",
"package_name": "liblxc-common_5.0.1-1+b1_arm64.deb",
"product": "lxc",
"version": "5.0.1",
diff --git a/test/test_data/lynx.py b/test/test_data/lynx.py
index a0dcc9ba50..0eb145ce2c 100644
--- a/test/test_data/lynx.py
+++ b/test/test_data/lynx.py
@@ -27,7 +27,7 @@
"version": "2.9.0dev.10",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lynx/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lynx/",
"package_name": "lynx_2.8.9dev11-1_arm64.deb",
"product": "lynx",
"version": "2.8.9dev.11",
diff --git a/test/test_data/lz4.py b/test/test_data/lz4.py
index ffa081439e..7160e651d7 100644
--- a/test/test_data/lz4.py
+++ b/test/test_data/lz4.py
@@ -23,13 +23,13 @@
"version": "1.9.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lz4/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lz4/",
"package_name": "liblz4-1_1.8.3-1+deb10u1_mips64el.deb",
"product": "lz4",
"version": "1.8.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/l/lz4/",
+ "url": "http://ftp.debian.org/debian/pool/main/l/lz4/",
"package_name": "liblz4-1_1.9.3-2_amd64.deb",
"product": "lz4",
"version": "1.9.3",
diff --git a/test/test_data/mailx.py b/test/test_data/mailx.py
index dfd3bea195..2e7120f929 100644
--- a/test/test_data/mailx.py
+++ b/test/test_data/mailx.py
@@ -18,13 +18,13 @@
"version": "12.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/heirloom-mailx/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/",
"package_name": "heirloom-mailx_12.5-4_amd64.deb",
"product": "mailx",
"version": "12.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/h/heirloom-mailx/",
+ "url": "http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/",
"package_name": "heirloom-mailx_12.5-4_armel.deb",
"product": "mailx",
"version": "12.5",
diff --git a/test/test_data/mbedtls.py b/test/test_data/mbedtls.py
index ec68287a88..f7b38031f8 100644
--- a/test/test_data/mbedtls.py
+++ b/test/test_data/mbedtls.py
@@ -21,7 +21,7 @@
"version": "2.28.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mbedtls/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mbedtls/",
"package_name": "libmbedcrypto3_2.16.0-1_amd64.deb",
"product": "mbed_tls",
"version": "2.16.0",
diff --git a/test/test_data/mdadm.py b/test/test_data/mdadm.py
index 869cd302c4..c209638a65 100644
--- a/test/test_data/mdadm.py
+++ b/test/test_data/mdadm.py
@@ -37,7 +37,7 @@
"version": "4.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mdadm/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mdadm/",
"package_name": "mdadm_3.3.2-5+deb8u2_amd64.deb",
"product": "mdadm",
"version": "3.3.2",
diff --git a/test/test_data/micropython.py b/test/test_data/micropython.py
index 1da02800d3..4f65ac70b2 100644
--- a/test/test_data/micropython.py
+++ b/test/test_data/micropython.py
@@ -16,7 +16,7 @@
"version": "1.21.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/micropython/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/micropython/",
"package_name": "micropython_1.19.1+ds-1_amd64.deb",
"product": "micropython",
"version": "1.19.1",
diff --git a/test/test_data/minetest.py b/test/test_data/minetest.py
index 29ad423d33..0726f7112f 100644
--- a/test/test_data/minetest.py
+++ b/test/test_data/minetest.py
@@ -16,7 +16,7 @@
"version": "5.7.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/minetest/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/minetest/",
"package_name": "minetest_0.4.17.1+repack-1+deb10u1_amd64.deb",
"product": "minetest",
"version": "0.4.17.1",
diff --git a/test/test_data/mini_httpd.py b/test/test_data/mini_httpd.py
index 1a8490ed81..c485285137 100644
--- a/test/test_data/mini_httpd.py
+++ b/test/test_data/mini_httpd.py
@@ -12,7 +12,7 @@
"version": "1.30",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mini-httpd/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mini-httpd/",
"package_name": "mini-httpd_1.30-0.2_amd64.deb",
"product": "mini_httpd",
"version": "1.30",
diff --git a/test/test_data/minicom.py b/test/test_data/minicom.py
index 80f2c35a2b..447ea001f0 100644
--- a/test/test_data/minicom.py
+++ b/test/test_data/minicom.py
@@ -18,13 +18,13 @@
"version": "2.8",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/minicom/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/minicom/",
"package_name": "minicom_2.7-1+deb8u1_amd64.deb",
"product": "minicom",
"version": "2.7",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/minicom/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/minicom/",
"package_name": "minicom_2.7-1+deb8u1_armel.deb",
"product": "minicom",
"version": "2.7",
diff --git a/test/test_data/minidlna.py b/test/test_data/minidlna.py
index 98c33ca03d..0655ce4be0 100644
--- a/test/test_data/minidlna.py
+++ b/test/test_data/minidlna.py
@@ -12,13 +12,13 @@
"version": "1.3.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/minidlna/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/minidlna/",
"package_name": "minidlna_1.1.2+dfsg-1.1+b3_amd64.deb",
"product": "minidlna",
"version": "1.1.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/minidlna/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/minidlna/",
"package_name": "minidlna_1.1.2+dfsg-1.1+b3_armel.deb",
"product": "minidlna",
"version": "1.1.2",
diff --git a/test/test_data/modsecurity.py b/test/test_data/modsecurity.py
index b67483ff23..884786c5a6 100644
--- a/test/test_data/modsecurity.py
+++ b/test/test_data/modsecurity.py
@@ -16,7 +16,7 @@
"version": "3.0.8",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/modsecurity/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/modsecurity/",
"package_name": "libmodsecurity3_3.0.3-1+deb10u2_amd64.deb",
"product": "modsecurity",
"version": "3.0.3",
diff --git a/test/test_data/monit.py b/test/test_data/monit.py
index 90adf9acb7..e96925d83d 100644
--- a/test/test_data/monit.py
+++ b/test/test_data/monit.py
@@ -12,7 +12,7 @@
"version": "5.32.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/monit/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/monit/",
"package_name": "monit_5.27.1-1~bpo10+1_amd64.deb",
"product": "monit",
"version": "5.27.1",
diff --git a/test/test_data/motion.py b/test/test_data/motion.py
index 11238d70ee..72eba92922 100644
--- a/test/test_data/motion.py
+++ b/test/test_data/motion.py
@@ -18,13 +18,13 @@
"version": "4.4.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/motion/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/motion/",
"package_name": "motion_3.2.12+git20140228-4+b3_amd64.deb",
"product": "motion",
"version": "3.2.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/motion/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/motion/",
"package_name": "motion_3.2.12+git20140228-4+b3_armel.deb",
"product": "motion",
"version": "3.2.12",
diff --git a/test/test_data/mpg123.py b/test/test_data/mpg123.py
index c0b677ddc3..ae3339bc4d 100644
--- a/test/test_data/mpg123.py
+++ b/test/test_data/mpg123.py
@@ -12,7 +12,7 @@
"version": "1.31.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpg123/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mpg123/",
"package_name": "mpg123_1.25.10-2_amd64.deb",
"product": "mpg123",
"version": "1.25.10",
diff --git a/test/test_data/mpv.py b/test/test_data/mpv.py
index cfbc7b740e..6612a2f906 100644
--- a/test/test_data/mpv.py
+++ b/test/test_data/mpv.py
@@ -18,13 +18,13 @@
"version": "0.34.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpv/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mpv/",
"package_name": "libmpv1_0.23.0-2+deb9u2_amd64.deb",
"product": "mpv",
"version": "0.23.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpv/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mpv/",
"package_name": "libmpv1_0.23.0-2+deb9u2_arm64.deb",
"product": "mpv",
"version": "0.23.0",
diff --git a/test/test_data/msmtp.py b/test/test_data/msmtp.py
index 053449cc1f..d7408997b2 100644
--- a/test/test_data/msmtp.py
+++ b/test/test_data/msmtp.py
@@ -17,7 +17,7 @@
"version": "1.8.22",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/msmtp/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/msmtp/",
"package_name": "msmtp_1.6.6-1_amd64.deb",
"product": "msmtp",
"version": "1.6.6",
diff --git a/test/test_data/mupdf.py b/test/test_data/mupdf.py
index d0f0593876..9a50b1b705 100644
--- a/test/test_data/mupdf.py
+++ b/test/test_data/mupdf.py
@@ -12,7 +12,7 @@
"version": "1.22.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mupdf/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mupdf/",
"package_name": "mupdf_1.14.0+ds1-4+deb10u3_amd64.deb",
"product": "mupdf",
"version": "1.14.0",
diff --git a/test/test_data/mutt.py b/test/test_data/mutt.py
index 2fa2f91f18..d9e0a789fc 100644
--- a/test/test_data/mutt.py
+++ b/test/test_data/mutt.py
@@ -32,13 +32,13 @@
"version": "2.2.7",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mutt/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mutt/",
"package_name": "mutt-patched_1.5.23-3_amd64.deb",
"product": "mutt",
"version": "1.5.23",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/m/mutt/",
+ "url": "http://ftp.debian.org/debian/pool/main/m/mutt/",
"package_name": "mutt-patched_1.5.23-3_armel.deb",
"product": "mutt",
"version": "1.5.23",
diff --git a/test/test_data/nano.py b/test/test_data/nano.py
index 9382236cb8..854241815e 100644
--- a/test/test_data/nano.py
+++ b/test/test_data/nano.py
@@ -40,7 +40,7 @@
"version": "4.6",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nano/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nano/",
"package_name": "nano_2.2.6-3_amd64.deb",
"product": "nano",
"version": "2.2.6",
diff --git a/test/test_data/nasm.py b/test/test_data/nasm.py
index 104b7fe988..0158074464 100644
--- a/test/test_data/nasm.py
+++ b/test/test_data/nasm.py
@@ -16,7 +16,7 @@
"version": "2.15.05",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nasm/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nasm/",
"package_name": "nasm_2.12.01-1+b1_amd64.deb",
"product": "netwide_assembler",
"version": "2.12.01",
diff --git a/test/test_data/nbd.py b/test/test_data/nbd.py
index 98312b8853..dc61bbbe09 100644
--- a/test/test_data/nbd.py
+++ b/test/test_data/nbd.py
@@ -27,13 +27,13 @@
"version": "3.24",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nbd/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nbd/",
"package_name": "nbd-server_3.15.2-3_amd64.deb",
"product": "network_block_device",
"version": "3.15.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nbd/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nbd/",
"package_name": "nbd-client_3.15.2-3_arm64.deb",
"product": "network_block_device",
"version": "3.15.2",
diff --git a/test/test_data/neon.py b/test/test_data/neon.py
index d2569620ed..1a89f8513c 100644
--- a/test/test_data/neon.py
+++ b/test/test_data/neon.py
@@ -18,7 +18,7 @@
"version": "0.32.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/neon27/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/neon27/",
"package_name": "libneon27_0.30.1-1_amd64.deb",
"product": "neon",
"version": "0.30.1",
diff --git a/test/test_data/netatalk.py b/test/test_data/netatalk.py
index f375a63c8d..021890bc3c 100644
--- a/test/test_data/netatalk.py
+++ b/test/test_data/netatalk.py
@@ -22,13 +22,13 @@
"version": "3.1.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/netatalk/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/netatalk/",
"package_name": "netatalk_2.2.5-2+deb9u1_amd64.deb",
"product": "netatalk",
"version": "2.2.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/netatalk/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/netatalk/",
"package_name": "netatalk_2.2.5-2+deb9u1_arm64.deb",
"product": "netatalk",
"version": "2.2.5",
diff --git a/test/test_data/netdata.py b/test/test_data/netdata.py
index 477849eb89..4b51eadd72 100644
--- a/test/test_data/netdata.py
+++ b/test/test_data/netdata.py
@@ -13,7 +13,7 @@
"other_products": ["sqlite"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/netdata/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/netdata/",
"package_name": "netdata-core_1.12.0-1+deb10u1_amd64.deb",
"product": "netdata",
"version": "1.12.0",
diff --git a/test/test_data/netkit_ftp.py b/test/test_data/netkit_ftp.py
index ed265c0d08..85c1ae0a38 100644
--- a/test/test_data/netkit_ftp.py
+++ b/test/test_data/netkit_ftp.py
@@ -16,7 +16,7 @@
"version": "0.17",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/netkit-ftp/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/netkit-ftp/",
"package_name": "ftp_0.17-31_amd64.deb",
"product": "netkit_ftp",
"version": "0.17",
diff --git a/test/test_data/netpbm.py b/test/test_data/netpbm.py
index af70414ef9..f893aa6a12 100644
--- a/test/test_data/netpbm.py
+++ b/test/test_data/netpbm.py
@@ -23,13 +23,13 @@
"version": "10.35.58",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/netpbm-free/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/netpbm-free/",
"package_name": "libnetpbm10_10.0-15.2_amd64.deb",
"product": "netpbm",
"version": "10.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/netpbm-free/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/netpbm-free/",
"package_name": "netpbm_10.0-15.3+b2_amd64.deb",
"product": "netpbm",
"version": "10.0",
diff --git a/test/test_data/nghttp2.py b/test/test_data/nghttp2.py
index d82c0e360f..6dea3000d1 100644
--- a/test/test_data/nghttp2.py
+++ b/test/test_data/nghttp2.py
@@ -23,13 +23,13 @@
"version": "1.50.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nghttp2/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nghttp2/",
"package_name": "libnghttp2-14_1.18.1-1+deb9u1_amd64.deb",
"product": "nghttp2",
"version": "1.18.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nghttp2/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nghttp2/",
"package_name": "libnghttp2-14_1.18.1-1+deb9u1_arm64.deb",
"product": "nghttp2",
"version": "1.18.1",
diff --git a/test/test_data/nginx.py b/test/test_data/nginx.py
index 84745aec04..aae76464e9 100644
--- a/test/test_data/nginx.py
+++ b/test/test_data/nginx.py
@@ -16,7 +16,7 @@
"version": "1.8.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nginx/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nginx/",
"package_name": "nginx-full_1.10.3-1+deb9u4_amd64.deb",
"product": "nginx",
"version": "1.10.3",
diff --git a/test/test_data/ngircd.py b/test/test_data/ngircd.py
index a84934eedb..d3bd8105d3 100644
--- a/test/test_data/ngircd.py
+++ b/test/test_data/ngircd.py
@@ -17,7 +17,7 @@
"version": "26.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/ngircd/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/ngircd/",
"package_name": "ngircd_26.1-1_amd64.deb",
"product": "ngircd",
"version": "26.1",
diff --git a/test/test_data/nmap.py b/test/test_data/nmap.py
index 8423fe1411..a0cabe76f6 100644
--- a/test/test_data/nmap.py
+++ b/test/test_data/nmap.py
@@ -20,7 +20,7 @@
"other_products": ["lua"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nmap/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nmap/",
"package_name": "nmap_7.40-1_amd64.deb",
"product": "nmap",
"version": "7.40",
diff --git a/test/test_data/node.py b/test/test_data/node.py
index 6c30f88090..b1104885b0 100644
--- a/test/test_data/node.py
+++ b/test/test_data/node.py
@@ -17,7 +17,7 @@
"other_products": ["libuv", "zlib"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/nodejs/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/nodejs/",
"package_name": "nodejs_0.10.29~dfsg-2_amd64.deb",
"product": "node.js",
"version": "0.10.29",
diff --git a/test/test_data/ntfs_3g.py b/test/test_data/ntfs_3g.py
index 9a4038f55e..bfb4da2bb2 100644
--- a/test/test_data/ntfs_3g.py
+++ b/test/test_data/ntfs_3g.py
@@ -21,7 +21,7 @@
"version": "2022.10.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/ntfs-3g/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/ntfs-3g/",
"package_name": "ntfs-3g_2017.3.23AR.3-3+deb10u2_amd64.deb",
"product": "ntfs-3g",
"version": "2017.3.23",
diff --git a/test/test_data/ntpsec.py b/test/test_data/ntpsec.py
index 4336462748..1e5f637cd3 100644
--- a/test/test_data/ntpsec.py
+++ b/test/test_data/ntpsec.py
@@ -23,7 +23,7 @@
"version": "1.2.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/n/ntpsec/",
+ "url": "http://ftp.debian.org/debian/pool/main/n/ntpsec/",
"package_name": "ntpsec_1.1.3+dfsg1-2+deb10u1_amd64.deb",
"product": "ntpsec",
"version": "1.1.3",
diff --git a/test/test_data/open_iscsi.py b/test/test_data/open_iscsi.py
index dd87db76f1..13273df481 100644
--- a/test/test_data/open_iscsi.py
+++ b/test/test_data/open_iscsi.py
@@ -16,7 +16,7 @@
"version": "2.1.8",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/o/open-iscsi/",
+ "url": "http://ftp.debian.org/debian/pool/main/o/open-iscsi/",
"package_name": "open-iscsi_2.1.3-5_amd64.deb",
"product": "open-iscsi",
"version": "2.1.3",
diff --git a/test/test_data/opencv.py b/test/test_data/opencv.py
index 5607c5fb42..e29e683cdd 100644
--- a/test/test_data/opencv.py
+++ b/test/test_data/opencv.py
@@ -18,13 +18,13 @@
"version": "4.5.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/o/opencv/",
+ "url": "http://ftp.debian.org/debian/pool/main/o/opencv/",
"package_name": "libopencv-calib3d2.4v5_2.4.9.1+dfsg1-2_amd64.deb",
"product": "opencv",
"version": "2.4.9.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/o/opencv/",
+ "url": "http://ftp.debian.org/debian/pool/main/o/opencv/",
"package_name": "libopencv-calib3d2.4v5_2.4.9.1+dfsg1-2_arm64.deb",
"product": "opencv",
"version": "2.4.9.1",
diff --git a/test/test_data/openjpeg.py b/test/test_data/openjpeg.py
index e08410565e..7ae8caa42f 100644
--- a/test/test_data/openjpeg.py
+++ b/test/test_data/openjpeg.py
@@ -19,7 +19,7 @@
"version": "1.5.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/o/openjpeg2/",
+ "url": "http://ftp.debian.org/debian/pool/main/o/openjpeg2/",
"package_name": "libopenjp2-7_2.1.0-2+deb8u3+b1_amd64.deb",
"product": "openjpeg",
"version": "2.1.0",
diff --git a/test/test_data/opensc.py b/test/test_data/opensc.py
index 39abe975b6..88afdec445 100644
--- a/test/test_data/opensc.py
+++ b/test/test_data/opensc.py
@@ -12,7 +12,7 @@
"version": "0.23.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/o/opensc/",
+ "url": "http://ftp.debian.org/debian/pool/main/o/opensc/",
"package_name": "opensc_0.14.0-2_amd64.deb",
"product": "opensc",
"version": "0.14.0",
diff --git a/test/test_data/openssh.py b/test/test_data/openssh.py
index 2593b5e3d7..9924f96fa3 100644
--- a/test/test_data/openssh.py
+++ b/test/test_data/openssh.py
@@ -12,7 +12,7 @@
"version": "6.8p1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/o/openssh/",
+ "url": "http://ftp.debian.org/debian/pool/main/o/openssh/",
"package_name": "openssh-client_6.7p1-5+deb8u4_amd64.deb",
"product": "openssh",
"version": "6.7p1",
diff --git a/test/test_data/pango.py b/test/test_data/pango.py
index 2281029047..6444448c83 100644
--- a/test/test_data/pango.py
+++ b/test/test_data/pango.py
@@ -27,7 +27,7 @@
"version": "1.50.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/pango1.0/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/pango1.0/",
"package_name": "libpango-1.0-0_1.40.5-1_arm64.deb",
"product": "pango",
"version": "1.40.5",
diff --git a/test/test_data/patch.py b/test/test_data/patch.py
index 9bfe83f69b..fab7fce6e4 100644
--- a/test/test_data/patch.py
+++ b/test/test_data/patch.py
@@ -19,13 +19,13 @@
"version": "2.7.6",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/patch/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/patch/",
"package_name": "patch_2.7.5-1+deb8u1_amd64.deb",
"product": "patch",
"version": "2.7.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/patch/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/patch/",
"package_name": "patch_2.7.5-1+deb8u1_armel.deb",
"product": "patch",
"version": "2.7.5",
diff --git a/test/test_data/pcre2.py b/test/test_data/pcre2.py
index 46cdd4c4eb..424b75f11c 100644
--- a/test/test_data/pcre2.py
+++ b/test/test_data/pcre2.py
@@ -12,7 +12,7 @@
"version": "10.42",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/pcre2/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/pcre2/",
"package_name": "libpcre2-16-0_10.22-3_amd64.deb",
"product": "pcre2",
"version": "10.22",
diff --git a/test/test_data/perl.py b/test/test_data/perl.py
index 7189dbddb6..e7488f59b4 100644
--- a/test/test_data/perl.py
+++ b/test/test_data/perl.py
@@ -17,7 +17,7 @@
"version": "5.36.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/perl/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/perl/",
"package_name": "perl-base_5.20.2-3+deb8u11_amd64.deb",
"product": "perl",
"version": "5.20.2",
diff --git a/test/test_data/php.py b/test/test_data/php.py
index b4e754c7dc..46394a27ed 100644
--- a/test/test_data/php.py
+++ b/test/test_data/php.py
@@ -12,7 +12,7 @@
"version": "8.2.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/php7.3/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/php7.3/",
"package_name": "libphp7.3-embed_7.3.31-1~deb10u1_amd64.deb",
"product": "php",
"version": "7.3.31",
diff --git a/test/test_data/picocom.py b/test/test_data/picocom.py
index c4fbc19e86..0be088cd8d 100644
--- a/test/test_data/picocom.py
+++ b/test/test_data/picocom.py
@@ -13,7 +13,7 @@
"version": "3.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/picocom/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/picocom/",
"package_name": "picocom_1.7-1_amd64.deb",
"product": "picocom",
"version": "1.7",
diff --git a/test/test_data/pigz.py b/test/test_data/pigz.py
index 4b1b9afed8..3f298351d5 100644
--- a/test/test_data/pigz.py
+++ b/test/test_data/pigz.py
@@ -39,7 +39,7 @@
"version": "2.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/pigz/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/pigz/",
"package_name": "pigz_2.3.1-2_amd64.deb",
"product": "pigz",
"version": "2.3.1",
diff --git a/test/test_data/pixman.py b/test/test_data/pixman.py
index eb8718255d..c10869b16e 100644
--- a/test/test_data/pixman.py
+++ b/test/test_data/pixman.py
@@ -21,7 +21,7 @@
"version": "0.42.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/pixman/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/pixman/",
"package_name": "libpixman-1-0_0.36.0-1_amd64.deb",
"product": "pixman",
"version": "0.36.0",
diff --git a/test/test_data/png.py b/test/test_data/png.py
index fa4bc53b4d..c617677d11 100644
--- a/test/test_data/png.py
+++ b/test/test_data/png.py
@@ -26,7 +26,7 @@
"version": "1.5.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpng/",
+ "url": "http://ftp.debian.org/debian/pool/main/libp/libpng/",
"package_name": "libpng12-0_1.2.50-2+deb8u3_amd64.deb",
"product": "libpng",
"version": "1.2.50",
diff --git a/test/test_data/ppp.py b/test/test_data/ppp.py
index baa736c056..2e753ea74b 100644
--- a/test/test_data/ppp.py
+++ b/test/test_data/ppp.py
@@ -32,13 +32,13 @@
"version": "2.4.9",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/ppp/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/ppp/",
"package_name": "ppp_2.4.6-3.1_amd64.deb",
"product": "point-to-point_protocol",
"version": "2.4.6",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/ppp/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/ppp/",
"package_name": "ppp_2.4.6-3.1_armel.deb",
"product": "point-to-point_protocol",
"version": "2.4.6",
diff --git a/test/test_data/privoxy.py b/test/test_data/privoxy.py
index d51d1eaa8e..91aa6c24f7 100644
--- a/test/test_data/privoxy.py
+++ b/test/test_data/privoxy.py
@@ -22,13 +22,13 @@
"version": "3.0.33",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/privoxy/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/privoxy/",
"package_name": "privoxy_3.0.21-7+deb8u1_amd64.deb",
"product": "privoxy",
"version": "3.0.21",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/privoxy/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/privoxy/",
"package_name": "privoxy_3.0.21-7+deb8u1_armel.deb",
"product": "privoxy",
"version": "3.0.21",
diff --git a/test/test_data/procps_ng.py b/test/test_data/procps_ng.py
index 0f17662e40..e0de6032a4 100644
--- a/test/test_data/procps_ng.py
+++ b/test/test_data/procps_ng.py
@@ -18,7 +18,7 @@
"version": "4.0.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/procps/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/procps/",
"package_name": "procps_3.3.12-3+deb9u1_amd64.deb",
"product": "procps-ng",
"version": "3.3.12",
diff --git a/test/test_data/protobuf_c.py b/test/test_data/protobuf_c.py
index 22ffaf2dff..1f1cc92cd6 100644
--- a/test/test_data/protobuf_c.py
+++ b/test/test_data/protobuf_c.py
@@ -16,7 +16,7 @@
"version": "1.4.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/protobuf-c/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/protobuf-c/",
"package_name": "libprotobuf-c1_1.3.1-1+b1_amd64.deb",
"product": "protobuf-c",
"version": "1.3.1",
diff --git a/test/test_data/pure_ftpd.py b/test/test_data/pure_ftpd.py
index 10381927b0..cf4879f2f9 100644
--- a/test/test_data/pure_ftpd.py
+++ b/test/test_data/pure_ftpd.py
@@ -22,7 +22,7 @@
"version": "1.0.51",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/pure-ftpd/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/pure-ftpd/",
"package_name": "pure-ftpd_1.0.43-3_arm64.deb",
"product": "pure-ftpd",
"version": "1.0.43",
diff --git a/test/test_data/putty.py b/test/test_data/putty.py
index 5b35e1215c..8c966c5e01 100644
--- a/test/test_data/putty.py
+++ b/test/test_data/putty.py
@@ -19,7 +19,7 @@
"version": "0.77",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/putty/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/putty/",
"package_name": "putty_0.70-6_arm64.deb",
"product": "putty",
"version": "0.70",
diff --git a/test/test_data/python.py b/test/test_data/python.py
index 91a1569b9e..d91c16d970 100644
--- a/test/test_data/python.py
+++ b/test/test_data/python.py
@@ -42,13 +42,13 @@
"version": "3.9.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/python2.7/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/python2.7/",
"package_name": "python2.7-minimal_2.7.13-2+deb9u3_amd64.deb",
"product": "python",
"version": "2.7.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/p/python3.11/",
+ "url": "http://ftp.debian.org/debian/pool/main/p/python3.11/",
"package_name": "python3.11-minimal_3.11.1-2_amd64.deb",
"product": "python",
"version": "3.11.1",
diff --git a/test/test_data/qemu.py b/test/test_data/qemu.py
index 2fa99210a9..3dd3743047 100644
--- a/test/test_data/qemu.py
+++ b/test/test_data/qemu.py
@@ -17,7 +17,7 @@
"other_products": ["gcc"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/q/qemu/",
+ "url": "http://ftp.debian.org/debian/pool/main/q/qemu/",
"package_name": "qemu-system-x86_7.2+dfsg-1_amd64.deb",
"product": "qemu",
"version": "7.2.0",
diff --git a/test/test_data/qpdf.py b/test/test_data/qpdf.py
index 358aeaeeb7..09b47339c7 100644
--- a/test/test_data/qpdf.py
+++ b/test/test_data/qpdf.py
@@ -17,7 +17,7 @@
"version": "11.5.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/q/qpdf/",
+ "url": "http://ftp.debian.org/debian/pool/main/q/qpdf/",
"package_name": "libqpdf21_8.4.0-2_amd64.deb",
"product": "qpdf",
"version": "8.4.0",
diff --git a/test/test_data/quagga.py b/test/test_data/quagga.py
index 7fb49d5b84..f1579261d5 100644
--- a/test/test_data/quagga.py
+++ b/test/test_data/quagga.py
@@ -22,13 +22,13 @@
"version": "1.2.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/q/quagga/",
+ "url": "http://ftp.debian.org/debian/pool/main/q/quagga/",
"package_name": "quagga-core_1.1.1-3+deb9u2_amd64.deb",
"product": "quagga",
"version": "1.1.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/q/quagga/",
+ "url": "http://ftp.debian.org/debian/pool/main/q/quagga/",
"package_name": "quagga-core_1.1.1-3+deb9u2_arm64.deb",
"product": "quagga",
"version": "1.1.1",
diff --git a/test/test_data/radvd.py b/test/test_data/radvd.py
index 6183cb0311..7babe63ce1 100644
--- a/test/test_data/radvd.py
+++ b/test/test_data/radvd.py
@@ -21,7 +21,7 @@
"version": "2.19",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/radvd/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/radvd/",
"package_name": "radvd_1.9.1-1.3_amd64.deb",
"product": "router_advertisement_daemon",
"version": "1.9.1",
diff --git a/test/test_data/raptor.py b/test/test_data/raptor.py
index 47b2a1a24e..51fd2761cd 100644
--- a/test/test_data/raptor.py
+++ b/test/test_data/raptor.py
@@ -21,13 +21,13 @@
"version": "2.0.15",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/raptor/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/raptor/",
"package_name": "libraptor1_1.4.21-11+b1_amd64.deb",
"product": "raptor_rdf_syntax_library",
"version": "1.4.21",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/raptor2/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/raptor2/",
"package_name": "libraptor2-0_2.0.14-1+b1_amd64.deb",
"product": "raptor_rdf_syntax_library",
"version": "2.0.14",
diff --git a/test/test_data/rauc.py b/test/test_data/rauc.py
index 1542dd43df..700fe73558 100644
--- a/test/test_data/rauc.py
+++ b/test/test_data/rauc.py
@@ -7,13 +7,13 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/rauc/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/rauc/",
"package_name": "rauc_1.5.1-1_amd64.deb",
"product": "rauc",
"version": "1.5.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/rauc/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/rauc/",
"package_name": "rauc_1.8-2_arm64.deb",
"product": "rauc",
"version": "1.8",
diff --git a/test/test_data/rdesktop.py b/test/test_data/rdesktop.py
index 28f7b6f5ea..3da8c3bc30 100644
--- a/test/test_data/rdesktop.py
+++ b/test/test_data/rdesktop.py
@@ -24,13 +24,13 @@
"version": "1.9.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/rdesktop/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/rdesktop/",
"package_name": "rdesktop_1.8.2-3+deb8u1_amd64.deb",
"product": "rdesktop",
"version": "1.8.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/rdesktop/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/rdesktop/",
"package_name": "rdesktop_1.8.2-3+deb8u1_armel.deb",
"product": "rdesktop",
"version": "1.8.2",
diff --git a/test/test_data/readline.py b/test/test_data/readline.py
index 456ae98f42..798a54255c 100644
--- a/test/test_data/readline.py
+++ b/test/test_data/readline.py
@@ -21,7 +21,7 @@
"version": "8.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/readline/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/readline/",
"package_name": "libreadline7_7.0-5_amd64.deb",
"product": "readline",
"version": "7.0",
diff --git a/test/test_data/rpm.py b/test/test_data/rpm.py
index 1f8c9ca677..5e6732b981 100644
--- a/test/test_data/rpm.py
+++ b/test/test_data/rpm.py
@@ -12,7 +12,7 @@
"version": "4.18.92",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/rpm/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/rpm/",
"package_name": "librpm8_4.14.2.1+dfsg1-1_amd64.deb",
"product": "rpm",
"version": "4.14.2.1",
diff --git a/test/test_data/rsync.py b/test/test_data/rsync.py
index f287e3e413..453ee12111 100644
--- a/test/test_data/rsync.py
+++ b/test/test_data/rsync.py
@@ -19,7 +19,7 @@
"version": "3.2.6",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/rsync/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/rsync/",
"package_name": "rsync_3.1.1-3+deb8u1_armel.deb",
"product": "rsync",
"version": "3.1.1",
diff --git a/test/test_data/rtl_433.py b/test/test_data/rtl_433.py
index 2038cb0371..02ea9d8566 100644
--- a/test/test_data/rtl_433.py
+++ b/test/test_data/rtl_433.py
@@ -13,7 +13,7 @@
"version": "21.12",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/rtl-433/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/rtl-433/",
"package_name": "rtl-433_20.11-1_amd64.deb",
"product": "rtl_433",
"version": "20.11",
diff --git a/test/test_data/rtmpdump.py b/test/test_data/rtmpdump.py
index 158c5fb532..7a4d06277a 100644
--- a/test/test_data/rtmpdump.py
+++ b/test/test_data/rtmpdump.py
@@ -12,7 +12,7 @@
"version": "2.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/rtmpdump/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/rtmpdump/",
"package_name": "rtmpdump_2.4%2B20151223.gitfa8646d.1-1%2Bb1_amd64.deb",
"product": "rtmpdump",
"version": "2.4",
diff --git a/test/test_data/runc.py b/test/test_data/runc.py
index 6f26ed464d..203a1ddbdd 100644
--- a/test/test_data/runc.py
+++ b/test/test_data/runc.py
@@ -13,7 +13,7 @@
"other_products": ["go"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/r/runc/",
+ "url": "http://ftp.debian.org/debian/pool/main/r/runc/",
"package_name": "runc_0.1.1+dfsg1-2+deb9u1_amd64.deb",
"product": "runc",
"version": "0.1.1",
diff --git a/test/test_data/sdl.py b/test/test_data/sdl.py
index 181f6913c3..b5fb6fe738 100644
--- a/test/test_data/sdl.py
+++ b/test/test_data/sdl.py
@@ -21,7 +21,7 @@
"version": "2.26.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsdl2/",
+ "url": "http://ftp.debian.org/debian/pool/main/libs/libsdl2/",
"package_name": "libsdl2-2.0-0_2.0.2+dfsg1-6_amd64.deb",
"product": "simple_directmedia_layer",
"version": "2.0.2",
diff --git a/test/test_data/shadowsocks_libev.py b/test/test_data/shadowsocks_libev.py
index 1ec719486c..ebe0dda75f 100644
--- a/test/test_data/shadowsocks_libev.py
+++ b/test/test_data/shadowsocks_libev.py
@@ -27,14 +27,14 @@
"version": "3.3.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/shadowsocks-libev/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/shadowsocks-libev/",
"package_name": "libshadowsocks-libev2_2.6.3+ds-3+deb9u1_amd64.deb",
"product": "shadowsocks-libev",
"version": "2.6.3",
"other_products": ["mbed_tls"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/shadowsocks-libev/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/shadowsocks-libev/",
"package_name": "libshadowsocks-libev2_2.6.3+ds-3+deb9u1_arm64.deb",
"product": "shadowsocks-libev",
"version": "2.6.3",
diff --git a/test/test_data/snapd.py b/test/test_data/snapd.py
index 9717a9be64..043050a8e5 100644
--- a/test/test_data/snapd.py
+++ b/test/test_data/snapd.py
@@ -6,7 +6,7 @@
]
package_test_data = [
{
- "url": "https://distrib-coffee.ipsl.jussieu.fr/pub/linux/altlinux/p10/branch/aarch64/RPMS.classic/",
+ "url": "https://distrib-coffee.ipsl.jussieu/pub/linux/altlinux/p10/branch/aarch64/RPMS.classic/",
"package_name": "snapd-2.56-alt1.aarch64.rpm",
"product": "snapd",
"version": "2.56",
diff --git a/test/test_data/sngrep.py b/test/test_data/sngrep.py
index dc59bf90a7..cae0099d95 100644
--- a/test/test_data/sngrep.py
+++ b/test/test_data/sngrep.py
@@ -12,7 +12,7 @@
"version": "1.7.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/sngrep/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/sngrep/",
"package_name": "sngrep_1.4.6-1_amd64.deb",
"product": "sngrep",
"version": "1.4.6",
diff --git a/test/test_data/snort.py b/test/test_data/snort.py
index 3a5d514f4e..5ba06a2b80 100644
--- a/test/test_data/snort.py
+++ b/test/test_data/snort.py
@@ -23,13 +23,13 @@
"version": "3.1.43.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/snort/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/snort/",
"package_name": "snort_2.9.7.0-5_arm64.deb",
"product": "snort",
"version": "2.9.7.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/snort/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/snort/",
"package_name": "snort_2.9.15.1-5_amd64.deb",
"product": "snort",
"version": "2.9.15.1",
diff --git a/test/test_data/socat.py b/test/test_data/socat.py
index e645391b65..eafd1dc397 100644
--- a/test/test_data/socat.py
+++ b/test/test_data/socat.py
@@ -18,13 +18,13 @@
"version": "2.0.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/socat/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/socat/",
"package_name": "socat_1.7.2.4-2_amd64.deb",
"product": "socat",
"version": "1.7.2.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/socat/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/socat/",
"package_name": "socat_1.7.2.4-2_armel.deb",
"product": "socat",
"version": "1.7.2.4",
diff --git a/test/test_data/sofia_sip.py b/test/test_data/sofia_sip.py
index cd107d5f4a..550d26c5d6 100644
--- a/test/test_data/sofia_sip.py
+++ b/test/test_data/sofia_sip.py
@@ -16,13 +16,13 @@
"version": "1.13.9",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/sofia-sip/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/sofia-sip/",
"package_name": "libsofia-sip-ua0_1.12.11+20110422.1-2_amd64.deb",
"product": "sofia-sip",
"version": "1.12.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/sofia-sip/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/sofia-sip/",
"package_name": "libsofia-sip-ua0_1.12.11+20110422.1-2_armel.deb",
"product": "sofia-sip",
"version": "1.12.11",
diff --git a/test/test_data/speex.py b/test/test_data/speex.py
index 7a01585a1e..e877dd572a 100644
--- a/test/test_data/speex.py
+++ b/test/test_data/speex.py
@@ -22,7 +22,7 @@
"version": "1.2.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/speex/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/speex/",
"package_name": "libspeex1_1.2~rc1.2-1+b2_amd64.deb",
"product": "speex",
"version": "1.2",
diff --git a/test/test_data/spice.py b/test/test_data/spice.py
index a6c6ac21f9..9614c055d4 100644
--- a/test/test_data/spice.py
+++ b/test/test_data/spice.py
@@ -18,13 +18,13 @@
"version": "0.14.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/spice/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/spice/",
"package_name": "libspice-server1_0.12.5-1+deb8u5_amd64.deb",
"product": "spice",
"version": "0.12.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/spice/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/spice/",
"package_name": "libspice-server1_0.12.5-1+deb8u5_i386.deb",
"product": "spice",
"version": "0.12.5",
diff --git a/test/test_data/squashfs.py b/test/test_data/squashfs.py
index 08e32feafd..6fb7de29ab 100644
--- a/test/test_data/squashfs.py
+++ b/test/test_data/squashfs.py
@@ -22,13 +22,13 @@
"version": "4.5.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/squashfs-tools/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/squashfs-tools/",
"package_name": "squashfs-tools_4.3-12+deb10u2_amd64.deb",
"product": "squashfs",
"version": "4.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/squashfs-tools/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/squashfs-tools/",
"package_name": "squashfs-tools_4.5.1-1_arm64.deb",
"product": "squashfs",
"version": "4.5.1",
diff --git a/test/test_data/squid.py b/test/test_data/squid.py
index a1141402ff..c5aad8e000 100644
--- a/test/test_data/squid.py
+++ b/test/test_data/squid.py
@@ -18,13 +18,13 @@
"version": "5.7",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/squid/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/squid/",
"package_name": "squid_4.11-2~bpo10+1_amd64.deb",
"product": "squid",
"version": "4.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/squid/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/squid/",
"package_name": "squid_4.11-2~bpo10+1_arm64.deb",
"product": "squid",
"version": "4.11",
diff --git a/test/test_data/sslh.py b/test/test_data/sslh.py
index 3ba1269883..3de24306b4 100644
--- a/test/test_data/sslh.py
+++ b/test/test_data/sslh.py
@@ -14,7 +14,7 @@
"version": "1.22c",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/sslh/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/sslh/",
"package_name": "sslh_1.16-2_amd64.deb",
"product": "sslh",
"version": "1.16",
diff --git a/test/test_data/stellarium.py b/test/test_data/stellarium.py
index 3d5e7bf548..e9ed3ba08b 100644
--- a/test/test_data/stellarium.py
+++ b/test/test_data/stellarium.py
@@ -12,7 +12,7 @@
"version": "1.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/stellarium/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/stellarium/",
"package_name": "stellarium_0.13.1-1_amd64.deb",
"product": "stellarium",
"version": "0.13.1",
diff --git a/test/test_data/sudo.py b/test/test_data/sudo.py
index bc2c4692d5..7bb38e343b 100644
--- a/test/test_data/sudo.py
+++ b/test/test_data/sudo.py
@@ -31,7 +31,7 @@
"other_products": ["protobuf-c"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/sudo/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/sudo/",
"package_name": "sudo_1.8.10p3-1+deb8u5_amd64.deb",
"product": "sudo",
"version": "1.8.10p3",
diff --git a/test/test_data/sylpheed.py b/test/test_data/sylpheed.py
index 729f8ecabc..22d8f81292 100644
--- a/test/test_data/sylpheed.py
+++ b/test/test_data/sylpheed.py
@@ -18,7 +18,7 @@
"version": "3.7.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/sylpheed/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/sylpheed/",
"package_name": "sylpheed_3.5.1-2+b1_arm64.deb",
"product": "sylpheed",
"version": "3.5.1",
diff --git a/test/test_data/sysstat.py b/test/test_data/sysstat.py
index a97cdbc03f..5f148832a2 100644
--- a/test/test_data/sysstat.py
+++ b/test/test_data/sysstat.py
@@ -21,7 +21,7 @@
"version": "12.7.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/s/sysstat/",
+ "url": "http://ftp.debian.org/debian/pool/main/s/sysstat/",
"package_name": "sysstat_11.0.1-1_amd64.deb",
"product": "sysstat",
"version": "11.0.1",
diff --git a/test/test_data/tar.py b/test/test_data/tar.py
index 61b71f3b2d..2015f2a17b 100644
--- a/test/test_data/tar.py
+++ b/test/test_data/tar.py
@@ -13,7 +13,7 @@
"version": "1.35",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tar/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tar/",
"package_name": "tar_1.30+dfsg-6_amd64.deb",
"product": "tar",
"version": "1.30",
diff --git a/test/test_data/tcpdump.py b/test/test_data/tcpdump.py
index 4a213248ae..2b7318d035 100644
--- a/test/test_data/tcpdump.py
+++ b/test/test_data/tcpdump.py
@@ -38,19 +38,19 @@
"version": "4.9.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/",
"package_name": "tcpdump_4.9.2-1~deb8u1_amd64.deb",
"product": "tcpdump",
"version": "4.9.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/",
"package_name": "tcpdump_4.9.3-1~deb10u2_arm64.deb",
"product": "tcpdump",
"version": "4.9.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/",
"package_name": "tcpdump_4.99.4-3_mips64el.deb",
"product": "tcpdump",
"version": "4.99.4",
diff --git a/test/test_data/tcpreplay.py b/test/test_data/tcpreplay.py
index ead9e619a3..feee66c34f 100644
--- a/test/test_data/tcpreplay.py
+++ b/test/test_data/tcpreplay.py
@@ -16,7 +16,7 @@
"version": "4.4.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpreplay/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tcpreplay/",
"package_name": "tcpreplay_3.4.4-3_amd64.deb",
"product": "tcpreplay",
"version": "3.4.4",
diff --git a/test/test_data/terminology.py b/test/test_data/terminology.py
index aba5e7b5d1..fcb92fa918 100644
--- a/test/test_data/terminology.py
+++ b/test/test_data/terminology.py
@@ -21,7 +21,7 @@
"version": "1.13.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/terminology/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/terminology/",
"package_name": "terminology_1.3.2-1_amd64.deb",
"product": "terminology",
"version": "1.3.2",
diff --git a/test/test_data/tesseract.py b/test/test_data/tesseract.py
index b64597ab4b..997efaca38 100644
--- a/test/test_data/tesseract.py
+++ b/test/test_data/tesseract.py
@@ -12,7 +12,7 @@
"version": "5.3.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tesseract/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tesseract/",
"package_name": "libtesseract4_4.0.0-2_amd64.deb",
"product": "tesseract",
"version": "4.0.0",
diff --git a/test/test_data/thrift.py b/test/test_data/thrift.py
index 69d72f83a6..4ee9be3ec4 100644
--- a/test/test_data/thrift.py
+++ b/test/test_data/thrift.py
@@ -24,13 +24,13 @@
"version": "0.16.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/thrift/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/thrift/",
"package_name": "libthrift-0.11.0_0.11.0-4_amd64.deb",
"product": "thrift",
"version": "0.11.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/thrift/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/thrift/",
"package_name": "libthrift-0.11.0_0.11.0-4_arm64.deb",
"product": "thrift",
"version": "0.11.0",
diff --git a/test/test_data/thunderbird.py b/test/test_data/thunderbird.py
index f0cc69d89d..77abbd34cf 100644
--- a/test/test_data/thunderbird.py
+++ b/test/test_data/thunderbird.py
@@ -24,7 +24,7 @@
],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/thunderbird/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/thunderbird/",
"package_name": "thunderbird_52.8.0-1~deb8u1_amd64.deb",
"product": "thunderbird",
"version": "52.8.0",
diff --git a/test/test_data/tinyproxy.py b/test/test_data/tinyproxy.py
index 59e8b40a59..bf59b2d907 100644
--- a/test/test_data/tinyproxy.py
+++ b/test/test_data/tinyproxy.py
@@ -22,13 +22,13 @@
"version": "1.11.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tinyproxy/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tinyproxy/",
"package_name": "tinyproxy-bin_1.10.0-2+deb10u1_amd64.deb",
"product": "tinyproxy",
"version": "1.10.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tinyproxy/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tinyproxy/",
"package_name": "tinyproxy-bin_1.10.0-2+deb10u1_arm64.deb",
"product": "tinyproxy",
"version": "1.10.0",
diff --git a/test/test_data/tor.py b/test/test_data/tor.py
index 237853f468..d79e2075f2 100644
--- a/test/test_data/tor.py
+++ b/test/test_data/tor.py
@@ -18,7 +18,7 @@
"version": "0.4.7.10",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tor/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tor/",
"package_name": "tor_0.2.9.16-1_arm64.deb",
"product": "tor",
"version": "0.2.9.16",
diff --git a/test/test_data/tpm2_tss.py b/test/test_data/tpm2_tss.py
index 5ab40e66c8..f4014fd018 100644
--- a/test/test_data/tpm2_tss.py
+++ b/test/test_data/tpm2_tss.py
@@ -22,7 +22,7 @@
"version": "3.2.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/tpm2-tss/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/tpm2-tss/",
"package_name": "libtss2-fapi1_3.0.3-2_amd64.deb",
"product": "tpm2_software_stack",
"version": "3.0.3",
diff --git a/test/test_data/traceroute.py b/test/test_data/traceroute.py
index f3b2a9c4c6..bbe9cebb92 100644
--- a/test/test_data/traceroute.py
+++ b/test/test_data/traceroute.py
@@ -16,7 +16,7 @@
"version": "2.1.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/traceroute/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/traceroute/",
"package_name": "traceroute_2.1.0-2_amd64.deb",
"product": "traceroute",
"version": "2.1.0",
diff --git a/test/test_data/transmission.py b/test/test_data/transmission.py
index 2c06a88c33..38b59a9a2e 100644
--- a/test/test_data/transmission.py
+++ b/test/test_data/transmission.py
@@ -16,13 +16,13 @@
"version": "3.00",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/transmission/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/transmission/",
"package_name": "transmission-cli_2.84-0.2+deb8u1_amd64.deb",
"product": "transmission",
"version": "2.84",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/transmission/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/transmission/",
"package_name": "transmission-cli_2.84-0.2+deb8u1_armel.deb",
"product": "transmission",
"version": "2.84",
diff --git a/test/test_data/ttyd.py b/test/test_data/ttyd.py
index 1cfc02e4f9..b95241b4c3 100644
--- a/test/test_data/ttyd.py
+++ b/test/test_data/ttyd.py
@@ -12,7 +12,7 @@
"version": "1.7.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/t/ttyd/",
+ "url": "http://ftp.debian.org/debian/pool/main/t/ttyd/",
"package_name": "ttyd_1.6.3-3~bpo11+1_amd64.deb",
"product": "ttyd",
"version": "1.6.3",
diff --git a/test/test_data/u_boot.py b/test/test_data/u_boot.py
index 3eb064aacd..952a41e203 100644
--- a/test/test_data/u_boot.py
+++ b/test/test_data/u_boot.py
@@ -7,14 +7,14 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/u/u-boot/",
+ "url": "http://ftp.debian.org/debian/pool/main/u/u-boot/",
"package_name": "u-boot-rpi_2016.11+dfsg1-4_arm64.deb",
"product": "u-boot",
"version": "2016.11",
"other_products": ["binutils"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/u/u-boot/",
+ "url": "http://ftp.debian.org/debian/pool/main/u/u-boot/",
"package_name": "u-boot-tegra_2023.04~rc2+dfsg-1_arm64.deb",
"product": "u-boot",
"version": "2023.04",
diff --git a/test/test_data/udisks.py b/test/test_data/udisks.py
index a74c90a8bf..1d23c30f60 100644
--- a/test/test_data/udisks.py
+++ b/test/test_data/udisks.py
@@ -12,7 +12,7 @@
"version": "2.9.4",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/u/udisks2/",
+ "url": "http://ftp.debian.org/debian/pool/main/u/udisks2/",
"package_name": "udisks2_2.8.1-4_amd64.deb",
"product": "udisks",
"version": "2.8.1",
diff --git a/test/test_data/unbound.py b/test/test_data/unbound.py
index 02f6c602cf..df04ab288b 100644
--- a/test/test_data/unbound.py
+++ b/test/test_data/unbound.py
@@ -18,7 +18,7 @@
"version": "1.16.3",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/u/unbound/",
+ "url": "http://ftp.debian.org/debian/pool/main/u/unbound/",
"package_name": "unbound_1.6.0-3+deb9u2_arm64.deb",
"product": "unbound",
"version": "1.6.0",
diff --git a/test/test_data/unixodbc.py b/test/test_data/unixodbc.py
index 75922560af..d93739b4be 100644
--- a/test/test_data/unixodbc.py
+++ b/test/test_data/unixodbc.py
@@ -18,7 +18,7 @@
"version": "2.3.11",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/u/unixodbc/",
+ "url": "http://ftp.debian.org/debian/pool/main/u/unixodbc/",
"package_name": "unixodbc_2.3.4-1_arm64.deb",
"product": "unixodbc",
"version": "2.3.4",
diff --git a/test/test_data/upx.py b/test/test_data/upx.py
index 69cfe2f75d..109bc77424 100644
--- a/test/test_data/upx.py
+++ b/test/test_data/upx.py
@@ -18,7 +18,7 @@
"version": "3.96",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/u/upx-ucl/",
+ "url": "http://ftp.debian.org/debian/pool/main/u/upx-ucl/",
"package_name": "upx-ucl_3.91-4_arm64.deb",
"product": "upx",
"version": "3.91",
diff --git a/test/test_data/util_linux.py b/test/test_data/util_linux.py
index bca8603da3..f3306bb8d0 100644
--- a/test/test_data/util_linux.py
+++ b/test/test_data/util_linux.py
@@ -27,13 +27,13 @@
"version": "2.38.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/u/util-linux/",
+ "url": "http://ftp.debian.org/debian/pool/main/u/util-linux/",
"package_name": "util-linux-extra_2.38.1-1.1+b1_amd64.deb",
"product": "util-linux",
"version": "2.38.1",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/u/util-linux/",
+ "url": "http://ftp.debian.org/debian/pool/main/u/util-linux/",
"package_name": "util-linux-extra_2.38.1-1.1+b1_arm64.deb",
"product": "util-linux",
"version": "2.38.1",
diff --git a/test/test_data/vlc.py b/test/test_data/vlc.py
index 16e453ed0f..bf6355a693 100644
--- a/test/test_data/vlc.py
+++ b/test/test_data/vlc.py
@@ -6,7 +6,7 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/v/vlc/",
+ "url": "http://ftp.debian.org/debian/pool/main/v/vlc/",
"package_name": "vlc-bin_3.0.17.4-0+deb10u1_amd64.deb",
"product": "vlc",
"version": "3.0.17.4",
diff --git a/test/test_data/vorbis_tools.py b/test/test_data/vorbis_tools.py
index 32632a248a..8f796c8e91 100644
--- a/test/test_data/vorbis_tools.py
+++ b/test/test_data/vorbis_tools.py
@@ -16,7 +16,7 @@
"version": "1.4.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/v/vorbis-tools/",
+ "url": "http://ftp.debian.org/debian/pool/main/v/vorbis-tools/",
"package_name": "vorbis-tools_1.4.0-10+b1_amd64.deb",
"product": "vorbis-tools",
"version": "1.4.0",
diff --git a/test/test_data/vsftpd.py b/test/test_data/vsftpd.py
index 5e28caba8d..e53112fce3 100644
--- a/test/test_data/vsftpd.py
+++ b/test/test_data/vsftpd.py
@@ -18,13 +18,13 @@
"version": "3.0.5",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/v/vsftpd/",
+ "url": "http://ftp.debian.org/debian/pool/main/v/vsftpd/",
"package_name": "vsftpd_3.0.2-17+deb8u1_amd64.deb",
"product": "vsftpd",
"version": "3.0.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/v/vsftpd/",
+ "url": "http://ftp.debian.org/debian/pool/main/v/vsftpd/",
"package_name": "vsftpd_3.0.2-17+deb8u1_armel.deb",
"product": "vsftpd",
"version": "3.0.2",
diff --git a/test/test_data/wireshark.py b/test/test_data/wireshark.py
index f1820584e7..ccc8d30f2e 100644
--- a/test/test_data/wireshark.py
+++ b/test/test_data/wireshark.py
@@ -36,7 +36,7 @@
"version": "2.6.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/w/wireshark/",
+ "url": "http://ftp.debian.org/debian/pool/main/w/wireshark/",
"package_name": "libwireshark16_4.0.3-1_amd64.deb",
"product": "wireshark",
"version": "4.0.3",
diff --git a/test/test_data/wolfssl.py b/test/test_data/wolfssl.py
index f8910a9c82..1f9a280552 100644
--- a/test/test_data/wolfssl.py
+++ b/test/test_data/wolfssl.py
@@ -6,13 +6,13 @@
]
package_test_data = [
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/w/wolfssl/",
+ "url": "http://ftp.debian.org/debian/pool/main/w/wolfssl/",
"package_name": "libwolfssl24_4.6.0+p1-0+deb11u1_amd64.deb",
"product": "wolfssl",
"version": "4.6.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/w/wolfssl/",
+ "url": "http://ftp.debian.org/debian/pool/main/w/wolfssl/",
"package_name": "libwolfssl24_4.6.0+p1-0+deb11u1_arm64.deb",
"product": "wolfssl",
"version": "4.6.0",
diff --git a/test/test_data/xscreensaver.py b/test/test_data/xscreensaver.py
index ec7ea00470..33d4bc8971 100644
--- a/test/test_data/xscreensaver.py
+++ b/test/test_data/xscreensaver.py
@@ -27,7 +27,7 @@
"version": "6.05",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/x/xscreensaver/",
+ "url": "http://ftp.debian.org/debian/pool/main/x/xscreensaver/",
"package_name": "xscreensaver_5.36-1_arm64.deb",
"product": "xscreensaver",
"version": "5.36",
diff --git a/test/test_data/xwayland.py b/test/test_data/xwayland.py
index c60ec9fdb7..f8e8a54eec 100644
--- a/test/test_data/xwayland.py
+++ b/test/test_data/xwayland.py
@@ -16,7 +16,7 @@
"version": "23.2.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/x/xwayland/",
+ "url": "http://ftp.debian.org/debian/pool/main/x/xwayland/",
"package_name": "xwayland_22.1.9-1_amd64.deb",
"product": "xwayland",
"version": "22.1.9",
diff --git a/test/test_data/yasm.py b/test/test_data/yasm.py
index 2566080788..256843f6bb 100644
--- a/test/test_data/yasm.py
+++ b/test/test_data/yasm.py
@@ -12,7 +12,7 @@
"version": "1.3.0",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/y/yasm/",
+ "url": "http://ftp.debian.org/debian/pool/main/y/yasm/",
"package_name": "yasm_1.2.0-2_amd64.deb",
"product": "yasm",
"version": "1.2.0",
diff --git a/test/test_data/zabbix.py b/test/test_data/zabbix.py
index 65783c3226..530023a524 100644
--- a/test/test_data/zabbix.py
+++ b/test/test_data/zabbix.py
@@ -13,7 +13,7 @@
"version": "6.0.13",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/z/zabbix/",
+ "url": "http://ftp.debian.org/debian/pool/main/z/zabbix/",
"package_name": "zabbix-server-mysql_4.0.4+dfsg-1_amd64.deb",
"product": "zabbix",
"version": "4.0.4",
diff --git a/test/test_data/zchunk.py b/test/test_data/zchunk.py
index 428bdfd4cb..45ac4043df 100644
--- a/test/test_data/zchunk.py
+++ b/test/test_data/zchunk.py
@@ -12,7 +12,7 @@
"version": "1.3.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/z/zchunk/",
+ "url": "http://ftp.debian.org/debian/pool/main/z/zchunk/",
"package_name": "zchunk_1.1.9+ds1-1_amd64.deb",
"product": "zchunk",
"version": "1.1.9",
diff --git a/test/test_data/zeek.py b/test/test_data/zeek.py
index 819f23ad31..b0e19fc33f 100644
--- a/test/test_data/zeek.py
+++ b/test/test_data/zeek.py
@@ -13,7 +13,7 @@
"other_products": ["sqlite"],
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/z/zeek/",
+ "url": "http://ftp.debian.org/debian/pool/main/z/zeek/",
"package_name": "zeek_3.2.3+ds2-2+b2_amd64.deb",
"product": "zeek",
"version": "3.2.3",
diff --git a/test/test_data/znc.py b/test/test_data/znc.py
index 16dd573938..b2deb231d2 100644
--- a/test/test_data/znc.py
+++ b/test/test_data/znc.py
@@ -22,7 +22,7 @@
"version": "1.8.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/z/znc/",
+ "url": "http://ftp.debian.org/debian/pool/main/z/znc/",
"package_name": "znc_1.7.2-3_amd64.deb",
"product": "znc",
"version": "1.7.2",
diff --git a/test/test_data/zstandard.py b/test/test_data/zstandard.py
index 8e72e42570..44abc2d76f 100644
--- a/test/test_data/zstandard.py
+++ b/test/test_data/zstandard.py
@@ -16,7 +16,7 @@
"version": "1.5.2",
},
{
- "url": "http://ftp.fr.debian.org/debian/pool/main/libz/libzstd/",
+ "url": "http://ftp.debian.org/debian/pool/main/libz/libzstd/",
"package_name": "libzstd1_1.3.8+dfsg-3+deb10u2_amd64.deb",
"product": "zstandard",
"version": "1.3.8",
diff --git a/test/test_language_scanner.py b/test/test_language_scanner.py
index ec480b5287..95d6b19c41 100644
--- a/test/test_language_scanner.py
+++ b/test/test_language_scanner.py
@@ -162,6 +162,8 @@ class TestLanguageScanner:
DART_PRODUCTS = ["dio", "archive"]
+ CONAN_PRODUCTS = ["zlib", "openssl", "cmake"]
+
@classmethod
def setup_class(cls):
cls.cvedb = CVEDB()
@@ -341,6 +343,18 @@ def test_language_package_none_found(self, filename: str) -> None:
)
],
),
+ pytest.param(
+ str(TEST_FILE_PATH / "conan.lock"),
+ parsers.ccpp.CCppParser,
+ CONAN_PRODUCTS,
+ "conan",
+ marks=[
+ pytest.mark.skipif(
+ not LONG_TESTS(),
+ reason="Test reduction in short tests",
+ )
+ ],
+ ),
],
)
def test_language_package(
diff --git a/test/test_output_engine.py b/test/test_output_engine.py
index 5a65e5c4cd..8bd1864fb1 100644
--- a/test/test_output_engine.py
+++ b/test/test_output_engine.py
@@ -14,11 +14,13 @@
from pathlib import Path
from unittest.mock import MagicMock, call, patch
+from jsonschema import validate
+from jsonschema.exceptions import ValidationError
from rich.console import Console
from cve_bin_tool.output_engine import OutputEngine, output_csv, output_pdf
from cve_bin_tool.output_engine.console import output_console
-from cve_bin_tool.output_engine.json_output import output_json
+from cve_bin_tool.output_engine.json_output import output_json, output_json2
from cve_bin_tool.output_engine.util import format_output
from cve_bin_tool.sbom_manager.generate import SBOMGenerate
from cve_bin_tool.util import CVE, CVEData, ProductInfo, Remarks, VersionInfo
@@ -465,6 +467,75 @@ class TestOutputEngine(unittest.TestCase):
"CVE-9999-0008": VersionInfo("", "", "", "1.2.0"),
}
+ MOCK_ORGANIZED_PARAMETERS = {
+ "options": {
+ "help": {"arg_value": None},
+ "exclude": {"arg_value": []},
+ "version": {"arg_value": None},
+ "disable-version-check": {"arg_value": False},
+ "disable-validation-check": {"arg_value": False},
+ "offline": {"arg_value": False},
+ "detailed": {"arg_value": False},
+ },
+ "cve_data_download": {
+ "nvd": {"arg_value": "json-mirror"},
+ "update": {"arg_value": "daily"},
+ "nvd-api-key": {"arg_value": ""},
+ "disable-data-source": {"arg_value": []},
+ "use-mirror": {"arg_value": ""},
+ },
+ "input": {
+ "directory": {"arg_value": "test/language_data/pubspec.lock"},
+ "input-file": {"arg_value": ""},
+ "triage-input-file": {"arg_value": ""},
+ "config": {"arg_value": ""},
+ "package-list": {"arg_value": ""},
+ "sbom": {"arg_value": ""},
+ "sbom-file": {"arg_value": ""},
+ },
+ "output": {
+ "quiet": {"arg_value": False},
+ "log-level": {"arg_value": "debug"},
+ "output-file": {"arg_value": "temp_test_json2"},
+ "html-theme": {"arg_value": ""},
+ "format": {"arg_value": "json2"},
+ "generate-config": {"arg_value": ""},
+ "cvss": {"arg_value": 0},
+ "severity": {"arg_value": "low"},
+ "metrics": {"arg_value": False},
+ "epss-percentile": {"arg_value": None},
+ "epss-probability": {"arg_value": None},
+ "no-0-cve-report": {"arg_value": False},
+ "available-fix": {"arg_value": ""},
+ "backport-fix": {"arg_value": ""},
+ "affected-versions": {"arg_value": 0},
+ "vex": {"arg_value": ""},
+ "sbom-output": {"arg_value": ""},
+ "sbom-type": {"arg_value": "spdx"},
+ "sbom-format": {"arg_value": "tag"},
+ },
+ "merge_report": {
+ "append": {"arg_value": False},
+ "tag": {"arg_value": ""},
+ "merge": {"arg_value": None},
+ "filter": {"arg_value": []},
+ },
+ "checkers": {"skips": {"arg_value": ""}, "runs": {"arg_value": ""}},
+ "database_management": {
+ "import-json": {"arg_value": ""},
+ "ignore-sig": {"arg_value": False},
+ "log-signature-error": {"arg_value": False},
+ "verify": {"arg_value": ""},
+ "export-json": {"arg_value": ""},
+ "pgp-sign": {"arg_value": ""},
+ "passphrase": {"arg_value": ""},
+ "export": {"arg_value": ""},
+ "import": {"arg_value": ""},
+ },
+ "exploits": {"exploits": {"arg_value": False}},
+ "deprecated": {"extract": {"arg_value": True}, "report": {"arg_value": False}},
+ }
+
FORMATTED_OUTPUT = [
{
"vendor": "vendor0",
@@ -998,6 +1069,36 @@ def test_output_json(self):
self.mock_file.seek(0) # reset file position
self.assertEqual(json.load(self.mock_file), self.FORMATTED_OUTPUT)
+ def test_output_json2(self):
+ """Test formatting output as JSON2"""
+ output_json2(
+ self.MOCK_OUTPUT,
+ None,
+ datetime.today(),
+ self.mock_file,
+ 0,
+ self.MOCK_ORGANIZED_PARAMETERS,
+ metrics=True,
+ )
+
+ # Load the JSON2 schema
+ schema_path = (
+ Path(__file__).resolve().parent.parent
+ / "cve_bin_tool"
+ / "schemas"
+ / "json2.json"
+ )
+ with open(schema_path, encoding="utf-8") as schema_file:
+ json2_schema = json.load(schema_file)
+
+ self.mock_file.seek(0) # reset file position
+
+ # Validate -- will raise a ValidationError if not valid and fail the test
+ try:
+ validate(json.load(self.mock_file), json2_schema)
+ except ValidationError as ve:
+ self.fail(f"Validation error occurred: {ve}")
+
def test_output_csv(self):
"""Test formatting output as CSV"""
output_csv(self.MOCK_OUTPUT, None, self.mock_file, metrics=True)
diff --git a/test/test_version_compare.py b/test/test_version_compare.py
index c826c4dc7e..b6af209905 100644
--- a/test/test_version_compare.py
+++ b/test/test_version_compare.py
@@ -16,6 +16,12 @@ def test_eq(self):
assert Version("4.4.A") == Version("4.4.a")
assert Version("5.6 ") == Version("5.6")
assert Version("f835f2caaa") == Version("f835f2caaa")
+ assert Version("42.0") == Version(
+ "42"
+ ) # edge case for folk editing versions in excel
+ assert Version("1") == Version(
+ "1.0"
+ ) # edge case for folk editing versions in excel
def test_lt(self):
"""Make sure < works between versions, including some with unusual version schemes"""
@@ -75,3 +81,6 @@ def test_ne(self):
"""Test some != cases with hashes to make sure we aren't comparing the string 'HASH'"""
assert Version("f835f2caab") != Version("f835f2caaa")
assert Version("HASH") != Version("f835f2caaa")
+ assert Version("1") != Version(
+ "1.0.0"
+ ) # the edge case for excel only works on single .0
diff --git a/test/test_vex.py b/test/test_vex.py
index 34c4ed7c61..fb6cb8d166 100644
--- a/test/test_vex.py
+++ b/test/test_vex.py
@@ -87,6 +87,7 @@ class TestVexGeneration(unittest.TestCase):
),
}
+ # @pytest.mark.skip(reason="Needs an update to match what lib4vex produces.")
def test_output_cyclonedx(self):
"""Test VEX output generation"""
@@ -107,6 +108,7 @@ def test_output_cyclonedx(self):
for vulnerability in json_data.get("vulnerabilities", []):
vulnerability.pop("published", None)
vulnerability.pop("updated", None)
+ vulnerability.pop("properties", None)
with open(str(VEX_PATH / "test_cyclonedx_vex.json")) as f:
expected_json = json.load(f)