From 7d0d8c84282a02b94f3604087cca0fa60037dcca Mon Sep 17 00:00:00 2001 From: veesood <123954200+vroomvee@users.noreply.github.com> Date: Wed, 13 Nov 2024 04:21:51 +0530 Subject: [PATCH 01/47] docs(available_fix/debian_cve_tracker): Add comprehensive docstrings * fixes #4540 * docs: Add docstrings for VEXGenerate class and methods Added detailed docstrings to `VEXGenerate` class, including description for class attributes, methods, and parameters. This enhances readability and provides clear guidance. * docs(available_fix/debian_cve_tracker): add docstrings fixes #4540 --- .../available_fix/debian_cve_tracker.py | 65 ++++++++++++++++++- 1 file changed, 62 insertions(+), 3 deletions(-) diff --git a/cve_bin_tool/available_fix/debian_cve_tracker.py b/cve_bin_tool/available_fix/debian_cve_tracker.py index 542fc34375..fcb0733bae 100644 --- a/cve_bin_tool/available_fix/debian_cve_tracker.py +++ b/cve_bin_tool/available_fix/debian_cve_tracker.py @@ -33,7 +33,27 @@ class DebianCVETracker: + """ + A class for tracking CVEs (Common Vulnerabilities and Exposures) for Debian-based distributions. + + This class is designed to monitor CVEs specific to a given Debian distribution, + taking into account the distribution name, codename, and whether the package is a backport. + + Attributes: + distro_name (str): The name of the Debian-based distribution (e.g., "Debian", "Ubuntu"). + distro_codename (str): The codename of the distribution release (e.g., "buster", "focal"). + is_backport (bool): Flag indicating if the package is a backport. + """ + def __init__(self, distro_name: str, distro_codename: str, is_backport: bool): + """ + Initializes a DebianCVETracker instance with distribution information. + + Parameters: + distro_name (str): The name of the Debian-based distribution. + distro_codename (str): The codename for the distribution release. + is_backport (bool): Specifies if the package is a backport. + """ self.distro_name = distro_name self.distro_codename = distro_codename self.is_backport = is_backport @@ -42,7 +62,17 @@ def cve_info( self, all_cve_data: dict[ProductInfo, CVEData], ): - """Produces the Backported fixes' info""" + """ + Generates information on backported CVE fixes for a given set of CVE data. + + This function processes CVE data and checks for resolved vulnerabilities in + the Debian or Ubuntu distributions. If a fix is available or backported, it logs + relevant information about the fix's availability and version. + + Parameters: + all_cve_data (dict[ProductInfo, CVEData]): Dictionary containing CVE data, + organized by product and version. + """ cve_data = format_output(all_cve_data, None) json_data = self.get_data() @@ -72,11 +102,30 @@ def cve_info( ) def get_data(self): + """ + Retrieves CVE data from the Debian CVE JSON file. + + This method opens and loads the Debian CVE JSON file for processing + vulnerability data, calling `check_json` to verify that the file is + up-to-date before loading. + + Returns: + dict: Loaded JSON data from the Debian CVE JSON file. + """ check_json() with open(DEB_CVE_JSON_PATH) as jsonfile: return load(jsonfile) def compute_distro(self): + """ + Computes the distribution codename based on the Debian or Ubuntu release. + + Maps the specified distribution codename to either Ubuntu or Debian based + on the provided `distro_name`. + + Returns: + str: The mapped codename for the distribution. + """ if self.distro_name == "ubuntu": return UBUNTU_DEBIAN_MAP[self.distro_codename] elif self.distro_name == "debian": @@ -84,7 +133,12 @@ def compute_distro(self): def check_json(): - """Check to update the Debian CVE JSON file""" + """ + Verifies if the Debian CVE JSON file is current and triggers an update if outdated. + + This function checks the modification time of the JSON file. If it's older than + one day, it calls `update_json` to download a fresh version. + """ if ( not DEB_CVE_JSON_PATH.exists() @@ -94,7 +148,12 @@ def check_json(): def update_json(): - """Update the Debian CVE JSON file""" + """ + Updates the Debian CVE JSON file by downloading the latest data. + + This function requests the JSON data from the specified URL and saves it to + the `DEB_CVE_JSON_PATH` location, logging the update status. + """ LOGGER.info("Updating Debian CVE JSON file for checking available fixes.") # timeout = 300s = 5min. This is a guess at a valid default From 489449e37f1c3883dd338004753358dc1040f5c9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:26:36 +0000 Subject: [PATCH 02/47] chore: update SBOM for Python 3.9 (#4574) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 293 +++++++++++++++++++++++++++-------- sbom/cve-bin-tool-py3.9.spdx | 86 +++++----- 2 files changed, 273 insertions(+), 106 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 2f66f324d6..3b323e9810 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:b533a6a5-37a1-49d0-ac98-ad45000656d8", + "serialNumber": "urn:uuid:4cd7fc8c-899c-44d7-99ce-13fd8013ebd6", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:38:15Z", + "timestamp": "2024-11-18T00:41:13Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -260,7 +268,7 @@ "type": "library", "bom-ref": "6-async-timeout", "name": "async-timeout", - "version": "4.0.3", + "version": "5.0.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -269,14 +277,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", - "hashes": [ - { - "alg": "SHA-1", - "content": "a48974404c746593f78c116faceb56a0db50309e" - } - ], "licenses": [ { "license": { @@ -293,12 +295,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/async-timeout/4.0.3/#files", + "url": "https://pypi.org/project/async-timeout/5.0.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/async-timeout@4.0.3", + "purl": "pkg:pypi/async-timeout@5.0.1", "properties": [ { "name": "language", @@ -310,7 +312,7 @@ }, { "name": "package_release_date", - "value": "2023-08-10T16:35:55.000Z" + "value": "2024-11-06T16:41:37.000Z" } ] }, @@ -351,6 +353,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -399,6 +405,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, @@ -439,14 +449,18 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-06-07T18:52:13.000Z" } ] }, { "type": "library", - "bom-ref": "10-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "10-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -455,8 +469,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -468,17 +482,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -487,32 +501,50 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "11-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "11-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -526,41 +558,27 @@ }, { "type": "library", - "bom-ref": "12-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "12-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -569,6 +587,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -684,6 +706,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -714,6 +742,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -930,6 +962,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -978,6 +1014,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1293,6 +1333,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1341,6 +1385,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1389,6 +1437,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1656,6 +1708,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1878,6 +1934,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1922,6 +1982,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2242,6 +2306,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-11T14:56:07.000Z" } ] }, @@ -2276,6 +2344,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -2342,6 +2414,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2390,6 +2466,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2435,6 +2515,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2502,6 +2586,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2523,6 +2613,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2619,6 +2713,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2882,6 +2980,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -3072,6 +3174,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -3120,6 +3226,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3174,6 +3284,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3192,6 +3306,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3222,6 +3342,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3276,6 +3400,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3324,6 +3452,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3372,6 +3504,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3390,6 +3526,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3406,6 +3548,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3460,6 +3606,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3467,7 +3617,7 @@ "type": "library", "bom-ref": "71-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3476,16 +3626,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3494,6 +3644,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3600,6 +3754,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3696,6 +3854,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3747,7 +3909,8 @@ "7-attrs", "5-frozenlist", "8-multidict", - "10-yarl" + "10-propcache", + "11-yarl" ] }, { @@ -3763,11 +3926,11 @@ ] }, { - "ref": "10-yarl", + "ref": "11-yarl", "dependsOn": [ - "11-idna", + "12-idna", "8-multidict", - "12-propcache" + "10-propcache" ] }, { @@ -3975,7 +4138,7 @@ "dependsOn": [ "67-certifi", "68-charset-normalizer", - "11-idna", + "12-idna", "69-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index e3fee52bd3..69f0851dff 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9649f957-449f-4148-b2c1-9a5ec28d0ff8 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7537a80d-caef-4a47-a5f9-73259eba4425 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:24Z +Created: 2024-11-18T00:40:10Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -93,20 +93,19 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 PackageName: async-timeout SPDXID: SPDXRef-6-async-timeout -PackageVersion: 4.0.3 +PackageVersion: 5.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files +PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/async-timeout -PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### PackageName: attrs @@ -158,24 +157,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-10-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-10-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-11-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-11-idna +SPDXID: SPDXRef-12-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -189,22 +204,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-12-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-13-beautifulsoup4 PackageVersion: 4.12.3 @@ -247,6 +246,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -856,6 +856,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1089,6 +1090,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1154,6 +1156,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1181,17 +1184,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-71-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1286,9 +1289,9 @@ Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-setuptools Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-toml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-xmlschema Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-zstandard -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-propcache +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-8-multidict Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod @@ -1303,7 +1306,8 @@ Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist @@ -1367,7 +1371,7 @@ Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-9-typing-extensions Relationship: SPDXRef-59-markdown-it-py DEPENDS_ON SPDXRef-60-mdurl Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity -Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-12-idna Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-certifi Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-charset-normalizer Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-urllib3 From 38e991d7ee1290a35e9313194c5d5380398e7cda Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:28:52 +0000 Subject: [PATCH 03/47] chore: update SBOM for Python 3.8 (#4573) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 182 ++++++++++++++++++++++++++++++----- sbom/cve-bin-tool-py3.8.spdx | 23 +++-- 2 files changed, 171 insertions(+), 34 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 8e6c4b88f2..fecc01dcdd 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:09185e60-2171-4493-a4fd-eaadb9d689b9", + "serialNumber": "urn:uuid:bfb08152-9dd5-424d-9678-3ee862935199", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:58Z", + "timestamp": "2024-11-18T00:39:22Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.10.11", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.10.11/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.10.11", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -260,7 +268,7 @@ "type": "library", "bom-ref": "6-async-timeout", "name": "async-timeout", - "version": "4.0.3", + "version": "5.0.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -269,14 +277,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", - "hashes": [ - { - "alg": "SHA-1", - "content": "a48974404c746593f78c116faceb56a0db50309e" - } - ], "licenses": [ { "license": { @@ -293,12 +295,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/async-timeout/4.0.3/#files", + "url": "https://pypi.org/project/async-timeout/5.0.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/async-timeout@4.0.3", + "purl": "pkg:pypi/async-timeout@5.0.1", "properties": [ { "name": "language", @@ -310,7 +312,7 @@ }, { "name": "package_release_date", - "value": "2023-08-10T16:35:55.000Z" + "value": "2024-11-06T16:41:37.000Z" } ] }, @@ -351,6 +353,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -399,6 +405,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, @@ -439,6 +449,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-06-07T18:52:13.000Z" } ] }, @@ -527,6 +541,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -575,6 +593,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, @@ -690,6 +712,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -720,6 +748,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -936,6 +968,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -984,6 +1020,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1299,6 +1339,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1347,6 +1391,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1395,6 +1443,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1884,6 +1936,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1928,6 +1984,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2248,6 +2308,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-11T14:56:07.000Z" } ] }, @@ -2322,6 +2386,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-09T17:03:13.000Z" } ] }, @@ -2402,10 +2470,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-02-02T16:30:04.000Z" } ] }, @@ -2454,6 +2518,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2508,10 +2576,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-12-25T15:16:51.000Z" } ] }, @@ -2579,6 +2643,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9" + } + ], "licenses": [ { "license": { @@ -2748,6 +2818,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -3011,6 +3085,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -3201,6 +3279,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -3249,6 +3331,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3303,6 +3389,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3321,6 +3411,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3351,6 +3447,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3405,6 +3505,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3453,6 +3557,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3501,6 +3609,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3519,6 +3631,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3535,6 +3653,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3589,6 +3711,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3729,6 +3855,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3825,6 +3955,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index c66cbe5150..d2d54cd53b 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d29612d-e195-4775-b376-646cc2514ac4 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8ea077c5-e561-4e98-a8ff-c481a83d795b LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:36:58Z +Created: 2024-11-18T00:38:18Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.10.11 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.11/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11 ##### PackageName: aiohappyeyeballs @@ -93,20 +93,19 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 PackageName: async-timeout SPDXID: SPDXRef-6-async-timeout -PackageVersion: 4.0.3 +PackageVersion: 5.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files +PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/async-timeout -PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### PackageName: attrs @@ -248,6 +247,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -873,6 +873,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1122,6 +1123,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1187,6 +1189,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION From 27e8d5b489c5d294e66fbb03f964d26eefe76a51 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:37:17 +0000 Subject: [PATCH 04/47] chore: update SBOM for Python 3.10 (#4571) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 289 ++++++++++++++++++++++++++-------- sbom/cve-bin-tool-py3.10.spdx | 86 +++++----- 2 files changed, 269 insertions(+), 106 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index 11e8b80d5a..5f95347048 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:9d8b3f1e-c984-4279-a86b-50bcec4fda9b", + "serialNumber": "urn:uuid:88a7c280-7920-491a-a98e-db2939f852a4", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:52Z", + "timestamp": "2024-11-18T00:38:34Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -260,7 +268,7 @@ "type": "library", "bom-ref": "6-async-timeout", "name": "async-timeout", - "version": "4.0.3", + "version": "5.0.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -269,14 +277,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", - "hashes": [ - { - "alg": "SHA-1", - "content": "a48974404c746593f78c116faceb56a0db50309e" - } - ], "licenses": [ { "license": { @@ -293,12 +295,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/async-timeout/4.0.3/#files", + "url": "https://pypi.org/project/async-timeout/5.0.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/async-timeout@4.0.3", + "purl": "pkg:pypi/async-timeout@5.0.1", "properties": [ { "name": "language", @@ -310,7 +312,7 @@ }, { "name": "package_release_date", - "value": "2023-08-10T16:35:55.000Z" + "value": "2024-11-06T16:41:37.000Z" } ] }, @@ -351,6 +353,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -399,6 +405,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, @@ -439,14 +449,18 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-06-07T18:52:13.000Z" } ] }, { "type": "library", - "bom-ref": "10-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "10-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -455,8 +469,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -468,17 +482,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -487,32 +501,50 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "11-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "11-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -526,41 +558,27 @@ }, { "type": "library", - "bom-ref": "12-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "12-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -569,6 +587,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -684,6 +706,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -714,6 +742,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -930,6 +962,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -978,6 +1014,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1293,6 +1333,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1341,6 +1385,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1389,6 +1437,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1656,6 +1708,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1878,6 +1934,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1922,6 +1982,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2268,6 +2332,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2316,6 +2384,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2361,6 +2433,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2428,6 +2504,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2449,6 +2531,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2545,6 +2631,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2808,6 +2898,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -2998,6 +3092,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -3046,6 +3144,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3100,6 +3202,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3118,6 +3224,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3148,6 +3260,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3202,6 +3318,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3250,6 +3370,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3298,6 +3422,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3316,6 +3444,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3332,6 +3466,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3386,6 +3524,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3393,7 +3535,7 @@ "type": "library", "bom-ref": "69-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3402,16 +3544,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3420,6 +3562,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3526,6 +3672,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3608,6 +3758,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -3656,6 +3810,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3706,7 +3864,8 @@ "7-attrs", "5-frozenlist", "8-multidict", - "10-yarl" + "10-propcache", + "11-yarl" ] }, { @@ -3722,11 +3881,11 @@ ] }, { - "ref": "10-yarl", + "ref": "11-yarl", "dependsOn": [ - "11-idna", + "12-idna", "8-multidict", - "12-propcache" + "10-propcache" ] }, { @@ -3928,7 +4087,7 @@ "dependsOn": [ "65-certifi", "66-charset-normalizer", - "11-idna", + "12-idna", "67-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 3450e18661..a6ebbb424d 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fbb1f496-d598-4256-ad86-451dd81c5ec2 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-53fcdacf-66b9-407a-8e03-8d9eee658c35 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:01Z +Created: 2024-11-18T00:37:44Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -93,20 +93,19 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 PackageName: async-timeout SPDXID: SPDXRef-6-async-timeout -PackageVersion: 4.0.3 +PackageVersion: 5.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files +PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/async-timeout -PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@4.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### PackageName: attrs @@ -158,24 +157,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-10-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-10-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-11-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-11-idna +SPDXID: SPDXRef-12-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -189,22 +204,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-12-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-13-beautifulsoup4 PackageVersion: 4.12.3 @@ -247,6 +246,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -825,6 +825,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1058,6 +1059,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1123,6 +1125,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1150,17 +1153,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-69-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1269,9 +1272,9 @@ Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-toml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zipp Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-zstandard -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-propcache +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-8-multidict Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod @@ -1286,7 +1289,8 @@ Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist @@ -1349,7 +1353,7 @@ Relationship: SPDXRef-56-rich DEPENDS_ON SPDXRef-9-typing-extensions Relationship: SPDXRef-57-markdown-it-py DEPENDS_ON SPDXRef-58-mdurl Relationship: SPDXRef-61-plotly DEPENDS_ON SPDXRef-60-packaging Relationship: SPDXRef-61-plotly DEPENDS_ON SPDXRef-62-tenacity -Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-12-idna Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-65-certifi Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-66-charset-normalizer Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-67-urllib3 From 71c5a8fb56e9fc4b53aae9997045a93b9d4802bd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:38:29 +0000 Subject: [PATCH 05/47] chore: update SBOM for Python 3.11 (#4572) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 269 +++++++++++++++++++++++++++------- sbom/cve-bin-tool-py3.11.spdx | 77 +++++----- 2 files changed, 256 insertions(+), 90 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 5ba8175fb4..c0ec7aafc2 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:427b46ae-e987-4f40-8517-9a8d3fcec56e", + "serialNumber": "urn:uuid:9445364b-91e6-4789-8aca-9a9c8deaafed", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:40Z", + "timestamp": "2024-11-18T00:39:23Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -293,6 +301,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -341,14 +353,18 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "8-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "8-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -357,8 +373,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -370,17 +386,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -389,32 +405,50 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "9-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "9-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -428,41 +462,27 @@ }, { "type": "library", - "bom-ref": "10-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "10-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -471,6 +491,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -586,6 +610,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -616,6 +646,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -832,6 +866,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -880,6 +918,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1195,6 +1237,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1243,6 +1289,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1291,6 +1341,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1558,6 +1612,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1780,6 +1838,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1824,6 +1886,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2170,6 +2236,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2218,6 +2288,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2263,6 +2337,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2330,6 +2408,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2351,6 +2435,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2447,6 +2535,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2710,6 +2802,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -2900,6 +2996,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -2948,6 +3048,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3002,6 +3106,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3020,6 +3128,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3050,6 +3164,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3104,6 +3222,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3152,6 +3274,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3200,6 +3326,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3218,6 +3348,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3234,6 +3370,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3288,6 +3428,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3295,7 +3439,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3304,16 +3448,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3322,6 +3466,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3370,6 +3518,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3452,6 +3604,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -3500,6 +3656,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3548,7 +3708,8 @@ "6-attrs", "5-frozenlist", "7-multidict", - "8-yarl" + "8-propcache", + "9-yarl" ] }, { @@ -3558,11 +3719,11 @@ ] }, { - "ref": "8-yarl", + "ref": "9-yarl", "dependsOn": [ - "9-idna", + "10-idna", "7-multidict", - "10-propcache" + "8-propcache" ] }, { @@ -3763,7 +3924,7 @@ "dependsOn": [ "63-certifi", "64-charset-normalizer", - "9-idna", + "10-idna", "65-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 272ff4e086..e37b1e32bc 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-efe4b143-b05c-44c4-852e-b6b21a68340f +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-75f97134-ae0b-4742-83bb-e1072b2baaf1 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:01Z +Created: 2024-11-18T00:38:42Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -124,24 +124,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-8-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-8-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-9-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-9-idna +SPDXID: SPDXRef-10-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -155,22 +171,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-10-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-11-beautifulsoup4 PackageVersion: 4.12.3 @@ -213,6 +213,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -791,6 +792,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1024,6 +1026,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1089,6 +1092,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1116,17 +1120,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: xmlschema @@ -1236,7 +1240,8 @@ Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa @@ -1292,12 +1297,12 @@ Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-10-idna Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-9-idna Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-9-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-8-propcache Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From 3133138e289bf0049244f768ac88a392e7e26d63 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 18:41:50 +0000 Subject: [PATCH 06/47] chore: update SBOM for Python 3.12 (#4570) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 269 +++++++++++++++++++++++++++------- sbom/cve-bin-tool-py3.12.spdx | 77 +++++----- 2 files changed, 256 insertions(+), 90 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 60821f01a1..4c2b0f704a 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:473bf76a-fad4-4e1d-858c-96c7fb94c47b", + "serialNumber": "urn:uuid:b68a2b85-9212-4889-b7b2-84f3edf441ff", "version": 1, "metadata": { - "timestamp": "2024-11-11T00:37:48Z", + "timestamp": "2024-11-18T00:38:25Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.10", + "version": "3.11.2", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.10/#files", + "url": "https://pypi.org/project/aiohttp/3.11.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.10", + "purl": "pkg:pypi/aiohttp@3.11.2", "properties": [ { "name": "language", @@ -165,6 +165,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-30T19:42:26.000Z" } ] }, @@ -253,6 +257,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -293,6 +301,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-06T14:37:36.000Z" } ] }, @@ -341,14 +353,18 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "8-yarl", - "name": "yarl", - "version": "1.17.1", + "bom-ref": "8-propcache", + "name": "propcache", + "version": "0.2.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -357,8 +373,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", "licenses": [ { "license": { @@ -370,17 +386,17 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/propcache", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.1/#files", + "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.1", + "purl": "pkg:pypi/propcache@0.2.0", "properties": [ { "name": "language", @@ -389,32 +405,50 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-07T12:54:02.000Z" } ] }, { "type": "library", - "bom-ref": "9-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "9-yarl", + "name": "yarl", + "version": "1.17.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10/#files", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.17.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.17.2", "properties": [ { "name": "language", @@ -428,41 +462,27 @@ }, { "type": "library", - "bom-ref": "10-propcache", - "name": "propcache", - "version": "0.2.0", + "bom-ref": "10-idna", + "name": "idna", + "version": "3.10", "supplier": { - "name": "Andrew Svetlov", + "name": "Kim Davies", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -471,6 +491,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-15T18:07:37.000Z" } ] }, @@ -586,6 +610,12 @@ }, "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*", "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", + "hashes": [ + { + "alg": "SHA-1", + "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + } + ], "licenses": [ { "license": { @@ -616,6 +646,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-01T10:05:52.000Z" } ] }, @@ -832,6 +866,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-10T15:59:06.000Z" } ] }, @@ -880,6 +918,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-07T04:00:36.000Z" } ] }, @@ -1195,6 +1237,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-18T20:28:43.000Z" } ] }, @@ -1243,6 +1289,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:42:08.000Z" } ] }, @@ -1291,6 +1341,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-10T22:41:42.000Z" } ] }, @@ -1558,6 +1612,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-13T10:01:13.000Z" } ] }, @@ -1780,6 +1838,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-20T17:26:29.000Z" } ] }, @@ -1824,6 +1886,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:57:36.000Z" } ] }, @@ -2170,6 +2236,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2218,6 +2288,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2263,6 +2337,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2330,6 +2408,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-1", + "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2351,6 +2435,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-06T13:57:41.000Z" } ] }, @@ -2447,6 +2535,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2710,6 +2802,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -2900,6 +2996,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-08T09:47:44.000Z" } ] }, @@ -2948,6 +3048,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-12T15:36:24.000Z" } ] }, @@ -3002,6 +3106,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-29T12:12:25.000Z" } ] }, @@ -3020,6 +3128,12 @@ }, "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-1", + "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + } + ], "licenses": [ { "license": { @@ -3050,6 +3164,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3104,6 +3222,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-05-29T15:37:47.000Z" } ] }, @@ -3152,6 +3274,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-08-30T01:55:02.000Z" } ] }, @@ -3200,6 +3326,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-09T07:38:02.000Z" } ] }, @@ -3218,6 +3348,12 @@ }, "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ + { + "alg": "SHA-1", + "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/urllib3/2.2.3/#files", @@ -3234,6 +3370,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3288,6 +3428,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3295,7 +3439,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.3.0", + "version": "75.5.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3304,16 +3448,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.3.0/#files", + "url": "https://pypi.org/project/setuptools/75.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.3.0", + "purl": "pkg:pypi/setuptools@75.5.0", "properties": [ { "name": "language", @@ -3322,6 +3466,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3370,6 +3518,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3452,6 +3604,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -3500,6 +3656,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3548,7 +3708,8 @@ "6-attrs", "5-frozenlist", "7-multidict", - "8-yarl" + "8-propcache", + "9-yarl" ] }, { @@ -3558,11 +3719,11 @@ ] }, { - "ref": "8-yarl", + "ref": "9-yarl", "dependsOn": [ - "9-idna", + "10-idna", "7-multidict", - "10-propcache" + "8-propcache" ] }, { @@ -3763,7 +3924,7 @@ "dependsOn": [ "63-certifi", "64-charset-normalizer", - "9-idna", + "10-idna", "65-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 132341bedb..495c06d14d 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-780d67c5-e334-4774-85fc-7ad1e1961493 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-babbb628-7d9c-4a26-8587-854eedfee7d8 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-11T00:37:00Z +Created: 2024-11-18T00:37:38Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.10 +PackageVersion: 3.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 ##### PackageName: aiohappyeyeballs @@ -124,24 +124,40 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-8-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-8-yarl -PackageVersion: 1.17.1 +SPDXID: SPDXRef-9-yarl +PackageVersion: 1.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-9-idna +SPDXID: SPDXRef-10-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -155,22 +171,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### -PackageName: propcache -SPDXID: SPDXRef-10-propcache -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/propcache -PackageLicenseDeclared: Apache-2.0 -PackageLicenseConcluded: Apache-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* -##### - PackageName: beautifulsoup4 SPDXID: SPDXRef-11-beautifulsoup4 PackageVersion: 4.12.3 @@ -213,6 +213,7 @@ PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redha PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -791,6 +792,7 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1024,6 +1026,7 @@ PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1089,6 +1092,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false +PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1116,17 +1120,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.3.0 +PackageVersion: 75.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* ##### PackageName: xmlschema @@ -1236,7 +1240,8 @@ Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa @@ -1292,12 +1297,12 @@ Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-10-idna Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-9-idna Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-9-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-8-propcache Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From 03186e797cf9f8ed6dd6c1da4d08987e04438fe5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 10:45:13 -0800 Subject: [PATCH 07/47] chore(deps): bump actions/attest-build-provenance from 1.4.3 to 1.4.4 (#4576) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 1.4.3 to 1.4.4. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/1c608d11d69870c2092266b3f9a6f3abbf17002c...ef244123eb79f2f7a7e75d99086184180e6d0018) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-wheel.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index f2b0195499..6cf415295b 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -44,11 +44,11 @@ jobs: echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT - name: Attest Build Provenance for tar - uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 with: subject-path: "dist/${{ steps.filename.outputs.tar }}" - name: Attest Build Provenance for whl - uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 + uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 with: subject-path: "dist/${{ steps.filename.outputs.whl }}" # TODO Upload to pypi on release creation From a9c03b6f09b557194696d27e9154d2e615cf1909 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 10:45:44 -0800 Subject: [PATCH 08/47] chore(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#4575) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index aa82ed9ecf..8e21d96eda 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 From 374069a10b9273d854cb489e8652eddffa3259d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Nov 2024 10:47:37 -0800 Subject: [PATCH 09/47] chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 (#4577) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238...5c47607acb93fed5485fdbf7232e8a31425f672a) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/testing.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 6ed476bcb6..dbfe66a755 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -339,7 +339,7 @@ jobs: test/test_cvedb.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 with: files: ./coverage.xml flags: longtests @@ -583,7 +583,7 @@ jobs: - name: Test PDF generation on Windows run: pytest test/test_output_engine.py -k test_output_pdf --cov --cov-append --cov-report=xml --durations=50 - name: Upload code coverage to codecov - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 with: files: ./coverage.xml flags: win-longtests From 28cf48d760aacfa6ccc35dd976a7e575e4d37beb Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Tue, 19 Nov 2024 19:48:18 +0100 Subject: [PATCH 10/47] fix: drop .fr from debian urls (#4533) Drop .fr from debian urls as there is no reason to prefer the French mirror Updated by: sed -i 's/\.fr//g' test/test_data/*py Signed-off-by: Fabrice Fontaine --- test/test_data/acpid.py | 4 ++-- test/test_data/apache_http_server.py | 2 +- test/test_data/apcupsd.py | 4 ++-- test/test_data/apparmor.py | 2 +- test/test_data/asn1c.py | 4 ++-- test/test_data/avahi.py | 2 +- test/test_data/axel.py | 2 +- test/test_data/bind.py | 2 +- test/test_data/bison.py | 4 ++-- test/test_data/bluez.py | 2 +- test/test_data/boinc.py | 2 +- test/test_data/botan.py | 2 +- test/test_data/bro.py | 4 ++-- test/test_data/bwm_ng.py | 2 +- test/test_data/c_ares.py | 2 +- test/test_data/capnproto.py | 2 +- test/test_data/ceph.py | 2 +- test/test_data/chess.py | 4 ++-- test/test_data/chrony.py | 4 ++-- test/test_data/civetweb.py | 2 +- test/test_data/clamav.py | 2 +- test/test_data/collectd.py | 4 ++-- test/test_data/coreutils.py | 2 +- test/test_data/cpio.py | 2 +- test/test_data/cryptsetup.py | 2 +- test/test_data/cvs.py | 4 ++-- test/test_data/dav1d.py | 2 +- test/test_data/davfs2.py | 4 ++-- test/test_data/dbus.py | 2 +- test/test_data/dhclient.py | 2 +- test/test_data/dhcpcd.py | 2 +- test/test_data/dhcpd.py | 2 +- test/test_data/dmidecode.py | 2 +- test/test_data/dnsmasq.py | 2 +- test/test_data/dovecot.py | 2 +- test/test_data/doxygen.py | 2 +- test/test_data/dropbear.py | 2 +- test/test_data/e2fsprogs.py | 4 ++-- test/test_data/ed.py | 2 +- test/test_data/elfutils.py | 4 ++-- test/test_data/exfatprogs.py | 2 +- test/test_data/f2fs_tools.py | 4 ++-- test/test_data/faad2.py | 2 +- test/test_data/fastd.py | 4 ++-- test/test_data/ffmpeg.py | 2 +- test/test_data/file.py | 4 ++-- test/test_data/firefox.py | 2 +- test/test_data/flac.py | 2 +- test/test_data/fluidsynth.py | 4 ++-- test/test_data/freerdp.py | 2 +- test/test_data/fribidi.py | 4 ++-- test/test_data/frr.py | 2 +- test/test_data/gdal.py | 2 +- test/test_data/gdb.py | 4 ++-- test/test_data/gdk_pixbuf.py | 2 +- test/test_data/ghostscript.py | 2 +- test/test_data/git.py | 2 +- test/test_data/glib.py | 2 +- test/test_data/glibc.py | 4 ++-- test/test_data/gmp.py | 4 ++-- test/test_data/go.py | 2 +- test/test_data/gpsd.py | 4 ++-- test/test_data/grep.py | 2 +- test/test_data/grub2.py | 4 ++-- test/test_data/gstreamer.py | 2 +- test/test_data/gvfs.py | 4 ++-- test/test_data/gzip.py | 2 +- test/test_data/harfbuzz.py | 6 +++--- test/test_data/haserl.py | 4 ++-- test/test_data/heimdal.py | 2 +- test/test_data/hwloc.py | 2 +- test/test_data/i2pd.py | 4 ++-- test/test_data/icecast.py | 2 +- test/test_data/iperf3.py | 2 +- test/test_data/ipmitool.py | 2 +- test/test_data/ipsec_tools.py | 2 +- test/test_data/iptables.py | 4 ++-- test/test_data/iucode_tool.py | 4 ++-- test/test_data/iwd.py | 2 +- test/test_data/jack2.py | 2 +- test/test_data/janus.py | 2 +- test/test_data/jhead.py | 4 ++-- test/test_data/jq.py | 4 ++-- test/test_data/json_c.py | 4 ++-- test/test_data/keepalived.py | 4 ++-- test/test_data/kerberos.py | 2 +- test/test_data/kodi.py | 2 +- test/test_data/kubernetes.py | 2 +- test/test_data/ldns.py | 2 +- test/test_data/lftp.py | 4 ++-- test/test_data/libass.py | 2 +- test/test_data/libcoap.py | 4 ++-- test/test_data/libconfuse.py | 2 +- test/test_data/libde265.py | 2 +- test/test_data/libevent.py | 2 +- test/test_data/libgd.py | 2 +- test/test_data/libgit2.py | 4 ++-- test/test_data/libheif.py | 2 +- test/test_data/libidn2.py | 4 ++-- test/test_data/libinput.py | 2 +- test/test_data/libjpeg.py | 2 +- test/test_data/libjpeg_turbo.py | 2 +- test/test_data/libksba.py | 2 +- test/test_data/libmatroska.py | 4 ++-- test/test_data/libmemcached.py | 4 ++-- test/test_data/libmicrohttpd.py | 2 +- test/test_data/libmodbus.py | 2 +- test/test_data/libopenmpt.py | 2 +- test/test_data/libpcap.py | 4 ++-- test/test_data/libraw.py | 4 ++-- test/test_data/librsync.py | 4 ++-- test/test_data/libsamplerate.py | 4 ++-- test/test_data/libssh.py | 4 ++-- test/test_data/libtasn1.py | 2 +- test/test_data/libtiff.py | 2 +- test/test_data/libtomcrypt.py | 4 ++-- test/test_data/libupnp.py | 2 +- test/test_data/libuv.py | 2 +- test/test_data/libvips.py | 2 +- test/test_data/libvirt.py | 2 +- test/test_data/libvorbis.py | 4 ++-- test/test_data/libvpx.py | 2 +- test/test_data/libyaml.py | 2 +- test/test_data/linux_kernel.py | 4 ++-- test/test_data/lldpd.py | 4 ++-- test/test_data/logrotate.py | 2 +- test/test_data/lrzip.py | 2 +- test/test_data/lxc.py | 4 ++-- test/test_data/lynx.py | 2 +- test/test_data/lz4.py | 4 ++-- test/test_data/mailx.py | 4 ++-- test/test_data/mbedtls.py | 2 +- test/test_data/mdadm.py | 2 +- test/test_data/micropython.py | 2 +- test/test_data/minetest.py | 2 +- test/test_data/mini_httpd.py | 2 +- test/test_data/minicom.py | 4 ++-- test/test_data/minidlna.py | 4 ++-- test/test_data/modsecurity.py | 2 +- test/test_data/monit.py | 2 +- test/test_data/motion.py | 4 ++-- test/test_data/mpg123.py | 2 +- test/test_data/mpv.py | 4 ++-- test/test_data/msmtp.py | 2 +- test/test_data/mupdf.py | 2 +- test/test_data/mutt.py | 4 ++-- test/test_data/nano.py | 2 +- test/test_data/nasm.py | 2 +- test/test_data/nbd.py | 4 ++-- test/test_data/neon.py | 2 +- test/test_data/netatalk.py | 4 ++-- test/test_data/netdata.py | 2 +- test/test_data/netkit_ftp.py | 2 +- test/test_data/netpbm.py | 4 ++-- test/test_data/nghttp2.py | 4 ++-- test/test_data/nginx.py | 2 +- test/test_data/ngircd.py | 2 +- test/test_data/nmap.py | 2 +- test/test_data/node.py | 2 +- test/test_data/ntfs_3g.py | 2 +- test/test_data/ntpsec.py | 2 +- test/test_data/open_iscsi.py | 2 +- test/test_data/opencv.py | 4 ++-- test/test_data/openjpeg.py | 2 +- test/test_data/opensc.py | 2 +- test/test_data/openssh.py | 2 +- test/test_data/pango.py | 2 +- test/test_data/patch.py | 4 ++-- test/test_data/pcre2.py | 2 +- test/test_data/perl.py | 2 +- test/test_data/php.py | 2 +- test/test_data/picocom.py | 2 +- test/test_data/pigz.py | 2 +- test/test_data/pixman.py | 2 +- test/test_data/png.py | 2 +- test/test_data/ppp.py | 4 ++-- test/test_data/privoxy.py | 4 ++-- test/test_data/procps_ng.py | 2 +- test/test_data/protobuf_c.py | 2 +- test/test_data/pure_ftpd.py | 2 +- test/test_data/putty.py | 2 +- test/test_data/python.py | 4 ++-- test/test_data/qemu.py | 2 +- test/test_data/qpdf.py | 2 +- test/test_data/quagga.py | 4 ++-- test/test_data/radvd.py | 2 +- test/test_data/raptor.py | 4 ++-- test/test_data/rauc.py | 4 ++-- test/test_data/rdesktop.py | 4 ++-- test/test_data/readline.py | 2 +- test/test_data/rpm.py | 2 +- test/test_data/rsync.py | 2 +- test/test_data/rtl_433.py | 2 +- test/test_data/rtmpdump.py | 2 +- test/test_data/runc.py | 2 +- test/test_data/sdl.py | 2 +- test/test_data/shadowsocks_libev.py | 4 ++-- test/test_data/snapd.py | 2 +- test/test_data/sngrep.py | 2 +- test/test_data/snort.py | 4 ++-- test/test_data/socat.py | 4 ++-- test/test_data/sofia_sip.py | 4 ++-- test/test_data/speex.py | 2 +- test/test_data/spice.py | 4 ++-- test/test_data/squashfs.py | 4 ++-- test/test_data/squid.py | 4 ++-- test/test_data/sslh.py | 2 +- test/test_data/stellarium.py | 2 +- test/test_data/sudo.py | 2 +- test/test_data/sylpheed.py | 2 +- test/test_data/sysstat.py | 2 +- test/test_data/tar.py | 2 +- test/test_data/tcpdump.py | 6 +++--- test/test_data/tcpreplay.py | 2 +- test/test_data/terminology.py | 2 +- test/test_data/tesseract.py | 2 +- test/test_data/thrift.py | 4 ++-- test/test_data/thunderbird.py | 2 +- test/test_data/tinyproxy.py | 4 ++-- test/test_data/tor.py | 2 +- test/test_data/tpm2_tss.py | 2 +- test/test_data/traceroute.py | 2 +- test/test_data/transmission.py | 4 ++-- test/test_data/ttyd.py | 2 +- test/test_data/u_boot.py | 4 ++-- test/test_data/udisks.py | 2 +- test/test_data/unbound.py | 2 +- test/test_data/unixodbc.py | 2 +- test/test_data/upx.py | 2 +- test/test_data/util_linux.py | 4 ++-- test/test_data/vlc.py | 2 +- test/test_data/vorbis_tools.py | 2 +- test/test_data/vsftpd.py | 4 ++-- test/test_data/wireshark.py | 2 +- test/test_data/wolfssl.py | 4 ++-- test/test_data/xscreensaver.py | 2 +- test/test_data/xwayland.py | 2 +- test/test_data/yasm.py | 2 +- test/test_data/zabbix.py | 2 +- test/test_data/zchunk.py | 2 +- test/test_data/zeek.py | 2 +- test/test_data/znc.py | 2 +- test/test_data/zstandard.py | 2 +- 243 files changed, 328 insertions(+), 328 deletions(-) diff --git a/test/test_data/acpid.py b/test/test_data/acpid.py index 944b7f84cc..afb0e3091a 100644 --- a/test/test_data/acpid.py +++ b/test/test_data/acpid.py @@ -18,13 +18,13 @@ "version": "2.0.34", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/acpid/", + "url": "http://ftp.debian.org/debian/pool/main/a/acpid/", "package_name": "acpid_2.0.23-2_amd64.deb", "product": "acpid2", "version": "2.0.23", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/acpid/", + "url": "http://ftp.debian.org/debian/pool/main/a/acpid/", "package_name": "acpid_2.0.23-2_armel.deb", "product": "acpid2", "version": "2.0.23", diff --git a/test/test_data/apache_http_server.py b/test/test_data/apache_http_server.py index 7f3c8d08fb..c1f28b88fd 100644 --- a/test/test_data/apache_http_server.py +++ b/test/test_data/apache_http_server.py @@ -17,7 +17,7 @@ "version": "2.4.51", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/apache2/", + "url": "http://ftp.debian.org/debian/pool/main/a/apache2/", "package_name": "apache2-bin_2.4.10-10+deb8u12_amd64.deb", "product": "http_server", "version": "2.4.10", diff --git a/test/test_data/apcupsd.py b/test/test_data/apcupsd.py index 42060ded21..bf0fee56f0 100644 --- a/test/test_data/apcupsd.py +++ b/test/test_data/apcupsd.py @@ -22,13 +22,13 @@ "version": "3.14.14", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/apcupsd/", + "url": "http://ftp.debian.org/debian/pool/main/a/apcupsd/", "package_name": "apcupsd_3.14.12-1.1_amd64.deb", "product": "apcupsd", "version": "3.14.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/apcupsd/", + "url": "http://ftp.debian.org/debian/pool/main/a/apcupsd/", "package_name": "apcupsd_3.14.12-1.1_armel.deb", "product": "apcupsd", "version": "3.14.12", diff --git a/test/test_data/apparmor.py b/test/test_data/apparmor.py index bea99f5f4f..1e4b987715 100644 --- a/test/test_data/apparmor.py +++ b/test/test_data/apparmor.py @@ -10,7 +10,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/apparmor/", + "url": "http://ftp.debian.org/debian/pool/main/a/apparmor/", "package_name": "apparmor_2.9.0-3_amd64.deb", "product": "apparmor", "version": "2.9.0", diff --git a/test/test_data/asn1c.py b/test/test_data/asn1c.py index d482ff606d..64edbc351e 100644 --- a/test/test_data/asn1c.py +++ b/test/test_data/asn1c.py @@ -18,13 +18,13 @@ "version": "0.9.28", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/asn1c/", + "url": "http://ftp.debian.org/debian/pool/main/a/asn1c/", "package_name": "asn1c_0.9.24+dfsg-1_amd64.deb", "product": "asn1c", "version": "0.9.24", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/asn1c/", + "url": "http://ftp.debian.org/debian/pool/main/a/asn1c/", "package_name": "asn1c_0.9.24+dfsg-1_armel.deb", "product": "asn1c", "version": "0.9.24", diff --git a/test/test_data/avahi.py b/test/test_data/avahi.py index b19926e3bd..2667c32c77 100644 --- a/test/test_data/avahi.py +++ b/test/test_data/avahi.py @@ -25,7 +25,7 @@ "version": "0.6.31", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/avahi/", + "url": "http://ftp.debian.org/debian/pool/main/a/avahi/", "package_name": "avahi-daemon_0.6.31-5_amd64.deb", "product": "avahi", "version": "0.6.31", diff --git a/test/test_data/axel.py b/test/test_data/axel.py index 07a12b0522..48e083433c 100644 --- a/test/test_data/axel.py +++ b/test/test_data/axel.py @@ -12,7 +12,7 @@ "version": "2.17.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/a/axel/", + "url": "http://ftp.debian.org/debian/pool/main/a/axel/", "package_name": "axel_2.16.1-4_amd64.deb", "product": "axel", "version": "2.16.1", diff --git a/test/test_data/bind.py b/test/test_data/bind.py index 0bdcb4a6ac..e70d8e5221 100644 --- a/test/test_data/bind.py +++ b/test/test_data/bind.py @@ -24,7 +24,7 @@ "version": "9.11.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bind9/", + "url": "http://ftp.debian.org/debian/pool/main/b/bind9/", "package_name": "bind9-libs_9.16.27-1~deb11u1~bpo10+1_amd64.deb", "product": "bind", "version": "9.16.27", diff --git a/test/test_data/bison.py b/test/test_data/bison.py index 18567a9aa9..0d76a7b126 100644 --- a/test/test_data/bison.py +++ b/test/test_data/bison.py @@ -18,13 +18,13 @@ "version": "3.8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bison/", + "url": "http://ftp.debian.org/debian/pool/main/b/bison/", "package_name": "bison_3.0.2.dfsg-2_amd64.deb", "product": "bison", "version": "3.0.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bison/", + "url": "http://ftp.debian.org/debian/pool/main/b/bison/", "package_name": "bison_3.0.2.dfsg-2_armel.deb", "product": "bison", "version": "3.0.2", diff --git a/test/test_data/bluez.py b/test/test_data/bluez.py index b3d2ae8f68..6ffaaed843 100644 --- a/test/test_data/bluez.py +++ b/test/test_data/bluez.py @@ -19,7 +19,7 @@ "version": "5.66", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bluez/", + "url": "http://ftp.debian.org/debian/pool/main/b/bluez/", "package_name": "bluez_5.50-1.2~deb10u2_amd64.deb", "product": "bluez", "version": "5.50", diff --git a/test/test_data/boinc.py b/test/test_data/boinc.py index 26370eca4f..16e20dbc8a 100644 --- a/test/test_data/boinc.py +++ b/test/test_data/boinc.py @@ -13,7 +13,7 @@ "version": "7.20.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/boinc/", + "url": "http://ftp.debian.org/debian/pool/main/b/boinc/", "package_name": "boinc-client_7.10.2+dfsg-2~bpo9+1_amd64.deb", "product": "boinc", "version": "7.10.2", diff --git a/test/test_data/botan.py b/test/test_data/botan.py index 37ce16c503..df1e2888e7 100644 --- a/test/test_data/botan.py +++ b/test/test_data/botan.py @@ -12,7 +12,7 @@ "version": "2.19.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/botan/", + "url": "http://ftp.debian.org/debian/pool/main/b/botan/", "package_name": "libbotan-2-4_2.4.0-5~bpo9+1_amd64.deb", "product": "botan", "version": "2.4.0", diff --git a/test/test_data/bro.py b/test/test_data/bro.py index dd1e1484b7..f10ffc4544 100644 --- a/test/test_data/bro.py +++ b/test/test_data/bro.py @@ -14,13 +14,13 @@ "other_products": ["sqlite"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bro/", + "url": "http://ftp.debian.org/debian/pool/main/b/bro/", "package_name": "bro_2.5-1_amd64.deb", "product": "bro", "version": "2.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bro/", + "url": "http://ftp.debian.org/debian/pool/main/b/bro/", "package_name": "bro_2.5.5-1+deb10u1_arm64.deb", "product": "bro", "version": "2.5.5", diff --git a/test/test_data/bwm_ng.py b/test/test_data/bwm_ng.py index 36ec23cc83..8191aa4314 100644 --- a/test/test_data/bwm_ng.py +++ b/test/test_data/bwm_ng.py @@ -12,7 +12,7 @@ "version": "0.6.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/b/bwm-ng/", + "url": "http://ftp.debian.org/debian/pool/main/b/bwm-ng/", "package_name": "bwm-ng_0.6.1-6_amd64.deb", "product": "bwm-ng", "version": "0.6.1", diff --git a/test/test_data/c_ares.py b/test/test_data/c_ares.py index 04cd7198d7..10e2bdce70 100644 --- a/test/test_data/c_ares.py +++ b/test/test_data/c_ares.py @@ -25,7 +25,7 @@ "version": "1.17.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/c-ares/", + "url": "http://ftp.debian.org/debian/pool/main/c/c-ares/", "package_name": "libc-ares2_1.10.0-2%2Bdeb8u2_amd64.deb", "product": "c-ares", "version": "1.10.0", diff --git a/test/test_data/capnproto.py b/test/test_data/capnproto.py index 1c8f42de3e..887db158d6 100644 --- a/test/test_data/capnproto.py +++ b/test/test_data/capnproto.py @@ -17,7 +17,7 @@ "version": "0.10.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/capnproto/", + "url": "http://ftp.debian.org/debian/pool/main/c/capnproto/", "package_name": "libcapnp-0.5.3_0.5.3-2_amd64.deb", "product": "capnproto", "version": "0.5.3", diff --git a/test/test_data/ceph.py b/test/test_data/ceph.py index 16524d6a60..edbd364d3c 100644 --- a/test/test_data/ceph.py +++ b/test/test_data/ceph.py @@ -13,7 +13,7 @@ "version": "18.2.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/ceph/", + "url": "http://ftp.debian.org/debian/pool/main/c/ceph/", "package_name": "ceph-base_12.2.11+dfsg1-2.1+b1_amd64.deb", "product": "ceph", "version": "12.2.11", diff --git a/test/test_data/chess.py b/test/test_data/chess.py index 2ecbd0eb75..a3c5926c1b 100644 --- a/test/test_data/chess.py +++ b/test/test_data/chess.py @@ -18,13 +18,13 @@ "version": "6.2.9", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gnuchess/", + "url": "http://ftp.debian.org/debian/pool/main/g/gnuchess/", "package_name": "gnuchess_6.1.2-1_amd64.deb", "product": "chess", "version": "6.1.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gnuchess/", + "url": "http://ftp.debian.org/debian/pool/main/g/gnuchess/", "package_name": "gnuchess_6.1.2-1_armel.deb", "product": "chess", "version": "6.1.2", diff --git a/test/test_data/chrony.py b/test/test_data/chrony.py index 52d1d247c4..9727407813 100644 --- a/test/test_data/chrony.py +++ b/test/test_data/chrony.py @@ -7,13 +7,13 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/chrony/", + "url": "http://ftp.debian.org/debian/pool/main/c/chrony/", "package_name": "chrony_1.30-2+deb8u2_amd64.deb", "product": "chrony", "version": "1.30", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/chrony/", + "url": "http://ftp.debian.org/debian/pool/main/c/chrony/", "package_name": "chrony_1.30-2+deb8u2_armel.deb", "product": "chrony", "version": "1.30", diff --git a/test/test_data/civetweb.py b/test/test_data/civetweb.py index ebbc98a12e..3a26c673a7 100644 --- a/test/test_data/civetweb.py +++ b/test/test_data/civetweb.py @@ -12,7 +12,7 @@ "version": "1.16", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/civetweb/", + "url": "http://ftp.debian.org/debian/pool/main/c/civetweb/", "package_name": "libcivetweb1_1.13+dfsg-5_amd64.deb", "product": "civetweb", "version": "1.13", diff --git a/test/test_data/clamav.py b/test/test_data/clamav.py index 76d7551a17..829ac25d29 100644 --- a/test/test_data/clamav.py +++ b/test/test_data/clamav.py @@ -27,7 +27,7 @@ "other_products": ["rust"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/clamav/", + "url": "http://ftp.debian.org/debian/pool/main/c/clamav/", "package_name": "clamav_0.102.3+dfsg-0~deb9u1_arm64.deb", "product": "clamav", "version": "0.102.3", diff --git a/test/test_data/collectd.py b/test/test_data/collectd.py index 4daaf4afb5..c0be1a8786 100644 --- a/test/test_data/collectd.py +++ b/test/test_data/collectd.py @@ -18,13 +18,13 @@ "version": "5.12.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/collectd/", + "url": "http://ftp.debian.org/debian/pool/main/c/collectd/", "package_name": "collectd-core_5.11.0-7~bpo9+1_amd64.deb", "product": "collectd", "version": "5.11.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/collectd/", + "url": "http://ftp.debian.org/debian/pool/main/c/collectd/", "package_name": "collectd-core_5.11.0-7~bpo9+1_arm64.deb", "product": "collectd", "version": "5.11.0", diff --git a/test/test_data/coreutils.py b/test/test_data/coreutils.py index fcd78ddf10..2908fc631d 100644 --- a/test/test_data/coreutils.py +++ b/test/test_data/coreutils.py @@ -13,7 +13,7 @@ "version": "9.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/coreutils/", + "url": "http://ftp.debian.org/debian/pool/main/c/coreutils/", "package_name": "coreutils_8.30-3_amd64.deb", "product": "coreutils", "version": "8.30", diff --git a/test/test_data/cpio.py b/test/test_data/cpio.py index ea291e59b7..ea2674b959 100644 --- a/test/test_data/cpio.py +++ b/test/test_data/cpio.py @@ -12,7 +12,7 @@ "version": "2.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/cpio/", + "url": "http://ftp.debian.org/debian/pool/main/c/cpio/", "package_name": "cpio_2.12+dfsg-9_amd64.deb", "product": "cpio", "version": "2.12", diff --git a/test/test_data/cryptsetup.py b/test/test_data/cryptsetup.py index 018e788f5e..bdb5f837d0 100644 --- a/test/test_data/cryptsetup.py +++ b/test/test_data/cryptsetup.py @@ -35,7 +35,7 @@ "version": "2.0.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/cryptsetup/", + "url": "http://ftp.debian.org/debian/pool/main/c/cryptsetup/", "package_name": "libcryptsetup12_2.1.0-5+deb10u2_arm64.deb", "product": "cryptsetup", "version": "2.1.0", diff --git a/test/test_data/cvs.py b/test/test_data/cvs.py index 2154618302..854e7ba5cb 100644 --- a/test/test_data/cvs.py +++ b/test/test_data/cvs.py @@ -22,13 +22,13 @@ "version": "1.12.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/cvs/", + "url": "http://ftp.debian.org/debian/pool/main/c/cvs/", "package_name": "cvs_1.12.13+real-15+deb8u1_amd64.deb", "product": "cvs", "version": "1.12.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/c/cvs/", + "url": "http://ftp.debian.org/debian/pool/main/c/cvs/", "package_name": "cvs_1.12.13+real-15+deb8u1_armel.deb", "product": "cvs", "version": "1.12.13", diff --git a/test/test_data/dav1d.py b/test/test_data/dav1d.py index da0d8bb29d..92dd59748f 100644 --- a/test/test_data/dav1d.py +++ b/test/test_data/dav1d.py @@ -12,7 +12,7 @@ "version": "1.2.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dav1d/", + "url": "http://ftp.debian.org/debian/pool/main/d/dav1d/", "package_name": "dav1d_0.7.1-3_amd64.deb", "product": "dav1d", "version": "0.7.1", diff --git a/test/test_data/davfs2.py b/test/test_data/davfs2.py index a37c94b2e9..e52faf59e8 100644 --- a/test/test_data/davfs2.py +++ b/test/test_data/davfs2.py @@ -18,13 +18,13 @@ "version": "1.6.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/davfs2/", + "url": "http://ftp.debian.org/debian/pool/main/d/davfs2/", "package_name": "davfs2_1.5.2-1_amd64.deb", "product": "davfs2", "version": "1.5.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/davfs2/", + "url": "http://ftp.debian.org/debian/pool/main/d/davfs2/", "package_name": "davfs2_1.5.2-1_armel.deb", "product": "davfs2", "version": "1.5.2", diff --git a/test/test_data/dbus.py b/test/test_data/dbus.py index c04dc2d6dc..88cfad5517 100644 --- a/test/test_data/dbus.py +++ b/test/test_data/dbus.py @@ -37,7 +37,7 @@ "other_products": ["libdbus"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dbus/", + "url": "http://ftp.debian.org/debian/pool/main/d/dbus/", "package_name": "dbus_1.8.22-0+deb8u1_amd64.deb", "product": "dbus", "version": "1.8.22", diff --git a/test/test_data/dhclient.py b/test/test_data/dhclient.py index bc6fb47f64..af4a198544 100644 --- a/test/test_data/dhclient.py +++ b/test/test_data/dhclient.py @@ -13,7 +13,7 @@ "version": "4.4.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/isc-dhcp/", + "url": "http://ftp.debian.org/debian/pool/main/i/isc-dhcp/", "package_name": "isc-dhcp-client_4.3.1-6+deb8u3_amd64.deb", "product": "dhcp", "version": "4.3.1", diff --git a/test/test_data/dhcpcd.py b/test/test_data/dhcpcd.py index 7fc809c9c2..aa45271d13 100644 --- a/test/test_data/dhcpcd.py +++ b/test/test_data/dhcpcd.py @@ -12,7 +12,7 @@ "version": "9.4.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dhcpcd5/", + "url": "http://ftp.debian.org/debian/pool/main/d/dhcpcd5/", "package_name": "dhcpcd5_7.1.0-2+b1_amd64.deb", "product": "dhcpcd", "version": "7.1.0", diff --git a/test/test_data/dhcpd.py b/test/test_data/dhcpd.py index af05fdcb4a..cfb13a37ba 100644 --- a/test/test_data/dhcpd.py +++ b/test/test_data/dhcpd.py @@ -18,7 +18,7 @@ "other_products": ["dhcp"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/isc-dhcp/", + "url": "http://ftp.debian.org/debian/pool/main/i/isc-dhcp/", "package_name": "isc-dhcp-server_4.3.5-3+deb9u1_arm64.deb", "product": "dhcpd", "version": "4.3.5", diff --git a/test/test_data/dmidecode.py b/test/test_data/dmidecode.py index eda89711af..72f61d21cb 100644 --- a/test/test_data/dmidecode.py +++ b/test/test_data/dmidecode.py @@ -13,7 +13,7 @@ "version": "3.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dmidecode/", + "url": "http://ftp.debian.org/debian/pool/main/d/dmidecode/", "package_name": "dmidecode_3.0-4_amd64.deb", "product": "dmidecode", "version": "3.0", diff --git a/test/test_data/dnsmasq.py b/test/test_data/dnsmasq.py index 72e507256a..a47499252c 100644 --- a/test/test_data/dnsmasq.py +++ b/test/test_data/dnsmasq.py @@ -36,7 +36,7 @@ "version": "2.84", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dnsmasq/", + "url": "http://ftp.debian.org/debian/pool/main/d/dnsmasq/", "package_name": "dnsmasq-base_2.72-3+deb8u2_amd64.deb", "product": "dnsmasq", "version": "2.72", diff --git a/test/test_data/dovecot.py b/test/test_data/dovecot.py index 653990acd4..77730ca144 100644 --- a/test/test_data/dovecot.py +++ b/test/test_data/dovecot.py @@ -39,7 +39,7 @@ "version": "2.3.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dovecot/", + "url": "http://ftp.debian.org/debian/pool/main/d/dovecot/", "package_name": "dovecot-core_2.3.21.1%2Bdfsg1-1_arm64.deb", "product": "dovecot", "version": "2.3.21.1", diff --git a/test/test_data/doxygen.py b/test/test_data/doxygen.py index ad6af79ba8..7324064a5f 100644 --- a/test/test_data/doxygen.py +++ b/test/test_data/doxygen.py @@ -12,7 +12,7 @@ "version": "1.9.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/doxygen/", + "url": "http://ftp.debian.org/debian/pool/main/d/doxygen/", "package_name": "doxygen_1.8.13-4+b1_amd64.deb", "product": "doxygen", "version": "1.8.13", diff --git a/test/test_data/dropbear.py b/test/test_data/dropbear.py index 51ed10621d..7eb09d95d6 100644 --- a/test/test_data/dropbear.py +++ b/test/test_data/dropbear.py @@ -21,7 +21,7 @@ "version": "2022.82", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/d/dropbear/", + "url": "http://ftp.debian.org/debian/pool/main/d/dropbear/", "package_name": "dropbear_2014.65-1+deb8u2_amd64.deb", "product": "dropbear_ssh", "version": "2014.65", diff --git a/test/test_data/e2fsprogs.py b/test/test_data/e2fsprogs.py index 7778ddb3d0..1b08287514 100644 --- a/test/test_data/e2fsprogs.py +++ b/test/test_data/e2fsprogs.py @@ -37,13 +37,13 @@ "version": "1.46.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/e2fsprogs/", + "url": "http://ftp.debian.org/debian/pool/main/e/e2fsprogs/", "package_name": "e2fsprogs_1.42.12-2+b1_amd64.deb", "product": "e2fsprogs", "version": "1.42.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/e2fsprogs/", + "url": "http://ftp.debian.org/debian/pool/main/e/e2fsprogs/", "package_name": "libext2fs2_1.46.2-2_arm64.deb", "product": "e2fsprogs", "version": "1.46.2", diff --git a/test/test_data/ed.py b/test/test_data/ed.py index 1d625753f9..31ae953d2e 100644 --- a/test/test_data/ed.py +++ b/test/test_data/ed.py @@ -13,7 +13,7 @@ "version": "1.19", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/ed/", + "url": "http://ftp.debian.org/debian/pool/main/e/ed/", "package_name": "ed_1.15-1_amd64.deb", "product": "ed", "version": "1.15", diff --git a/test/test_data/elfutils.py b/test/test_data/elfutils.py index 797874c0d4..7870e3db55 100644 --- a/test/test_data/elfutils.py +++ b/test/test_data/elfutils.py @@ -19,13 +19,13 @@ "version": "0.187", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/elfutils/", + "url": "http://ftp.debian.org/debian/pool/main/e/elfutils/", "package_name": "elfutils_0.159-4.2_amd64.deb", "product": "elfutils", "version": "0.159", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/elfutils/", + "url": "http://ftp.debian.org/debian/pool/main/e/elfutils/", "package_name": "elfutils_0.159-4.2_armel.deb", "product": "elfutils", "version": "0.159", diff --git a/test/test_data/exfatprogs.py b/test/test_data/exfatprogs.py index c005e37e6f..1d09b90a3b 100644 --- a/test/test_data/exfatprogs.py +++ b/test/test_data/exfatprogs.py @@ -16,7 +16,7 @@ "version": "1.2.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/e/exfatprogs/", + "url": "http://ftp.debian.org/debian/pool/main/e/exfatprogs/", "package_name": "exfatprogs_1.1.0-1_amd64.deb", "product": "exfatprogs", "version": "1.1.0", diff --git a/test/test_data/f2fs_tools.py b/test/test_data/f2fs_tools.py index 3568d1c451..b7ece93dcf 100644 --- a/test/test_data/f2fs_tools.py +++ b/test/test_data/f2fs_tools.py @@ -21,13 +21,13 @@ "version": "1.15.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/f2fs-tools/", + "url": "http://ftp.debian.org/debian/pool/main/f/f2fs-tools/", "package_name": "f2fs-tools_1.4.0-2_amd64.deb", "product": "f2fs-tools", "version": "1.4.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/f2fs-tools/", + "url": "http://ftp.debian.org/debian/pool/main/f/f2fs-tools/", "package_name": "f2fs-tools_1.15.0-1_amd64.deb", "product": "f2fs-tools", "version": "1.15.0", diff --git a/test/test_data/faad2.py b/test/test_data/faad2.py index 86ea85550f..8c25cb887b 100644 --- a/test/test_data/faad2.py +++ b/test/test_data/faad2.py @@ -25,7 +25,7 @@ "version": "2.10.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/faad2/", + "url": "http://ftp.debian.org/debian/pool/main/f/faad2/", "package_name": "libfaad2_2.10.0-1_amd64.deb", "product": "freeware_advanced_audio_decoder_2", "version": "2.10.0", diff --git a/test/test_data/fastd.py b/test/test_data/fastd.py index bd5fabd782..06629b8cb8 100644 --- a/test/test_data/fastd.py +++ b/test/test_data/fastd.py @@ -18,13 +18,13 @@ "version": "22", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fastd/", + "url": "http://ftp.debian.org/debian/pool/main/f/fastd/", "package_name": "fastd_18-2+b1_amd64.deb", "product": "fastd", "version": "18", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fastd/", + "url": "http://ftp.debian.org/debian/pool/main/f/fastd/", "package_name": "fastd_18-2+b1_arm64.deb", "product": "fastd", "version": "18", diff --git a/test/test_data/ffmpeg.py b/test/test_data/ffmpeg.py index fcff6cd8a5..9300de70e6 100644 --- a/test/test_data/ffmpeg.py +++ b/test/test_data/ffmpeg.py @@ -37,7 +37,7 @@ "version": "4.3.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/ffmpeg/", + "url": "http://ftp.debian.org/debian/pool/main/f/ffmpeg/", "package_name": "ffmpeg_3.2.14-1~deb9u1_amd64.deb", "product": "ffmpeg", "version": "3.2.14", diff --git a/test/test_data/file.py b/test/test_data/file.py index 34df1faa66..3a24d7a7a1 100644 --- a/test/test_data/file.py +++ b/test/test_data/file.py @@ -23,13 +23,13 @@ "version": "5.43", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/file/", + "url": "http://ftp.debian.org/debian/pool/main/f/file/", "package_name": "file_5.22+15-2+deb8u4_amd64.deb", "product": "file", "version": "5.22", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/file/", + "url": "http://ftp.debian.org/debian/pool/main/f/file/", "package_name": "file_5.22+15-2+deb8u4_armel.deb", "product": "file", "version": "5.22", diff --git a/test/test_data/firefox.py b/test/test_data/firefox.py index 737a3bb99c..1a8368aeeb 100644 --- a/test/test_data/firefox.py +++ b/test/test_data/firefox.py @@ -24,7 +24,7 @@ ], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/firefox/", + "url": "http://ftp.debian.org/debian/pool/main/f/firefox/", "package_name": "firefox_83.0-1_mipsel.deb", "product": "firefox", "version": "83.0", diff --git a/test/test_data/flac.py b/test/test_data/flac.py index 4dead22efa..d29437dee7 100644 --- a/test/test_data/flac.py +++ b/test/test_data/flac.py @@ -17,7 +17,7 @@ "version": "1.4.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/flac/", + "url": "http://ftp.debian.org/debian/pool/main/f/flac/", "package_name": "libflac8_1.3.0-3_amd64.deb", "product": "flac", "version": "1.3.0", diff --git a/test/test_data/fluidsynth.py b/test/test_data/fluidsynth.py index 41c843c8de..5b71ec0743 100644 --- a/test/test_data/fluidsynth.py +++ b/test/test_data/fluidsynth.py @@ -26,13 +26,13 @@ "version": "2.3.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fluidsynth/", + "url": "http://ftp.debian.org/debian/pool/main/f/fluidsynth/", "package_name": "fluidsynth_1.1.11-1+deb10u1_amd64.deb", "product": "fluidsynth", "version": "1.1.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fluidsynth/", + "url": "http://ftp.debian.org/debian/pool/main/f/fluidsynth/", "package_name": "libfluidsynth1_1.1.11-1+deb10u1_arm64.deb", "product": "fluidsynth", "version": "1.1.11", diff --git a/test/test_data/freerdp.py b/test/test_data/freerdp.py index 1c65d2223b..60eba373a3 100644 --- a/test/test_data/freerdp.py +++ b/test/test_data/freerdp.py @@ -13,7 +13,7 @@ "version": "2.8.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/freerdp2/", + "url": "http://ftp.debian.org/debian/pool/main/f/freerdp2/", "package_name": "libfreerdp-client2-2_2.0.0~git20190204.1.2693389a%2Bdfsg1-1~bpo9%2B1_amd64.deb", "product": "freerdp", "version": "2.0.0", diff --git a/test/test_data/fribidi.py b/test/test_data/fribidi.py index d7eb3396c5..fdd14f6b41 100644 --- a/test/test_data/fribidi.py +++ b/test/test_data/fribidi.py @@ -17,13 +17,13 @@ "version": "0.10.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fribidi/", + "url": "http://ftp.debian.org/debian/pool/main/f/fribidi/", "package_name": "libfribidi0_0.19.6-3_amd64.deb", "product": "fribidi", "version": "0.19.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/fribidi/", + "url": "http://ftp.debian.org/debian/pool/main/f/fribidi/", "package_name": "libfribidi0_1.0.8-2.1_mips64el.deb", "product": "fribidi", "version": "1.0.8", diff --git a/test/test_data/frr.py b/test/test_data/frr.py index f1a3fc2791..2b83bbd637 100644 --- a/test/test_data/frr.py +++ b/test/test_data/frr.py @@ -21,7 +21,7 @@ "version": "8.4.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/f/frr/", + "url": "http://ftp.debian.org/debian/pool/main/f/frr/", "package_name": "frr_6.0.2-2+deb10u1_amd64.deb", "product": "free_range_routing", "version": "6.0.2", diff --git a/test/test_data/gdal.py b/test/test_data/gdal.py index 74e4438f35..54052b24fe 100644 --- a/test/test_data/gdal.py +++ b/test/test_data/gdal.py @@ -12,7 +12,7 @@ "version": "3.7.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdal/", + "url": "http://ftp.debian.org/debian/pool/main/g/gdal/", "package_name": "libgdal20_2.4.0+dfsg-1+b1_amd64.deb", "product": "gdal", "version": "2.4.0", diff --git a/test/test_data/gdb.py b/test/test_data/gdb.py index b150527f36..b220cb4077 100644 --- a/test/test_data/gdb.py +++ b/test/test_data/gdb.py @@ -13,13 +13,13 @@ "version": "12.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdb/", + "url": "http://ftp.debian.org/debian/pool/main/g/gdb/", "package_name": "gdb_7.12-6_amd64.deb", "product": "gdb", "version": "7.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdb/", + "url": "http://ftp.debian.org/debian/pool/main/g/gdb/", "package_name": "gdb_8.2.1-2+b3_mips64el.deb", "product": "gdb", "version": "8.2.1", diff --git a/test/test_data/gdk_pixbuf.py b/test/test_data/gdk_pixbuf.py index c05a68ec9d..2918ec0e45 100644 --- a/test/test_data/gdk_pixbuf.py +++ b/test/test_data/gdk_pixbuf.py @@ -16,7 +16,7 @@ "version": "2.42.10", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gdk-pixbuf/", + "url": "http://ftp.debian.org/debian/pool/main/g/gdk-pixbuf/", "package_name": "libgdk-pixbuf2.0-0_2.38.1+dfsg-1_amd64.deb", "product": "gdk-pixbuf", "version": "2.38.1", diff --git a/test/test_data/ghostscript.py b/test/test_data/ghostscript.py index a91aab916b..ff391233ed 100644 --- a/test/test_data/ghostscript.py +++ b/test/test_data/ghostscript.py @@ -15,7 +15,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/ghostscript/", + "url": "http://ftp.debian.org/debian/pool/main/g/ghostscript/", "package_name": "libgs9_9.27~dfsg-2+deb10u5_amd64.deb", "product": "ghostscript", "version": "9.27", diff --git a/test/test_data/git.py b/test/test_data/git.py index e441a70bf3..f068b018b9 100644 --- a/test/test_data/git.py +++ b/test/test_data/git.py @@ -13,7 +13,7 @@ "version": "1.8.5.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/git/", + "url": "http://ftp.debian.org/debian/pool/main/g/git/", "package_name": "git_2.1.4-2.1+deb8u6_amd64.deb", "product": "git", "version": "2.1.4", diff --git a/test/test_data/glib.py b/test/test_data/glib.py index af78ea8918..240fdd5789 100644 --- a/test/test_data/glib.py +++ b/test/test_data/glib.py @@ -19,7 +19,7 @@ "version": "2.74.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/glib2.0/", + "url": "http://ftp.debian.org/debian/pool/main/g/glib2.0/", "package_name": "libglib2.0-0_2.50.3-2+deb9u2_arm64.deb", "product": "glib", "version": "2.50.3", diff --git a/test/test_data/glibc.py b/test/test_data/glibc.py index 286a599e6a..41ec7ff28a 100644 --- a/test/test_data/glibc.py +++ b/test/test_data/glibc.py @@ -29,13 +29,13 @@ "other_products": ["gcc"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/glibc/", + "url": "http://ftp.debian.org/debian/pool/main/g/glibc/", "package_name": "libc-bin_2.19-18+deb8u10_amd64.deb", "product": "glibc", "version": "2.19", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/glibc/", + "url": "http://ftp.debian.org/debian/pool/main/g/glibc/", "package_name": "libc6-amd64_2.24-11+deb9u4_i386.deb", "product": "glibc", "version": "2.24", diff --git a/test/test_data/gmp.py b/test/test_data/gmp.py index ea4d5e425b..2379660add 100644 --- a/test/test_data/gmp.py +++ b/test/test_data/gmp.py @@ -29,13 +29,13 @@ "version": "6.2.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gmp/", + "url": "http://ftp.debian.org/debian/pool/main/g/gmp/", "package_name": "libgmp10_6.0.0+dfsg-6_amd64.deb", "product": "gmp", "version": "6.0.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gmp/", + "url": "http://ftp.debian.org/debian/pool/main/g/gmp/", "package_name": "libgmp10_6.2.1+dfsg-1+deb11u1_mipsel.deb", "product": "gmp", "version": "6.2.1", diff --git a/test/test_data/go.py b/test/test_data/go.py index 1264cb8ff0..689f282dc5 100644 --- a/test/test_data/go.py +++ b/test/test_data/go.py @@ -6,7 +6,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/golang-1.11/", + "url": "http://ftp.debian.org/debian/pool/main/g/golang-1.11/", "package_name": "golang-1.11-go_1.11.6-1+deb10u4_amd64.deb", "product": "go", "version": "1.11.6", diff --git a/test/test_data/gpsd.py b/test/test_data/gpsd.py index b6af87ecb8..ad42142b05 100644 --- a/test/test_data/gpsd.py +++ b/test/test_data/gpsd.py @@ -18,13 +18,13 @@ "version": "3.24", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gpsd/", + "url": "http://ftp.debian.org/debian/pool/main/g/gpsd/", "package_name": "gpsd_3.11-3_amd64.deb", "product": "gpsd", "version": "3.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gpsd/", + "url": "http://ftp.debian.org/debian/pool/main/g/gpsd/", "package_name": "gpsd_3.11-3_armel.deb", "product": "gpsd", "version": "3.11", diff --git a/test/test_data/grep.py b/test/test_data/grep.py index f0a7eaa15b..68eaadc6bd 100644 --- a/test/test_data/grep.py +++ b/test/test_data/grep.py @@ -13,7 +13,7 @@ "version": "3.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/grep/", + "url": "http://ftp.debian.org/debian/pool/main/g/grep/", "package_name": "grep_3.3-1_amd64.deb", "product": "grep", "version": "3.3", diff --git a/test/test_data/grub2.py b/test/test_data/grub2.py index 05e51c7bc0..7684d3ace8 100644 --- a/test/test_data/grub2.py +++ b/test/test_data/grub2.py @@ -20,13 +20,13 @@ "other_products": ["zstandard"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/grub2/", + "url": "http://ftp.debian.org/debian/pool/main/g/grub2/", "package_name": "grub-common_2.02+dfsg1-20+deb10u1_amd64.deb", "product": "grub2", "version": "2.02", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/grub2/", + "url": "http://ftp.debian.org/debian/pool/main/g/grub2/", "package_name": "grub-common_2.02+dfsg1-20+deb10u1_arm64.deb", "product": "grub2", "version": "2.02", diff --git a/test/test_data/gstreamer.py b/test/test_data/gstreamer.py index ec26826bc1..77e0fd319d 100644 --- a/test/test_data/gstreamer.py +++ b/test/test_data/gstreamer.py @@ -21,7 +21,7 @@ "version": "0.10.36", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gstreamer1.0/", + "url": "http://ftp.debian.org/debian/pool/main/g/gstreamer1.0/", "package_name": "libgstreamer1.0-0_1.10.4-1_amd64.deb", "product": "gstreamer", "version": "1.10.4", diff --git a/test/test_data/gvfs.py b/test/test_data/gvfs.py index 7bce403192..c79671c0f2 100644 --- a/test/test_data/gvfs.py +++ b/test/test_data/gvfs.py @@ -19,13 +19,13 @@ "version": "1.50.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gvfs/", + "url": "http://ftp.debian.org/debian/pool/main/g/gvfs/", "package_name": "gvfs-backends_1.22.2-1_amd64.deb", "product": "gvfs", "version": "1.22.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gvfs/", + "url": "http://ftp.debian.org/debian/pool/main/g/gvfs/", "package_name": "gvfs-backends_1.22.2-1_armel.deb", "product": "gvfs", "version": "1.22.2", diff --git a/test/test_data/gzip.py b/test/test_data/gzip.py index bed87b1512..076b721e6e 100644 --- a/test/test_data/gzip.py +++ b/test/test_data/gzip.py @@ -21,7 +21,7 @@ "version": "1.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/g/gzip/", + "url": "http://ftp.debian.org/debian/pool/main/g/gzip/", "package_name": "gzip_1.9-3+deb10u1_amd64.deb", "product": "gzip", "version": "1.9", diff --git a/test/test_data/harfbuzz.py b/test/test_data/harfbuzz.py index a372d162d0..3111fcaff9 100644 --- a/test/test_data/harfbuzz.py +++ b/test/test_data/harfbuzz.py @@ -23,19 +23,19 @@ "version": "7.0.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/", + "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/", "package_name": "libharfbuzz0b_0.9.35-2_amd64.deb", "product": "harfbuzz", "version": "0.9.35", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/", + "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/", "package_name": "libharfbuzz-bin_1.4.2-1_amd64.deb", "product": "harfbuzz", "version": "1.4.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/harfbuzz/", + "url": "http://ftp.debian.org/debian/pool/main/h/harfbuzz/", "package_name": "libharfbuzz0b_6.0.0+dfsg-3_amd64.deb", "product": "harfbuzz", "version": "6.0.0", diff --git a/test/test_data/haserl.py b/test/test_data/haserl.py index 3d4f9feeeb..79cef24223 100644 --- a/test/test_data/haserl.py +++ b/test/test_data/haserl.py @@ -22,13 +22,13 @@ "version": "0.9.36", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/haserl/", + "url": "http://ftp.debian.org/debian/pool/main/h/haserl/", "package_name": "haserl_0.9.33-1_amd64.deb", "product": "haserl", "version": "0.9.33", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/haserl/", + "url": "http://ftp.debian.org/debian/pool/main/h/haserl/", "package_name": "haserl_0.9.33-1_armel.deb", "product": "haserl", "version": "0.9.33", diff --git a/test/test_data/heimdal.py b/test/test_data/heimdal.py index 936089f05c..47dc24502e 100644 --- a/test/test_data/heimdal.py +++ b/test/test_data/heimdal.py @@ -12,7 +12,7 @@ "version": "7.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/heimdal/", + "url": "http://ftp.debian.org/debian/pool/main/h/heimdal/", "package_name": "libkrb5-26-heimdal_7.5.0+dfsg-3_amd64.deb", "product": "heimdal", "version": "7.5.0", diff --git a/test/test_data/hwloc.py b/test/test_data/hwloc.py index 4a145e7220..6473a23961 100644 --- a/test/test_data/hwloc.py +++ b/test/test_data/hwloc.py @@ -12,7 +12,7 @@ "version": "2.9.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/hwloc/", + "url": "http://ftp.debian.org/debian/pool/main/h/hwloc/", "package_name": "libhwloc15_2.4.1+dfsg-1_amd64.deb", "product": "hwloc", "version": "2.4.1", diff --git a/test/test_data/i2pd.py b/test/test_data/i2pd.py index 00d65cdd3b..3daf1650c9 100644 --- a/test/test_data/i2pd.py +++ b/test/test_data/i2pd.py @@ -19,13 +19,13 @@ "version": "2.42.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/i2pd/", + "url": "http://ftp.debian.org/debian/pool/main/i/i2pd/", "package_name": "i2pd_2.23.0-1_amd64.deb", "product": "i2pd", "version": "2.23.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/i2pd/", + "url": "http://ftp.debian.org/debian/pool/main/i/i2pd/", "package_name": "i2pd_2.23.0-1_arm64.deb", "product": "i2pd", "version": "2.23.0", diff --git a/test/test_data/icecast.py b/test/test_data/icecast.py index 161c98a47c..54ecfd4e5e 100644 --- a/test/test_data/icecast.py +++ b/test/test_data/icecast.py @@ -22,7 +22,7 @@ "version": "2.4.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/icecast2/", + "url": "http://ftp.debian.org/debian/pool/main/i/icecast2/", "package_name": "icecast2_2.4.0-1.1+deb8u1_amd64.deb", "product": "icecast", "version": "2.4.0", diff --git a/test/test_data/iperf3.py b/test/test_data/iperf3.py index 058411f527..59f7556c5a 100644 --- a/test/test_data/iperf3.py +++ b/test/test_data/iperf3.py @@ -19,7 +19,7 @@ "version": "3.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/iperf3/", + "url": "http://ftp.debian.org/debian/pool/main/i/iperf3/", "package_name": "libiperf0_3.0.7-1_amd64.deb", "product": "iperf3", "version": "3.0.7", diff --git a/test/test_data/ipmitool.py b/test/test_data/ipmitool.py index 63df29b338..adc5ea240d 100644 --- a/test/test_data/ipmitool.py +++ b/test/test_data/ipmitool.py @@ -16,7 +16,7 @@ "version": "1.8.19", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/ipmitool/", + "url": "http://ftp.debian.org/debian/pool/main/i/ipmitool/", "package_name": "ipmitool_1.8.14-4_amd64.deb", "product": "ipmitool", "version": "1.8.14", diff --git a/test/test_data/ipsec_tools.py b/test/test_data/ipsec_tools.py index 1972e67492..3eb7a04bb9 100644 --- a/test/test_data/ipsec_tools.py +++ b/test/test_data/ipsec_tools.py @@ -16,7 +16,7 @@ "version": "0.8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/ipsec-tools/", + "url": "http://ftp.debian.org/debian/pool/main/i/ipsec-tools/", "package_name": "ipsec-tools_0.8.2+20140711-2+deb8u1_amd64.deb", "product": "ipsec-tools", "version": "0.8.2", diff --git a/test/test_data/iptables.py b/test/test_data/iptables.py index 7afc447f65..b2bfae518a 100644 --- a/test/test_data/iptables.py +++ b/test/test_data/iptables.py @@ -40,13 +40,13 @@ "version": "1.8.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/iptables/", + "url": "http://ftp.debian.org/debian/pool/main/i/iptables/", "package_name": "iptables-nftables-compat_1.6.2-1.1~bpo9+1_i386.deb", "product": "iptables", "version": "1.6.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/iptables/", + "url": "http://ftp.debian.org/debian/pool/main/i/iptables/", "package_name": "iptables-nftables-compat_1.6.2-1.1~bpo9+1_mips.deb", "product": "iptables", "version": "1.6.2", diff --git a/test/test_data/iucode_tool.py b/test/test_data/iucode_tool.py index cd56997080..5857d2a86a 100644 --- a/test/test_data/iucode_tool.py +++ b/test/test_data/iucode_tool.py @@ -22,13 +22,13 @@ "version": "2.3.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/contrib/i/iucode-tool/", + "url": "http://ftp.debian.org/debian/pool/contrib/i/iucode-tool/", "package_name": "iucode-tool_1.1.1-1_amd64.deb", "product": "iucode-tool", "version": "1.1.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/contrib/i/iucode-tool/", + "url": "http://ftp.debian.org/debian/pool/contrib/i/iucode-tool/", "package_name": "iucode-tool_1.1.1-1_i386.deb", "product": "iucode-tool", "version": "1.1.1", diff --git a/test/test_data/iwd.py b/test/test_data/iwd.py index 43806d4c80..3f5b58102d 100644 --- a/test/test_data/iwd.py +++ b/test/test_data/iwd.py @@ -21,7 +21,7 @@ "version": "2.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/i/iwd/", + "url": "http://ftp.debian.org/debian/pool/main/i/iwd/", "package_name": "iwd_0.14-2_amd64.deb", "product": "inet_wireless_daemon", "version": "0.14", diff --git a/test/test_data/jack2.py b/test/test_data/jack2.py index d28663e211..5ca9ea957f 100644 --- a/test/test_data/jack2.py +++ b/test/test_data/jack2.py @@ -18,7 +18,7 @@ "version": "1.9.21", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jackd2/", + "url": "http://ftp.debian.org/debian/pool/main/j/jackd2/", "package_name": "jackd2_1.9.12~dfsg-2_amd64.deb", "product": "jack2", "version": "1.9.12", diff --git a/test/test_data/janus.py b/test/test_data/janus.py index 472b585a61..82c4fbfe9e 100644 --- a/test/test_data/janus.py +++ b/test/test_data/janus.py @@ -23,7 +23,7 @@ "version": "1.1.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/janus/", + "url": "http://ftp.debian.org/debian/pool/main/j/janus/", "package_name": "janus_0.9.2-1~bpo10+1_amd64.deb", "product": "janus", "version": "0.9.2", diff --git a/test/test_data/jhead.py b/test/test_data/jhead.py index c301b96aa2..93c77a67d1 100644 --- a/test/test_data/jhead.py +++ b/test/test_data/jhead.py @@ -12,13 +12,13 @@ "version": "3.04", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jhead/", + "url": "http://ftp.debian.org/debian/pool/main/j/jhead/", "package_name": "jhead_2.97-1+deb8u1_amd64.deb", "product": "jhead", "version": "2.97", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jhead/", + "url": "http://ftp.debian.org/debian/pool/main/j/jhead/", "package_name": "jhead_2.97-1+deb8u1_armel.deb", "product": "jhead", "version": "2.97", diff --git a/test/test_data/jq.py b/test/test_data/jq.py index 9baf6ccfa9..b54d9c5526 100644 --- a/test/test_data/jq.py +++ b/test/test_data/jq.py @@ -13,13 +13,13 @@ "version": "1.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/", + "url": "http://ftp.debian.org/debian/pool/main/j/jq/", "package_name": "jq_1.5+dfsg-2+b1_amd64.deb", "product": "jq", "version": "1.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/jq/", + "url": "http://ftp.debian.org/debian/pool/main/j/jq/", "package_name": "jq_1.7.1-3_arm64.deb", "product": "jq", "version": "1.7.1", diff --git a/test/test_data/json_c.py b/test/test_data/json_c.py index 9236e8c31e..f0ca525802 100644 --- a/test/test_data/json_c.py +++ b/test/test_data/json_c.py @@ -26,13 +26,13 @@ "version": "0.16", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/json-c/", + "url": "http://ftp.debian.org/debian/pool/main/j/json-c/", "package_name": "libjson-c5_0.15-2_amd64.deb", "product": "json-c", "version": "0.15", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/j/json-c/", + "url": "http://ftp.debian.org/debian/pool/main/j/json-c/", "package_name": "libjson-c3_0.12.1-1.1_ppc64el.deb", "product": "json-c", "version": "0.12.1", diff --git a/test/test_data/keepalived.py b/test/test_data/keepalived.py index ad31d9e604..402d8d9e03 100644 --- a/test/test_data/keepalived.py +++ b/test/test_data/keepalived.py @@ -22,13 +22,13 @@ "version": "2.2.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/keepalived/", + "url": "http://ftp.debian.org/debian/pool/main/k/keepalived/", "package_name": "keepalived_1.2.13-1_amd64.deb", "product": "keepalived", "version": "1.2.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/keepalived/", + "url": "http://ftp.debian.org/debian/pool/main/k/keepalived/", "package_name": "keepalived_1.2.13-1_armel.deb", "product": "keepalived", "version": "1.2.13", diff --git a/test/test_data/kerberos.py b/test/test_data/kerberos.py index b629c0d465..6686ee258f 100644 --- a/test/test_data/kerberos.py +++ b/test/test_data/kerberos.py @@ -29,7 +29,7 @@ "version": "1.15.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/krb5/", + "url": "http://ftp.debian.org/debian/pool/main/k/krb5/", "package_name": "libkrb5-3_1.12.1+dfsg-19+deb8u4_amd64.deb", "product": "kerberos_5", "version": "1.12.1", diff --git a/test/test_data/kodi.py b/test/test_data/kodi.py index bf0c1f8273..cdd214cca1 100644 --- a/test/test_data/kodi.py +++ b/test/test_data/kodi.py @@ -13,7 +13,7 @@ "version": "20.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/kodi/", + "url": "http://ftp.debian.org/debian/pool/main/k/kodi/", "package_name": "kodi-bin_17.1+dfsg1-3_amd64.deb", "product": "kodi", "version": "17.1", diff --git a/test/test_data/kubernetes.py b/test/test_data/kubernetes.py index eff9776d36..49c3e39d65 100644 --- a/test/test_data/kubernetes.py +++ b/test/test_data/kubernetes.py @@ -17,7 +17,7 @@ "other_products": ["go"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/k/kubernetes/", + "url": "http://ftp.debian.org/debian/pool/main/k/kubernetes/", "package_name": "kubernetes-client_1.20.5+really1.20.2-1_amd64.deb", "product": "kubernetes", "version": "1.20.5", diff --git a/test/test_data/ldns.py b/test/test_data/ldns.py index a4f6f49f69..4be609453e 100644 --- a/test/test_data/ldns.py +++ b/test/test_data/ldns.py @@ -16,7 +16,7 @@ "version": "1.8.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/ldns/", + "url": "http://ftp.debian.org/debian/pool/main/l/ldns/", "package_name": "libldns2_1.7.0-4_amd64.deb", "product": "ldns", "version": "1.7.0", diff --git a/test/test_data/lftp.py b/test/test_data/lftp.py index d53f17f37a..3a2e496e39 100644 --- a/test/test_data/lftp.py +++ b/test/test_data/lftp.py @@ -18,13 +18,13 @@ "version": "4.9.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lftp/", + "url": "http://ftp.debian.org/debian/pool/main/l/lftp/", "package_name": "lftp_4.6.0-1+deb8u1_amd64.deb", "product": "lftp", "version": "4.6.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lftp/", + "url": "http://ftp.debian.org/debian/pool/main/l/lftp/", "package_name": "lftp_4.6.0-1+deb8u1_armel.deb", "product": "lftp", "version": "4.6.0", diff --git a/test/test_data/libass.py b/test/test_data/libass.py index 0f54ef80c6..c880d95085 100644 --- a/test/test_data/libass.py +++ b/test/test_data/libass.py @@ -18,7 +18,7 @@ "version": "0.16.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/liba/libass/", + "url": "http://ftp.debian.org/debian/pool/main/liba/libass/", "package_name": "libass9_0.16.0-1_amd64.deb", "product": "libass", "version": "0.16.0", diff --git a/test/test_data/libcoap.py b/test/test_data/libcoap.py index 7896d46405..fc4b4833b6 100644 --- a/test/test_data/libcoap.py +++ b/test/test_data/libcoap.py @@ -12,13 +12,13 @@ "version": "4.3.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libcoap/", + "url": "http://ftp.debian.org/debian/pool/main/libc/libcoap/", "package_name": "libcoap-1-0_4.1.2-1_amd64.deb", "product": "libcoap", "version": "4.1.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libcoap3/", + "url": "http://ftp.debian.org/debian/pool/main/libc/libcoap3/", "package_name": "libcoap3_4.3.1-1_amd64.deb", "product": "libcoap", "version": "4.3.1", diff --git a/test/test_data/libconfuse.py b/test/test_data/libconfuse.py index 232d92036d..d7a37938d7 100644 --- a/test/test_data/libconfuse.py +++ b/test/test_data/libconfuse.py @@ -18,7 +18,7 @@ "version": "3.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libc/libconfuse/", + "url": "http://ftp.debian.org/debian/pool/main/libc/libconfuse/", "package_name": "libconfuse2_3.3-2_arm64.deb", "product": "libconfuse", "version": "3.3", diff --git a/test/test_data/libde265.py b/test/test_data/libde265.py index 5246bacf22..eb37dc4ae7 100644 --- a/test/test_data/libde265.py +++ b/test/test_data/libde265.py @@ -12,7 +12,7 @@ "version": "1.0.14", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libd/libde265/", + "url": "http://ftp.debian.org/debian/pool/main/libd/libde265/", "package_name": "libde265-0_1.0.3-1+b1_amd64.deb", "product": "libde265", "version": "1.0.3", diff --git a/test/test_data/libevent.py b/test/test_data/libevent.py index ae0f6ebe95..57c14e7071 100644 --- a/test/test_data/libevent.py +++ b/test/test_data/libevent.py @@ -16,7 +16,7 @@ "version": "2.1.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libe/libevent/", + "url": "http://ftp.debian.org/debian/pool/main/libe/libevent/", "package_name": "libevent-2.0-5_2.0.21-stable-3_amd64.deb", "product": "libevent", "version": "2.0.21", diff --git a/test/test_data/libgd.py b/test/test_data/libgd.py index 9593100e96..62edff4c58 100644 --- a/test/test_data/libgd.py +++ b/test/test_data/libgd.py @@ -16,7 +16,7 @@ "version": "2.3.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgd2/", + "url": "http://ftp.debian.org/debian/pool/main/libg/libgd2/", "package_name": "libgd3_2.2.5-5.2_amd64.deb", "product": "libgd", "version": "2.2.5", diff --git a/test/test_data/libgit2.py b/test/test_data/libgit2.py index 9c81a4e8e6..ad55698702 100644 --- a/test/test_data/libgit2.py +++ b/test/test_data/libgit2.py @@ -18,13 +18,13 @@ "version": "1.5.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgit2/", + "url": "http://ftp.debian.org/debian/pool/main/libg/libgit2/", "package_name": "libgit2-1.1_1.1.0+dfsg.1-4.1+b1_amd64.deb", "product": "libgit2", "version": "1.1.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libg/libgit2/", + "url": "http://ftp.debian.org/debian/pool/main/libg/libgit2/", "package_name": "libgit2-1.1_1.1.0+dfsg.1-4.1+b1_arm64.deb", "product": "libgit2", "version": "1.1.0", diff --git a/test/test_data/libheif.py b/test/test_data/libheif.py index 510315a53f..7a5b329adc 100644 --- a/test/test_data/libheif.py +++ b/test/test_data/libheif.py @@ -12,7 +12,7 @@ "version": "1.17.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libh/libheif/", + "url": "http://ftp.debian.org/debian/pool/main/libh/libheif/", "package_name": "libheif1_1.3.2-2~deb10u1_amd64.deb", "product": "libheif", "version": "1.3.2", diff --git a/test/test_data/libidn2.py b/test/test_data/libidn2.py index 786c087f0e..cb84e6e6db 100644 --- a/test/test_data/libidn2.py +++ b/test/test_data/libidn2.py @@ -32,13 +32,13 @@ "version": "2.3.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libidn2/", + "url": "http://ftp.debian.org/debian/pool/main/libi/libidn2/", "package_name": "libidn2-0_2.0.5-1+deb10u1_amd64.deb", "product": "libidn2", "version": "2.0.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libidn2/", + "url": "http://ftp.debian.org/debian/pool/main/libi/libidn2/", "package_name": "libidn2-0_2.3.0-5_mips64el.deb", "product": "libidn2", "version": "2.3.0", diff --git a/test/test_data/libinput.py b/test/test_data/libinput.py index 5a23ed492f..5111aacce5 100644 --- a/test/test_data/libinput.py +++ b/test/test_data/libinput.py @@ -22,7 +22,7 @@ "version": "1.21.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libi/libinput/", + "url": "http://ftp.debian.org/debian/pool/main/libi/libinput/", "package_name": "libinput10_1.12.6-2+deb10u1_arm64.deb", "product": "libinput", "version": "1.12.6", diff --git a/test/test_data/libjpeg.py b/test/test_data/libjpeg.py index c749a8fe0c..b3a71f6680 100644 --- a/test/test_data/libjpeg.py +++ b/test/test_data/libjpeg.py @@ -6,7 +6,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/libj/libjpeg9/", + "url": "http://ftp.debian.org/debian/pool/main/libj/libjpeg9/", "package_name": "libjpeg9_9d-1_amd64.deb", "product": "libjpeg", "version": "9d", diff --git a/test/test_data/libjpeg_turbo.py b/test/test_data/libjpeg_turbo.py index 2e5a94280b..cd72f73bce 100644 --- a/test/test_data/libjpeg_turbo.py +++ b/test/test_data/libjpeg_turbo.py @@ -20,7 +20,7 @@ "other_products": ["libjpeg"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libj/libjpeg-turbo/", + "url": "http://ftp.debian.org/debian/pool/main/libj/libjpeg-turbo/", "package_name": "libjpeg62-turbo_1.5.1-2_amd64.deb", "product": "libjpeg-turbo", "version": "1.5.1", diff --git a/test/test_data/libksba.py b/test/test_data/libksba.py index 389e82162a..8b96b5088f 100644 --- a/test/test_data/libksba.py +++ b/test/test_data/libksba.py @@ -12,7 +12,7 @@ "version": "1.6.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libk/libksba/", + "url": "http://ftp.debian.org/debian/pool/main/libk/libksba/", "package_name": "libksba8_1.5.0-3_amd64.deb", "product": "libksba", "version": "1.5.0", diff --git a/test/test_data/libmatroska.py b/test/test_data/libmatroska.py index 41d1fbc3ec..dc3fa07331 100644 --- a/test/test_data/libmatroska.py +++ b/test/test_data/libmatroska.py @@ -22,13 +22,13 @@ "version": "1.6.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmatroska/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmatroska/", "package_name": "libmatroska6_1.4.1-2+deb8u1_amd64.deb", "product": "libmatroska", "version": "1.4.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmatroska/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmatroska/", "package_name": "libmatroska6_1.4.1-2+deb8u1_armel.deb", "product": "libmatroska", "version": "1.4.1", diff --git a/test/test_data/libmemcached.py b/test/test_data/libmemcached.py index f26ba23c0f..69fed6c25d 100644 --- a/test/test_data/libmemcached.py +++ b/test/test_data/libmemcached.py @@ -21,13 +21,13 @@ "version": "1.0.18", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmemcached/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmemcached/", "package_name": "libmemcached11_1.0.18-4.1_amd64.deb", "product": "libmemcached", "version": "1.0.18", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmemcached/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmemcached/", "package_name": "libmemcached11_1.1.4-1_arm64.deb", "product": "libmemcached", "version": "1.1.4", diff --git a/test/test_data/libmicrohttpd.py b/test/test_data/libmicrohttpd.py index afe092c86e..4bf31ee5f9 100644 --- a/test/test_data/libmicrohttpd.py +++ b/test/test_data/libmicrohttpd.py @@ -16,7 +16,7 @@ "version": "0.9.76", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmicrohttpd/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmicrohttpd/", "package_name": "libmicrohttpd12_0.9.62-1_amd64.deb", "product": "libmicrohttpd", "version": "0.9.62", diff --git a/test/test_data/libmodbus.py b/test/test_data/libmodbus.py index 8c3a2c0f52..9b9615f543 100644 --- a/test/test_data/libmodbus.py +++ b/test/test_data/libmodbus.py @@ -12,7 +12,7 @@ "version": "3.1.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libm/libmodbus/", + "url": "http://ftp.debian.org/debian/pool/main/libm/libmodbus/", "package_name": "libmodbus5_3.1.4-2+deb10u1_amd64.deb", "product": "libmodbus", "version": "3.1.4", diff --git a/test/test_data/libopenmpt.py b/test/test_data/libopenmpt.py index c407d6734f..776966e908 100644 --- a/test/test_data/libopenmpt.py +++ b/test/test_data/libopenmpt.py @@ -16,7 +16,7 @@ "version": "0.7.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libo/libopenmpt/", + "url": "http://ftp.debian.org/debian/pool/main/libo/libopenmpt/", "package_name": "libopenmpt0_0.4.3-1+deb10u1_amd64.deb", "product": "libopenmpt", "version": "0.4.3", diff --git a/test/test_data/libpcap.py b/test/test_data/libpcap.py index 1e3af4f380..a9dc5e0465 100644 --- a/test/test_data/libpcap.py +++ b/test/test_data/libpcap.py @@ -22,13 +22,13 @@ "version": "1.10.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpcap/", + "url": "http://ftp.debian.org/debian/pool/main/libp/libpcap/", "package_name": "libpcap0.8_1.10.0-2_amd64.deb", "product": "libpcap", "version": "1.10.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpcap/", + "url": "http://ftp.debian.org/debian/pool/main/libp/libpcap/", "package_name": "libpcap0.8_1.10.0-2_arm64.deb", "product": "libpcap", "version": "1.10.0", diff --git a/test/test_data/libraw.py b/test/test_data/libraw.py index bba00e8cd1..22af8af34f 100644 --- a/test/test_data/libraw.py +++ b/test/test_data/libraw.py @@ -31,13 +31,13 @@ "version": "0.20.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libr/libraw/", + "url": "http://ftp.debian.org/debian/pool/main/libr/libraw/", "package_name": "libraw10_0.16.0-9+deb8u3_armel.deb", "product": "libraw", "version": "0.16.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libr/libraw/", + "url": "http://ftp.debian.org/debian/pool/main/libr/libraw/", "package_name": "libraw20_0.20.2-2+b1_arm64.deb", "product": "libraw", "version": "0.20.2", diff --git a/test/test_data/librsync.py b/test/test_data/librsync.py index a5f8a03539..bc344bd3c3 100644 --- a/test/test_data/librsync.py +++ b/test/test_data/librsync.py @@ -18,13 +18,13 @@ "version": "2.3.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libr/librsync/", + "url": "http://ftp.debian.org/debian/pool/main/libr/librsync/", "package_name": "librsync1_0.9.7-10+b1_amd64.deb", "product": "librsync", "version": "0.9.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libr/librsync/", + "url": "http://ftp.debian.org/debian/pool/main/libr/librsync/", "package_name": "librsync1_0.9.7-10+b1_arm64.deb", "product": "librsync", "version": "0.9.7", diff --git a/test/test_data/libsamplerate.py b/test/test_data/libsamplerate.py index 74be72ad54..e4503534eb 100644 --- a/test/test_data/libsamplerate.py +++ b/test/test_data/libsamplerate.py @@ -22,13 +22,13 @@ "version": "0.2.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsamplerate/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libsamplerate/", "package_name": "libsamplerate0_0.1.8-8+b2_amd64.deb", "product": "libsamplerate", "version": "0.1.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsamplerate/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libsamplerate/", "package_name": "libsamplerate0_0.1.8-8+b2_arm64.deb", "product": "libsamplerate", "version": "0.1.8", diff --git a/test/test_data/libssh.py b/test/test_data/libssh.py index d4853ed13a..8c71de48b7 100644 --- a/test/test_data/libssh.py +++ b/test/test_data/libssh.py @@ -27,13 +27,13 @@ "version": "0.10.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libssh/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libssh/", "package_name": "libssh-4_0.10.4-2_amd64.deb", "product": "libssh", "version": "0.10.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libssh/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libssh/", "package_name": "libssh-4_0.10.4-2_arm64.deb", "product": "libssh", "version": "0.10.4", diff --git a/test/test_data/libtasn1.py b/test/test_data/libtasn1.py index 06156d2f17..fca0f286f9 100644 --- a/test/test_data/libtasn1.py +++ b/test/test_data/libtasn1.py @@ -16,7 +16,7 @@ "version": "4.19.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtasn1-6/", + "url": "http://ftp.debian.org/debian/pool/main/libt/libtasn1-6/", "package_name": "libtasn1-6_4.13-3_arm64.deb", "product": "libtasn1", "version": "4.13", diff --git a/test/test_data/libtiff.py b/test/test_data/libtiff.py index f8e07a8c90..6e078880ba 100644 --- a/test/test_data/libtiff.py +++ b/test/test_data/libtiff.py @@ -25,7 +25,7 @@ "version": "4.0.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tiff/", + "url": "http://ftp.debian.org/debian/pool/main/t/tiff/", "package_name": "libtiff5_4.2.0-1+deb11u4_amd64.deb", "product": "libtiff", "version": "4.2.0", diff --git a/test/test_data/libtomcrypt.py b/test/test_data/libtomcrypt.py index b428a71bf8..cf317b8e99 100644 --- a/test/test_data/libtomcrypt.py +++ b/test/test_data/libtomcrypt.py @@ -27,13 +27,13 @@ "version": "1.18.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtomcrypt/", + "url": "http://ftp.debian.org/debian/pool/main/libt/libtomcrypt/", "package_name": "libtomcrypt0_1.17-6_amd64.deb", "product": "libtomcrypt", "version": "1.17", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libt/libtomcrypt/", + "url": "http://ftp.debian.org/debian/pool/main/libt/libtomcrypt/", "package_name": "libtomcrypt0_1.17-6_armel.deb", "product": "libtomcrypt", "version": "1.17", diff --git a/test/test_data/libupnp.py b/test/test_data/libupnp.py index f2476905e1..b85f99ecc2 100644 --- a/test/test_data/libupnp.py +++ b/test/test_data/libupnp.py @@ -18,7 +18,7 @@ "version": "1.14.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pupnp-1.8/", + "url": "http://ftp.debian.org/debian/pool/main/p/pupnp-1.8/", "package_name": "libupnp-dev_1.8.4-2_amd64.deb", "product": "libupnp", "version": "1.8.4", diff --git a/test/test_data/libuv.py b/test/test_data/libuv.py index 32016f8ba7..104f9989fe 100644 --- a/test/test_data/libuv.py +++ b/test/test_data/libuv.py @@ -12,7 +12,7 @@ "version": "1.48.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libu/libuv1/", + "url": "http://ftp.debian.org/debian/pool/main/libu/libuv1/", "package_name": "libuv1_1.24.1-1+deb10u1_amd64.deb", "product": "libuv", "version": "1.24.1", diff --git a/test/test_data/libvips.py b/test/test_data/libvips.py index 2324a4ade9..bace09dbec 100644 --- a/test/test_data/libvips.py +++ b/test/test_data/libvips.py @@ -12,7 +12,7 @@ "version": "8.15.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vips/", + "url": "http://ftp.debian.org/debian/pool/main/v/vips/", "package_name": "libvips42_8.7.4-1%2Bdeb10u1_amd64.deb", "product": "libvips", "version": "8.7.4", diff --git a/test/test_data/libvirt.py b/test/test_data/libvirt.py index 7da24104b6..d831e31e5b 100644 --- a/test/test_data/libvirt.py +++ b/test/test_data/libvirt.py @@ -21,7 +21,7 @@ "version": "1.2.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvirt/", + "url": "http://ftp.debian.org/debian/pool/main/libv/libvirt/", "package_name": "libvirt0_1.2.9-9+deb8u5_amd64.deb", "product": "libvirt", "version": "1.2.9", diff --git a/test/test_data/libvorbis.py b/test/test_data/libvorbis.py index c0b8e3595d..1a77e5d6ea 100644 --- a/test/test_data/libvorbis.py +++ b/test/test_data/libvorbis.py @@ -18,13 +18,13 @@ "version": "1.3.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvorbis/", + "url": "http://ftp.debian.org/debian/pool/main/libv/libvorbis/", "package_name": "libvorbis0a_1.3.4-2+deb8u1_amd64.deb", "product": "libvorbis", "version": "1.3.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvorbis/", + "url": "http://ftp.debian.org/debian/pool/main/libv/libvorbis/", "package_name": "libvorbis0a_1.3.4-2+deb8u1_armel.deb", "product": "libvorbis", "version": "1.3.4", diff --git a/test/test_data/libvpx.py b/test/test_data/libvpx.py index 16be89b61e..6d31979be6 100644 --- a/test/test_data/libvpx.py +++ b/test/test_data/libvpx.py @@ -16,7 +16,7 @@ "version": "1.13.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libv/libvpx/", + "url": "http://ftp.debian.org/debian/pool/main/libv/libvpx/", "package_name": "libvpx5_1.7.0-3+deb10u1_amd64.deb", "product": "libvpx", "version": "1.7.0", diff --git a/test/test_data/libyaml.py b/test/test_data/libyaml.py index 21ee950e3a..41df08e6e1 100644 --- a/test/test_data/libyaml.py +++ b/test/test_data/libyaml.py @@ -12,7 +12,7 @@ "version": "0.2.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/liby/libyaml/", + "url": "http://ftp.debian.org/debian/pool/main/liby/libyaml/", "package_name": "libyaml-0-2_0.2.1-1_amd64.deb", "product": "libyaml", "version": "0.2.1", diff --git a/test/test_data/linux_kernel.py b/test/test_data/linux_kernel.py index 43e0ab2d3d..98f1951ade 100644 --- a/test/test_data/linux_kernel.py +++ b/test/test_data/linux_kernel.py @@ -23,13 +23,13 @@ "version": "2.6.18", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/linux/", + "url": "http://ftp.debian.org/debian/pool/main/l/linux/", "package_name": "linux-image-3.16.0-6-586_3.16.56-1+deb8u1_i386.deb", "product": "linux_kernel", "version": "3.16.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/linux/", + "url": "http://ftp.debian.org/debian/pool/main/l/linux/", "package_name": "linux-image-5.10.0-21-s390x_5.10.162-1_s390x.deb", "product": "linux_kernel", "version": "5.10.0", diff --git a/test/test_data/lldpd.py b/test/test_data/lldpd.py index 049d9105c6..c0bae85f19 100644 --- a/test/test_data/lldpd.py +++ b/test/test_data/lldpd.py @@ -18,13 +18,13 @@ "version": "1.0.15", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lldpd/", + "url": "http://ftp.debian.org/debian/pool/main/l/lldpd/", "package_name": "lldpd_0.7.11-2+deb8u1_amd64.deb", "product": "lldpd", "version": "0.7.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lldpd/", + "url": "http://ftp.debian.org/debian/pool/main/l/lldpd/", "package_name": "lldpd_0.7.11-2+deb8u1_armel.deb", "product": "lldpd", "version": "0.7.11", diff --git a/test/test_data/logrotate.py b/test/test_data/logrotate.py index 59f9aacf24..2332f40422 100644 --- a/test/test_data/logrotate.py +++ b/test/test_data/logrotate.py @@ -35,7 +35,7 @@ "version": "3.14.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/logrotate/", + "url": "http://ftp.debian.org/debian/pool/main/l/logrotate/", "package_name": "logrotate_3.11.0-0.1_amd64.deb", "product": "logrotate", "version": "3.11.0", diff --git a/test/test_data/lrzip.py b/test/test_data/lrzip.py index d1da3259ac..97e64d5056 100644 --- a/test/test_data/lrzip.py +++ b/test/test_data/lrzip.py @@ -21,7 +21,7 @@ "version": "0.651", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lrzip/", + "url": "http://ftp.debian.org/debian/pool/main/l/lrzip/", "package_name": "lrzip_0.631+git180528-1+deb10u1_amd64.deb", "product": "long_range_zip", "version": "0.631", diff --git a/test/test_data/lxc.py b/test/test_data/lxc.py index ed8cb6705d..15db01ea83 100644 --- a/test/test_data/lxc.py +++ b/test/test_data/lxc.py @@ -22,13 +22,13 @@ "version": "4.0.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lxc/", + "url": "http://ftp.debian.org/debian/pool/main/l/lxc/", "package_name": "liblxc-common_5.0.1-1+b1_amd64.deb", "product": "lxc", "version": "5.0.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lxc/", + "url": "http://ftp.debian.org/debian/pool/main/l/lxc/", "package_name": "liblxc-common_5.0.1-1+b1_arm64.deb", "product": "lxc", "version": "5.0.1", diff --git a/test/test_data/lynx.py b/test/test_data/lynx.py index a0dcc9ba50..0eb145ce2c 100644 --- a/test/test_data/lynx.py +++ b/test/test_data/lynx.py @@ -27,7 +27,7 @@ "version": "2.9.0dev.10", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lynx/", + "url": "http://ftp.debian.org/debian/pool/main/l/lynx/", "package_name": "lynx_2.8.9dev11-1_arm64.deb", "product": "lynx", "version": "2.8.9dev.11", diff --git a/test/test_data/lz4.py b/test/test_data/lz4.py index ffa081439e..7160e651d7 100644 --- a/test/test_data/lz4.py +++ b/test/test_data/lz4.py @@ -23,13 +23,13 @@ "version": "1.9.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lz4/", + "url": "http://ftp.debian.org/debian/pool/main/l/lz4/", "package_name": "liblz4-1_1.8.3-1+deb10u1_mips64el.deb", "product": "lz4", "version": "1.8.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/l/lz4/", + "url": "http://ftp.debian.org/debian/pool/main/l/lz4/", "package_name": "liblz4-1_1.9.3-2_amd64.deb", "product": "lz4", "version": "1.9.3", diff --git a/test/test_data/mailx.py b/test/test_data/mailx.py index dfd3bea195..2e7120f929 100644 --- a/test/test_data/mailx.py +++ b/test/test_data/mailx.py @@ -18,13 +18,13 @@ "version": "12.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/heirloom-mailx/", + "url": "http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/", "package_name": "heirloom-mailx_12.5-4_amd64.deb", "product": "mailx", "version": "12.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/h/heirloom-mailx/", + "url": "http://ftp.debian.org/debian/pool/main/h/heirloom-mailx/", "package_name": "heirloom-mailx_12.5-4_armel.deb", "product": "mailx", "version": "12.5", diff --git a/test/test_data/mbedtls.py b/test/test_data/mbedtls.py index ec68287a88..f7b38031f8 100644 --- a/test/test_data/mbedtls.py +++ b/test/test_data/mbedtls.py @@ -21,7 +21,7 @@ "version": "2.28.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mbedtls/", + "url": "http://ftp.debian.org/debian/pool/main/m/mbedtls/", "package_name": "libmbedcrypto3_2.16.0-1_amd64.deb", "product": "mbed_tls", "version": "2.16.0", diff --git a/test/test_data/mdadm.py b/test/test_data/mdadm.py index 869cd302c4..c209638a65 100644 --- a/test/test_data/mdadm.py +++ b/test/test_data/mdadm.py @@ -37,7 +37,7 @@ "version": "4.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mdadm/", + "url": "http://ftp.debian.org/debian/pool/main/m/mdadm/", "package_name": "mdadm_3.3.2-5+deb8u2_amd64.deb", "product": "mdadm", "version": "3.3.2", diff --git a/test/test_data/micropython.py b/test/test_data/micropython.py index 1da02800d3..4f65ac70b2 100644 --- a/test/test_data/micropython.py +++ b/test/test_data/micropython.py @@ -16,7 +16,7 @@ "version": "1.21.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/micropython/", + "url": "http://ftp.debian.org/debian/pool/main/m/micropython/", "package_name": "micropython_1.19.1+ds-1_amd64.deb", "product": "micropython", "version": "1.19.1", diff --git a/test/test_data/minetest.py b/test/test_data/minetest.py index 29ad423d33..0726f7112f 100644 --- a/test/test_data/minetest.py +++ b/test/test_data/minetest.py @@ -16,7 +16,7 @@ "version": "5.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minetest/", + "url": "http://ftp.debian.org/debian/pool/main/m/minetest/", "package_name": "minetest_0.4.17.1+repack-1+deb10u1_amd64.deb", "product": "minetest", "version": "0.4.17.1", diff --git a/test/test_data/mini_httpd.py b/test/test_data/mini_httpd.py index 1a8490ed81..c485285137 100644 --- a/test/test_data/mini_httpd.py +++ b/test/test_data/mini_httpd.py @@ -12,7 +12,7 @@ "version": "1.30", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mini-httpd/", + "url": "http://ftp.debian.org/debian/pool/main/m/mini-httpd/", "package_name": "mini-httpd_1.30-0.2_amd64.deb", "product": "mini_httpd", "version": "1.30", diff --git a/test/test_data/minicom.py b/test/test_data/minicom.py index 80f2c35a2b..447ea001f0 100644 --- a/test/test_data/minicom.py +++ b/test/test_data/minicom.py @@ -18,13 +18,13 @@ "version": "2.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minicom/", + "url": "http://ftp.debian.org/debian/pool/main/m/minicom/", "package_name": "minicom_2.7-1+deb8u1_amd64.deb", "product": "minicom", "version": "2.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minicom/", + "url": "http://ftp.debian.org/debian/pool/main/m/minicom/", "package_name": "minicom_2.7-1+deb8u1_armel.deb", "product": "minicom", "version": "2.7", diff --git a/test/test_data/minidlna.py b/test/test_data/minidlna.py index 98c33ca03d..0655ce4be0 100644 --- a/test/test_data/minidlna.py +++ b/test/test_data/minidlna.py @@ -12,13 +12,13 @@ "version": "1.3.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minidlna/", + "url": "http://ftp.debian.org/debian/pool/main/m/minidlna/", "package_name": "minidlna_1.1.2+dfsg-1.1+b3_amd64.deb", "product": "minidlna", "version": "1.1.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/minidlna/", + "url": "http://ftp.debian.org/debian/pool/main/m/minidlna/", "package_name": "minidlna_1.1.2+dfsg-1.1+b3_armel.deb", "product": "minidlna", "version": "1.1.2", diff --git a/test/test_data/modsecurity.py b/test/test_data/modsecurity.py index b67483ff23..884786c5a6 100644 --- a/test/test_data/modsecurity.py +++ b/test/test_data/modsecurity.py @@ -16,7 +16,7 @@ "version": "3.0.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/modsecurity/", + "url": "http://ftp.debian.org/debian/pool/main/m/modsecurity/", "package_name": "libmodsecurity3_3.0.3-1+deb10u2_amd64.deb", "product": "modsecurity", "version": "3.0.3", diff --git a/test/test_data/monit.py b/test/test_data/monit.py index 90adf9acb7..e96925d83d 100644 --- a/test/test_data/monit.py +++ b/test/test_data/monit.py @@ -12,7 +12,7 @@ "version": "5.32.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/monit/", + "url": "http://ftp.debian.org/debian/pool/main/m/monit/", "package_name": "monit_5.27.1-1~bpo10+1_amd64.deb", "product": "monit", "version": "5.27.1", diff --git a/test/test_data/motion.py b/test/test_data/motion.py index 11238d70ee..72eba92922 100644 --- a/test/test_data/motion.py +++ b/test/test_data/motion.py @@ -18,13 +18,13 @@ "version": "4.4.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/motion/", + "url": "http://ftp.debian.org/debian/pool/main/m/motion/", "package_name": "motion_3.2.12+git20140228-4+b3_amd64.deb", "product": "motion", "version": "3.2.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/motion/", + "url": "http://ftp.debian.org/debian/pool/main/m/motion/", "package_name": "motion_3.2.12+git20140228-4+b3_armel.deb", "product": "motion", "version": "3.2.12", diff --git a/test/test_data/mpg123.py b/test/test_data/mpg123.py index c0b677ddc3..ae3339bc4d 100644 --- a/test/test_data/mpg123.py +++ b/test/test_data/mpg123.py @@ -12,7 +12,7 @@ "version": "1.31.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpg123/", + "url": "http://ftp.debian.org/debian/pool/main/m/mpg123/", "package_name": "mpg123_1.25.10-2_amd64.deb", "product": "mpg123", "version": "1.25.10", diff --git a/test/test_data/mpv.py b/test/test_data/mpv.py index cfbc7b740e..6612a2f906 100644 --- a/test/test_data/mpv.py +++ b/test/test_data/mpv.py @@ -18,13 +18,13 @@ "version": "0.34.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpv/", + "url": "http://ftp.debian.org/debian/pool/main/m/mpv/", "package_name": "libmpv1_0.23.0-2+deb9u2_amd64.deb", "product": "mpv", "version": "0.23.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mpv/", + "url": "http://ftp.debian.org/debian/pool/main/m/mpv/", "package_name": "libmpv1_0.23.0-2+deb9u2_arm64.deb", "product": "mpv", "version": "0.23.0", diff --git a/test/test_data/msmtp.py b/test/test_data/msmtp.py index 053449cc1f..d7408997b2 100644 --- a/test/test_data/msmtp.py +++ b/test/test_data/msmtp.py @@ -17,7 +17,7 @@ "version": "1.8.22", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/msmtp/", + "url": "http://ftp.debian.org/debian/pool/main/m/msmtp/", "package_name": "msmtp_1.6.6-1_amd64.deb", "product": "msmtp", "version": "1.6.6", diff --git a/test/test_data/mupdf.py b/test/test_data/mupdf.py index d0f0593876..9a50b1b705 100644 --- a/test/test_data/mupdf.py +++ b/test/test_data/mupdf.py @@ -12,7 +12,7 @@ "version": "1.22.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mupdf/", + "url": "http://ftp.debian.org/debian/pool/main/m/mupdf/", "package_name": "mupdf_1.14.0+ds1-4+deb10u3_amd64.deb", "product": "mupdf", "version": "1.14.0", diff --git a/test/test_data/mutt.py b/test/test_data/mutt.py index 2fa2f91f18..d9e0a789fc 100644 --- a/test/test_data/mutt.py +++ b/test/test_data/mutt.py @@ -32,13 +32,13 @@ "version": "2.2.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mutt/", + "url": "http://ftp.debian.org/debian/pool/main/m/mutt/", "package_name": "mutt-patched_1.5.23-3_amd64.deb", "product": "mutt", "version": "1.5.23", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/m/mutt/", + "url": "http://ftp.debian.org/debian/pool/main/m/mutt/", "package_name": "mutt-patched_1.5.23-3_armel.deb", "product": "mutt", "version": "1.5.23", diff --git a/test/test_data/nano.py b/test/test_data/nano.py index 9382236cb8..854241815e 100644 --- a/test/test_data/nano.py +++ b/test/test_data/nano.py @@ -40,7 +40,7 @@ "version": "4.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nano/", + "url": "http://ftp.debian.org/debian/pool/main/n/nano/", "package_name": "nano_2.2.6-3_amd64.deb", "product": "nano", "version": "2.2.6", diff --git a/test/test_data/nasm.py b/test/test_data/nasm.py index 104b7fe988..0158074464 100644 --- a/test/test_data/nasm.py +++ b/test/test_data/nasm.py @@ -16,7 +16,7 @@ "version": "2.15.05", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nasm/", + "url": "http://ftp.debian.org/debian/pool/main/n/nasm/", "package_name": "nasm_2.12.01-1+b1_amd64.deb", "product": "netwide_assembler", "version": "2.12.01", diff --git a/test/test_data/nbd.py b/test/test_data/nbd.py index 98312b8853..dc61bbbe09 100644 --- a/test/test_data/nbd.py +++ b/test/test_data/nbd.py @@ -27,13 +27,13 @@ "version": "3.24", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nbd/", + "url": "http://ftp.debian.org/debian/pool/main/n/nbd/", "package_name": "nbd-server_3.15.2-3_amd64.deb", "product": "network_block_device", "version": "3.15.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nbd/", + "url": "http://ftp.debian.org/debian/pool/main/n/nbd/", "package_name": "nbd-client_3.15.2-3_arm64.deb", "product": "network_block_device", "version": "3.15.2", diff --git a/test/test_data/neon.py b/test/test_data/neon.py index d2569620ed..1a89f8513c 100644 --- a/test/test_data/neon.py +++ b/test/test_data/neon.py @@ -18,7 +18,7 @@ "version": "0.32.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/neon27/", + "url": "http://ftp.debian.org/debian/pool/main/n/neon27/", "package_name": "libneon27_0.30.1-1_amd64.deb", "product": "neon", "version": "0.30.1", diff --git a/test/test_data/netatalk.py b/test/test_data/netatalk.py index f375a63c8d..021890bc3c 100644 --- a/test/test_data/netatalk.py +++ b/test/test_data/netatalk.py @@ -22,13 +22,13 @@ "version": "3.1.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netatalk/", + "url": "http://ftp.debian.org/debian/pool/main/n/netatalk/", "package_name": "netatalk_2.2.5-2+deb9u1_amd64.deb", "product": "netatalk", "version": "2.2.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netatalk/", + "url": "http://ftp.debian.org/debian/pool/main/n/netatalk/", "package_name": "netatalk_2.2.5-2+deb9u1_arm64.deb", "product": "netatalk", "version": "2.2.5", diff --git a/test/test_data/netdata.py b/test/test_data/netdata.py index 477849eb89..4b51eadd72 100644 --- a/test/test_data/netdata.py +++ b/test/test_data/netdata.py @@ -13,7 +13,7 @@ "other_products": ["sqlite"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netdata/", + "url": "http://ftp.debian.org/debian/pool/main/n/netdata/", "package_name": "netdata-core_1.12.0-1+deb10u1_amd64.deb", "product": "netdata", "version": "1.12.0", diff --git a/test/test_data/netkit_ftp.py b/test/test_data/netkit_ftp.py index ed265c0d08..85c1ae0a38 100644 --- a/test/test_data/netkit_ftp.py +++ b/test/test_data/netkit_ftp.py @@ -16,7 +16,7 @@ "version": "0.17", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netkit-ftp/", + "url": "http://ftp.debian.org/debian/pool/main/n/netkit-ftp/", "package_name": "ftp_0.17-31_amd64.deb", "product": "netkit_ftp", "version": "0.17", diff --git a/test/test_data/netpbm.py b/test/test_data/netpbm.py index af70414ef9..f893aa6a12 100644 --- a/test/test_data/netpbm.py +++ b/test/test_data/netpbm.py @@ -23,13 +23,13 @@ "version": "10.35.58", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netpbm-free/", + "url": "http://ftp.debian.org/debian/pool/main/n/netpbm-free/", "package_name": "libnetpbm10_10.0-15.2_amd64.deb", "product": "netpbm", "version": "10.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/netpbm-free/", + "url": "http://ftp.debian.org/debian/pool/main/n/netpbm-free/", "package_name": "netpbm_10.0-15.3+b2_amd64.deb", "product": "netpbm", "version": "10.0", diff --git a/test/test_data/nghttp2.py b/test/test_data/nghttp2.py index d82c0e360f..6dea3000d1 100644 --- a/test/test_data/nghttp2.py +++ b/test/test_data/nghttp2.py @@ -23,13 +23,13 @@ "version": "1.50.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nghttp2/", + "url": "http://ftp.debian.org/debian/pool/main/n/nghttp2/", "package_name": "libnghttp2-14_1.18.1-1+deb9u1_amd64.deb", "product": "nghttp2", "version": "1.18.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nghttp2/", + "url": "http://ftp.debian.org/debian/pool/main/n/nghttp2/", "package_name": "libnghttp2-14_1.18.1-1+deb9u1_arm64.deb", "product": "nghttp2", "version": "1.18.1", diff --git a/test/test_data/nginx.py b/test/test_data/nginx.py index 84745aec04..aae76464e9 100644 --- a/test/test_data/nginx.py +++ b/test/test_data/nginx.py @@ -16,7 +16,7 @@ "version": "1.8.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nginx/", + "url": "http://ftp.debian.org/debian/pool/main/n/nginx/", "package_name": "nginx-full_1.10.3-1+deb9u4_amd64.deb", "product": "nginx", "version": "1.10.3", diff --git a/test/test_data/ngircd.py b/test/test_data/ngircd.py index a84934eedb..d3bd8105d3 100644 --- a/test/test_data/ngircd.py +++ b/test/test_data/ngircd.py @@ -17,7 +17,7 @@ "version": "26.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/ngircd/", + "url": "http://ftp.debian.org/debian/pool/main/n/ngircd/", "package_name": "ngircd_26.1-1_amd64.deb", "product": "ngircd", "version": "26.1", diff --git a/test/test_data/nmap.py b/test/test_data/nmap.py index 8423fe1411..a0cabe76f6 100644 --- a/test/test_data/nmap.py +++ b/test/test_data/nmap.py @@ -20,7 +20,7 @@ "other_products": ["lua"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nmap/", + "url": "http://ftp.debian.org/debian/pool/main/n/nmap/", "package_name": "nmap_7.40-1_amd64.deb", "product": "nmap", "version": "7.40", diff --git a/test/test_data/node.py b/test/test_data/node.py index 6c30f88090..b1104885b0 100644 --- a/test/test_data/node.py +++ b/test/test_data/node.py @@ -17,7 +17,7 @@ "other_products": ["libuv", "zlib"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/nodejs/", + "url": "http://ftp.debian.org/debian/pool/main/n/nodejs/", "package_name": "nodejs_0.10.29~dfsg-2_amd64.deb", "product": "node.js", "version": "0.10.29", diff --git a/test/test_data/ntfs_3g.py b/test/test_data/ntfs_3g.py index 9a4038f55e..bfb4da2bb2 100644 --- a/test/test_data/ntfs_3g.py +++ b/test/test_data/ntfs_3g.py @@ -21,7 +21,7 @@ "version": "2022.10.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/ntfs-3g/", + "url": "http://ftp.debian.org/debian/pool/main/n/ntfs-3g/", "package_name": "ntfs-3g_2017.3.23AR.3-3+deb10u2_amd64.deb", "product": "ntfs-3g", "version": "2017.3.23", diff --git a/test/test_data/ntpsec.py b/test/test_data/ntpsec.py index 4336462748..1e5f637cd3 100644 --- a/test/test_data/ntpsec.py +++ b/test/test_data/ntpsec.py @@ -23,7 +23,7 @@ "version": "1.2.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/n/ntpsec/", + "url": "http://ftp.debian.org/debian/pool/main/n/ntpsec/", "package_name": "ntpsec_1.1.3+dfsg1-2+deb10u1_amd64.deb", "product": "ntpsec", "version": "1.1.3", diff --git a/test/test_data/open_iscsi.py b/test/test_data/open_iscsi.py index dd87db76f1..13273df481 100644 --- a/test/test_data/open_iscsi.py +++ b/test/test_data/open_iscsi.py @@ -16,7 +16,7 @@ "version": "2.1.8", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/open-iscsi/", + "url": "http://ftp.debian.org/debian/pool/main/o/open-iscsi/", "package_name": "open-iscsi_2.1.3-5_amd64.deb", "product": "open-iscsi", "version": "2.1.3", diff --git a/test/test_data/opencv.py b/test/test_data/opencv.py index 5607c5fb42..e29e683cdd 100644 --- a/test/test_data/opencv.py +++ b/test/test_data/opencv.py @@ -18,13 +18,13 @@ "version": "4.5.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/opencv/", + "url": "http://ftp.debian.org/debian/pool/main/o/opencv/", "package_name": "libopencv-calib3d2.4v5_2.4.9.1+dfsg1-2_amd64.deb", "product": "opencv", "version": "2.4.9.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/opencv/", + "url": "http://ftp.debian.org/debian/pool/main/o/opencv/", "package_name": "libopencv-calib3d2.4v5_2.4.9.1+dfsg1-2_arm64.deb", "product": "opencv", "version": "2.4.9.1", diff --git a/test/test_data/openjpeg.py b/test/test_data/openjpeg.py index e08410565e..7ae8caa42f 100644 --- a/test/test_data/openjpeg.py +++ b/test/test_data/openjpeg.py @@ -19,7 +19,7 @@ "version": "1.5.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/openjpeg2/", + "url": "http://ftp.debian.org/debian/pool/main/o/openjpeg2/", "package_name": "libopenjp2-7_2.1.0-2+deb8u3+b1_amd64.deb", "product": "openjpeg", "version": "2.1.0", diff --git a/test/test_data/opensc.py b/test/test_data/opensc.py index 39abe975b6..88afdec445 100644 --- a/test/test_data/opensc.py +++ b/test/test_data/opensc.py @@ -12,7 +12,7 @@ "version": "0.23.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/opensc/", + "url": "http://ftp.debian.org/debian/pool/main/o/opensc/", "package_name": "opensc_0.14.0-2_amd64.deb", "product": "opensc", "version": "0.14.0", diff --git a/test/test_data/openssh.py b/test/test_data/openssh.py index 2593b5e3d7..9924f96fa3 100644 --- a/test/test_data/openssh.py +++ b/test/test_data/openssh.py @@ -12,7 +12,7 @@ "version": "6.8p1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/o/openssh/", + "url": "http://ftp.debian.org/debian/pool/main/o/openssh/", "package_name": "openssh-client_6.7p1-5+deb8u4_amd64.deb", "product": "openssh", "version": "6.7p1", diff --git a/test/test_data/pango.py b/test/test_data/pango.py index 2281029047..6444448c83 100644 --- a/test/test_data/pango.py +++ b/test/test_data/pango.py @@ -27,7 +27,7 @@ "version": "1.50.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pango1.0/", + "url": "http://ftp.debian.org/debian/pool/main/p/pango1.0/", "package_name": "libpango-1.0-0_1.40.5-1_arm64.deb", "product": "pango", "version": "1.40.5", diff --git a/test/test_data/patch.py b/test/test_data/patch.py index 9bfe83f69b..fab7fce6e4 100644 --- a/test/test_data/patch.py +++ b/test/test_data/patch.py @@ -19,13 +19,13 @@ "version": "2.7.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/patch/", + "url": "http://ftp.debian.org/debian/pool/main/p/patch/", "package_name": "patch_2.7.5-1+deb8u1_amd64.deb", "product": "patch", "version": "2.7.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/patch/", + "url": "http://ftp.debian.org/debian/pool/main/p/patch/", "package_name": "patch_2.7.5-1+deb8u1_armel.deb", "product": "patch", "version": "2.7.5", diff --git a/test/test_data/pcre2.py b/test/test_data/pcre2.py index 46cdd4c4eb..424b75f11c 100644 --- a/test/test_data/pcre2.py +++ b/test/test_data/pcre2.py @@ -12,7 +12,7 @@ "version": "10.42", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pcre2/", + "url": "http://ftp.debian.org/debian/pool/main/p/pcre2/", "package_name": "libpcre2-16-0_10.22-3_amd64.deb", "product": "pcre2", "version": "10.22", diff --git a/test/test_data/perl.py b/test/test_data/perl.py index 7189dbddb6..e7488f59b4 100644 --- a/test/test_data/perl.py +++ b/test/test_data/perl.py @@ -17,7 +17,7 @@ "version": "5.36.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/perl/", + "url": "http://ftp.debian.org/debian/pool/main/p/perl/", "package_name": "perl-base_5.20.2-3+deb8u11_amd64.deb", "product": "perl", "version": "5.20.2", diff --git a/test/test_data/php.py b/test/test_data/php.py index b4e754c7dc..46394a27ed 100644 --- a/test/test_data/php.py +++ b/test/test_data/php.py @@ -12,7 +12,7 @@ "version": "8.2.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/php7.3/", + "url": "http://ftp.debian.org/debian/pool/main/p/php7.3/", "package_name": "libphp7.3-embed_7.3.31-1~deb10u1_amd64.deb", "product": "php", "version": "7.3.31", diff --git a/test/test_data/picocom.py b/test/test_data/picocom.py index c4fbc19e86..0be088cd8d 100644 --- a/test/test_data/picocom.py +++ b/test/test_data/picocom.py @@ -13,7 +13,7 @@ "version": "3.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/picocom/", + "url": "http://ftp.debian.org/debian/pool/main/p/picocom/", "package_name": "picocom_1.7-1_amd64.deb", "product": "picocom", "version": "1.7", diff --git a/test/test_data/pigz.py b/test/test_data/pigz.py index 4b1b9afed8..3f298351d5 100644 --- a/test/test_data/pigz.py +++ b/test/test_data/pigz.py @@ -39,7 +39,7 @@ "version": "2.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pigz/", + "url": "http://ftp.debian.org/debian/pool/main/p/pigz/", "package_name": "pigz_2.3.1-2_amd64.deb", "product": "pigz", "version": "2.3.1", diff --git a/test/test_data/pixman.py b/test/test_data/pixman.py index eb8718255d..c10869b16e 100644 --- a/test/test_data/pixman.py +++ b/test/test_data/pixman.py @@ -21,7 +21,7 @@ "version": "0.42.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pixman/", + "url": "http://ftp.debian.org/debian/pool/main/p/pixman/", "package_name": "libpixman-1-0_0.36.0-1_amd64.deb", "product": "pixman", "version": "0.36.0", diff --git a/test/test_data/png.py b/test/test_data/png.py index fa4bc53b4d..c617677d11 100644 --- a/test/test_data/png.py +++ b/test/test_data/png.py @@ -26,7 +26,7 @@ "version": "1.5.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libp/libpng/", + "url": "http://ftp.debian.org/debian/pool/main/libp/libpng/", "package_name": "libpng12-0_1.2.50-2+deb8u3_amd64.deb", "product": "libpng", "version": "1.2.50", diff --git a/test/test_data/ppp.py b/test/test_data/ppp.py index baa736c056..2e753ea74b 100644 --- a/test/test_data/ppp.py +++ b/test/test_data/ppp.py @@ -32,13 +32,13 @@ "version": "2.4.9", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/ppp/", + "url": "http://ftp.debian.org/debian/pool/main/p/ppp/", "package_name": "ppp_2.4.6-3.1_amd64.deb", "product": "point-to-point_protocol", "version": "2.4.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/ppp/", + "url": "http://ftp.debian.org/debian/pool/main/p/ppp/", "package_name": "ppp_2.4.6-3.1_armel.deb", "product": "point-to-point_protocol", "version": "2.4.6", diff --git a/test/test_data/privoxy.py b/test/test_data/privoxy.py index d51d1eaa8e..91aa6c24f7 100644 --- a/test/test_data/privoxy.py +++ b/test/test_data/privoxy.py @@ -22,13 +22,13 @@ "version": "3.0.33", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/privoxy/", + "url": "http://ftp.debian.org/debian/pool/main/p/privoxy/", "package_name": "privoxy_3.0.21-7+deb8u1_amd64.deb", "product": "privoxy", "version": "3.0.21", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/privoxy/", + "url": "http://ftp.debian.org/debian/pool/main/p/privoxy/", "package_name": "privoxy_3.0.21-7+deb8u1_armel.deb", "product": "privoxy", "version": "3.0.21", diff --git a/test/test_data/procps_ng.py b/test/test_data/procps_ng.py index 0f17662e40..e0de6032a4 100644 --- a/test/test_data/procps_ng.py +++ b/test/test_data/procps_ng.py @@ -18,7 +18,7 @@ "version": "4.0.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/procps/", + "url": "http://ftp.debian.org/debian/pool/main/p/procps/", "package_name": "procps_3.3.12-3+deb9u1_amd64.deb", "product": "procps-ng", "version": "3.3.12", diff --git a/test/test_data/protobuf_c.py b/test/test_data/protobuf_c.py index 22ffaf2dff..1f1cc92cd6 100644 --- a/test/test_data/protobuf_c.py +++ b/test/test_data/protobuf_c.py @@ -16,7 +16,7 @@ "version": "1.4.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/protobuf-c/", + "url": "http://ftp.debian.org/debian/pool/main/p/protobuf-c/", "package_name": "libprotobuf-c1_1.3.1-1+b1_amd64.deb", "product": "protobuf-c", "version": "1.3.1", diff --git a/test/test_data/pure_ftpd.py b/test/test_data/pure_ftpd.py index 10381927b0..cf4879f2f9 100644 --- a/test/test_data/pure_ftpd.py +++ b/test/test_data/pure_ftpd.py @@ -22,7 +22,7 @@ "version": "1.0.51", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/pure-ftpd/", + "url": "http://ftp.debian.org/debian/pool/main/p/pure-ftpd/", "package_name": "pure-ftpd_1.0.43-3_arm64.deb", "product": "pure-ftpd", "version": "1.0.43", diff --git a/test/test_data/putty.py b/test/test_data/putty.py index 5b35e1215c..8c966c5e01 100644 --- a/test/test_data/putty.py +++ b/test/test_data/putty.py @@ -19,7 +19,7 @@ "version": "0.77", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/putty/", + "url": "http://ftp.debian.org/debian/pool/main/p/putty/", "package_name": "putty_0.70-6_arm64.deb", "product": "putty", "version": "0.70", diff --git a/test/test_data/python.py b/test/test_data/python.py index 91a1569b9e..d91c16d970 100644 --- a/test/test_data/python.py +++ b/test/test_data/python.py @@ -42,13 +42,13 @@ "version": "3.9.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/python2.7/", + "url": "http://ftp.debian.org/debian/pool/main/p/python2.7/", "package_name": "python2.7-minimal_2.7.13-2+deb9u3_amd64.deb", "product": "python", "version": "2.7.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/p/python3.11/", + "url": "http://ftp.debian.org/debian/pool/main/p/python3.11/", "package_name": "python3.11-minimal_3.11.1-2_amd64.deb", "product": "python", "version": "3.11.1", diff --git a/test/test_data/qemu.py b/test/test_data/qemu.py index 2fa99210a9..3dd3743047 100644 --- a/test/test_data/qemu.py +++ b/test/test_data/qemu.py @@ -17,7 +17,7 @@ "other_products": ["gcc"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/q/qemu/", + "url": "http://ftp.debian.org/debian/pool/main/q/qemu/", "package_name": "qemu-system-x86_7.2+dfsg-1_amd64.deb", "product": "qemu", "version": "7.2.0", diff --git a/test/test_data/qpdf.py b/test/test_data/qpdf.py index 358aeaeeb7..09b47339c7 100644 --- a/test/test_data/qpdf.py +++ b/test/test_data/qpdf.py @@ -17,7 +17,7 @@ "version": "11.5.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/q/qpdf/", + "url": "http://ftp.debian.org/debian/pool/main/q/qpdf/", "package_name": "libqpdf21_8.4.0-2_amd64.deb", "product": "qpdf", "version": "8.4.0", diff --git a/test/test_data/quagga.py b/test/test_data/quagga.py index 7fb49d5b84..f1579261d5 100644 --- a/test/test_data/quagga.py +++ b/test/test_data/quagga.py @@ -22,13 +22,13 @@ "version": "1.2.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/q/quagga/", + "url": "http://ftp.debian.org/debian/pool/main/q/quagga/", "package_name": "quagga-core_1.1.1-3+deb9u2_amd64.deb", "product": "quagga", "version": "1.1.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/q/quagga/", + "url": "http://ftp.debian.org/debian/pool/main/q/quagga/", "package_name": "quagga-core_1.1.1-3+deb9u2_arm64.deb", "product": "quagga", "version": "1.1.1", diff --git a/test/test_data/radvd.py b/test/test_data/radvd.py index 6183cb0311..7babe63ce1 100644 --- a/test/test_data/radvd.py +++ b/test/test_data/radvd.py @@ -21,7 +21,7 @@ "version": "2.19", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/radvd/", + "url": "http://ftp.debian.org/debian/pool/main/r/radvd/", "package_name": "radvd_1.9.1-1.3_amd64.deb", "product": "router_advertisement_daemon", "version": "1.9.1", diff --git a/test/test_data/raptor.py b/test/test_data/raptor.py index 47b2a1a24e..51fd2761cd 100644 --- a/test/test_data/raptor.py +++ b/test/test_data/raptor.py @@ -21,13 +21,13 @@ "version": "2.0.15", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/raptor/", + "url": "http://ftp.debian.org/debian/pool/main/r/raptor/", "package_name": "libraptor1_1.4.21-11+b1_amd64.deb", "product": "raptor_rdf_syntax_library", "version": "1.4.21", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/raptor2/", + "url": "http://ftp.debian.org/debian/pool/main/r/raptor2/", "package_name": "libraptor2-0_2.0.14-1+b1_amd64.deb", "product": "raptor_rdf_syntax_library", "version": "2.0.14", diff --git a/test/test_data/rauc.py b/test/test_data/rauc.py index 1542dd43df..700fe73558 100644 --- a/test/test_data/rauc.py +++ b/test/test_data/rauc.py @@ -7,13 +7,13 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rauc/", + "url": "http://ftp.debian.org/debian/pool/main/r/rauc/", "package_name": "rauc_1.5.1-1_amd64.deb", "product": "rauc", "version": "1.5.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rauc/", + "url": "http://ftp.debian.org/debian/pool/main/r/rauc/", "package_name": "rauc_1.8-2_arm64.deb", "product": "rauc", "version": "1.8", diff --git a/test/test_data/rdesktop.py b/test/test_data/rdesktop.py index 28f7b6f5ea..3da8c3bc30 100644 --- a/test/test_data/rdesktop.py +++ b/test/test_data/rdesktop.py @@ -24,13 +24,13 @@ "version": "1.9.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rdesktop/", + "url": "http://ftp.debian.org/debian/pool/main/r/rdesktop/", "package_name": "rdesktop_1.8.2-3+deb8u1_amd64.deb", "product": "rdesktop", "version": "1.8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rdesktop/", + "url": "http://ftp.debian.org/debian/pool/main/r/rdesktop/", "package_name": "rdesktop_1.8.2-3+deb8u1_armel.deb", "product": "rdesktop", "version": "1.8.2", diff --git a/test/test_data/readline.py b/test/test_data/readline.py index 456ae98f42..798a54255c 100644 --- a/test/test_data/readline.py +++ b/test/test_data/readline.py @@ -21,7 +21,7 @@ "version": "8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/readline/", + "url": "http://ftp.debian.org/debian/pool/main/r/readline/", "package_name": "libreadline7_7.0-5_amd64.deb", "product": "readline", "version": "7.0", diff --git a/test/test_data/rpm.py b/test/test_data/rpm.py index 1f8c9ca677..5e6732b981 100644 --- a/test/test_data/rpm.py +++ b/test/test_data/rpm.py @@ -12,7 +12,7 @@ "version": "4.18.92", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rpm/", + "url": "http://ftp.debian.org/debian/pool/main/r/rpm/", "package_name": "librpm8_4.14.2.1+dfsg1-1_amd64.deb", "product": "rpm", "version": "4.14.2.1", diff --git a/test/test_data/rsync.py b/test/test_data/rsync.py index f287e3e413..453ee12111 100644 --- a/test/test_data/rsync.py +++ b/test/test_data/rsync.py @@ -19,7 +19,7 @@ "version": "3.2.6", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rsync/", + "url": "http://ftp.debian.org/debian/pool/main/r/rsync/", "package_name": "rsync_3.1.1-3+deb8u1_armel.deb", "product": "rsync", "version": "3.1.1", diff --git a/test/test_data/rtl_433.py b/test/test_data/rtl_433.py index 2038cb0371..02ea9d8566 100644 --- a/test/test_data/rtl_433.py +++ b/test/test_data/rtl_433.py @@ -13,7 +13,7 @@ "version": "21.12", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rtl-433/", + "url": "http://ftp.debian.org/debian/pool/main/r/rtl-433/", "package_name": "rtl-433_20.11-1_amd64.deb", "product": "rtl_433", "version": "20.11", diff --git a/test/test_data/rtmpdump.py b/test/test_data/rtmpdump.py index 158c5fb532..7a4d06277a 100644 --- a/test/test_data/rtmpdump.py +++ b/test/test_data/rtmpdump.py @@ -12,7 +12,7 @@ "version": "2.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/rtmpdump/", + "url": "http://ftp.debian.org/debian/pool/main/r/rtmpdump/", "package_name": "rtmpdump_2.4%2B20151223.gitfa8646d.1-1%2Bb1_amd64.deb", "product": "rtmpdump", "version": "2.4", diff --git a/test/test_data/runc.py b/test/test_data/runc.py index 6f26ed464d..203a1ddbdd 100644 --- a/test/test_data/runc.py +++ b/test/test_data/runc.py @@ -13,7 +13,7 @@ "other_products": ["go"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/r/runc/", + "url": "http://ftp.debian.org/debian/pool/main/r/runc/", "package_name": "runc_0.1.1+dfsg1-2+deb9u1_amd64.deb", "product": "runc", "version": "0.1.1", diff --git a/test/test_data/sdl.py b/test/test_data/sdl.py index 181f6913c3..b5fb6fe738 100644 --- a/test/test_data/sdl.py +++ b/test/test_data/sdl.py @@ -21,7 +21,7 @@ "version": "2.26.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libs/libsdl2/", + "url": "http://ftp.debian.org/debian/pool/main/libs/libsdl2/", "package_name": "libsdl2-2.0-0_2.0.2+dfsg1-6_amd64.deb", "product": "simple_directmedia_layer", "version": "2.0.2", diff --git a/test/test_data/shadowsocks_libev.py b/test/test_data/shadowsocks_libev.py index 1ec719486c..ebe0dda75f 100644 --- a/test/test_data/shadowsocks_libev.py +++ b/test/test_data/shadowsocks_libev.py @@ -27,14 +27,14 @@ "version": "3.3.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/shadowsocks-libev/", + "url": "http://ftp.debian.org/debian/pool/main/s/shadowsocks-libev/", "package_name": "libshadowsocks-libev2_2.6.3+ds-3+deb9u1_amd64.deb", "product": "shadowsocks-libev", "version": "2.6.3", "other_products": ["mbed_tls"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/shadowsocks-libev/", + "url": "http://ftp.debian.org/debian/pool/main/s/shadowsocks-libev/", "package_name": "libshadowsocks-libev2_2.6.3+ds-3+deb9u1_arm64.deb", "product": "shadowsocks-libev", "version": "2.6.3", diff --git a/test/test_data/snapd.py b/test/test_data/snapd.py index 9717a9be64..043050a8e5 100644 --- a/test/test_data/snapd.py +++ b/test/test_data/snapd.py @@ -6,7 +6,7 @@ ] package_test_data = [ { - "url": "https://distrib-coffee.ipsl.jussieu.fr/pub/linux/altlinux/p10/branch/aarch64/RPMS.classic/", + "url": "https://distrib-coffee.ipsl.jussieu/pub/linux/altlinux/p10/branch/aarch64/RPMS.classic/", "package_name": "snapd-2.56-alt1.aarch64.rpm", "product": "snapd", "version": "2.56", diff --git a/test/test_data/sngrep.py b/test/test_data/sngrep.py index dc59bf90a7..cae0099d95 100644 --- a/test/test_data/sngrep.py +++ b/test/test_data/sngrep.py @@ -12,7 +12,7 @@ "version": "1.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sngrep/", + "url": "http://ftp.debian.org/debian/pool/main/s/sngrep/", "package_name": "sngrep_1.4.6-1_amd64.deb", "product": "sngrep", "version": "1.4.6", diff --git a/test/test_data/snort.py b/test/test_data/snort.py index 3a5d514f4e..5ba06a2b80 100644 --- a/test/test_data/snort.py +++ b/test/test_data/snort.py @@ -23,13 +23,13 @@ "version": "3.1.43.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/snort/", + "url": "http://ftp.debian.org/debian/pool/main/s/snort/", "package_name": "snort_2.9.7.0-5_arm64.deb", "product": "snort", "version": "2.9.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/snort/", + "url": "http://ftp.debian.org/debian/pool/main/s/snort/", "package_name": "snort_2.9.15.1-5_amd64.deb", "product": "snort", "version": "2.9.15.1", diff --git a/test/test_data/socat.py b/test/test_data/socat.py index e645391b65..eafd1dc397 100644 --- a/test/test_data/socat.py +++ b/test/test_data/socat.py @@ -18,13 +18,13 @@ "version": "2.0.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/socat/", + "url": "http://ftp.debian.org/debian/pool/main/s/socat/", "package_name": "socat_1.7.2.4-2_amd64.deb", "product": "socat", "version": "1.7.2.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/socat/", + "url": "http://ftp.debian.org/debian/pool/main/s/socat/", "package_name": "socat_1.7.2.4-2_armel.deb", "product": "socat", "version": "1.7.2.4", diff --git a/test/test_data/sofia_sip.py b/test/test_data/sofia_sip.py index cd107d5f4a..550d26c5d6 100644 --- a/test/test_data/sofia_sip.py +++ b/test/test_data/sofia_sip.py @@ -16,13 +16,13 @@ "version": "1.13.9", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sofia-sip/", + "url": "http://ftp.debian.org/debian/pool/main/s/sofia-sip/", "package_name": "libsofia-sip-ua0_1.12.11+20110422.1-2_amd64.deb", "product": "sofia-sip", "version": "1.12.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sofia-sip/", + "url": "http://ftp.debian.org/debian/pool/main/s/sofia-sip/", "package_name": "libsofia-sip-ua0_1.12.11+20110422.1-2_armel.deb", "product": "sofia-sip", "version": "1.12.11", diff --git a/test/test_data/speex.py b/test/test_data/speex.py index 7a01585a1e..e877dd572a 100644 --- a/test/test_data/speex.py +++ b/test/test_data/speex.py @@ -22,7 +22,7 @@ "version": "1.2.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/speex/", + "url": "http://ftp.debian.org/debian/pool/main/s/speex/", "package_name": "libspeex1_1.2~rc1.2-1+b2_amd64.deb", "product": "speex", "version": "1.2", diff --git a/test/test_data/spice.py b/test/test_data/spice.py index a6c6ac21f9..9614c055d4 100644 --- a/test/test_data/spice.py +++ b/test/test_data/spice.py @@ -18,13 +18,13 @@ "version": "0.14.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/spice/", + "url": "http://ftp.debian.org/debian/pool/main/s/spice/", "package_name": "libspice-server1_0.12.5-1+deb8u5_amd64.deb", "product": "spice", "version": "0.12.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/spice/", + "url": "http://ftp.debian.org/debian/pool/main/s/spice/", "package_name": "libspice-server1_0.12.5-1+deb8u5_i386.deb", "product": "spice", "version": "0.12.5", diff --git a/test/test_data/squashfs.py b/test/test_data/squashfs.py index 08e32feafd..6fb7de29ab 100644 --- a/test/test_data/squashfs.py +++ b/test/test_data/squashfs.py @@ -22,13 +22,13 @@ "version": "4.5.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/squashfs-tools/", + "url": "http://ftp.debian.org/debian/pool/main/s/squashfs-tools/", "package_name": "squashfs-tools_4.3-12+deb10u2_amd64.deb", "product": "squashfs", "version": "4.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/squashfs-tools/", + "url": "http://ftp.debian.org/debian/pool/main/s/squashfs-tools/", "package_name": "squashfs-tools_4.5.1-1_arm64.deb", "product": "squashfs", "version": "4.5.1", diff --git a/test/test_data/squid.py b/test/test_data/squid.py index a1141402ff..c5aad8e000 100644 --- a/test/test_data/squid.py +++ b/test/test_data/squid.py @@ -18,13 +18,13 @@ "version": "5.7", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/squid/", + "url": "http://ftp.debian.org/debian/pool/main/s/squid/", "package_name": "squid_4.11-2~bpo10+1_amd64.deb", "product": "squid", "version": "4.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/squid/", + "url": "http://ftp.debian.org/debian/pool/main/s/squid/", "package_name": "squid_4.11-2~bpo10+1_arm64.deb", "product": "squid", "version": "4.11", diff --git a/test/test_data/sslh.py b/test/test_data/sslh.py index 3ba1269883..3de24306b4 100644 --- a/test/test_data/sslh.py +++ b/test/test_data/sslh.py @@ -14,7 +14,7 @@ "version": "1.22c", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sslh/", + "url": "http://ftp.debian.org/debian/pool/main/s/sslh/", "package_name": "sslh_1.16-2_amd64.deb", "product": "sslh", "version": "1.16", diff --git a/test/test_data/stellarium.py b/test/test_data/stellarium.py index 3d5e7bf548..e9ed3ba08b 100644 --- a/test/test_data/stellarium.py +++ b/test/test_data/stellarium.py @@ -12,7 +12,7 @@ "version": "1.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/stellarium/", + "url": "http://ftp.debian.org/debian/pool/main/s/stellarium/", "package_name": "stellarium_0.13.1-1_amd64.deb", "product": "stellarium", "version": "0.13.1", diff --git a/test/test_data/sudo.py b/test/test_data/sudo.py index bc2c4692d5..7bb38e343b 100644 --- a/test/test_data/sudo.py +++ b/test/test_data/sudo.py @@ -31,7 +31,7 @@ "other_products": ["protobuf-c"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sudo/", + "url": "http://ftp.debian.org/debian/pool/main/s/sudo/", "package_name": "sudo_1.8.10p3-1+deb8u5_amd64.deb", "product": "sudo", "version": "1.8.10p3", diff --git a/test/test_data/sylpheed.py b/test/test_data/sylpheed.py index 729f8ecabc..22d8f81292 100644 --- a/test/test_data/sylpheed.py +++ b/test/test_data/sylpheed.py @@ -18,7 +18,7 @@ "version": "3.7.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sylpheed/", + "url": "http://ftp.debian.org/debian/pool/main/s/sylpheed/", "package_name": "sylpheed_3.5.1-2+b1_arm64.deb", "product": "sylpheed", "version": "3.5.1", diff --git a/test/test_data/sysstat.py b/test/test_data/sysstat.py index a97cdbc03f..5f148832a2 100644 --- a/test/test_data/sysstat.py +++ b/test/test_data/sysstat.py @@ -21,7 +21,7 @@ "version": "12.7.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/s/sysstat/", + "url": "http://ftp.debian.org/debian/pool/main/s/sysstat/", "package_name": "sysstat_11.0.1-1_amd64.deb", "product": "sysstat", "version": "11.0.1", diff --git a/test/test_data/tar.py b/test/test_data/tar.py index 61b71f3b2d..2015f2a17b 100644 --- a/test/test_data/tar.py +++ b/test/test_data/tar.py @@ -13,7 +13,7 @@ "version": "1.35", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tar/", + "url": "http://ftp.debian.org/debian/pool/main/t/tar/", "package_name": "tar_1.30+dfsg-6_amd64.deb", "product": "tar", "version": "1.30", diff --git a/test/test_data/tcpdump.py b/test/test_data/tcpdump.py index 4a213248ae..2b7318d035 100644 --- a/test/test_data/tcpdump.py +++ b/test/test_data/tcpdump.py @@ -38,19 +38,19 @@ "version": "4.9.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/", + "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/", "package_name": "tcpdump_4.9.2-1~deb8u1_amd64.deb", "product": "tcpdump", "version": "4.9.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/", + "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/", "package_name": "tcpdump_4.9.3-1~deb10u2_arm64.deb", "product": "tcpdump", "version": "4.9.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpdump/", + "url": "http://ftp.debian.org/debian/pool/main/t/tcpdump/", "package_name": "tcpdump_4.99.4-3_mips64el.deb", "product": "tcpdump", "version": "4.99.4", diff --git a/test/test_data/tcpreplay.py b/test/test_data/tcpreplay.py index ead9e619a3..feee66c34f 100644 --- a/test/test_data/tcpreplay.py +++ b/test/test_data/tcpreplay.py @@ -16,7 +16,7 @@ "version": "4.4.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tcpreplay/", + "url": "http://ftp.debian.org/debian/pool/main/t/tcpreplay/", "package_name": "tcpreplay_3.4.4-3_amd64.deb", "product": "tcpreplay", "version": "3.4.4", diff --git a/test/test_data/terminology.py b/test/test_data/terminology.py index aba5e7b5d1..fcb92fa918 100644 --- a/test/test_data/terminology.py +++ b/test/test_data/terminology.py @@ -21,7 +21,7 @@ "version": "1.13.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/terminology/", + "url": "http://ftp.debian.org/debian/pool/main/t/terminology/", "package_name": "terminology_1.3.2-1_amd64.deb", "product": "terminology", "version": "1.3.2", diff --git a/test/test_data/tesseract.py b/test/test_data/tesseract.py index b64597ab4b..997efaca38 100644 --- a/test/test_data/tesseract.py +++ b/test/test_data/tesseract.py @@ -12,7 +12,7 @@ "version": "5.3.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tesseract/", + "url": "http://ftp.debian.org/debian/pool/main/t/tesseract/", "package_name": "libtesseract4_4.0.0-2_amd64.deb", "product": "tesseract", "version": "4.0.0", diff --git a/test/test_data/thrift.py b/test/test_data/thrift.py index 69d72f83a6..4ee9be3ec4 100644 --- a/test/test_data/thrift.py +++ b/test/test_data/thrift.py @@ -24,13 +24,13 @@ "version": "0.16.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/thrift/", + "url": "http://ftp.debian.org/debian/pool/main/t/thrift/", "package_name": "libthrift-0.11.0_0.11.0-4_amd64.deb", "product": "thrift", "version": "0.11.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/thrift/", + "url": "http://ftp.debian.org/debian/pool/main/t/thrift/", "package_name": "libthrift-0.11.0_0.11.0-4_arm64.deb", "product": "thrift", "version": "0.11.0", diff --git a/test/test_data/thunderbird.py b/test/test_data/thunderbird.py index f0cc69d89d..77abbd34cf 100644 --- a/test/test_data/thunderbird.py +++ b/test/test_data/thunderbird.py @@ -24,7 +24,7 @@ ], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/thunderbird/", + "url": "http://ftp.debian.org/debian/pool/main/t/thunderbird/", "package_name": "thunderbird_52.8.0-1~deb8u1_amd64.deb", "product": "thunderbird", "version": "52.8.0", diff --git a/test/test_data/tinyproxy.py b/test/test_data/tinyproxy.py index 59e8b40a59..bf59b2d907 100644 --- a/test/test_data/tinyproxy.py +++ b/test/test_data/tinyproxy.py @@ -22,13 +22,13 @@ "version": "1.11.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tinyproxy/", + "url": "http://ftp.debian.org/debian/pool/main/t/tinyproxy/", "package_name": "tinyproxy-bin_1.10.0-2+deb10u1_amd64.deb", "product": "tinyproxy", "version": "1.10.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tinyproxy/", + "url": "http://ftp.debian.org/debian/pool/main/t/tinyproxy/", "package_name": "tinyproxy-bin_1.10.0-2+deb10u1_arm64.deb", "product": "tinyproxy", "version": "1.10.0", diff --git a/test/test_data/tor.py b/test/test_data/tor.py index 237853f468..d79e2075f2 100644 --- a/test/test_data/tor.py +++ b/test/test_data/tor.py @@ -18,7 +18,7 @@ "version": "0.4.7.10", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tor/", + "url": "http://ftp.debian.org/debian/pool/main/t/tor/", "package_name": "tor_0.2.9.16-1_arm64.deb", "product": "tor", "version": "0.2.9.16", diff --git a/test/test_data/tpm2_tss.py b/test/test_data/tpm2_tss.py index 5ab40e66c8..f4014fd018 100644 --- a/test/test_data/tpm2_tss.py +++ b/test/test_data/tpm2_tss.py @@ -22,7 +22,7 @@ "version": "3.2.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/tpm2-tss/", + "url": "http://ftp.debian.org/debian/pool/main/t/tpm2-tss/", "package_name": "libtss2-fapi1_3.0.3-2_amd64.deb", "product": "tpm2_software_stack", "version": "3.0.3", diff --git a/test/test_data/traceroute.py b/test/test_data/traceroute.py index f3b2a9c4c6..bbe9cebb92 100644 --- a/test/test_data/traceroute.py +++ b/test/test_data/traceroute.py @@ -16,7 +16,7 @@ "version": "2.1.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/traceroute/", + "url": "http://ftp.debian.org/debian/pool/main/t/traceroute/", "package_name": "traceroute_2.1.0-2_amd64.deb", "product": "traceroute", "version": "2.1.0", diff --git a/test/test_data/transmission.py b/test/test_data/transmission.py index 2c06a88c33..38b59a9a2e 100644 --- a/test/test_data/transmission.py +++ b/test/test_data/transmission.py @@ -16,13 +16,13 @@ "version": "3.00", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/transmission/", + "url": "http://ftp.debian.org/debian/pool/main/t/transmission/", "package_name": "transmission-cli_2.84-0.2+deb8u1_amd64.deb", "product": "transmission", "version": "2.84", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/transmission/", + "url": "http://ftp.debian.org/debian/pool/main/t/transmission/", "package_name": "transmission-cli_2.84-0.2+deb8u1_armel.deb", "product": "transmission", "version": "2.84", diff --git a/test/test_data/ttyd.py b/test/test_data/ttyd.py index 1cfc02e4f9..b95241b4c3 100644 --- a/test/test_data/ttyd.py +++ b/test/test_data/ttyd.py @@ -12,7 +12,7 @@ "version": "1.7.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/t/ttyd/", + "url": "http://ftp.debian.org/debian/pool/main/t/ttyd/", "package_name": "ttyd_1.6.3-3~bpo11+1_amd64.deb", "product": "ttyd", "version": "1.6.3", diff --git a/test/test_data/u_boot.py b/test/test_data/u_boot.py index 3eb064aacd..952a41e203 100644 --- a/test/test_data/u_boot.py +++ b/test/test_data/u_boot.py @@ -7,14 +7,14 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/u-boot/", + "url": "http://ftp.debian.org/debian/pool/main/u/u-boot/", "package_name": "u-boot-rpi_2016.11+dfsg1-4_arm64.deb", "product": "u-boot", "version": "2016.11", "other_products": ["binutils"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/u-boot/", + "url": "http://ftp.debian.org/debian/pool/main/u/u-boot/", "package_name": "u-boot-tegra_2023.04~rc2+dfsg-1_arm64.deb", "product": "u-boot", "version": "2023.04", diff --git a/test/test_data/udisks.py b/test/test_data/udisks.py index a74c90a8bf..1d23c30f60 100644 --- a/test/test_data/udisks.py +++ b/test/test_data/udisks.py @@ -12,7 +12,7 @@ "version": "2.9.4", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/udisks2/", + "url": "http://ftp.debian.org/debian/pool/main/u/udisks2/", "package_name": "udisks2_2.8.1-4_amd64.deb", "product": "udisks", "version": "2.8.1", diff --git a/test/test_data/unbound.py b/test/test_data/unbound.py index 02f6c602cf..df04ab288b 100644 --- a/test/test_data/unbound.py +++ b/test/test_data/unbound.py @@ -18,7 +18,7 @@ "version": "1.16.3", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/unbound/", + "url": "http://ftp.debian.org/debian/pool/main/u/unbound/", "package_name": "unbound_1.6.0-3+deb9u2_arm64.deb", "product": "unbound", "version": "1.6.0", diff --git a/test/test_data/unixodbc.py b/test/test_data/unixodbc.py index 75922560af..d93739b4be 100644 --- a/test/test_data/unixodbc.py +++ b/test/test_data/unixodbc.py @@ -18,7 +18,7 @@ "version": "2.3.11", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/unixodbc/", + "url": "http://ftp.debian.org/debian/pool/main/u/unixodbc/", "package_name": "unixodbc_2.3.4-1_arm64.deb", "product": "unixodbc", "version": "2.3.4", diff --git a/test/test_data/upx.py b/test/test_data/upx.py index 69cfe2f75d..109bc77424 100644 --- a/test/test_data/upx.py +++ b/test/test_data/upx.py @@ -18,7 +18,7 @@ "version": "3.96", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/upx-ucl/", + "url": "http://ftp.debian.org/debian/pool/main/u/upx-ucl/", "package_name": "upx-ucl_3.91-4_arm64.deb", "product": "upx", "version": "3.91", diff --git a/test/test_data/util_linux.py b/test/test_data/util_linux.py index bca8603da3..f3306bb8d0 100644 --- a/test/test_data/util_linux.py +++ b/test/test_data/util_linux.py @@ -27,13 +27,13 @@ "version": "2.38.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/util-linux/", + "url": "http://ftp.debian.org/debian/pool/main/u/util-linux/", "package_name": "util-linux-extra_2.38.1-1.1+b1_amd64.deb", "product": "util-linux", "version": "2.38.1", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/u/util-linux/", + "url": "http://ftp.debian.org/debian/pool/main/u/util-linux/", "package_name": "util-linux-extra_2.38.1-1.1+b1_arm64.deb", "product": "util-linux", "version": "2.38.1", diff --git a/test/test_data/vlc.py b/test/test_data/vlc.py index 16e453ed0f..bf6355a693 100644 --- a/test/test_data/vlc.py +++ b/test/test_data/vlc.py @@ -6,7 +6,7 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vlc/", + "url": "http://ftp.debian.org/debian/pool/main/v/vlc/", "package_name": "vlc-bin_3.0.17.4-0+deb10u1_amd64.deb", "product": "vlc", "version": "3.0.17.4", diff --git a/test/test_data/vorbis_tools.py b/test/test_data/vorbis_tools.py index 32632a248a..8f796c8e91 100644 --- a/test/test_data/vorbis_tools.py +++ b/test/test_data/vorbis_tools.py @@ -16,7 +16,7 @@ "version": "1.4.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vorbis-tools/", + "url": "http://ftp.debian.org/debian/pool/main/v/vorbis-tools/", "package_name": "vorbis-tools_1.4.0-10+b1_amd64.deb", "product": "vorbis-tools", "version": "1.4.0", diff --git a/test/test_data/vsftpd.py b/test/test_data/vsftpd.py index 5e28caba8d..e53112fce3 100644 --- a/test/test_data/vsftpd.py +++ b/test/test_data/vsftpd.py @@ -18,13 +18,13 @@ "version": "3.0.5", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vsftpd/", + "url": "http://ftp.debian.org/debian/pool/main/v/vsftpd/", "package_name": "vsftpd_3.0.2-17+deb8u1_amd64.deb", "product": "vsftpd", "version": "3.0.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/v/vsftpd/", + "url": "http://ftp.debian.org/debian/pool/main/v/vsftpd/", "package_name": "vsftpd_3.0.2-17+deb8u1_armel.deb", "product": "vsftpd", "version": "3.0.2", diff --git a/test/test_data/wireshark.py b/test/test_data/wireshark.py index f1820584e7..ccc8d30f2e 100644 --- a/test/test_data/wireshark.py +++ b/test/test_data/wireshark.py @@ -36,7 +36,7 @@ "version": "2.6.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/w/wireshark/", + "url": "http://ftp.debian.org/debian/pool/main/w/wireshark/", "package_name": "libwireshark16_4.0.3-1_amd64.deb", "product": "wireshark", "version": "4.0.3", diff --git a/test/test_data/wolfssl.py b/test/test_data/wolfssl.py index f8910a9c82..1f9a280552 100644 --- a/test/test_data/wolfssl.py +++ b/test/test_data/wolfssl.py @@ -6,13 +6,13 @@ ] package_test_data = [ { - "url": "http://ftp.fr.debian.org/debian/pool/main/w/wolfssl/", + "url": "http://ftp.debian.org/debian/pool/main/w/wolfssl/", "package_name": "libwolfssl24_4.6.0+p1-0+deb11u1_amd64.deb", "product": "wolfssl", "version": "4.6.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/w/wolfssl/", + "url": "http://ftp.debian.org/debian/pool/main/w/wolfssl/", "package_name": "libwolfssl24_4.6.0+p1-0+deb11u1_arm64.deb", "product": "wolfssl", "version": "4.6.0", diff --git a/test/test_data/xscreensaver.py b/test/test_data/xscreensaver.py index ec7ea00470..33d4bc8971 100644 --- a/test/test_data/xscreensaver.py +++ b/test/test_data/xscreensaver.py @@ -27,7 +27,7 @@ "version": "6.05", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/x/xscreensaver/", + "url": "http://ftp.debian.org/debian/pool/main/x/xscreensaver/", "package_name": "xscreensaver_5.36-1_arm64.deb", "product": "xscreensaver", "version": "5.36", diff --git a/test/test_data/xwayland.py b/test/test_data/xwayland.py index c60ec9fdb7..f8e8a54eec 100644 --- a/test/test_data/xwayland.py +++ b/test/test_data/xwayland.py @@ -16,7 +16,7 @@ "version": "23.2.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/x/xwayland/", + "url": "http://ftp.debian.org/debian/pool/main/x/xwayland/", "package_name": "xwayland_22.1.9-1_amd64.deb", "product": "xwayland", "version": "22.1.9", diff --git a/test/test_data/yasm.py b/test/test_data/yasm.py index 2566080788..256843f6bb 100644 --- a/test/test_data/yasm.py +++ b/test/test_data/yasm.py @@ -12,7 +12,7 @@ "version": "1.3.0", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/y/yasm/", + "url": "http://ftp.debian.org/debian/pool/main/y/yasm/", "package_name": "yasm_1.2.0-2_amd64.deb", "product": "yasm", "version": "1.2.0", diff --git a/test/test_data/zabbix.py b/test/test_data/zabbix.py index 65783c3226..530023a524 100644 --- a/test/test_data/zabbix.py +++ b/test/test_data/zabbix.py @@ -13,7 +13,7 @@ "version": "6.0.13", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/z/zabbix/", + "url": "http://ftp.debian.org/debian/pool/main/z/zabbix/", "package_name": "zabbix-server-mysql_4.0.4+dfsg-1_amd64.deb", "product": "zabbix", "version": "4.0.4", diff --git a/test/test_data/zchunk.py b/test/test_data/zchunk.py index 428bdfd4cb..45ac4043df 100644 --- a/test/test_data/zchunk.py +++ b/test/test_data/zchunk.py @@ -12,7 +12,7 @@ "version": "1.3.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/z/zchunk/", + "url": "http://ftp.debian.org/debian/pool/main/z/zchunk/", "package_name": "zchunk_1.1.9+ds1-1_amd64.deb", "product": "zchunk", "version": "1.1.9", diff --git a/test/test_data/zeek.py b/test/test_data/zeek.py index 819f23ad31..b0e19fc33f 100644 --- a/test/test_data/zeek.py +++ b/test/test_data/zeek.py @@ -13,7 +13,7 @@ "other_products": ["sqlite"], }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/z/zeek/", + "url": "http://ftp.debian.org/debian/pool/main/z/zeek/", "package_name": "zeek_3.2.3+ds2-2+b2_amd64.deb", "product": "zeek", "version": "3.2.3", diff --git a/test/test_data/znc.py b/test/test_data/znc.py index 16dd573938..b2deb231d2 100644 --- a/test/test_data/znc.py +++ b/test/test_data/znc.py @@ -22,7 +22,7 @@ "version": "1.8.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/z/znc/", + "url": "http://ftp.debian.org/debian/pool/main/z/znc/", "package_name": "znc_1.7.2-3_amd64.deb", "product": "znc", "version": "1.7.2", diff --git a/test/test_data/zstandard.py b/test/test_data/zstandard.py index 8e72e42570..44abc2d76f 100644 --- a/test/test_data/zstandard.py +++ b/test/test_data/zstandard.py @@ -16,7 +16,7 @@ "version": "1.5.2", }, { - "url": "http://ftp.fr.debian.org/debian/pool/main/libz/libzstd/", + "url": "http://ftp.debian.org/debian/pool/main/libz/libzstd/", "package_name": "libzstd1_1.3.8+dfsg-3+deb10u2_amd64.deb", "product": "zstandard", "version": "1.3.8", From 0d28efe86e0e075d68416f740a14b23d9150f946 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 20:13:07 +0000 Subject: [PATCH 11/47] chore: update SBOM for Python 3.8 (#4586) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 38 ++++++++++++++++++++++++++++++++++-- sbom/cve-bin-tool-py3.8.spdx | 7 +++++-- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index fecc01dcdd..5f94fe7495 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:bfb08152-9dd5-424d-9678-3ee862935199", + "serialNumber": "urn:uuid:099ac5d1-44dc-4e7b-a512-baee535fed8e", "version": 1, "metadata": { - "timestamp": "2024-11-18T00:39:22Z", + "timestamp": "2024-11-25T00:38:02Z", "lifecycles": [ { "phase": "build" @@ -563,6 +563,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-1", + "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" + } + ], "licenses": [ { "license": { @@ -2036,6 +2042,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-04T20:43:30.000Z" } ] }, @@ -2988,6 +2998,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-06-12T20:10:06.000Z" } ] }, @@ -3001,6 +3015,12 @@ }, "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", + "hashes": [ + { + "alg": "SHA-1", + "content": "9155d4173e4c1f29a345de86c280ab783c837882" + } + ], "licenses": [ { "license": { @@ -3031,6 +3051,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-22T05:51:23.000Z" } ] }, @@ -3263,6 +3287,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.2/#files", @@ -3907,6 +3937,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-10-27T21:52:58.000Z" } ] }, diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index d2d54cd53b..037cfa2493 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8ea077c5-e561-4e98-a8ff-c481a83d795b +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7f19c172-b669-4dca-bd16-69f1d7883e2a LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-18T00:38:18Z +Created: 2024-11-25T00:37:11Z CreatorComment: This document has been automatically generated. ##### @@ -197,6 +197,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -990,6 +991,7 @@ PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python +PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1073,6 +1075,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION From 9f6fad68236281b9a472d4ad30b5db18392523dc Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 20:17:10 +0000 Subject: [PATCH 12/47] chore: update SBOM for Python 3.9 (#4587) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 78 +++++++++++++++++++++++++----------- sbom/cve-bin-tool-py3.9.spdx | 33 +++++++-------- 2 files changed, 72 insertions(+), 39 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 3b323e9810..525e36c738 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:4cd7fc8c-899c-44d7-99ce-13fd8013ebd6", + "serialNumber": "urn:uuid:a5bb6dc0-336a-401b-b261-af928298df56", "version": 1, "metadata": { - "timestamp": "2024-11-18T00:41:13Z", + "timestamp": "2024-11-25T00:39:41Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.2", + "version": "3.11.7", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.2/#files", + "url": "https://pypi.org/project/aiohttp/3.11.7/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.2", + "purl": "pkg:pypi/aiohttp@3.11.7", "properties": [ { "name": "language", @@ -111,6 +111,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-21T15:42:26.000Z" } ] }, @@ -471,6 +475,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-1", + "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" + } + ], "licenses": [ { "license": { @@ -512,7 +522,7 @@ "type": "library", "bom-ref": "11-yarl", "name": "yarl", - "version": "1.17.2", + "version": "1.18.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -521,7 +531,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -539,12 +549,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.2/#files", + "url": "https://pypi.org/project/yarl/1.18.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.2", + "purl": "pkg:pypi/yarl@1.18.0", "properties": [ { "name": "language", @@ -553,6 +563,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-11-21T15:02:50.000Z" } ] }, @@ -2034,6 +2048,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-04T20:43:30.000Z" } ] }, @@ -2883,6 +2901,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-06-12T20:10:06.000Z" } ] }, @@ -2896,6 +2918,12 @@ }, "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", + "hashes": [ + { + "alg": "SHA-1", + "content": "9155d4173e4c1f29a345de86c280ab783c837882" + } + ], "licenses": [ { "license": { @@ -2926,6 +2954,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-22T05:51:23.000Z" } ] }, @@ -3158,6 +3190,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.2/#files", @@ -3617,7 +3655,7 @@ "type": "library", "bom-ref": "71-setuptools", "name": "setuptools", - "version": "75.5.0", + "version": "75.6.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3626,16 +3664,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.5.0/#files", + "url": "https://pypi.org/project/setuptools/75.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.5.0", + "purl": "pkg:pypi/setuptools@75.6.0", "properties": [ { "name": "language", @@ -3644,10 +3682,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3806,6 +3840,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-10-27T21:52:58.000Z" } ] }, @@ -4055,12 +4093,6 @@ "30-six" ] }, - { - "ref": "44-importlib-metadata", - "dependsOn": [ - "45-zipp" - ] - }, { "ref": "46-jinja2", "dependsOn": [ diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index 69f0851dff..6d8b10262e 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7537a80d-caef-4a47-a5f9-73259eba4425 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-498ea3db-d747-477f-b1df-d88305bf176f LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-18T00:40:10Z +Created: 2024-11-25T00:38:45Z CreatorComment: This document has been automatically generated. ##### @@ -27,18 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.2 +PackageVersion: 3.11.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp -PackageLicenseDeclared: NOASSERTION +PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7 ##### PackageName: aiohappyeyeballs @@ -165,6 +164,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -175,18 +175,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-11-yarl -PackageVersion: 1.17.2 +PackageVersion: 1.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:* ##### PackageName: idna @@ -957,6 +957,7 @@ PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python +PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1040,6 +1041,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1184,17 +1186,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-71-setuptools -PackageVersion: 75.5.0 +PackageVersion: 75.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1348,7 +1350,6 @@ Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2 Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client -Relationship: SPDXRef-44-importlib-metadata DEPENDS_ON SPDXRef-45-zipp Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-referencing From ef7e5ed9e8550534b6d0469ca3a3dd699433218a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 20:19:09 +0000 Subject: [PATCH 13/47] chore: update SBOM for Python 3.10 (#4584) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 72 ++++++++++++++++++++++++++--------- sbom/cve-bin-tool-py3.10.spdx | 32 ++++++++-------- 2 files changed, 72 insertions(+), 32 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index 5f95347048..eb572218f5 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:88a7c280-7920-491a-a98e-db2939f852a4", + "serialNumber": "urn:uuid:08c8c458-250b-46ac-b89b-6681986cef6b", "version": 1, "metadata": { - "timestamp": "2024-11-18T00:38:34Z", + "timestamp": "2024-11-25T00:37:35Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.2", + "version": "3.11.7", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.2/#files", + "url": "https://pypi.org/project/aiohttp/3.11.7/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.2", + "purl": "pkg:pypi/aiohttp@3.11.7", "properties": [ { "name": "language", @@ -111,6 +111,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-21T15:42:26.000Z" } ] }, @@ -471,6 +475,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-1", + "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" + } + ], "licenses": [ { "license": { @@ -512,7 +522,7 @@ "type": "library", "bom-ref": "11-yarl", "name": "yarl", - "version": "1.17.2", + "version": "1.18.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -521,7 +531,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -539,12 +549,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.2/#files", + "url": "https://pypi.org/project/yarl/1.18.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.2", + "purl": "pkg:pypi/yarl@1.18.0", "properties": [ { "name": "language", @@ -553,6 +563,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-11-21T15:02:50.000Z" } ] }, @@ -2034,6 +2048,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-04T20:43:30.000Z" } ] }, @@ -2801,6 +2819,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-06-12T20:10:06.000Z" } ] }, @@ -2814,6 +2836,12 @@ }, "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", + "hashes": [ + { + "alg": "SHA-1", + "content": "9155d4173e4c1f29a345de86c280ab783c837882" + } + ], "licenses": [ { "license": { @@ -2844,6 +2872,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-22T05:51:23.000Z" } ] }, @@ -3076,6 +3108,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.2/#files", @@ -3535,7 +3573,7 @@ "type": "library", "bom-ref": "69-setuptools", "name": "setuptools", - "version": "75.5.0", + "version": "75.6.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3544,16 +3582,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.5.0/#files", + "url": "https://pypi.org/project/setuptools/75.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.5.0", + "purl": "pkg:pypi/setuptools@75.6.0", "properties": [ { "name": "language", @@ -3562,10 +3600,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3724,6 +3758,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-10-27T21:52:58.000Z" } ] }, diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index a6ebbb424d..00e3a876d3 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-53fcdacf-66b9-407a-8e03-8d9eee658c35 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-90a7d205-bf3f-4bfa-82e6-2f884377018b LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-18T00:37:44Z +Created: 2024-11-25T00:36:49Z CreatorComment: This document has been automatically generated. ##### @@ -27,18 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.2 +PackageVersion: 3.11.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp -PackageLicenseDeclared: NOASSERTION +PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7 ##### PackageName: aiohappyeyeballs @@ -165,6 +164,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -175,18 +175,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-11-yarl -PackageVersion: 1.17.2 +PackageVersion: 1.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:* ##### PackageName: idna @@ -926,6 +926,7 @@ PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python +PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1009,6 +1010,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1153,17 +1155,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-69-setuptools -PackageVersion: 75.5.0 +PackageVersion: 75.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:* ##### PackageName: toml From 44516c0d1526da72a2e4b48cc1bb06d6d075b29e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 20:20:30 +0000 Subject: [PATCH 14/47] chore: update SBOM for Python 3.11 (#4585) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 72 ++++++++++++++++++++++++++--------- sbom/cve-bin-tool-py3.11.spdx | 32 ++++++++-------- 2 files changed, 72 insertions(+), 32 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index c0ec7aafc2..238c7f6374 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:9445364b-91e6-4789-8aca-9a9c8deaafed", + "serialNumber": "urn:uuid:c0ad9887-1afc-490c-9a2f-74e4604b1a74", "version": 1, "metadata": { - "timestamp": "2024-11-18T00:39:23Z", + "timestamp": "2024-11-25T00:37:53Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.2", + "version": "3.11.7", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.2/#files", + "url": "https://pypi.org/project/aiohttp/3.11.7/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.2", + "purl": "pkg:pypi/aiohttp@3.11.7", "properties": [ { "name": "language", @@ -111,6 +111,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-21T15:42:26.000Z" } ] }, @@ -375,6 +379,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-1", + "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" + } + ], "licenses": [ { "license": { @@ -416,7 +426,7 @@ "type": "library", "bom-ref": "9-yarl", "name": "yarl", - "version": "1.17.2", + "version": "1.18.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -425,7 +435,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -443,12 +453,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.2/#files", + "url": "https://pypi.org/project/yarl/1.18.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.2", + "purl": "pkg:pypi/yarl@1.18.0", "properties": [ { "name": "language", @@ -457,6 +467,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-11-21T15:02:50.000Z" } ] }, @@ -1938,6 +1952,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-09-04T20:43:30.000Z" } ] }, @@ -2705,6 +2723,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-06-12T20:10:06.000Z" } ] }, @@ -2718,6 +2740,12 @@ }, "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", + "hashes": [ + { + "alg": "SHA-1", + "content": "9155d4173e4c1f29a345de86c280ab783c837882" + } + ], "licenses": [ { "license": { @@ -2748,6 +2776,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-22T05:51:23.000Z" } ] }, @@ -2980,6 +3012,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.2/#files", @@ -3439,7 +3477,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.5.0", + "version": "75.6.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3448,16 +3486,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.5.0/#files", + "url": "https://pypi.org/project/setuptools/75.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.5.0", + "purl": "pkg:pypi/setuptools@75.6.0", "properties": [ { "name": "language", @@ -3466,10 +3504,6 @@ { "name": "python_version", "value": "3.11.10" - }, - { - "name": "package_release_date", - "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3570,6 +3604,10 @@ { "name": "python_version", "value": "3.11.10" + }, + { + "name": "package_release_date", + "value": "2024-10-27T21:52:58.000Z" } ] }, diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index e37b1e32bc..8c726389a2 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-75f97134-ae0b-4742-83bb-e1072b2baaf1 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a81bc690-1847-4a09-9e8a-8501cc865a70 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-18T00:38:42Z +Created: 2024-11-25T00:37:14Z CreatorComment: This document has been automatically generated. ##### @@ -27,18 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.2 +PackageVersion: 3.11.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp -PackageLicenseDeclared: NOASSERTION +PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7 ##### PackageName: aiohappyeyeballs @@ -132,6 +131,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -142,18 +142,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-9-yarl -PackageVersion: 1.17.2 +PackageVersion: 1.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:* ##### PackageName: idna @@ -893,6 +893,7 @@ PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python +PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -976,6 +977,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1120,17 +1122,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.5.0 +PackageVersion: 75.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:* ##### PackageName: xmlschema From e4b3fd39532a6ad3dfba41efbf43f41f1c75fea8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 20:21:33 +0000 Subject: [PATCH 15/47] chore: update SBOM for Python 3.12 (#4583) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 72 ++++++++++++++++++++++++++--------- sbom/cve-bin-tool-py3.12.spdx | 32 ++++++++-------- 2 files changed, 72 insertions(+), 32 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 4c2b0f704a..7777f4ff80 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:b68a2b85-9212-4889-b7b2-84f3edf441ff", + "serialNumber": "urn:uuid:a061e09a-b4f0-449a-bc41-098f3ead640a", "version": 1, "metadata": { - "timestamp": "2024-11-18T00:38:25Z", + "timestamp": "2024-11-25T00:37:29Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.2", + "version": "3.11.7", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.2/#files", + "url": "https://pypi.org/project/aiohttp/3.11.7/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.2", + "purl": "pkg:pypi/aiohttp@3.11.7", "properties": [ { "name": "language", @@ -111,6 +111,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-21T15:42:26.000Z" } ] }, @@ -375,6 +379,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-1", + "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" + } + ], "licenses": [ { "license": { @@ -416,7 +426,7 @@ "type": "library", "bom-ref": "9-yarl", "name": "yarl", - "version": "1.17.2", + "version": "1.18.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -425,7 +435,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -443,12 +453,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.17.2/#files", + "url": "https://pypi.org/project/yarl/1.18.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.17.2", + "purl": "pkg:pypi/yarl@1.18.0", "properties": [ { "name": "language", @@ -457,6 +467,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-11-21T15:02:50.000Z" } ] }, @@ -1938,6 +1952,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-09-04T20:43:30.000Z" } ] }, @@ -2705,6 +2723,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-06-12T20:10:06.000Z" } ] }, @@ -2718,6 +2740,12 @@ }, "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*", "description": "A purl aka. Package URL parser and builder", + "hashes": [ + { + "alg": "SHA-1", + "content": "9155d4173e4c1f29a345de86c280ab783c837882" + } + ], "licenses": [ { "license": { @@ -2748,6 +2776,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-22T05:51:23.000Z" } ] }, @@ -2980,6 +3012,12 @@ }, "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", "description": "Core utilities for Python packages", + "hashes": [ + { + "alg": "SHA-1", + "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/packaging/24.2/#files", @@ -3439,7 +3477,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.5.0", + "version": "75.6.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3448,16 +3486,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.5.0/#files", + "url": "https://pypi.org/project/setuptools/75.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.5.0", + "purl": "pkg:pypi/setuptools@75.6.0", "properties": [ { "name": "language", @@ -3466,10 +3504,6 @@ { "name": "python_version", "value": "3.12.7" - }, - { - "name": "package_release_date", - "value": "2024-11-13T11:22:04.000Z" } ] }, @@ -3570,6 +3604,10 @@ { "name": "python_version", "value": "3.12.7" + }, + { + "name": "package_release_date", + "value": "2024-10-27T21:52:58.000Z" } ] }, diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 495c06d14d..d8507acac5 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-babbb628-7d9c-4a26-8587-854eedfee7d8 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-36045916-f900-49d4-8e22-5885aa0e310b LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-18T00:37:38Z +Created: 2024-11-25T00:36:48Z CreatorComment: This document has been automatically generated. ##### @@ -27,18 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.2 +PackageVersion: 3.11.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.2/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp -PackageLicenseDeclared: NOASSERTION +PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.2 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7 ##### PackageName: aiohappyeyeballs @@ -132,6 +131,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -142,18 +142,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-9-yarl -PackageVersion: 1.17.2 +PackageVersion: 1.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.17.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.17.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.17.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:* ##### PackageName: idna @@ -893,6 +893,7 @@ PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python +PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -976,6 +977,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false +PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -1120,17 +1122,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.5.0 +PackageVersion: 75.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.5.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:* ##### PackageName: xmlschema From 2ffc0830cd7671f7c21a656e59aa178cb0626e9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:05:05 -0800 Subject: [PATCH 16/47] chore(deps): bump step-security/harden-runner from 2.10.1 to 2.10.2 (#4589) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.10.1 to 2.10.2. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/91182cccc01eb5e619899d80e4e971d6181294a7...0080882f6c36860b6ba35c610c98ce87d4e2f26f) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-wheel.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/coverity.yml | 2 +- .github/workflows/cve_scan.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/formatting.yml | 2 +- .github/workflows/linting.yml | 2 +- .github/workflows/sbom.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/spelling.yml | 2 +- .github/workflows/testing.yml | 10 +++++----- .github/workflows/update-cache.yml | 2 +- .github/workflows/update-js-dependencies.yml | 2 +- .github/workflows/update-pre-commit.yml | 2 +- .github/workflows/update-spdx-header.yml | 2 +- .github/workflows/validate-yml.yml | 2 +- 16 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 6cf415295b..77f770d804 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -23,7 +23,7 @@ jobs: if: github.repository == 'intel/cve-bin-tool' # run on origin repo only steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8e21d96eda..86efaccec7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 6ad8ebb3ac..28ab5b0c38 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -14,7 +14,7 @@ jobs: runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index c97248eeb3..56d60d6a22 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -17,7 +17,7 @@ jobs: timeout-minutes: 60 steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index d99c952123..34fac8e10d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index 5ef52b7699..a864aeb4c8 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -19,7 +19,7 @@ jobs: runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index c4737601f6..a7cacf22e2 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -18,7 +18,7 @@ jobs: tool: ['isort', 'black', 'pyupgrade', 'flake8', 'bandit', 'gitlint', 'mypy', 'interrogate'] steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 1d42ac5baa..ad5cca1bf2 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -22,7 +22,7 @@ jobs: python: ['3.8', '3.9', '3.10', '3.11', '3.12'] steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index e6c3614f67..d5f8c3dfad 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 2dec16dcae..4676520a5e 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -14,7 +14,7 @@ jobs: runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index dbfe66a755..6310c69d43 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -39,7 +39,7 @@ jobs: runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true egress-policy: block @@ -76,7 +76,7 @@ jobs: timeout-minutes: 90 steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: block allowed-endpoints: > @@ -203,7 +203,7 @@ jobs: LONG_TESTS: 1 steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: block allowed-endpoints: > @@ -365,7 +365,7 @@ jobs: EXTERNAL_SYSTEM: 1 steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: block allowed-endpoints: > @@ -498,7 +498,7 @@ jobs: PYTHONIOENCODING: 'utf8' steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index fa2c93fae7..3ff143f678 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -26,7 +26,7 @@ jobs: timeout-minutes: 60 steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index f2b3fc0bd9..be00a1298d 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index 2b3be9cf39..192b599ee4 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/update-spdx-header.yml b/.github/workflows/update-spdx-header.yml index 68cde73344..adb37a09d6 100644 --- a/.github/workflows/update-spdx-header.yml +++ b/.github/workflows/update-spdx-header.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml index b4bd97f31d..821a621727 100644 --- a/.github/workflows/validate-yml.yml +++ b/.github/workflows/validate-yml.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit From 7cbac8f0bf34e03f324adcf67ee4416cbbd75cf7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:06:32 -0800 Subject: [PATCH 17/47] chore(deps): bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#4588) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/4081bf99e2866ebe428fc0477b69eb4fcda7220a...3b139cfc5fae8b618d3eae3675e383bb1769c019) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 34fac8e10d..de970949f3 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -24,4 +24,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0 + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 From d02a617946236a0762796a068992602301a98732 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 23:46:51 +0000 Subject: [PATCH 18/47] chore: update SBOM for Python 3.8 (#4598) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 52 ++++++++++++++++++++---------------- sbom/cve-bin-tool-py3.8.spdx | 31 ++++++++++----------- 2 files changed, 45 insertions(+), 38 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 5f94fe7495..a22590f7db 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:099ac5d1-44dc-4e7b-a512-baee535fed8e", + "serialNumber": "urn:uuid:fc78560e-a48d-4966-a3c8-a50b47fc18e2", "version": 1, "metadata": { - "timestamp": "2024-11-25T00:38:02Z", + "timestamp": "2024-12-02T00:40:57Z", "lifecycles": [ { "phase": "build" @@ -118,7 +118,7 @@ "type": "library", "bom-ref": "3-aiohappyeyeballs", "name": "aiohappyeyeballs", - "version": "2.4.3", + "version": "2.4.4", "supplier": { "name": "J. Nick Koston", "contact": [ @@ -127,14 +127,8 @@ } ] }, - "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", - "hashes": [ - { - "alg": "SHA-1", - "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" - } - ], "licenses": [ { "license": { @@ -151,12 +145,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files", + "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohappyeyeballs@2.4.3", + "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ { "name": "language", @@ -168,7 +162,7 @@ }, { "name": "package_release_date", - "value": "2024-09-30T19:42:26.000Z" + "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -375,6 +369,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" + } + ], "licenses": [ { "license": { @@ -1901,7 +1901,7 @@ "type": "library", "bom-ref": "37-pyopenssl", "name": "pyopenssl", - "version": "24.2.1", + "version": "24.3.0", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1910,7 +1910,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1928,12 +1928,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", + "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.2.1", + "purl": "pkg:pypi/pyopenssl@24.3.0", "properties": [ { "name": "language", @@ -1945,7 +1945,7 @@ }, { "name": "package_release_date", - "value": "2024-07-20T17:26:29.000Z" + "value": "2024-11-27T20:43:21.000Z" } ] }, @@ -1953,7 +1953,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "43.0.3", + "version": "44.0.0", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1962,7 +1962,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1976,12 +1976,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.3/#files", + "url": "https://pypi.org/project/cryptography/44.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.3", + "purl": "pkg:pypi/cryptography@44.0.0", "properties": [ { "name": "language", @@ -1993,7 +1993,7 @@ }, { "name": "package_release_date", - "value": "2024-10-18T15:57:36.000Z" + "value": "2024-11-27T18:05:55.000Z" } ] }, @@ -2012,6 +2012,12 @@ }, "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", "description": "Foreign Function Interface for Python calling C code.", + "hashes": [ + { + "alg": "SHA-1", + "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + } + ], "licenses": [ { "license": { diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 037cfa2493..6f892b9852 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7f19c172-b669-4dca-bd16-69f1d7883e2a +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-222b7435-eba1-45ad-ae40-59503a72bcd8 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-25T00:37:11Z +Created: 2024-12-02T00:40:03Z CreatorComment: This document has been automatically generated. ##### @@ -43,19 +43,18 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11 PackageName: aiohappyeyeballs SPDXID: SPDXRef-3-aiohappyeyeballs -PackageVersion: 2.4.3 +PackageVersion: 2.4.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) -PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs -PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal @@ -132,6 +131,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -621,10 +621,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-37-pyopenssl -PackageVersion: 24.2.1 +PackageVersion: 24.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -632,24 +632,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 43.0.3 +PackageVersion: 44.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* ##### PackageName: cffi @@ -660,6 +660,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org +PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION From ed3c409ff56f968d3a0d8089658e05b1902214a9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 23:47:54 +0000 Subject: [PATCH 19/47] chore: update SBOM for Python 3.9 (#4600) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 90 ++++++++++++++++-------------------- sbom/cve-bin-tool-py3.9.spdx | 54 +++++++++++----------- 2 files changed, 68 insertions(+), 76 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 525e36c738..bab3241bc9 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:a5bb6dc0-336a-401b-b261-af928298df56", + "serialNumber": "urn:uuid:776dd2f8-4200-429f-a71b-22e3b595f38e", "version": 1, "metadata": { - "timestamp": "2024-11-25T00:39:41Z", + "timestamp": "2024-12-02T00:41:54Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.7", + "version": "3.11.9", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.7/#files", + "url": "https://pypi.org/project/aiohttp/3.11.9/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.7", + "purl": "pkg:pypi/aiohttp@3.11.9", "properties": [ { "name": "language", @@ -114,7 +114,7 @@ }, { "name": "package_release_date", - "value": "2024-11-21T15:42:26.000Z" + "value": "2024-12-01T23:26:48.000Z" } ] }, @@ -122,7 +122,7 @@ "type": "library", "bom-ref": "3-aiohappyeyeballs", "name": "aiohappyeyeballs", - "version": "2.4.3", + "version": "2.4.4", "supplier": { "name": "J. Nick Koston", "contact": [ @@ -131,14 +131,8 @@ } ] }, - "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", - "hashes": [ - { - "alg": "SHA-1", - "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" - } - ], "licenses": [ { "license": { @@ -155,12 +149,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files", + "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohappyeyeballs@2.4.3", + "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ { "name": "language", @@ -172,7 +166,7 @@ }, { "name": "package_release_date", - "value": "2024-09-30T19:42:26.000Z" + "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -379,6 +373,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" + } + ], "licenses": [ { "license": { @@ -464,7 +464,7 @@ "type": "library", "bom-ref": "10-propcache", "name": "propcache", - "version": "0.2.0", + "version": "0.2.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -473,14 +473,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", "description": "Accelerated property cache", - "hashes": [ - { - "alg": "SHA-1", - "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" - } - ], "licenses": [ { "license": { @@ -497,12 +491,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/propcache/0.2.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/propcache@0.2.1", "properties": [ { "name": "language", @@ -511,10 +505,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-07T12:54:02.000Z" } ] }, @@ -522,7 +512,7 @@ "type": "library", "bom-ref": "11-yarl", "name": "yarl", - "version": "1.18.0", + "version": "1.18.3", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -531,7 +521,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -549,12 +539,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.18.0/#files", + "url": "https://pypi.org/project/yarl/1.18.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.18.0", + "purl": "pkg:pypi/yarl@1.18.3", "properties": [ { "name": "language", @@ -563,10 +553,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-21T15:02:50.000Z" } ] }, @@ -1907,7 +1893,7 @@ "type": "library", "bom-ref": "37-pyopenssl", "name": "pyopenssl", - "version": "24.2.1", + "version": "24.3.0", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1916,7 +1902,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1934,12 +1920,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", + "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.2.1", + "purl": "pkg:pypi/pyopenssl@24.3.0", "properties": [ { "name": "language", @@ -1951,7 +1937,7 @@ }, { "name": "package_release_date", - "value": "2024-07-20T17:26:29.000Z" + "value": "2024-11-27T20:43:21.000Z" } ] }, @@ -1959,7 +1945,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "43.0.3", + "version": "44.0.0", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1968,7 +1954,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1982,12 +1968,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.3/#files", + "url": "https://pypi.org/project/cryptography/44.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.3", + "purl": "pkg:pypi/cryptography@44.0.0", "properties": [ { "name": "language", @@ -1999,7 +1985,7 @@ }, { "name": "package_release_date", - "value": "2024-10-18T15:57:36.000Z" + "value": "2024-11-27T18:05:55.000Z" } ] }, @@ -2018,6 +2004,12 @@ }, "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", "description": "Foreign Function Interface for Python calling C code.", + "hashes": [ + { + "alg": "SHA-1", + "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + } + ], "licenses": [ { "license": { diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index 6d8b10262e..db64b97d7f 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-498ea3db-d747-477f-b1df-d88305bf176f +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fd502d23-ddda-46a2-92c0-86c59d9fd3e7 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-25T00:38:45Z +Created: 2024-12-02T00:41:00Z CreatorComment: This document has been automatically generated. ##### @@ -27,34 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.7 +PackageVersion: 3.11.9 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9 ##### PackageName: aiohappyeyeballs SPDXID: SPDXRef-3-aiohappyeyeballs -PackageVersion: 2.4.3 +PackageVersion: 2.4.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) -PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs -PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal @@ -131,6 +130,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -158,35 +158,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: propcache SPDXID: SPDXRef-10-propcache -PackageVersion: 0.2.0 +PackageVersion: 0.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache -PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:* ##### PackageName: yarl SPDXID: SPDXRef-11-yarl -PackageVersion: 1.18.0 +PackageVersion: 1.18.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:* ##### PackageName: idna @@ -619,10 +618,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-37-pyopenssl -PackageVersion: 24.2.1 +PackageVersion: 24.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -630,24 +629,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 43.0.3 +PackageVersion: 44.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* ##### PackageName: cffi @@ -658,6 +657,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org +PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION From 7b7eb975d8b4c573d787436c5fb275681a11ad0b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 23:49:44 +0000 Subject: [PATCH 20/47] chore: update SBOM for Python 3.10 (#4599) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 92 +++++++++++++++-------------------- sbom/cve-bin-tool-py3.10.spdx | 54 ++++++++++---------- 2 files changed, 67 insertions(+), 79 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index eb572218f5..a9dfe1d156 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:08c8c458-250b-46ac-b89b-6681986cef6b", + "serialNumber": "urn:uuid:30bcc6da-78f0-4cff-8b86-46b538305353", "version": 1, "metadata": { - "timestamp": "2024-11-25T00:37:35Z", + "timestamp": "2024-12-02T00:41:01Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.7", + "version": "3.11.9", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.7/#files", + "url": "https://pypi.org/project/aiohttp/3.11.9/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.7", + "purl": "pkg:pypi/aiohttp@3.11.9", "properties": [ { "name": "language", @@ -111,10 +111,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-21T15:42:26.000Z" } ] }, @@ -122,7 +118,7 @@ "type": "library", "bom-ref": "3-aiohappyeyeballs", "name": "aiohappyeyeballs", - "version": "2.4.3", + "version": "2.4.4", "supplier": { "name": "J. Nick Koston", "contact": [ @@ -131,14 +127,8 @@ } ] }, - "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", - "hashes": [ - { - "alg": "SHA-1", - "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" - } - ], "licenses": [ { "license": { @@ -155,12 +145,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files", + "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohappyeyeballs@2.4.3", + "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ { "name": "language", @@ -172,7 +162,7 @@ }, { "name": "package_release_date", - "value": "2024-09-30T19:42:26.000Z" + "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -379,6 +369,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" + } + ], "licenses": [ { "license": { @@ -464,7 +460,7 @@ "type": "library", "bom-ref": "10-propcache", "name": "propcache", - "version": "0.2.0", + "version": "0.2.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -473,14 +469,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", "description": "Accelerated property cache", - "hashes": [ - { - "alg": "SHA-1", - "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" - } - ], "licenses": [ { "license": { @@ -497,12 +487,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/propcache/0.2.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/propcache@0.2.1", "properties": [ { "name": "language", @@ -511,10 +501,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-10-07T12:54:02.000Z" } ] }, @@ -522,7 +508,7 @@ "type": "library", "bom-ref": "11-yarl", "name": "yarl", - "version": "1.18.0", + "version": "1.18.3", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -531,7 +517,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -549,12 +535,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.18.0/#files", + "url": "https://pypi.org/project/yarl/1.18.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.18.0", + "purl": "pkg:pypi/yarl@1.18.3", "properties": [ { "name": "language", @@ -563,10 +549,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-21T15:02:50.000Z" } ] }, @@ -1907,7 +1889,7 @@ "type": "library", "bom-ref": "37-pyopenssl", "name": "pyopenssl", - "version": "24.2.1", + "version": "24.3.0", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1916,7 +1898,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1934,12 +1916,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", + "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.2.1", + "purl": "pkg:pypi/pyopenssl@24.3.0", "properties": [ { "name": "language", @@ -1951,7 +1933,7 @@ }, { "name": "package_release_date", - "value": "2024-07-20T17:26:29.000Z" + "value": "2024-11-27T20:43:21.000Z" } ] }, @@ -1959,7 +1941,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "43.0.3", + "version": "44.0.0", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1968,7 +1950,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1982,12 +1964,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.3/#files", + "url": "https://pypi.org/project/cryptography/44.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.3", + "purl": "pkg:pypi/cryptography@44.0.0", "properties": [ { "name": "language", @@ -1999,7 +1981,7 @@ }, { "name": "package_release_date", - "value": "2024-10-18T15:57:36.000Z" + "value": "2024-11-27T18:05:55.000Z" } ] }, @@ -2018,6 +2000,12 @@ }, "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", "description": "Foreign Function Interface for Python calling C code.", + "hashes": [ + { + "alg": "SHA-1", + "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + } + ], "licenses": [ { "license": { diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 00e3a876d3..272b86f58c 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-90a7d205-bf3f-4bfa-82e6-2f884377018b +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e49aac3f-4241-44ab-a2f5-36ab7d594e3a LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-25T00:36:49Z +Created: 2024-12-02T00:39:48Z CreatorComment: This document has been automatically generated. ##### @@ -27,34 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.7 +PackageVersion: 3.11.9 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9 ##### PackageName: aiohappyeyeballs SPDXID: SPDXRef-3-aiohappyeyeballs -PackageVersion: 2.4.3 +PackageVersion: 2.4.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) -PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs -PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal @@ -131,6 +130,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -158,35 +158,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: propcache SPDXID: SPDXRef-10-propcache -PackageVersion: 0.2.0 +PackageVersion: 0.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache -PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:* ##### PackageName: yarl SPDXID: SPDXRef-11-yarl -PackageVersion: 1.18.0 +PackageVersion: 1.18.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:* ##### PackageName: idna @@ -619,10 +618,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-37-pyopenssl -PackageVersion: 24.2.1 +PackageVersion: 24.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -630,24 +629,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 43.0.3 +PackageVersion: 44.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* ##### PackageName: cffi @@ -658,6 +657,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org +PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION From 4a1b84e246f11b046a540052c97957c89e38ef59 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:16:52 +0000 Subject: [PATCH 21/47] chore: update SBOM for Python 3.11 (#4597) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 90 ++++++++++++++++------------------- sbom/cve-bin-tool-py3.11.spdx | 54 ++++++++++----------- 2 files changed, 68 insertions(+), 76 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 238c7f6374..39b9a567bd 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:c0ad9887-1afc-490c-9a2f-74e4604b1a74", + "serialNumber": "urn:uuid:26cf65a2-3634-40ba-9952-49f2946933a2", "version": 1, "metadata": { - "timestamp": "2024-11-25T00:37:53Z", + "timestamp": "2024-12-02T00:40:31Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.7", + "version": "3.11.9", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.7/#files", + "url": "https://pypi.org/project/aiohttp/3.11.9/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.7", + "purl": "pkg:pypi/aiohttp@3.11.9", "properties": [ { "name": "language", @@ -114,7 +114,7 @@ }, { "name": "package_release_date", - "value": "2024-11-21T15:42:26.000Z" + "value": "2024-12-01T23:26:48.000Z" } ] }, @@ -122,7 +122,7 @@ "type": "library", "bom-ref": "3-aiohappyeyeballs", "name": "aiohappyeyeballs", - "version": "2.4.3", + "version": "2.4.4", "supplier": { "name": "J. Nick Koston", "contact": [ @@ -131,14 +131,8 @@ } ] }, - "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", - "hashes": [ - { - "alg": "SHA-1", - "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" - } - ], "licenses": [ { "license": { @@ -155,12 +149,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files", + "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohappyeyeballs@2.4.3", + "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ { "name": "language", @@ -172,7 +166,7 @@ }, { "name": "package_release_date", - "value": "2024-09-30T19:42:26.000Z" + "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -327,6 +321,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" + } + ], "licenses": [ { "license": { @@ -368,7 +368,7 @@ "type": "library", "bom-ref": "8-propcache", "name": "propcache", - "version": "0.2.0", + "version": "0.2.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -377,14 +377,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", "description": "Accelerated property cache", - "hashes": [ - { - "alg": "SHA-1", - "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" - } - ], "licenses": [ { "license": { @@ -401,12 +395,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/propcache/0.2.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/propcache@0.2.1", "properties": [ { "name": "language", @@ -415,10 +409,6 @@ { "name": "python_version", "value": "3.11.10" - }, - { - "name": "package_release_date", - "value": "2024-10-07T12:54:02.000Z" } ] }, @@ -426,7 +416,7 @@ "type": "library", "bom-ref": "9-yarl", "name": "yarl", - "version": "1.18.0", + "version": "1.18.3", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -435,7 +425,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -453,12 +443,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.18.0/#files", + "url": "https://pypi.org/project/yarl/1.18.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.18.0", + "purl": "pkg:pypi/yarl@1.18.3", "properties": [ { "name": "language", @@ -467,10 +457,6 @@ { "name": "python_version", "value": "3.11.10" - }, - { - "name": "package_release_date", - "value": "2024-11-21T15:02:50.000Z" } ] }, @@ -1811,7 +1797,7 @@ "type": "library", "bom-ref": "35-pyopenssl", "name": "pyopenssl", - "version": "24.2.1", + "version": "24.3.0", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1820,7 +1806,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1838,12 +1824,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", + "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.2.1", + "purl": "pkg:pypi/pyopenssl@24.3.0", "properties": [ { "name": "language", @@ -1855,7 +1841,7 @@ }, { "name": "package_release_date", - "value": "2024-07-20T17:26:29.000Z" + "value": "2024-11-27T20:43:21.000Z" } ] }, @@ -1863,7 +1849,7 @@ "type": "library", "bom-ref": "36-cryptography", "name": "cryptography", - "version": "43.0.3", + "version": "44.0.0", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1872,7 +1858,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1886,12 +1872,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.3/#files", + "url": "https://pypi.org/project/cryptography/44.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.3", + "purl": "pkg:pypi/cryptography@44.0.0", "properties": [ { "name": "language", @@ -1903,7 +1889,7 @@ }, { "name": "package_release_date", - "value": "2024-10-18T15:57:36.000Z" + "value": "2024-11-27T18:05:55.000Z" } ] }, @@ -1922,6 +1908,12 @@ }, "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", "description": "Foreign Function Interface for Python calling C code.", + "hashes": [ + { + "alg": "SHA-1", + "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + } + ], "licenses": [ { "license": { diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 8c726389a2..c6b330f164 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a81bc690-1847-4a09-9e8a-8501cc865a70 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d24f8cb-8f3b-41e7-bad7-84f6018d8c85 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-25T00:37:14Z +Created: 2024-12-02T00:39:32Z CreatorComment: This document has been automatically generated. ##### @@ -27,34 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.7 +PackageVersion: 3.11.9 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9 ##### PackageName: aiohappyeyeballs SPDXID: SPDXRef-3-aiohappyeyeballs -PackageVersion: 2.4.3 +PackageVersion: 2.4.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) -PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs -PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal @@ -114,6 +113,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -125,35 +125,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: propcache SPDXID: SPDXRef-8-propcache -PackageVersion: 0.2.0 +PackageVersion: 0.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache -PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:* ##### PackageName: yarl SPDXID: SPDXRef-9-yarl -PackageVersion: 1.18.0 +PackageVersion: 1.18.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:* ##### PackageName: idna @@ -586,10 +585,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-35-pyopenssl -PackageVersion: 24.2.1 +PackageVersion: 24.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -597,24 +596,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-36-cryptography -PackageVersion: 43.0.3 +PackageVersion: 44.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* ##### PackageName: cffi @@ -625,6 +624,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org +PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION From d7a558a20db1d3277ffe5445e8c80bfd6af92657 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:20:08 +0000 Subject: [PATCH 22/47] chore: update SBOM for Python 3.12 (#4596) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 90 ++++++++++++++++------------------- sbom/cve-bin-tool-py3.12.spdx | 54 ++++++++++----------- 2 files changed, 68 insertions(+), 76 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 7777f4ff80..b58600031e 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:a061e09a-b4f0-449a-bc41-098f3ead640a", + "serialNumber": "urn:uuid:5548b4f9-442d-4b36-9090-15eb81f1a49c", "version": 1, "metadata": { - "timestamp": "2024-11-25T00:37:29Z", + "timestamp": "2024-12-02T00:39:46Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.7", + "version": "3.11.9", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.7/#files", + "url": "https://pypi.org/project/aiohttp/3.11.9/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.7", + "purl": "pkg:pypi/aiohttp@3.11.9", "properties": [ { "name": "language", @@ -114,7 +114,7 @@ }, { "name": "package_release_date", - "value": "2024-11-21T15:42:26.000Z" + "value": "2024-12-01T23:26:48.000Z" } ] }, @@ -122,7 +122,7 @@ "type": "library", "bom-ref": "3-aiohappyeyeballs", "name": "aiohappyeyeballs", - "version": "2.4.3", + "version": "2.4.4", "supplier": { "name": "J. Nick Koston", "contact": [ @@ -131,14 +131,8 @@ } ] }, - "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", - "hashes": [ - { - "alg": "SHA-1", - "content": "e3519bbebf2069eee0aff0dfde50689c742ba97f" - } - ], "licenses": [ { "license": { @@ -155,12 +149,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohappyeyeballs/2.4.3/#files", + "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohappyeyeballs@2.4.3", + "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ { "name": "language", @@ -172,7 +166,7 @@ }, { "name": "package_release_date", - "value": "2024-09-30T19:42:26.000Z" + "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -327,6 +321,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-1", + "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" + } + ], "licenses": [ { "license": { @@ -368,7 +368,7 @@ "type": "library", "bom-ref": "8-propcache", "name": "propcache", - "version": "0.2.0", + "version": "0.2.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -377,14 +377,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", "description": "Accelerated property cache", - "hashes": [ - { - "alg": "SHA-1", - "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" - } - ], "licenses": [ { "license": { @@ -401,12 +395,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/propcache/0.2.0/#files", + "url": "https://pypi.org/project/propcache/0.2.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/propcache@0.2.0", + "purl": "pkg:pypi/propcache@0.2.1", "properties": [ { "name": "language", @@ -415,10 +409,6 @@ { "name": "python_version", "value": "3.12.7" - }, - { - "name": "package_release_date", - "value": "2024-10-07T12:54:02.000Z" } ] }, @@ -426,7 +416,7 @@ "type": "library", "bom-ref": "9-yarl", "name": "yarl", - "version": "1.18.0", + "version": "1.18.3", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -435,7 +425,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -453,12 +443,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.18.0/#files", + "url": "https://pypi.org/project/yarl/1.18.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.18.0", + "purl": "pkg:pypi/yarl@1.18.3", "properties": [ { "name": "language", @@ -467,10 +457,6 @@ { "name": "python_version", "value": "3.12.7" - }, - { - "name": "package_release_date", - "value": "2024-11-21T15:02:50.000Z" } ] }, @@ -1811,7 +1797,7 @@ "type": "library", "bom-ref": "35-pyopenssl", "name": "pyopenssl", - "version": "24.2.1", + "version": "24.3.0", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1820,7 +1806,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1838,12 +1824,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", + "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.2.1", + "purl": "pkg:pypi/pyopenssl@24.3.0", "properties": [ { "name": "language", @@ -1855,7 +1841,7 @@ }, { "name": "package_release_date", - "value": "2024-07-20T17:26:29.000Z" + "value": "2024-11-27T20:43:21.000Z" } ] }, @@ -1863,7 +1849,7 @@ "type": "library", "bom-ref": "36-cryptography", "name": "cryptography", - "version": "43.0.3", + "version": "44.0.0", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1872,7 +1858,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1886,12 +1872,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.3/#files", + "url": "https://pypi.org/project/cryptography/44.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.3", + "purl": "pkg:pypi/cryptography@44.0.0", "properties": [ { "name": "language", @@ -1903,7 +1889,7 @@ }, { "name": "package_release_date", - "value": "2024-10-18T15:57:36.000Z" + "value": "2024-11-27T18:05:55.000Z" } ] }, @@ -1922,6 +1908,12 @@ }, "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", "description": "Foreign Function Interface for Python calling C code.", + "hashes": [ + { + "alg": "SHA-1", + "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + } + ], "licenses": [ { "license": { diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index d8507acac5..796826637e 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-36045916-f900-49d4-8e22-5885aa0e310b +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-998a45ca-d4b4-40a5-aabc-67947aef36d5 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-11-25T00:36:48Z +Created: 2024-12-02T00:38:59Z CreatorComment: This document has been automatically generated. ##### @@ -27,34 +27,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.7 +PackageVersion: 3.11.9 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.7/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.7 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9 ##### PackageName: aiohappyeyeballs SPDXID: SPDXRef-3-aiohappyeyeballs -PackageVersion: 2.4.3 +PackageVersion: 2.4.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) -PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.3/#files +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs -PackageChecksum: SHA1: e3519bbebf2069eee0aff0dfde50689c742ba97f PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal @@ -114,6 +113,7 @@ PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -125,35 +125,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: propcache SPDXID: SPDXRef-8-propcache -PackageVersion: 0.2.0 +PackageVersion: 0.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache -PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:* ##### PackageName: yarl SPDXID: SPDXRef-9-yarl -PackageVersion: 1.18.0 +PackageVersion: 1.18.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.18.0/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:* ##### PackageName: idna @@ -586,10 +585,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-35-pyopenssl -PackageVersion: 24.2.1 +PackageVersion: 24.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -597,24 +596,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-36-cryptography -PackageVersion: 43.0.3 +PackageVersion: 44.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* ##### PackageName: cffi @@ -625,6 +624,7 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org +PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION From 8e7f92b46edd990d618d12c0d132e87f527b91e6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 20:11:33 +0000 Subject: [PATCH 23/47] chore: update SBOM for Python 3.8 (#4611) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 78 ++++++++++++++++++------------------ sbom/cve-bin-tool-py3.8.spdx | 46 ++++++++++----------- 2 files changed, 62 insertions(+), 62 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index a22590f7db..eca4e9591a 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:fc78560e-a48d-4966-a3c8-a50b47fc18e2", + "serialNumber": "urn:uuid:195f1fda-4d35-404c-96c8-fec25e970985", "version": 1, "metadata": { - "timestamp": "2024-12-02T00:40:57Z", + "timestamp": "2024-12-09T00:43:24Z", "lifecycles": [ { "phase": "build" @@ -933,7 +933,7 @@ "type": "library", "bom-ref": "19-gsutil", "name": "gsutil", - "version": "5.31", + "version": "5.32", "supplier": { "name": "Google Inc .", "contact": [ @@ -942,7 +942,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -960,12 +960,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.31/#files", + "url": "https://pypi.org/project/gsutil/5.32/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.31", + "purl": "pkg:pypi/gsutil@5.32", "properties": [ { "name": "language", @@ -977,7 +977,7 @@ }, { "name": "package_release_date", - "value": "2024-10-10T15:59:06.000Z" + "value": "2024-12-04T14:56:46.000Z" } ] }, @@ -985,7 +985,7 @@ "type": "library", "bom-ref": "20-argcomplete", "name": "argcomplete", - "version": "3.5.1", + "version": "3.5.2", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -994,8 +994,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + } + ], "licenses": [ { "license": { @@ -1012,12 +1018,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/argcomplete/3.5.1/#files", + "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.5.1", + "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ { "name": "language", @@ -1029,7 +1035,7 @@ }, { "name": "package_release_date", - "value": "2024-10-07T04:00:36.000Z" + "value": "2024-12-06T18:24:27.000Z" } ] }, @@ -1518,7 +1524,7 @@ "type": "library", "bom-ref": "30-six", "name": "six", - "version": "1.16.0", + "version": "1.17.0", "supplier": { "name": "Benjamin Peterson", "contact": [ @@ -1527,14 +1533,8 @@ } ] }, - "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", "description": "Python 2 and 3 compatibility utilities", - "hashes": [ - { - "alg": "SHA-1", - "content": "65486e4383f9f411da95937451205d3c7b61b9e1" - } - ], "licenses": [ { "license": { @@ -1551,12 +1551,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/six/1.16.0/#files", + "url": "https://pypi.org/project/six/1.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.16.0", + "purl": "pkg:pypi/six@1.17.0", "properties": [ { "name": "language", @@ -1568,7 +1568,7 @@ }, { "name": "package_release_date", - "value": "2021-05-05T14:18:17.000Z" + "value": "2024-12-04T17:35:26.000Z" } ] }, @@ -1901,7 +1901,7 @@ "type": "library", "bom-ref": "37-pyopenssl", "name": "pyopenssl", - "version": "24.3.0", + "version": "24.2.1", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1910,7 +1910,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1928,12 +1928,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", + "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.3.0", + "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ { "name": "language", @@ -1942,10 +1942,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-27T20:43:21.000Z" } ] }, @@ -1953,7 +1949,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "44.0.0", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1962,7 +1958,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1976,12 +1972,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/44.0.0/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@44.0.0", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -1990,10 +1986,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-27T18:05:55.000Z" } ] }, @@ -2786,6 +2778,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-09-18T21:36:24.000Z" } ] }, @@ -2950,6 +2946,10 @@ { "name": "python_version", "value": "3.8.18" + }, + { + "name": "package_release_date", + "value": "2024-08-29T20:36:52.000Z" } ] }, diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 6f892b9852..a0894598d1 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-222b7435-eba1-45ad-ae40-59503a72bcd8 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8bef91b4-39b2-4f5c-a343-81fddf71bbda LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-02T00:40:03Z +Created: 2024-12-09T00:42:14Z CreatorComment: This document has been automatically generated. ##### @@ -312,10 +312,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-19-gsutil -PackageVersion: 5.31 +PackageVersion: 5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files +PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION @@ -323,25 +323,26 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-20-argcomplete -PackageVersion: 3.5.1 +PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete +PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -499,19 +500,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* PackageName: six SPDXID: SPDXRef-30-six -PackageVersion: 1.16.0 +PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) -PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six -PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### PackageName: google-auth-httplib2 @@ -621,10 +621,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-37-pyopenssl -PackageVersion: 24.3.0 +PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -632,24 +632,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 44.0.0 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi From e2aa1a57bad1b97c551cbc31691c3b212bd80e70 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 20:12:34 +0000 Subject: [PATCH 24/47] chore: update SBOM for Python 3.9 (#4610) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 106 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.9.spdx | 61 ++++++++++---------- 2 files changed, 82 insertions(+), 85 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index bab3241bc9..fc9b5dcb0f 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:776dd2f8-4200-429f-a71b-22e3b595f38e", + "serialNumber": "urn:uuid:f196410b-e7b4-45b7-be50-2cd9fa1e4b4d", "version": 1, "metadata": { - "timestamp": "2024-12-02T00:41:54Z", + "timestamp": "2024-12-09T00:41:21Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.9", + "version": "3.11.10", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.9/#files", + "url": "https://pypi.org/project/aiohttp/3.11.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.9", + "purl": "pkg:pypi/aiohttp@3.11.10", "properties": [ { "name": "language", @@ -114,7 +114,7 @@ }, { "name": "package_release_date", - "value": "2024-12-01T23:26:48.000Z" + "value": "2024-12-05T23:51:02.000Z" } ] }, @@ -553,6 +553,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-12-01T20:32:32.000Z" } ] }, @@ -921,7 +925,7 @@ "type": "library", "bom-ref": "19-gsutil", "name": "gsutil", - "version": "5.31", + "version": "5.32", "supplier": { "name": "Google Inc .", "contact": [ @@ -930,7 +934,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -948,12 +952,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.31/#files", + "url": "https://pypi.org/project/gsutil/5.32/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.31", + "purl": "pkg:pypi/gsutil@5.32", "properties": [ { "name": "language", @@ -965,7 +969,7 @@ }, { "name": "package_release_date", - "value": "2024-10-10T15:59:06.000Z" + "value": "2024-12-04T14:56:46.000Z" } ] }, @@ -973,7 +977,7 @@ "type": "library", "bom-ref": "20-argcomplete", "name": "argcomplete", - "version": "3.5.1", + "version": "3.5.2", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -982,8 +986,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + } + ], "licenses": [ { "license": { @@ -1000,12 +1010,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/argcomplete/3.5.1/#files", + "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.5.1", + "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ { "name": "language", @@ -1017,7 +1027,7 @@ }, { "name": "package_release_date", - "value": "2024-10-07T04:00:36.000Z" + "value": "2024-12-06T18:24:27.000Z" } ] }, @@ -1506,7 +1516,7 @@ "type": "library", "bom-ref": "30-six", "name": "six", - "version": "1.16.0", + "version": "1.17.0", "supplier": { "name": "Benjamin Peterson", "contact": [ @@ -1515,14 +1525,8 @@ } ] }, - "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", "description": "Python 2 and 3 compatibility utilities", - "hashes": [ - { - "alg": "SHA-1", - "content": "65486e4383f9f411da95937451205d3c7b61b9e1" - } - ], "licenses": [ { "license": { @@ -1539,12 +1543,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/six/1.16.0/#files", + "url": "https://pypi.org/project/six/1.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.16.0", + "purl": "pkg:pypi/six@1.17.0", "properties": [ { "name": "language", @@ -1556,7 +1560,7 @@ }, { "name": "package_release_date", - "value": "2021-05-05T14:18:17.000Z" + "value": "2024-12-04T17:35:26.000Z" } ] }, @@ -1893,7 +1897,7 @@ "type": "library", "bom-ref": "37-pyopenssl", "name": "pyopenssl", - "version": "24.3.0", + "version": "24.2.1", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1902,7 +1906,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1920,12 +1924,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", + "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.3.0", + "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ { "name": "language", @@ -1934,10 +1938,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-27T20:43:21.000Z" } ] }, @@ -1945,7 +1945,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "44.0.0", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1954,7 +1954,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1968,12 +1968,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/44.0.0/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@44.0.0", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -1982,10 +1982,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-27T18:05:55.000Z" } ] }, @@ -2585,7 +2581,7 @@ "type": "library", "bom-ref": "51-rpds-py", "name": "rpds-py", - "version": "0.21.0", + "version": "0.22.3", "supplier": { "name": "Julian Berman", "contact": [ @@ -2594,14 +2590,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2609,12 +2599,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.21.0/#files", + "url": "https://pypi.org/project/rpds-py/0.22.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.21.0", + "purl": "pkg:pypi/rpds-py@0.22.3", "properties": [ { "name": "language", @@ -2626,7 +2616,7 @@ }, { "name": "package_release_date", - "value": "2024-11-06T13:57:41.000Z" + "value": "2024-12-04T15:31:31.000Z" } ] }, @@ -2675,6 +2665,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-09-18T21:36:24.000Z" } ] }, @@ -2839,6 +2833,10 @@ { "name": "python_version", "value": "3.9.20" + }, + { + "name": "package_release_date", + "value": "2024-08-29T20:36:52.000Z" } ] }, diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index db64b97d7f..0ea6f31d91 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fd502d23-ddda-46a2-92c0-86c59d9fd3e7 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-634a9368-ed3e-4f65-9676-93d8052f2d0d LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-02T00:41:00Z +Created: 2024-12-09T00:40:29Z CreatorComment: This document has been automatically generated. ##### @@ -27,17 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.9 +PackageVersion: 3.11.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10 ##### PackageName: aiohappyeyeballs @@ -309,10 +309,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-19-gsutil -PackageVersion: 5.31 +PackageVersion: 5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files +PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION @@ -320,25 +320,26 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-20-argcomplete -PackageVersion: 3.5.1 +PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete +PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -496,19 +497,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* PackageName: six SPDXID: SPDXRef-30-six -PackageVersion: 1.16.0 +PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) -PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six -PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### PackageName: google-auth-httplib2 @@ -618,10 +618,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-37-pyopenssl -PackageVersion: 24.3.0 +PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -629,24 +629,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 44.0.0 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -850,19 +850,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-51-rpds-py -PackageVersion: 0.21.0 +PackageVersion: 0.22.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:* ##### PackageName: lib4sbom From 5afbd66c1105b55c96c1defb6a54856f0f8d4838 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 20:13:43 +0000 Subject: [PATCH 25/47] chore: update SBOM for Python 3.10 (#4608) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 108 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.10.spdx | 61 ++++++++++--------- 2 files changed, 85 insertions(+), 84 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index a9dfe1d156..c0190371f3 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:30bcc6da-78f0-4cff-8b86-46b538305353", + "serialNumber": "urn:uuid:cc4c1587-f7c9-47e1-9748-a28d02e87e61", "version": 1, "metadata": { - "timestamp": "2024-12-02T00:41:01Z", + "timestamp": "2024-12-09T00:40:33Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.9", + "version": "3.11.10", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.9/#files", + "url": "https://pypi.org/project/aiohttp/3.11.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.9", + "purl": "pkg:pypi/aiohttp@3.11.10", "properties": [ { "name": "language", @@ -111,6 +111,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-12-05T23:51:02.000Z" } ] }, @@ -549,6 +553,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-12-01T20:32:32.000Z" } ] }, @@ -917,7 +925,7 @@ "type": "library", "bom-ref": "19-gsutil", "name": "gsutil", - "version": "5.31", + "version": "5.32", "supplier": { "name": "Google Inc .", "contact": [ @@ -926,7 +934,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -944,12 +952,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.31/#files", + "url": "https://pypi.org/project/gsutil/5.32/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.31", + "purl": "pkg:pypi/gsutil@5.32", "properties": [ { "name": "language", @@ -961,7 +969,7 @@ }, { "name": "package_release_date", - "value": "2024-10-10T15:59:06.000Z" + "value": "2024-12-04T14:56:46.000Z" } ] }, @@ -969,7 +977,7 @@ "type": "library", "bom-ref": "20-argcomplete", "name": "argcomplete", - "version": "3.5.1", + "version": "3.5.2", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -978,8 +986,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + } + ], "licenses": [ { "license": { @@ -996,12 +1010,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/argcomplete/3.5.1/#files", + "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.5.1", + "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ { "name": "language", @@ -1013,7 +1027,7 @@ }, { "name": "package_release_date", - "value": "2024-10-07T04:00:36.000Z" + "value": "2024-12-06T18:24:27.000Z" } ] }, @@ -1502,7 +1516,7 @@ "type": "library", "bom-ref": "30-six", "name": "six", - "version": "1.16.0", + "version": "1.17.0", "supplier": { "name": "Benjamin Peterson", "contact": [ @@ -1511,14 +1525,8 @@ } ] }, - "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", "description": "Python 2 and 3 compatibility utilities", - "hashes": [ - { - "alg": "SHA-1", - "content": "65486e4383f9f411da95937451205d3c7b61b9e1" - } - ], "licenses": [ { "license": { @@ -1535,12 +1543,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/six/1.16.0/#files", + "url": "https://pypi.org/project/six/1.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.16.0", + "purl": "pkg:pypi/six@1.17.0", "properties": [ { "name": "language", @@ -1552,7 +1560,7 @@ }, { "name": "package_release_date", - "value": "2021-05-05T14:18:17.000Z" + "value": "2024-12-04T17:35:26.000Z" } ] }, @@ -1889,7 +1897,7 @@ "type": "library", "bom-ref": "37-pyopenssl", "name": "pyopenssl", - "version": "24.3.0", + "version": "24.2.1", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1898,7 +1906,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1916,12 +1924,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", + "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.3.0", + "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ { "name": "language", @@ -1930,10 +1938,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-27T20:43:21.000Z" } ] }, @@ -1941,7 +1945,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "44.0.0", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1950,7 +1954,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1964,12 +1968,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/44.0.0/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@44.0.0", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -1978,10 +1982,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-27T18:05:55.000Z" } ] }, @@ -2499,7 +2499,7 @@ "type": "library", "bom-ref": "49-rpds-py", "name": "rpds-py", - "version": "0.21.0", + "version": "0.22.3", "supplier": { "name": "Julian Berman", "contact": [ @@ -2508,14 +2508,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2523,12 +2517,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.21.0/#files", + "url": "https://pypi.org/project/rpds-py/0.22.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.21.0", + "purl": "pkg:pypi/rpds-py@0.22.3", "properties": [ { "name": "language", @@ -2540,7 +2534,7 @@ }, { "name": "package_release_date", - "value": "2024-11-06T13:57:41.000Z" + "value": "2024-12-04T15:31:31.000Z" } ] }, @@ -2589,6 +2583,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-09-18T21:36:24.000Z" } ] }, @@ -2753,6 +2751,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-08-29T20:36:52.000Z" } ] }, diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 272b86f58c..345f7bc049 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e49aac3f-4241-44ab-a2f5-36ab7d594e3a +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3116a9e0-cfe7-4bba-8c51-73272f16f233 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-02T00:39:48Z +Created: 2024-12-09T00:39:40Z CreatorComment: This document has been automatically generated. ##### @@ -27,17 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.9 +PackageVersion: 3.11.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10 ##### PackageName: aiohappyeyeballs @@ -309,10 +309,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-19-gsutil -PackageVersion: 5.31 +PackageVersion: 5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files +PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION @@ -320,25 +320,26 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-20-argcomplete -PackageVersion: 3.5.1 +PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete +PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -496,19 +497,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* PackageName: six SPDXID: SPDXRef-30-six -PackageVersion: 1.16.0 +PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) -PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six -PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### PackageName: google-auth-httplib2 @@ -618,10 +618,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-37-pyopenssl -PackageVersion: 24.3.0 +PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -629,24 +629,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 44.0.0 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -819,19 +819,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-49-rpds-py -PackageVersion: 0.21.0 +PackageVersion: 0.22.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:* ##### PackageName: lib4sbom From 83d41000a2f81de1c4e6d69a082af287594b41f2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 20:15:43 +0000 Subject: [PATCH 26/47] chore: update SBOM for Python 3.11 (#4609) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 248 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.11.spdx | 61 ++++----- 2 files changed, 153 insertions(+), 156 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 39b9a567bd..cce31ab5e3 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:26cf65a2-3634-40ba-9952-49f2946933a2", + "serialNumber": "urn:uuid:55e9d331-0b11-4ab5-afbc-e088eeedb8e7", "version": 1, "metadata": { - "timestamp": "2024-12-02T00:40:31Z", + "timestamp": "2024-12-09T00:41:20Z", "lifecycles": [ { "phase": "build" @@ -71,7 +71,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" } ] }, @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.9", + "version": "3.11.10", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.9/#files", + "url": "https://pypi.org/project/aiohttp/3.11.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.9", + "purl": "pkg:pypi/aiohttp@3.11.10", "properties": [ { "name": "language", @@ -110,11 +110,11 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", - "value": "2024-12-01T23:26:48.000Z" + "value": "2024-12-05T23:51:02.000Z" } ] }, @@ -162,7 +162,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -211,7 +211,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -254,7 +254,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -298,7 +298,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -356,7 +356,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -408,7 +408,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" } ] }, @@ -456,7 +456,11 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" + }, + { + "name": "package_release_date", + "value": "2024-12-01T20:32:32.000Z" } ] }, @@ -490,7 +494,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -542,7 +546,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -591,7 +595,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" } ] }, @@ -645,7 +649,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -703,7 +707,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -755,7 +759,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -813,7 +817,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -825,7 +829,7 @@ "type": "library", "bom-ref": "17-gsutil", "name": "gsutil", - "version": "5.31", + "version": "5.32", "supplier": { "name": "Google Inc .", "contact": [ @@ -834,7 +838,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -852,12 +856,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.31/#files", + "url": "https://pypi.org/project/gsutil/5.32/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.31", + "purl": "pkg:pypi/gsutil@5.32", "properties": [ { "name": "language", @@ -865,11 +869,11 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", - "value": "2024-10-10T15:59:06.000Z" + "value": "2024-12-04T14:56:46.000Z" } ] }, @@ -877,7 +881,7 @@ "type": "library", "bom-ref": "18-argcomplete", "name": "argcomplete", - "version": "3.5.1", + "version": "3.5.2", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -886,8 +890,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + } + ], "licenses": [ { "license": { @@ -904,12 +914,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/argcomplete/3.5.1/#files", + "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.5.1", + "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ { "name": "language", @@ -917,11 +927,11 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", - "value": "2024-10-07T04:00:36.000Z" + "value": "2024-12-06T18:24:27.000Z" } ] }, @@ -969,7 +979,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" } ] }, @@ -1018,7 +1028,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" } ] }, @@ -1072,7 +1082,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1130,7 +1140,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1188,7 +1198,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" } ] }, @@ -1236,7 +1246,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1288,7 +1298,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1340,7 +1350,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1398,7 +1408,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1410,7 +1420,7 @@ "type": "library", "bom-ref": "28-six", "name": "six", - "version": "1.16.0", + "version": "1.17.0", "supplier": { "name": "Benjamin Peterson", "contact": [ @@ -1419,14 +1429,8 @@ } ] }, - "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", "description": "Python 2 and 3 compatibility utilities", - "hashes": [ - { - "alg": "SHA-1", - "content": "65486e4383f9f411da95937451205d3c7b61b9e1" - } - ], "licenses": [ { "license": { @@ -1443,12 +1447,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/six/1.16.0/#files", + "url": "https://pypi.org/project/six/1.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.16.0", + "purl": "pkg:pypi/six@1.17.0", "properties": [ { "name": "language", @@ -1456,11 +1460,11 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", - "value": "2021-05-05T14:18:17.000Z" + "value": "2024-12-04T17:35:26.000Z" } ] }, @@ -1514,7 +1518,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1572,7 +1576,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" } ] }, @@ -1611,7 +1615,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1669,7 +1673,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1727,7 +1731,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1785,7 +1789,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -1797,7 +1801,7 @@ "type": "library", "bom-ref": "35-pyopenssl", "name": "pyopenssl", - "version": "24.3.0", + "version": "24.2.1", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1806,7 +1810,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1824,12 +1828,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", + "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.3.0", + "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ { "name": "language", @@ -1837,11 +1841,7 @@ }, { "name": "python_version", - "value": "3.11.10" - }, - { - "name": "package_release_date", - "value": "2024-11-27T20:43:21.000Z" + "value": "3.11.11" } ] }, @@ -1849,7 +1849,7 @@ "type": "library", "bom-ref": "36-cryptography", "name": "cryptography", - "version": "44.0.0", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1858,7 +1858,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1872,12 +1872,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/44.0.0/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@44.0.0", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -1885,11 +1885,7 @@ }, { "name": "python_version", - "value": "3.11.10" - }, - { - "name": "package_release_date", - "value": "2024-11-27T18:05:55.000Z" + "value": "3.11.11" } ] }, @@ -1943,7 +1939,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2001,7 +1997,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2059,7 +2055,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2117,7 +2113,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2175,7 +2171,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2210,7 +2206,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2245,7 +2241,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2297,7 +2293,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2346,7 +2342,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2395,7 +2391,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2407,7 +2403,7 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.21.0", + "version": "0.22.3", "supplier": { "name": "Julian Berman", "contact": [ @@ -2416,14 +2412,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2431,12 +2421,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.21.0/#files", + "url": "https://pypi.org/project/rpds-py/0.22.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.21.0", + "purl": "pkg:pypi/rpds-py@0.22.3", "properties": [ { "name": "language", @@ -2444,11 +2434,11 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", - "value": "2024-11-06T13:57:41.000Z" + "value": "2024-12-04T15:31:31.000Z" } ] }, @@ -2496,7 +2486,11 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" + }, + { + "name": "package_release_date", + "value": "2024-09-18T21:36:24.000Z" } ] }, @@ -2544,7 +2538,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2602,7 +2596,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2660,7 +2654,11 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" + }, + { + "name": "package_release_date", + "value": "2024-08-29T20:36:52.000Z" } ] }, @@ -2714,7 +2712,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2767,7 +2765,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2825,7 +2823,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2874,7 +2872,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2923,7 +2921,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -2981,7 +2979,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3025,7 +3023,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3077,7 +3075,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3135,7 +3133,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3193,7 +3191,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3251,7 +3249,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3303,7 +3301,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3355,7 +3353,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3399,7 +3397,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3457,7 +3455,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3495,7 +3493,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" } ] }, @@ -3543,7 +3541,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3595,7 +3593,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3633,7 +3631,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", @@ -3685,7 +3683,7 @@ }, { "name": "python_version", - "value": "3.11.10" + "value": "3.11.11" }, { "name": "package_release_date", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index c6b330f164..e75779bebc 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-7d24f8cb-8f3b-41e7-bad7-84f6018d8c85 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-359c54b4-dec7-40dd-9ecd-e087abb23d21 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-02T00:39:32Z +Created: 2024-12-09T00:40:38Z CreatorComment: This document has been automatically generated. ##### @@ -27,17 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.9 +PackageVersion: 3.11.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10 ##### PackageName: aiohappyeyeballs @@ -276,10 +276,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: PackageName: gsutil SPDXID: SPDXRef-17-gsutil -PackageVersion: 5.31 +PackageVersion: 5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files +PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION @@ -287,25 +287,26 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-18-argcomplete -PackageVersion: 3.5.1 +PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete +PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -463,19 +464,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* PackageName: six SPDXID: SPDXRef-28-six -PackageVersion: 1.16.0 +PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) -PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six -PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### PackageName: google-auth-httplib2 @@ -585,10 +585,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-35-pyopenssl -PackageVersion: 24.3.0 +PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION @@ -596,24 +596,24 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-36-cryptography -PackageVersion: 44.0.0 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -786,19 +786,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-47-rpds-py -PackageVersion: 0.21.0 +PackageVersion: 0.22.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:* ##### PackageName: lib4sbom From d0c687264b6e3577ec9bf16c4653528314b45299 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 20:17:17 +0000 Subject: [PATCH 27/47] chore: update SBOM for Python 3.12 (#4607) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 218 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.12.spdx | 37 +++--- 2 files changed, 128 insertions(+), 127 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index b58600031e..10554f9235 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:5548b4f9-442d-4b36-9090-15eb81f1a49c", + "serialNumber": "urn:uuid:d683370e-a755-4d53-bb8c-717dc6173956", "version": 1, "metadata": { - "timestamp": "2024-12-02T00:39:46Z", + "timestamp": "2024-12-09T00:40:28Z", "lifecycles": [ { "phase": "build" @@ -71,7 +71,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" } ] }, @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.11.9", + "version": "3.11.10", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.11.9/#files", + "url": "https://pypi.org/project/aiohttp/3.11.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.11.9", + "purl": "pkg:pypi/aiohttp@3.11.10", "properties": [ { "name": "language", @@ -110,11 +110,11 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", - "value": "2024-12-01T23:26:48.000Z" + "value": "2024-12-05T23:51:02.000Z" } ] }, @@ -162,7 +162,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -211,7 +211,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -254,7 +254,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -298,7 +298,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -356,7 +356,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -408,7 +408,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" } ] }, @@ -456,7 +456,11 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" + }, + { + "name": "package_release_date", + "value": "2024-12-01T20:32:32.000Z" } ] }, @@ -490,7 +494,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -542,7 +546,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -591,7 +595,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" } ] }, @@ -645,7 +649,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -703,7 +707,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -755,7 +759,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -813,7 +817,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -865,11 +869,7 @@ }, { "name": "python_version", - "value": "3.12.7" - }, - { - "name": "package_release_date", - "value": "2024-10-10T15:59:06.000Z" + "value": "3.12.8" } ] }, @@ -877,7 +877,7 @@ "type": "library", "bom-ref": "18-argcomplete", "name": "argcomplete", - "version": "3.5.1", + "version": "3.5.2", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -886,8 +886,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", + "hashes": [ + { + "alg": "SHA-1", + "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + } + ], "licenses": [ { "license": { @@ -904,12 +910,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/argcomplete/3.5.1/#files", + "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.5.1", + "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ { "name": "language", @@ -917,11 +923,11 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", - "value": "2024-10-07T04:00:36.000Z" + "value": "2024-12-06T18:24:27.000Z" } ] }, @@ -969,7 +975,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" } ] }, @@ -1018,7 +1024,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" } ] }, @@ -1072,7 +1078,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1130,7 +1136,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1188,7 +1194,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" } ] }, @@ -1236,7 +1242,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1288,7 +1294,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1340,7 +1346,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1398,7 +1404,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1410,7 +1416,7 @@ "type": "library", "bom-ref": "28-six", "name": "six", - "version": "1.16.0", + "version": "1.17.0", "supplier": { "name": "Benjamin Peterson", "contact": [ @@ -1419,14 +1425,8 @@ } ] }, - "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", "description": "Python 2 and 3 compatibility utilities", - "hashes": [ - { - "alg": "SHA-1", - "content": "65486e4383f9f411da95937451205d3c7b61b9e1" - } - ], "licenses": [ { "license": { @@ -1443,12 +1443,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/six/1.16.0/#files", + "url": "https://pypi.org/project/six/1.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.16.0", + "purl": "pkg:pypi/six@1.17.0", "properties": [ { "name": "language", @@ -1456,11 +1456,11 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", - "value": "2021-05-05T14:18:17.000Z" + "value": "2024-12-04T17:35:26.000Z" } ] }, @@ -1514,7 +1514,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1572,7 +1572,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" } ] }, @@ -1611,7 +1611,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1669,7 +1669,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1727,7 +1727,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1785,7 +1785,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1837,7 +1837,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1885,7 +1885,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -1943,7 +1943,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2001,7 +2001,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2059,7 +2059,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2117,7 +2117,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2175,7 +2175,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2210,7 +2210,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2245,7 +2245,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2297,7 +2297,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2346,7 +2346,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2395,7 +2395,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2407,7 +2407,7 @@ "type": "library", "bom-ref": "47-rpds-py", "name": "rpds-py", - "version": "0.21.0", + "version": "0.22.3", "supplier": { "name": "Julian Berman", "contact": [ @@ -2416,14 +2416,8 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", - "hashes": [ - { - "alg": "SHA-1", - "content": "73581d8dfc56a24eac6ee32c83e6759b4506bb71" - } - ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2431,12 +2425,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rpds-py/0.21.0/#files", + "url": "https://pypi.org/project/rpds-py/0.22.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.21.0", + "purl": "pkg:pypi/rpds-py@0.22.3", "properties": [ { "name": "language", @@ -2444,11 +2438,11 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", - "value": "2024-11-06T13:57:41.000Z" + "value": "2024-12-04T15:31:31.000Z" } ] }, @@ -2496,7 +2490,11 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" + }, + { + "name": "package_release_date", + "value": "2024-09-18T21:36:24.000Z" } ] }, @@ -2544,7 +2542,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2602,7 +2600,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2660,7 +2658,11 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" + }, + { + "name": "package_release_date", + "value": "2024-08-29T20:36:52.000Z" } ] }, @@ -2714,7 +2716,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2767,7 +2769,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2825,7 +2827,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2874,7 +2876,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2923,7 +2925,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -2981,7 +2983,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3025,7 +3027,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3077,7 +3079,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3135,7 +3137,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3193,7 +3195,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3251,7 +3253,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3303,7 +3305,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3355,7 +3357,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3399,7 +3401,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3457,7 +3459,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3495,7 +3497,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" } ] }, @@ -3543,7 +3545,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3595,7 +3597,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3633,7 +3635,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", @@ -3685,7 +3687,7 @@ }, { "name": "python_version", - "value": "3.12.7" + "value": "3.12.8" }, { "name": "package_release_date", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 796826637e..527de7fa6a 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-998a45ca-d4b4-40a5-aabc-67947aef36d5 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-cb307ebd-78db-456e-9dbf-34b317e8df15 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-02T00:38:59Z +Created: 2024-12-09T00:39:39Z CreatorComment: This document has been automatically generated. ##### @@ -27,17 +27,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.11.9 +PackageVersion: 3.11.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.9/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.9 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10 ##### PackageName: aiohappyeyeballs @@ -293,19 +293,20 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:* PackageName: argcomplete SPDXID: SPDXRef-18-argcomplete -PackageVersion: 3.5.1 +PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete +PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -463,19 +464,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* PackageName: six SPDXID: SPDXRef-28-six -PackageVersion: 1.16.0 +PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) -PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files +PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six -PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### PackageName: google-auth-httplib2 @@ -786,19 +786,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* PackageName: rpds-py SPDXID: SPDXRef-47-rpds-py -PackageVersion: 0.21.0 +PackageVersion: 0.22.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.21.0/#files +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: 73581d8dfc56a24eac6ee32c83e6759b4506bb71 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:* ##### PackageName: lib4sbom From b196e686690cd673c84967a1b4993def660025ae Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Mon, 9 Dec 2024 13:19:09 -0800 Subject: [PATCH 28/47] ci: switch to ubuntu-latest for longtests (#4605) Temporary switch to ubuntu-latest for long tests to work around a timeout issue. Signed-off-by: Terri Oda --- .github/workflows/testing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 6310c69d43..59ed6c2aeb 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -197,7 +197,7 @@ jobs: github.head_ref ) ) - runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} + runs-on: 'ubuntu-latest' timeout-minutes: 120 env: LONG_TESTS: 1 From b024ac7e21964981e1ff4aa1b5861c686417995c Mon Sep 17 00:00:00 2001 From: Stewart Blacklock Date: Mon, 9 Dec 2024 14:01:15 -0800 Subject: [PATCH 29/47] Update scorecard.yml Upgraded Checkout; Removed (temporarily harden runner), switched to ONLY run on Github's runners. All problems to see if we can triage WHY it can't upload results. --- .github/workflows/scorecard.yml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d5f8c3dfad..6f7ecafd4e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -15,19 +15,14 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} + runs-on: ubuntu-latest permissions: security-events: write id-token: write steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - egress-policy: audit - - name: "Checkout code" - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -38,10 +33,3 @@ jobs: results_format: sarif publish_results: true - - name: "Upload artifact" - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - From 28c9bc0f8a92ae36d0a4cbf4d664b86265f28265 Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Tue, 10 Dec 2024 13:45:43 -0800 Subject: [PATCH 30/47] ci: disable test_output_cyclonedx utnil it can be fixed (#4618) Looks like there was an update to lib4vex that added some info and our test broke. Signed-off-by: Terri Oda --- test/test_vex.py | 1 + 1 file changed, 1 insertion(+) diff --git a/test/test_vex.py b/test/test_vex.py index 34c4ed7c61..6f43d8d08f 100644 --- a/test/test_vex.py +++ b/test/test_vex.py @@ -87,6 +87,7 @@ class TestVexGeneration(unittest.TestCase): ), } + @pytest.mark.skip(reason="Needs an update to match what lib4vex produces.") def test_output_cyclonedx(self): """Test VEX output generation""" From 8f2413167de17bcfa57e346f803cd90e87934b5d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 10 Dec 2024 21:55:29 +0000 Subject: [PATCH 31/47] chore: update pre-commit config (#4595) * chore: update pre-commit config * chore: fix black version that works with py3.8 --------- Co-authored-by: GitHub Co-authored-by: Terri Oda --- .pre-commit-config.yaml | 2 +- dev-requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8a14acb674..2c0751509b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,7 +34,7 @@ repos: exclude: ^fuzz/generated/|bandit\.conf$ - repo: https://github.com/PyCQA/bandit - rev: 1.7.10 + rev: 1.8.0 hooks: - id: bandit exclude: ^fuzz/generated/ diff --git a/dev-requirements.txt b/dev-requirements.txt index d98d7977bb..c88189cba0 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -6,7 +6,7 @@ pre-commit; python_version <= "3.8" pre-commit==4.0.1; python_version > "3.8" flake8; python_version < "3.8" flake8==7.1.1; python_version >= "3.8" -bandit==1.7.10 +bandit==1.8.0 gitlint==v0.19.1 interrogate mypy==v1.13.0 From 6abbb2a23d982807bbda0ede1b481d8d02050cc2 Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Wed, 11 Dec 2024 16:38:24 -0800 Subject: [PATCH 32/47] chore: fix bandit version on python 3.8 (#4620) Yet another project that has dropped 3.8 support. We'll be doing that too soon. Signed-off-by: Terri Oda --- dev-requirements.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev-requirements.txt b/dev-requirements.txt index c88189cba0..7977b7cdc3 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -6,7 +6,8 @@ pre-commit; python_version <= "3.8" pre-commit==4.0.1; python_version > "3.8" flake8; python_version < "3.8" flake8==7.1.1; python_version >= "3.8" -bandit==1.8.0 +bandit==1.7.10; python_version <= "3.8" +bandit==1.8.0; python_version > "3.8" gitlint==v0.19.1 interrogate mypy==v1.13.0 From 1b3e04724fffe74e79dfb2fc7ffed2893fa12af5 Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Thu, 12 Dec 2024 10:18:44 -0800 Subject: [PATCH 33/47] ci: moving cve-scan job to ubuntu-latest (#4621) This is a quick test to see if it resolves a freezing problem. Signed-off-by: Terri Oda --- .github/workflows/cve_bin_tool_action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cve_bin_tool_action.yml b/.github/workflows/cve_bin_tool_action.yml index 44e630403d..a98930f0e2 100644 --- a/.github/workflows/cve_bin_tool_action.yml +++ b/.github/workflows/cve_bin_tool_action.yml @@ -11,7 +11,7 @@ jobs: scan: permissions: security-events: write - runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} + runs-on: ubuntu-latest steps: - uses: intel/cve-bin-tool-action@main with: From ce0d2c361ff99ba1571009705aaf2d1bd8d3f328 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:43:12 +0000 Subject: [PATCH 34/47] chore: update SBOM for Python 3.8 (#4627) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 2872 ++++++++++++++++++++++------------ sbom/cve-bin-tool-py3.8.spdx | 1137 +++++++++----- 2 files changed, 2599 insertions(+), 1410 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index eca4e9591a..e6a506694b 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:195f1fda-4d35-404c-96c8-fec25e970985", + "serialNumber": "urn:uuid:f9224672-5e3f-460a-8fd4-51f97229adfe", "version": 1, "metadata": { - "timestamp": "2024-12-09T00:43:24Z", + "timestamp": "2024-12-16T00:39:25Z", "lifecycles": [ { "phase": "build" @@ -15,7 +15,7 @@ "components": [ { "name": "sbom4python", - "version": "0.11.3", + "version": "0.12.1", "type": "application" } ] @@ -42,6 +42,12 @@ }, "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", + "hashes": [ + { + "alg": "SHA-256", + "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d" + } + ], "licenses": [ { "license": { @@ -65,6 +71,10 @@ ], "purl": "pkg:pypi/cve-bin-tool@3.4", "properties": [ + { + "name": "release_date", + "value": "2024-09-17T18:57:44Z" + }, { "name": "language", "value": "Python" @@ -81,6 +91,12 @@ "name": "aiohttp", "version": "3.10.11", "description": "Async http client/server framework (asyncio)", + "hashes": [ + { + "alg": "SHA-256", + "content": "5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e" + } + ], "licenses": [ { "license": { @@ -100,10 +116,46 @@ "url": "https://pypi.org/project/aiohttp/3.10.11/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiohttp", + "type": "other" + }, + { + "url": "https://docs.aiohttp.org/en/stable/changes.html", + "type": "log" + }, + { + "url": "https://docs.aiohttp.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohttp", + "type": "vcs" } ], "purl": "pkg:pypi/aiohttp@3.10.11", "properties": [ + { + "name": "release_date", + "value": "2024-11-13T16:36:38Z" + }, { "name": "language", "value": "Python" @@ -129,6 +181,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-256", + "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8" + } + ], "licenses": [ { "license": { @@ -148,10 +206,30 @@ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://aiohappyeyeballs.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs", + "type": "vcs" } ], "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -159,10 +237,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -174,8 +248,8 @@ "description": "aiosignal: a list of registered asynchronous callbacks", "hashes": [ { - "alg": "SHA-1", - "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3" + "alg": "SHA-256", + "content": "f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17" } ], "licenses": [ @@ -197,10 +271,38 @@ "url": "https://pypi.org/project/aiosignal/1.3.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiosignal", + "type": "other" + }, + { + "url": "https://docs.aiosignal.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiosignal", + "type": "vcs" } ], "purl": "pkg:pypi/aiosignal@1.3.1", "properties": [ + { + "name": "release_date", + "value": "2022-11-08T16:03:57Z" + }, { "name": "language", "value": "Python" @@ -208,10 +310,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2022-11-08T16:03:57.000Z" } ] }, @@ -221,6 +319,12 @@ "name": "frozenlist", "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", + "hashes": [ + { + "alg": "SHA-256", + "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a" + } + ], "licenses": [ { "license": { @@ -240,10 +344,50 @@ "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/frozenlist", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog", + "type": "log" + }, + { + "url": "https://frozenlist.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/frozenlist", + "type": "vcs" } ], "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-23T09:46:20Z" + }, { "name": "language", "value": "Python" @@ -251,51 +395,63 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-23T09:46:20.000Z" } ] }, { "type": "library", - "bom-ref": "6-async-timeout", - "name": "async-timeout", - "version": "5.0.1", + "bom-ref": "6-attrs", + "name": "attrs", + "version": "24.2.0", "supplier": { - "name": "Andrew Svetlov", + "name": "Hynek Schlawack", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "hs@ox.cx" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", - "description": "Timeout context manager for asyncio programs", - "licenses": [ + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", + "description": "Classes Without Boilerplate", + "hashes": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/async-timeout", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/async-timeout/5.0.1/#files", + "url": "https://pypi.org/project/attrs/24.2.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.attrs.org/", + "type": "documentation" + }, + { + "url": "https://www.attrs.org/en/stable/changelog.html", + "type": "log" + }, + { + "url": "https://github.com/python-attrs/attrs", + "type": "vcs" + }, + { + "url": "https://github.com/sponsors/hynek", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi", + "type": "other" } ], - "purl": "pkg:pypi/async-timeout@5.0.1", + "purl": "pkg:pypi/attrs@24.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T14:37:36Z" + }, { "name": "language", "value": "Python" @@ -303,43 +459,47 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-06T16:41:37.000Z" } ] }, { "type": "library", - "bom-ref": "7-attrs", - "name": "attrs", - "version": "24.2.0", + "bom-ref": "7-importlib-metadata", + "name": "importlib-metadata", + "version": "8.5.0", "supplier": { - "name": "Hynek Schlawack", + "name": "Jason R .", "contact": [ { - "email": "hs@ox.cx" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", - "description": "Classes Without Boilerplate", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", + "description": "Read metadata from Python packages", "hashes": [ { - "alg": "SHA-1", - "content": "6771a04893780166e4b7826b63599f43ac30d00a" + "alg": "SHA-256", + "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b" } ], "externalReferences": [ { - "url": "https://pypi.org/project/attrs/24.2.0/#files", + "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_metadata", + "type": "vcs" } ], - "purl": "pkg:pypi/attrs@24.2.0", + "purl": "pkg:pypi/importlib-metadata@8.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-09-11T14:56:07Z" + }, { "name": "language", "value": "Python" @@ -347,57 +507,47 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-06T14:37:36.000Z" } ] }, { "type": "library", - "bom-ref": "8-multidict", - "name": "multidict", - "version": "6.1.0", + "bom-ref": "8-zipp", + "name": "zipp", + "version": "3.20.2", "supplier": { - "name": "Andrew Svetlov", + "name": "Jason R .", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", - "description": "multidict implementation", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "description": "Backport of pathlib-compatible object wrapper for zip files", "hashes": [ { - "alg": "SHA-1", - "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/multidict/6.1.0/#files", + "url": "https://pypi.org/project/zipp/3.20.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/jaraco/zipp", + "type": "vcs" } ], - "purl": "pkg:pypi/multidict@6.1.0", + "purl": "pkg:pypi/zipp@3.20.2", "properties": [ + { + "name": "release_date", + "value": "2024-09-13T13:44:14Z" + }, { "name": "language", "value": "Python" @@ -405,10 +555,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-09T23:47:18.000Z" } ] }, @@ -429,19 +575,48 @@ "description": "Backported and Experimental Type Hints for Python 3.8+", "hashes": [ { - "alg": "SHA-1", - "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + "alg": "SHA-256", + "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d" } ], "externalReferences": [ + { + "url": "https://github.com/python/typing_extensions", + "type": "website", + "comment": "Home page for project" + }, { "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/typing_extensions/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://typing-extensions.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python/typing/discussions", + "type": "other" + }, + { + "url": "https://github.com/python/typing_extensions", + "type": "vcs" } ], "purl": "pkg:pypi/typing-extensions@4.12.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-07T18:52:13Z" + }, { "name": "language", "value": "Python" @@ -449,18 +624,14 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-06-07T18:52:13.000Z" } ] }, { "type": "library", - "bom-ref": "10-yarl", - "name": "yarl", - "version": "1.15.2", + "bom-ref": "10-multidict", + "name": "multidict", + "version": "6.1.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -469,12 +640,12 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", + "description": "multidict implementation", "hashes": [ { - "alg": "SHA-1", - "content": "33294bf084d2dde1ac1e8133b0125e1f142a8274" + "alg": "SHA-256", + "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60" } ], "licenses": [ @@ -488,18 +659,58 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/multidict", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.2/#files", + "url": "https://pypi.org/project/multidict/6.1.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/multidict", + "type": "other" + }, + { + "url": "https://multidict.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://multidict.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/multidict", + "type": "vcs" } ], - "purl": "pkg:pypi/yarl@1.15.2", + "purl": "pkg:pypi/multidict@6.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-09-09T23:47:18Z" + }, { "name": "language", "value": "Python" @@ -512,28 +723,88 @@ }, { "type": "library", - "bom-ref": "11-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "11-yarl", + "name": "yarl", + "version": "1.15.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", - "externalReferences": [ - { - "url": "https://pypi.org/project/idna/3.10/#files", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.15.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/yarl", + "type": "other" + }, + { + "url": "https://yarl.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://yarl.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/yarl", + "type": "vcs" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.15.2", "properties": [ + { + "name": "release_date", + "value": "2024-10-13T18:44:32Z" + }, { "name": "language", "value": "Python" @@ -541,16 +812,68 @@ { "name": "python_version", "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "12-idna", + "name": "idna", + "version": "3.10", + "supplier": { + "name": "Kim Davies", + "contact": [ + { + "email": "kim+pypi@gumleaf.org" + } + ] + }, + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-256", + "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/idna/3.10/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst", + "type": "log" + }, + { + "url": "https://github.com/kjd/idna/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kjd/idna", + "type": "vcs" + } + ], + "purl": "pkg:pypi/idna@3.10", + "properties": [ + { + "name": "release_date", + "value": "2024-09-15T18:07:37Z" + }, + { + "name": "language", + "value": "Python" }, { - "name": "package_release_date", - "value": "2024-09-15T18:07:37.000Z" + "name": "python_version", + "value": "3.8.18" } ] }, { "type": "library", - "bom-ref": "12-propcache", + "bom-ref": "13-propcache", "name": "propcache", "version": "0.2.0", "supplier": { @@ -565,8 +888,8 @@ "description": "Accelerated property cache", "hashes": [ { - "alg": "SHA-1", - "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" + "alg": "SHA-256", + "content": "c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58" } ], "licenses": [ @@ -588,10 +911,50 @@ "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/propcache", + "type": "other" + }, + { + "url": "https://propcache.readthedocs.io/en/latest/changes/", + "type": "log" + }, + { + "url": "https://propcache.readthedocs.io", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/propcache", + "type": "vcs" } ], "purl": "pkg:pypi/propcache@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-07T12:54:02Z" + }, { "name": "language", "value": "Python" @@ -599,16 +962,90 @@ { "name": "python_version", "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "14-async-timeout", + "name": "async-timeout", + "version": "5.0.1", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", + "description": "Timeout context manager for asyncio programs", + "hashes": [ + { + "alg": "SHA-256", + "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/async-timeout", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/async-timeout/5.0.1/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/async-timeout/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/async-timeout", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/async-timeout/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/async-timeout", + "type": "vcs" + } + ], + "purl": "pkg:pypi/async-timeout@5.0.1", + "properties": [ + { + "name": "release_date", + "value": "2024-11-06T16:41:37Z" + }, + { + "name": "language", + "value": "Python" }, { - "name": "package_release_date", - "value": "2024-10-07T12:54:02.000Z" + "name": "python_version", + "value": "3.8.18" } ] }, { "type": "library", - "bom-ref": "13-beautifulsoup4", + "bom-ref": "15-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -621,11 +1058,17 @@ }, "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", "description": "Screen-scraping library", + "hashes": [ + { + "alg": "SHA-256", + "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -640,10 +1083,18 @@ "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/", + "type": "other" } ], "purl": "pkg:pypi/beautifulsoup4@4.12.3", "properties": [ + { + "name": "release_date", + "value": "2024-01-17T16:53:12Z" + }, { "name": "language", "value": "Python" @@ -651,16 +1102,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-01-17T16:53:12.000Z" } ] }, { "type": "library", - "bom-ref": "14-soupsieve", + "bom-ref": "16-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -675,8 +1122,8 @@ "description": "A modern CSS selector implementation for Beautiful Soup.", "hashes": [ { - "alg": "SHA-1", - "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + "alg": "SHA-256", + "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9" } ], "externalReferences": [ @@ -693,6 +1140,10 @@ ], "purl": "pkg:pypi/soupsieve@2.6", "properties": [ + { + "name": "release_date", + "value": "2024-08-13T13:39:10Z" + }, { "name": "language", "value": "Python" @@ -705,7 +1156,7 @@ }, { "type": "library", - "bom-ref": "15-cvss", + "bom-ref": "17-cvss", "name": "cvss", "version": "3.3", "supplier": { @@ -720,8 +1171,8 @@ "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { - "alg": "SHA-1", - "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + "alg": "SHA-256", + "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1" } ], "licenses": [ @@ -743,10 +1194,30 @@ "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/releases", + "type": "other" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "vcs" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/actions", + "type": "build-system" } ], "purl": "pkg:pypi/cvss@3.3", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T10:05:52Z" + }, { "name": "language", "value": "Python" @@ -754,16 +1225,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-01T10:05:52.000Z" } ] }, { "type": "library", - "bom-ref": "16-defusedxml", + "bom-ref": "18-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -778,8 +1245,8 @@ "description": "XML bomb protection for Python stdlib modules", "hashes": [ { - "alg": "SHA-1", - "content": "ebff1b493751e2f0775314bdd4188d64f07ea184" + "alg": "SHA-256", + "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61" } ], "licenses": [ @@ -798,13 +1265,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/defusedxml/0.7.1/#files", + "url": "https://pypi.python.org/pypi/defusedxml", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/defusedxml@0.7.1", "properties": [ + { + "name": "release_date", + "value": "2021-03-08T10:59:24Z" + }, { "name": "language", "value": "Python" @@ -812,16 +1283,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-03-08T10:59:24.000Z" } ] }, { "type": "library", - "bom-ref": "17-distro", + "bom-ref": "19-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -834,6 +1301,12 @@ }, "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*", "description": "Distro - an OS platform information API", + "hashes": [ + { + "alg": "SHA-256", + "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2" + } + ], "licenses": [ { "license": { @@ -857,6 +1330,10 @@ ], "purl": "pkg:pypi/distro@1.9.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-24T09:54:30Z" + }, { "name": "language", "value": "Python" @@ -864,16 +1341,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-12-24T09:54:30.000Z" } ] }, { "type": "library", - "bom-ref": "18-filetype", + "bom-ref": "20-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -888,15 +1361,15 @@ "description": "Infer file type and MIME type of any file/buffer. No external dependencies.", "hashes": [ { - "alg": "SHA-1", - "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585" + "alg": "SHA-256", + "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -908,13 +1381,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/filetype/1.2.0/#files", + "url": "https://github.com/h2non/filetype.py/tarball/master", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/filetype@1.2.0", "properties": [ + { + "name": "release_date", + "value": "2022-11-02T17:34:01Z" + }, { "name": "language", "value": "Python" @@ -922,18 +1399,14 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2022-11-02T17:34:01.000Z" } ] }, { "type": "library", - "bom-ref": "19-gsutil", + "bom-ref": "21-gsutil", "name": "gsutil", - "version": "5.32", + "version": "5.33", "supplier": { "name": "Google Inc .", "contact": [ @@ -942,8 +1415,14 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", + "hashes": [ + { + "alg": "SHA-256", + "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856" + } + ], "licenses": [ { "license": { @@ -960,13 +1439,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.32/#files", + "url": "https://cloud.google.com/storage/docs/gsutil_install", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.32", + "purl": "pkg:pypi/gsutil@5.33", "properties": [ + { + "name": "release_date", + "value": "2024-12-11T09:40:59Z" + }, { "name": "language", "value": "Python" @@ -974,16 +1457,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-12-04T14:56:46.000Z" } ] }, { "type": "library", - "bom-ref": "20-argcomplete", + "bom-ref": "22-argcomplete", "name": "argcomplete", "version": "3.5.2", "supplier": { @@ -998,8 +1477,8 @@ "description": "Bash tab completion for argparse", "hashes": [ { - "alg": "SHA-1", - "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + "alg": "SHA-256", + "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472" } ], "licenses": [ @@ -1021,10 +1500,30 @@ "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://kislyuk.github.io/argcomplete", + "type": "documentation" + }, + { + "url": "https://github.com/kislyuk/argcomplete", + "type": "vcs" + }, + { + "url": "https://github.com/kislyuk/argcomplete/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst", + "type": "log" } ], "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ + { + "name": "release_date", + "value": "2024-12-06T18:24:27Z" + }, { "name": "language", "value": "Python" @@ -1032,16 +1531,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-12-06T18:24:27.000Z" } ] }, { "type": "library", - "bom-ref": "21-crcmod", + "bom-ref": "23-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -1054,11 +1549,17 @@ }, "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*", "description": "CRC Generator", + "hashes": [ + { + "alg": "SHA-256", + "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1070,13 +1571,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/crcmod/1.7/#files", + "url": "http://sourceforge.net/projects/crcmod", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/crcmod@1.7", "properties": [ + { + "name": "release_date", + "value": "2010-06-27T14:35:29Z" + }, { "name": "language", "value": "Python" @@ -1089,7 +1594,7 @@ }, { "type": "library", - "bom-ref": "22-fasteners", + "bom-ref": "24-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -1099,8 +1604,8 @@ "description": "A python package that provides useful locks", "hashes": [ { - "alg": "SHA-1", - "content": "06c3f06cab4e135b8d921932019a231c180eb9f4" + "alg": "SHA-256", + "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237" } ], "licenses": [ @@ -1126,6 +1631,10 @@ ], "purl": "pkg:pypi/fasteners@0.19", "properties": [ + { + "name": "release_date", + "value": "2023-09-19T17:11:18Z" + }, { "name": "language", "value": "Python" @@ -1138,7 +1647,7 @@ }, { "type": "library", - "bom-ref": "23-gcs-oauth2-boto-plugin", + "bom-ref": "25-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -1153,8 +1662,8 @@ "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "hashes": [ { - "alg": "SHA-1", - "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb" + "alg": "SHA-256", + "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843" } ], "licenses": [ @@ -1173,13 +1682,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files", + "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ + { + "name": "release_date", + "value": "2024-05-02T14:37:31Z" + }, { "name": "language", "value": "Python" @@ -1187,57 +1700,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-02T14:37:31.000Z" } ] }, { "type": "library", - "bom-ref": "24-boto", - "name": "boto", - "version": "2.49.0", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", "supplier": { - "name": "Mitch Garnaat", + "name": "Sybren A . Stuvel", "contact": [ { - "email": "mitch@garnaat.com" + "email": "sybren@stuvel.eu" } ] }, - "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", - "description": "Amazon Web Services Library", + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { - "alg": "SHA-1", - "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3" + "alg": "SHA-256", + "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/boto/boto/", + "url": "https://stuvel.eu/rsa", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/boto/2.49.0/#files", + "url": "https://pypi.org/project/rsa/4.7.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/boto@2.49.0", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ + { + "name": "release_date", + "value": "2021-02-24T10:55:03Z" + }, { "name": "language", "value": "Python" @@ -1245,105 +1758,73 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2018-07-11T20:58:55.000Z" } ] }, { "type": "library", - "bom-ref": "25-google-auth", - "name": "google-auth", - "version": "2.17.0", + "bom-ref": "27-pyasn1", + "name": "pyasn1", + "version": "0.6.1", "supplier": { - "name": "Google Cloud Platform", + "name": "Ilya Etingof", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", "hashes": [ { - "alg": "SHA-1", - "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" + "alg": "SHA-256", + "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/googleapis/google-auth-library-python", + "url": "https://github.com/pyasn1/pyasn1", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth/2.17.0/#files", + "url": "https://pypi.org/project/pyasn1/0.6.1/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.17.0", - "properties": [ - { - "name": "language", - "value": "Python" }, { - "name": "python_version", - "value": "3.8.18" - } - ] - }, - { - "type": "library", - "bom-ref": "26-cachetools", - "name": "cachetools", - "version": "5.5.0", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ + "url": "https://pyasn1.readthedocs.io", + "type": "documentation" + }, { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ + "url": "https://github.com/pyasn1/pyasn1", + "type": "vcs" + }, { - "url": "https://github.com/tkem/cachetools/", - "type": "website", - "comment": "Home page for project" + "url": "https://github.com/pyasn1/pyasn1/issues", + "type": "issue-tracker" }, { - "url": "https://pypi.org/project/cachetools/5.5.0/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html", + "type": "log" } ], - "purl": "pkg:pypi/cachetools@5.5.0", + "purl": "pkg:pypi/pyasn1@0.6.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:41:42Z" + }, { "name": "language", "value": "Python" @@ -1351,51 +1832,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-18T20:28:43.000Z" } ] }, { "type": "library", - "bom-ref": "27-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.1", + "bom-ref": "28-boto", + "name": "boto", + "version": "2.49.0", "supplier": { - "name": "Ilya Etingof", + "name": "Mitch Garnaat", "contact": [ { - "email": "etingof@gmail.com" + "email": "mitch@garnaat.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", + "description": "Amazon Web Services Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1-modules", + "url": "https://github.com/boto/boto/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", + "url": "https://pypi.org/project/boto/2.49.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.1", + "purl": "pkg:pypi/boto@2.49.0", "properties": [ + { + "name": "release_date", + "value": "2018-07-11T20:58:55Z" + }, { "name": "language", "value": "Python" @@ -1403,51 +1890,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:42:08.000Z" } ] }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.1", + "bom-ref": "29-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1", + "url": "https://github.com/Google/google-reauth-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1/0.6.1/#files", + "url": "https://pypi.org/project/google-reauth/0.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.1", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-12-01T17:35:45Z" + }, { "name": "language", "value": "Python" @@ -1455,32 +1948,28 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:41:42.000Z" } ] }, { "type": "library", - "bom-ref": "29-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "30-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", "hashes": [ { - "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "alg": "SHA-256", + "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b" } ], "licenses": [ @@ -1494,18 +1983,22 @@ ], "externalReferences": [ { - "url": "https://stuvel.eu/rsa", + "url": "https://github.com/google/pyu2f/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rsa/4.7.2/#files", + "url": "https://pypi.org/project/pyu2f/0.1.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ + { + "name": "release_date", + "value": "2020-10-30T20:03:07Z" + }, { "name": "language", "value": "Python" @@ -1513,16 +2006,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-02-24T10:55:03.000Z" } ] }, { "type": "library", - "bom-ref": "30-six", + "bom-ref": "31-six", "name": "six", "version": "1.17.0", "supplier": { @@ -1535,11 +2024,17 @@ }, "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", "description": "Python 2 and 3 compatibility utilities", + "hashes": [ + { + "alg": "SHA-256", + "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1559,63 +2054,9 @@ "purl": "pkg:pypi/six@1.17.0", "properties": [ { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-12-04T17:35:26.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "31-google-auth-httplib2", - "name": "google-auth-httplib2", - "version": "0.2.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library: httplib2 transport", - "hashes": [ - { - "alg": "SHA-1", - "content": "932ac88800dd6de004c1bd59867831ccf033f031" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ - { - "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", - "type": "website", - "comment": "Home page for project" + "name": "release_date", + "value": "2024-12-04T17:35:26Z" }, - { - "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth-httplib2@0.2.0", - "properties": [ { "name": "language", "value": "Python" @@ -1623,10 +2064,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-12-12T17:40:13.000Z" } ] }, @@ -1647,15 +2084,15 @@ "description": "A comprehensive HTTP client library.", "hashes": [ { - "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "alg": "SHA-256", + "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1674,6 +2111,10 @@ ], "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ + { + "name": "release_date", + "value": "2022-02-03T00:00:29Z" + }, { "name": "language", "value": "Python" @@ -1699,6 +2140,12 @@ }, "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*", "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "hashes": [ + { + "alg": "SHA-256", + "content": "a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c" + } + ], "externalReferences": [ { "url": "https://github.com/pyparsing/pyparsing/", @@ -1713,6 +2160,10 @@ ], "purl": "pkg:pypi/pyparsing@3.1.4", "properties": [ + { + "name": "release_date", + "value": "2024-08-25T15:00:45Z" + }, { "name": "language", "value": "Python" @@ -1725,23 +2176,23 @@ }, { "type": "library", - "bom-ref": "34-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "34-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Google", + "name": "Google Inc .", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { - "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "alg": "SHA-256", + "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac" } ], "licenses": [ @@ -1755,18 +2206,22 @@ ], "externalReferences": [ { - "url": "https://github.com/Google/google-reauth-python", + "url": "http://github.com/google/oauth2client/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-reauth/0.1.1/#files", + "url": "https://pypi.org/project/oauth2client/4.1.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ + { + "name": "release_date", + "value": "2018-09-07T21:38:16Z" + }, { "name": "language", "value": "Python" @@ -1774,115 +2229,69 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2020-12-01T17:35:45.000Z" } ] }, { "type": "library", - "bom-ref": "35-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "35-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.1", "supplier": { - "name": "Google Inc .", + "name": "Ilya Etingof", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", "hashes": [ { - "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "alg": "SHA-256", + "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/google/pyu2f/", + "url": "https://github.com/pyasn1/pyasn1-modules", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyu2f/0.1.5/#files", + "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/pyu2f@0.1.5", - "properties": [ - { - "name": "language", - "value": "Python" }, { - "name": "python_version", - "value": "3.8.18" + "url": "https://github.com/pyasn1/pyasn1-modules", + "type": "vcs" }, { - "name": "package_release_date", - "value": "2020-10-30T20:03:07.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "36-oauth2client", - "name": "oauth2client", - "version": "4.1.3", - "supplier": { - "name": "Google Inc .", - "contact": [ - { - "email": "jonwayne+oauth2client@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", - "hashes": [ - { - "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ - { - "url": "http://github.com/google/oauth2client/", - "type": "website", - "comment": "Home page for project" + "url": "https://github.com/pyasn1/pyasn1-modules/issues", + "type": "issue-tracker" }, { - "url": "https://pypi.org/project/oauth2client/4.1.3/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt", + "type": "log" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/pyasn1-modules@0.4.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:42:08Z" + }, { "name": "language", "value": "Python" @@ -1890,16 +2299,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2018-09-07T21:38:16.000Z" } ] }, { "type": "library", - "bom-ref": "37-pyopenssl", + "bom-ref": "36-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1912,6 +2317,12 @@ }, "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d" + } + ], "licenses": [ { "license": { @@ -1931,10 +2342,18 @@ "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyca/pyopenssl", + "type": "vcs" } ], "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ + { + "name": "release_date", + "value": "2024-07-20T17:26:29Z" + }, { "name": "language", "value": "Python" @@ -1947,7 +2366,7 @@ }, { "type": "library", - "bom-ref": "38-cryptography", + "bom-ref": "37-cryptography", "name": "cryptography", "version": "43.0.3", "supplier": { @@ -1960,6 +2379,12 @@ }, "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e" + } + ], "licenses": [ { "expression": "Apache-2.0 OR BSD-3-Clause" @@ -1975,10 +2400,30 @@ "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://cryptography.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pyca/cryptography/", + "type": "vcs" + }, + { + "url": "https://github.com/pyca/cryptography/issues", + "type": "issue-tracker" + }, + { + "url": "https://cryptography.io/en/latest/changelog/", + "type": "log" } ], "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:57:36Z" + }, { "name": "language", "value": "Python" @@ -1991,7 +2436,7 @@ }, { "type": "library", - "bom-ref": "39-cffi", + "bom-ref": "38-cffi", "name": "cffi", "version": "1.17.1", "supplier": { @@ -2006,15 +2451,15 @@ "description": "Foreign Function Interface for Python calling C code.", "hashes": [ { - "alg": "SHA-1", - "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + "alg": "SHA-256", + "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2029,10 +2474,38 @@ "url": "https://pypi.org/project/cffi/1.17.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "http://cffi.readthedocs.org/", + "type": "documentation" + }, + { + "url": "https://github.com/python-cffi/cffi", + "type": "vcs" + }, + { + "url": "https://github.com/python-cffi/cffi/issues", + "type": "issue-tracker" + }, + { + "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html", + "type": "log" + }, + { + "url": "https://github.com/python-cffi/cffi/releases", + "type": "other" + }, + { + "url": "https://groups.google.com/forum/#!forum/python-cffi", + "type": "other" } ], "purl": "pkg:pypi/cffi@1.17.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-04T20:43:30Z" + }, { "name": "language", "value": "Python" @@ -2040,16 +2513,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-04T20:43:30.000Z" } ] }, { "type": "library", - "bom-ref": "40-pycparser", + "bom-ref": "39-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -2064,8 +2533,8 @@ "description": "C parser in Python", "hashes": [ { - "alg": "SHA-1", - "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + "alg": "SHA-256", + "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc" } ], "licenses": [ @@ -2091,6 +2560,10 @@ ], "purl": "pkg:pypi/pycparser@2.22", "properties": [ + { + "name": "release_date", + "value": "2024-03-30T13:22:20Z" + }, { "name": "language", "value": "Python" @@ -2098,16 +2571,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-03-30T13:22:20.000Z" } ] }, { "type": "library", - "bom-ref": "41-retry-decorator", + "bom-ref": "40-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -2122,15 +2591,15 @@ "description": "Retry Decorator", "hashes": [ { - "alg": "SHA-1", - "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349" + "alg": "SHA-256", + "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2149,6 +2618,10 @@ ], "purl": "pkg:pypi/retry-decorator@1.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-03-10T23:56:29Z" + }, { "name": "language", "value": "Python" @@ -2156,32 +2629,28 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2020-03-10T23:56:29.000Z" } ] }, { "type": "library", - "bom-ref": "42-google-apitools", - "name": "google-apitools", - "version": "0.5.32", + "bom-ref": "41-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Craig Citro", + "name": "Google Cloud Platform", "contact": [ { - "email": "craigcitro@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*", - "description": "client libraries for humans", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { - "alg": "SHA-1", - "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1" + "alg": "SHA-256", + "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94" } ], "licenses": [ @@ -2195,18 +2664,22 @@ ], "externalReferences": [ { - "url": "http://github.com/google/apitools", + "url": "https://github.com/googleapis/google-auth-library-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-apitools/0.5.32/#files", + "url": "https://pypi.org/project/google-auth/2.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-apitools@0.5.32", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ + { + "name": "release_date", + "value": "2023-03-28T19:51:30Z" + }, { "name": "language", "value": "Python" @@ -2214,57 +2687,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-05-05T22:12:58.000Z" } ] }, { "type": "library", - "bom-ref": "43-monotonic", - "name": "monotonic", - "version": "1.6", + "bom-ref": "42-cachetools", + "name": "cachetools", + "version": "5.5.0", "supplier": { - "name": "Ori Livneh", + "name": "Thomas Kemmer", "contact": [ { - "email": "ori@wikimedia.org" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*", - "description": "An implementation of time.monotonic() for Python 2 & < 3.3", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", "hashes": [ { - "alg": "SHA-1", - "content": "80681f6604e136e513550342f977edb98f5fc5ad" + "alg": "SHA-256", + "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/atdt/monotonic", + "url": "https://github.com/tkem/cachetools/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/monotonic/1.6/#files", + "url": "https://pypi.org/project/cachetools/5.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/monotonic@1.6", + "purl": "pkg:pypi/cachetools@5.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-18T20:28:43Z" + }, { "name": "language", "value": "Python" @@ -2272,43 +2745,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-04-09T21:58:05.000Z" } ] }, { "type": "library", - "bom-ref": "44-importlib-metadata", - "name": "importlib-metadata", - "version": "8.5.0", + "bom-ref": "43-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Jason R .", + "name": "Google Cloud Platform", "contact": [ { - "email": "jaraco@jaraco.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", - "description": "Read metadata from Python packages", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library: httplib2 transport", "hashes": [ { - "alg": "SHA-1", - "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1" + "alg": "SHA-256", + "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", + "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-metadata@8.5.0", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-12T17:40:13Z" + }, { "name": "language", "value": "Python" @@ -2316,37 +2803,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-11T14:56:07.000Z" } ] }, { "type": "library", - "bom-ref": "45-zipp", - "name": "zipp", - "version": "3.20.2", + "bom-ref": "44-google-apitools", + "name": "google-apitools", + "version": "0.5.32", "supplier": { - "name": "Jason R .", + "name": "Craig Citro", "contact": [ { - "email": "jaraco@jaraco.com" + "email": "craigcitro@google.com" } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", - "description": "Backport of pathlib-compatible object wrapper for zip files", + "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*", + "description": "client libraries for humans", + "hashes": [ + { + "alg": "SHA-256", + "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "http://github.com/google/apitools", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-apitools/0.5.32/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/google-apitools@0.5.32", "properties": [ + { + "name": "release_date", + "value": "2021-05-05T22:12:58Z" + }, { "name": "language", "value": "Python" @@ -2359,34 +2866,52 @@ }, { "type": "library", - "bom-ref": "46-importlib-resources", - "name": "importlib-resources", - "version": "6.4.5", + "bom-ref": "45-monotonic", + "name": "monotonic", + "version": "1.6", "supplier": { - "name": "Barry Warsaw", + "name": "Ori Livneh", "contact": [ { - "email": "barry@python.org" + "email": "ori@wikimedia.org" } ] }, - "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*", - "description": "Read resources from Python packages", + "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*", + "description": "An implementation of time.monotonic() for Python 2 & < 3.3", "hashes": [ { - "alg": "SHA-1", - "content": "284148b005b57031a354402c446473f53cab2c49" + "alg": "SHA-256", + "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/importlib-resources/6.4.5/#files", + "url": "https://github.com/atdt/monotonic", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/monotonic/1.6/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-resources@6.4.5", + "purl": "pkg:pypi/monotonic@1.6", "properties": [ + { + "name": "release_date", + "value": "2021-04-09T21:58:05Z" + }, { "name": "language", "value": "Python" @@ -2394,23 +2919,19 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-09T17:03:13.000Z" } ] }, { "type": "library", - "bom-ref": "47-jinja2", + "bom-ref": "46-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "hashes": [ { - "alg": "SHA-1", - "content": "dd4a8b5466d8790540c181590b14db4d4d889d57" + "alg": "SHA-256", + "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d" } ], "externalReferences": [ @@ -2418,10 +2939,34 @@ "url": "https://pypi.org/project/jinja2/3.1.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jinja.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" + }, + { + "url": "https://jinja.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://github.com/pallets/jinja/", + "type": "vcs" } ], "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ + { + "name": "release_date", + "value": "2024-05-05T23:41:59Z" + }, { "name": "language", "value": "Python" @@ -2429,23 +2974,19 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-05T23:41:59.000Z" } ] }, { "type": "library", - "bom-ref": "48-markupsafe", + "bom-ref": "47-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", "hashes": [ { - "alg": "SHA-1", - "content": "fbba4acd0312826cec9cfe18371c7df07962cb65" + "alg": "SHA-256", + "content": "a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc" } ], "licenses": [ @@ -2467,10 +3008,38 @@ "url": "https://pypi.org/project/markupsafe/2.1.5/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://markupsafe.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://markupsafe.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://github.com/pallets/markupsafe/", + "type": "vcs" + }, + { + "url": "https://github.com/pallets/markupsafe/issues/", + "type": "issue-tracker" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" } ], "purl": "pkg:pypi/markupsafe@2.1.5", "properties": [ + { + "name": "release_date", + "value": "2024-02-02T16:30:04Z" + }, { "name": "language", "value": "Python" @@ -2483,42 +3052,124 @@ }, { "type": "library", - "bom-ref": "49-jsonschema", + "bom-ref": "48-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { "name": "Julian Berman", "contact": [ { - "email": "Julian+jsonschema@GrayVines.com" + "email": "Julian+jsonschema@GrayVines.com" + } + ] + }, + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", + "description": "An implementation of JSON Schema validation for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/jsonschema/4.23.0/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://python-jsonschema.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "vcs" + } + ], + "purl": "pkg:pypi/jsonschema@4.23.0", + "properties": [ + { + "name": "release_date", + "value": "2024-07-08T18:40:00Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "49-importlib-resources", + "name": "importlib-resources", + "version": "6.4.5", + "supplier": { + "name": "Barry Warsaw", + "contact": [ + { + "email": "barry@python.org" } ] }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", - "description": "An implementation of JSON Schema validation for Python", - "licenses": [ + "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*", + "description": "Read resources from Python packages", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717" } ], "externalReferences": [ { - "url": "https://github.com/python-jsonschema/jsonschema", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/jsonschema/4.23.0/#files", + "url": "https://pypi.org/project/importlib-resources/6.4.5/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_resources", + "type": "vcs" } ], - "purl": "pkg:pypi/jsonschema@4.23.0", + "purl": "pkg:pypi/importlib-resources@6.4.5", "properties": [ + { + "name": "release_date", + "value": "2024-09-09T17:03:13Z" + }, { "name": "language", "value": "Python" @@ -2526,10 +3177,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2550,15 +3197,15 @@ "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { - "alg": "SHA-1", - "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76" + "alg": "SHA-256", + "content": "87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2573,10 +3220,34 @@ "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jsonschema-specifications.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema-specifications@2023.12.1", "properties": [ + { + "name": "release_date", + "value": "2023-12-25T15:16:51Z" + }, { "name": "language", "value": "Python" @@ -2604,8 +3275,8 @@ "description": "JSON Referencing + Python", "hashes": [ { - "alg": "SHA-1", - "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845" + "alg": "SHA-256", + "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de" } ], "externalReferences": [ @@ -2618,10 +3289,38 @@ "url": "https://pypi.org/project/referencing/0.35.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://referencing.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/referencing/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://referencing.readthedocs.io/en/stable/changes/", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/referencing", + "type": "vcs" } ], "purl": "pkg:pypi/referencing@0.35.1", "properties": [ + { + "name": "release_date", + "value": "2024-05-01T20:26:02Z" + }, { "name": "language", "value": "Python" @@ -2629,10 +3328,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-01T20:26:02.000Z" } ] }, @@ -2653,15 +3348,15 @@ "description": "Python bindings to Rust's persistent data structures (rpds)", "hashes": [ { - "alg": "SHA-1", - "content": "1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9" + "alg": "SHA-256", + "content": "a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2676,10 +3371,34 @@ "url": "https://pypi.org/project/rpds-py/0.20.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rpds.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/crate-py/rpds/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/crate-py/rpds", + "type": "vcs" } ], "purl": "pkg:pypi/rpds-py@0.20.1", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T14:26:20Z" + }, { "name": "language", "value": "Python" @@ -2719,6 +3438,10 @@ ], "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T14:26:20Z" + }, { "name": "language", "value": "Python" @@ -2726,10 +3449,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-07-21T08:19:03.000Z" } ] }, @@ -2737,7 +3456,7 @@ "type": "library", "bom-ref": "54-lib4sbom", "name": "lib4sbom", - "version": "0.7.5", + "version": "0.8.0", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2746,8 +3465,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-256", + "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395" + } + ], "licenses": [ { "license": { @@ -2764,13 +3489,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.7.5/#files", + "url": "https://pypi.org/project/lib4sbom/0.8.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.5", + "purl": "pkg:pypi/lib4sbom@0.8.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-09T20:13:26Z" + }, { "name": "language", "value": "Python" @@ -2778,10 +3507,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-18T21:36:24.000Z" } ] }, @@ -2800,11 +3525,17 @@ }, "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2816,13 +3547,37 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyyaml/6.0.2/#files", + "url": "https://pypi.org/project/PyYAML/", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/yaml/pyyaml/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/yaml/pyyaml/actions", + "type": "build-system" + }, + { + "url": "https://pyyaml.org/wiki/PyYAMLDocumentation", + "type": "documentation" + }, + { + "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core", + "type": "mailing-list" + }, + { + "url": "https://github.com/yaml/pyyaml", + "type": "vcs" } ], "purl": "pkg:pypi/pyyaml@6.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T20:31:40Z" + }, { "name": "language", "value": "Python" @@ -2830,10 +3585,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2854,8 +3605,8 @@ "description": "A library implementing the 'SemVer' scheme.", "hashes": [ { - "alg": "SHA-1", - "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a" + "alg": "SHA-256", + "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177" } ], "licenses": [ @@ -2881,6 +3632,10 @@ ], "purl": "pkg:pypi/semantic-version@2.10.0", "properties": [ + { + "name": "release_date", + "value": "2022-05-26T13:35:21Z" + }, { "name": "language", "value": "Python" @@ -2888,10 +3643,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2022-05-26T13:35:21.000Z" } ] }, @@ -2912,8 +3663,8 @@ "description": "VEX generator and consumer library", "hashes": [ { - "alg": "SHA-1", - "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2" + "alg": "SHA-256", + "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce" } ], "licenses": [ @@ -2939,6 +3690,10 @@ ], "purl": "pkg:pypi/lib4vex@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-29T20:36:52Z" + }, { "name": "language", "value": "Python" @@ -2946,10 +3701,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-29T20:36:52.000Z" } ] }, @@ -2970,15 +3721,15 @@ "description": "CSAF generator and analyser", "hashes": [ { - "alg": "SHA-1", - "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4" + "alg": "SHA-256", + "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2997,6 +3748,10 @@ ], "purl": "pkg:pypi/csaf-tool@0.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-12T20:10:06Z" + }, { "name": "language", "value": "Python" @@ -3004,10 +3759,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-06-12T20:10:06.000Z" } ] }, @@ -3023,15 +3774,15 @@ "description": "A purl aka. Package URL parser and builder", "hashes": [ { - "alg": "SHA-1", - "content": "9155d4173e4c1f29a345de86c280ab783c837882" + "alg": "SHA-256", + "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3050,6 +3801,10 @@ ], "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-22T05:51:23Z" + }, { "name": "language", "value": "Python" @@ -3057,10 +3812,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-22T05:51:23.000Z" } ] }, @@ -3081,15 +3832,15 @@ "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "hashes": [ { - "alg": "SHA-1", - "content": "43d3b04725ab9731727fb1126e35980c62f32377" + "alg": "SHA-256", + "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3104,10 +3855,18 @@ "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rich.readthedocs.io/en/latest/", + "type": "documentation" } ], "purl": "pkg:pypi/rich@13.9.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T16:43:55Z" + }, { "name": "language", "value": "Python" @@ -3115,10 +3874,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -3139,8 +3894,8 @@ "description": "Python port of markdown-it. Markdown parsing, done right!", "hashes": [ { - "alg": "SHA-1", - "content": "bee6d1953be75717a3f2f6a917da6f464bed421d" + "alg": "SHA-256", + "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1" } ], "externalReferences": [ @@ -3153,10 +3908,18 @@ "url": "https://pypi.org/project/markdown-it-py/3.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://markdown-it-py.readthedocs.io", + "type": "documentation" } ], "purl": "pkg:pypi/markdown-it-py@3.0.0", "properties": [ + { + "name": "release_date", + "value": "2023-06-03T06:41:11Z" + }, { "name": "language", "value": "Python" @@ -3164,10 +3927,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-06-03T06:41:11.000Z" } ] }, @@ -3188,8 +3947,8 @@ "description": "Markdown URL utilities", "hashes": [ { - "alg": "SHA-1", - "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e" + "alg": "SHA-256", + "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8" } ], "externalReferences": [ @@ -3206,6 +3965,10 @@ ], "purl": "pkg:pypi/mdurl@0.1.2", "properties": [ + { + "name": "release_date", + "value": "2022-08-14T12:40:09Z" + }, { "name": "language", "value": "Python" @@ -3213,10 +3976,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2022-08-14T12:40:09.000Z" } ] }, @@ -3237,8 +3996,8 @@ "description": "Pygments is a syntax highlighting package written in Python.", "hashes": [ { - "alg": "SHA-1", - "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb" + "alg": "SHA-256", + "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a" } ], "licenses": [ @@ -3260,10 +4019,30 @@ "url": "https://pypi.org/project/pygments/2.18.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://pygments.org/docs", + "type": "documentation" + }, + { + "url": "https://github.com/pygments/pygments", + "type": "vcs" + }, + { + "url": "https://github.com/pygments/pygments/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pygments/pygments/blob/master/CHANGES", + "type": "log" } ], "purl": "pkg:pypi/pygments@2.18.0", "properties": [ + { + "name": "release_date", + "value": "2024-05-04T13:41:57Z" + }, { "name": "language", "value": "Python" @@ -3271,43 +4050,69 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-04T13:41:57.000Z" } ] }, { "type": "library", - "bom-ref": "64-packaging", - "name": "packaging", - "version": "24.2", + "bom-ref": "64-python-gnupg", + "name": "python-gnupg", + "version": "0.5.3", "supplier": { - "name": "Donald Stufft", + "name": "Vinay Sajip", "contact": [ { - "email": "donald@stufft.io" + "email": "vinay_sajip@yahoo.co.uk" } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", - "description": "Core utilities for Python packages", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", + "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "hashes": [ { - "alg": "SHA-1", - "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + "alg": "SHA-256", + "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.2/#files", + "url": "https://github.com/vsajip/python-gnupg", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gnupg.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/vsajip/python-gnupg", + "type": "vcs" + }, + { + "url": "https://github.com/vsajip/python-gnupg/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/packaging@24.2", + "purl": "pkg:pypi/python-gnupg@0.5.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-20T16:43:47Z" + }, { "name": "language", "value": "Python" @@ -3315,51 +4120,51 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-08T09:47:44.000Z" } ] }, { "type": "library", - "bom-ref": "65-plotly", - "name": "plotly", - "version": "5.24.1", + "bom-ref": "65-packaging", + "name": "packaging", + "version": "24.2", "supplier": { - "name": "Chris P", + "name": "Donald Stufft", "contact": [ { - "email": "chris@plot.ly" + "email": "donald@stufft.io" } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", - "description": "An open-source, interactive data visualization library for Python", - "licenses": [ + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", + "description": "Core utilities for Python packages", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759" } ], "externalReferences": [ { - "url": "https://plotly.com/python/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/plotly/5.24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://packaging.pypa.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pypa/packaging", + "type": "vcs" } ], - "purl": "pkg:pypi/plotly@5.24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-08T09:47:44Z" + }, { "name": "language", "value": "Python" @@ -3367,57 +4172,69 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-12T15:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "66-tenacity", - "name": "tenacity", - "version": "9.0.0", + "bom-ref": "66-plotly", + "name": "plotly", + "version": "5.24.1", "supplier": { - "name": "Julien Danjou", + "name": "Chris P", "contact": [ { - "email": "julien@danjou.info" + "email": "chris@plot.ly" } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", - "description": "Retry code until it succeeds", + "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", + "description": "An open-source, interactive data visualization library for Python", "hashes": [ { - "alg": "SHA-1", - "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb" + "alg": "SHA-256", + "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/jd/tenacity", + "url": "https://plotly.com/python/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/tenacity/9.0.0/#files", + "url": "https://pypi.org/project/plotly/5.24.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://plotly.com/python/", + "type": "documentation" + }, + { + "url": "https://github.com/plotly/plotly.py", + "type": "vcs" + }, + { + "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md", + "type": "log" } ], - "purl": "pkg:pypi/tenacity@9.0.0", + "purl": "pkg:pypi/plotly@5.24.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T15:36:24Z" + }, { "name": "language", "value": "Python" @@ -3425,57 +4242,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-07-29T12:12:25.000Z" } ] }, { - "type": "library", - "bom-ref": "67-python-gnupg", - "name": "python-gnupg", - "version": "0.5.3", + "type": "library", + "bom-ref": "67-tenacity", + "name": "tenacity", + "version": "9.0.0", "supplier": { - "name": "Vinay Sajip", + "name": "Julien Danjou", "contact": [ { - "email": "vinay_sajip@yahoo.co.uk" + "email": "julien@danjou.info" } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", - "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", + "description": "Retry code until it succeeds", "hashes": [ { - "alg": "SHA-1", - "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + "alg": "SHA-256", + "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539" } ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/vsajip/python-gnupg", + "url": "https://github.com/jd/tenacity", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", + "url": "https://pypi.org/project/tenacity/9.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.3", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-29T12:12:25Z" + }, { "name": "language", "value": "Python" @@ -3483,10 +4300,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3507,8 +4320,8 @@ "description": "Python HTTP for Humans.", "hashes": [ { - "alg": "SHA-1", - "content": "0e322af87745eff34caffe4df68456ebc20d9068" + "alg": "SHA-256", + "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6" } ], "licenses": [ @@ -3530,10 +4343,22 @@ "url": "https://pypi.org/project/requests/2.32.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://requests.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/psf/requests", + "type": "vcs" } ], "purl": "pkg:pypi/requests@2.32.3", "properties": [ + { + "name": "release_date", + "value": "2024-05-29T15:37:47Z" + }, { "name": "language", "value": "Python" @@ -3541,51 +4366,65 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-29T15:37:47.000Z" } ] }, { "type": "library", - "bom-ref": "69-certifi", - "name": "certifi", - "version": "2024.8.30", + "bom-ref": "69-charset-normalizer", + "name": "charset-normalizer", + "version": "3.4.0", "supplier": { - "name": "Kenneth Reitz", + "name": "Ahmed TAHRI", "contact": [ { - "email": "me@kennethreitz.com" + "email": "tahri.ahmed@proton.me" } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*", - "description": "Python package for providing Mozilla's CA Bundle.", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", + "hashes": [ + { + "alg": "SHA-256", + "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6" + } + ], "licenses": [ { "license": { - "id": "MPL-2.0", - "url": "https://www.mozilla.org/MPL/2.0/", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/certifi/python-certifi", + "url": "https://github.com/Ousret/charset_normalizer", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2024.8.30/#files", + "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/Ousret/charset_normalizer/issues", + "type": "issue-tracker" + }, + { + "url": "https://charset-normalizer.readthedocs.io/en/latest", + "type": "documentation" } ], - "purl": "pkg:pypi/certifi@2024.8.30", + "purl": "pkg:pypi/charset-normalizer@3.4.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-09T07:38:02Z" + }, { "name": "language", "value": "Python" @@ -3593,51 +4432,59 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-30T01:55:02.000Z" } ] }, { "type": "library", - "bom-ref": "70-charset-normalizer", - "name": "charset-normalizer", - "version": "3.4.0", + "bom-ref": "70-urllib3", + "name": "urllib3", + "version": "2.2.3", "supplier": { - "name": "Ahmed TAHRI", + "name": "Andrey Petrov", "contact": [ { - "email": "tahri.ahmed@proton.me" + "email": "andrey.petrov@shazow.net" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", - "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "licenses": [ + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac" } ], "externalReferences": [ { - "url": "https://github.com/Ousret/charset_normalizer", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", + "url": "https://pypi.org/project/urllib3/2.2.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst", + "type": "log" + }, + { + "url": "https://urllib3.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/urllib3/urllib3", + "type": "vcs" + }, + { + "url": "https://github.com/urllib3/urllib3/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/charset-normalizer@3.4.0", + "purl": "pkg:pypi/urllib3@2.2.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T10:52:16Z" + }, { "name": "language", "value": "Python" @@ -3645,43 +4492,61 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-09T07:38:02.000Z" } ] }, { "type": "library", - "bom-ref": "71-urllib3", - "name": "urllib3", - "version": "2.2.3", + "bom-ref": "71-certifi", + "name": "certifi", + "version": "2024.12.14", "supplier": { - "name": "Andrey Petrov", + "name": "Kenneth Reitz", "contact": [ { - "email": "andrey.petrov@shazow.net" + "email": "me@kennethreitz.com" } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", "hashes": [ { - "alg": "SHA-1", - "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + "alg": "SHA-256", + "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-2.0", + "url": "https://www.mozilla.org/MPL/2.0/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.3/#files", + "url": "https://github.com/certifi/python-certifi", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/certifi/2024.12.14/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/certifi/python-certifi", + "type": "vcs" } ], - "purl": "pkg:pypi/urllib3@2.2.3", + "purl": "pkg:pypi/certifi@2024.12.14", "properties": [ + { + "name": "release_date", + "value": "2024-12-14T13:52:36Z" + }, { "name": "language", "value": "Python" @@ -3689,10 +4554,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3713,15 +4574,15 @@ "description": "Read rpm archive files", "hashes": [ { - "alg": "SHA-1", - "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5" + "alg": "SHA-256", + "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3740,6 +4601,10 @@ ], "purl": "pkg:pypi/rpmfile@2.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-24T21:57:45Z" + }, { "name": "language", "value": "Python" @@ -3747,10 +4612,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3769,15 +4630,37 @@ }, "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "hashes": [ + { + "alg": "SHA-256", + "content": "f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/setuptools/75.3.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pypa/setuptools", + "type": "vcs" + }, + { + "url": "https://setuptools.pypa.io/", + "type": "documentation" + }, + { + "url": "https://setuptools.pypa.io/en/stable/history.html", + "type": "log" } ], "purl": "pkg:pypi/setuptools@75.3.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-29T10:23:24Z" + }, { "name": "language", "value": "Python" @@ -3790,48 +4673,52 @@ }, { "type": "library", - "bom-ref": "74-toml", - "name": "toml", - "version": "0.10.2", + "bom-ref": "74-xmlschema", + "name": "xmlschema", + "version": "3.4.3", "supplier": { - "name": "William Pearson", + "name": "Davide Brunato", "contact": [ { - "email": "uiri@xqz.ca" + "email": "brunato@sissa.it" } ] }, - "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*", - "description": "Python Library for Tom's Obvious, Minimal Language", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", + "description": "An XML Schema validator and decoder", "hashes": [ { - "alg": "SHA-1", - "content": "3f637dba5f68db63d4b30967fedda51c82459471" + "alg": "SHA-256", + "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/uiri/toml", + "url": "https://github.com/sissaschool/xmlschema", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/toml/0.10.2/#files", + "url": "https://pypi.org/project/xmlschema/3.4.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/toml@0.10.2", + "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T09:47:12Z" + }, { "name": "language", "value": "Python" @@ -3839,18 +4726,14 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2020-11-01T01:40:20.000Z" } ] }, { "type": "library", - "bom-ref": "75-xmlschema", - "name": "xmlschema", - "version": "3.4.3", + "bom-ref": "75-elementpath", + "name": "elementpath", + "version": "4.6.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3859,31 +4742,41 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", - "description": "An XML Schema validator and decoder", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", + "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "hashes": [ + { + "alg": "SHA-256", + "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/sissaschool/xmlschema", + "url": "https://github.com/sissaschool/elementpath", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/3.4.3/#files", + "url": "https://pypi.org/project/elementpath/4.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.3", + "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-27T21:52:58Z" + }, { "name": "language", "value": "Python" @@ -3891,51 +4784,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-31T09:47:12.000Z" } ] }, { "type": "library", - "bom-ref": "76-elementpath", - "name": "elementpath", - "version": "4.6.0", + "bom-ref": "76-toml", + "name": "toml", + "version": "0.10.2", "supplier": { - "name": "Davide Brunato", + "name": "William Pearson", "contact": [ { - "email": "brunato@sissa.it" + "email": "uiri@xqz.ca" } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", - "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*", + "description": "Python Library for Tom's Obvious, Minimal Language", + "hashes": [ + { + "alg": "SHA-256", + "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/sissaschool/elementpath", + "url": "https://github.com/uiri/toml", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.6.0/#files", + "url": "https://pypi.org/project/toml/0.10.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.6.0", + "purl": "pkg:pypi/toml@0.10.2", "properties": [ + { + "name": "release_date", + "value": "2020-11-01T01:40:20Z" + }, { "name": "language", "value": "Python" @@ -3943,10 +4842,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-27T21:52:58.000Z" } ] }, @@ -3965,6 +4860,12 @@ }, "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*", "description": "Zstandard bindings for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9" + } + ], "licenses": [ { "license": { @@ -3988,6 +4889,10 @@ ], "purl": "pkg:pypi/zstandard@0.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-15T00:13:27Z" + }, { "name": "language", "value": "Python" @@ -3995,10 +4900,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-07-15T00:13:27.000Z" } ] } @@ -4014,31 +4915,31 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "13-beautifulsoup4", - "15-cvss", - "16-defusedxml", - "17-distro", - "18-filetype", - "19-gsutil", - "44-importlib-metadata", - "46-importlib-resources", - "47-jinja2", - "49-jsonschema", + "15-beautifulsoup4", + "17-cvss", + "18-defusedxml", + "19-distro", + "20-filetype", + "21-gsutil", + "46-jinja2", + "48-jsonschema", "54-lib4sbom", "57-lib4vex", + "64-python-gnupg", "59-packageurl-python", - "64-packaging", - "65-plotly", - "67-python-gnupg", + "65-packaging", + "66-plotly", "55-pyyaml", "68-requests", "60-rich", "72-rpmfile", "73-setuptools", - "74-toml", - "71-urllib3", - "75-xmlschema", - "45-zipp", + "70-urllib3", + "74-xmlschema", + "8-zipp", + "7-importlib-metadata", + "76-toml", + "49-importlib-resources", "77-zstandard" ] }, @@ -4047,11 +4948,11 @@ "dependsOn": [ "3-aiohappyeyeballs", "4-aiosignal", - "6-async-timeout", - "7-attrs", + "6-attrs", "5-frozenlist", - "8-multidict", - "10-yarl" + "10-multidict", + "11-yarl", + "14-async-timeout" ] }, { @@ -4061,197 +4962,204 @@ ] }, { - "ref": "8-multidict", + "ref": "6-attrs", "dependsOn": [ - "9-typing-extensions" + "7-importlib-metadata" ] }, { - "ref": "10-yarl", + "ref": "7-importlib-metadata", "dependsOn": [ - "11-idna", - "8-multidict", - "12-propcache" + "8-zipp", + "9-typing-extensions" ] }, { - "ref": "13-beautifulsoup4", + "ref": "10-multidict", "dependsOn": [ - "14-soupsieve" + "9-typing-extensions" ] }, { - "ref": "19-gsutil", + "ref": "11-yarl", "dependsOn": [ - "20-argcomplete", - "21-crcmod", - "22-fasteners", - "23-gcs-oauth2-boto-plugin", - "42-google-apitools", - "25-google-auth", - "31-google-auth-httplib2", - "34-google-reauth", - "32-httplib2", - "43-monotonic", - "37-pyopenssl", - "41-retry-decorator", - "30-six" + "12-idna", + "10-multidict", + "13-propcache" ] }, { - "ref": "23-gcs-oauth2-boto-plugin", + "ref": "15-beautifulsoup4", "dependsOn": [ - "24-boto", - "25-google-auth", - "31-google-auth-httplib2", - "34-google-reauth", - "32-httplib2", - "36-oauth2client", - "37-pyopenssl", - "41-retry-decorator", - "29-rsa", - "30-six" + "16-soupsieve" ] }, { - "ref": "25-google-auth", + "ref": "21-gsutil", "dependsOn": [ - "26-cachetools", - "27-pyasn1-modules", - "29-rsa", - "30-six" + "22-argcomplete", + "23-crcmod", + "24-fasteners", + "25-gcs-oauth2-boto-plugin", + "44-google-apitools", + "32-httplib2", + "29-google-reauth", + "45-monotonic", + "36-pyopenssl", + "40-retry-decorator", + "31-six", + "41-google-auth", + "43-google-auth-httplib2" ] }, { - "ref": "27-pyasn1-modules", + "ref": "25-gcs-oauth2-boto-plugin", "dependsOn": [ - "28-pyasn1" + "26-rsa", + "28-boto", + "29-google-reauth", + "32-httplib2", + "34-oauth2client", + "36-pyopenssl", + "40-retry-decorator", + "31-six", + "41-google-auth", + "43-google-auth-httplib2" ] }, { - "ref": "29-rsa", + "ref": "26-rsa", "dependsOn": [ - "28-pyasn1" + "27-pyasn1" ] }, { - "ref": "31-google-auth-httplib2", + "ref": "29-google-reauth", "dependsOn": [ - "25-google-auth", - "32-httplib2" + "30-pyu2f" ] }, { - "ref": "32-httplib2", + "ref": "30-pyu2f", "dependsOn": [ - "33-pyparsing" + "31-six" ] }, { - "ref": "34-google-reauth", + "ref": "32-httplib2", "dependsOn": [ - "35-pyu2f" + "33-pyparsing" ] }, { - "ref": "35-pyu2f", + "ref": "34-oauth2client", "dependsOn": [ - "30-six" + "32-httplib2", + "27-pyasn1", + "35-pyasn1-modules", + "26-rsa", + "31-six" ] }, { - "ref": "36-oauth2client", + "ref": "35-pyasn1-modules", "dependsOn": [ - "32-httplib2", - "28-pyasn1", - "27-pyasn1-modules", - "29-rsa", - "30-six" + "27-pyasn1" ] }, { - "ref": "37-pyopenssl", + "ref": "36-pyopenssl", "dependsOn": [ - "38-cryptography" + "37-cryptography" ] }, { - "ref": "38-cryptography", + "ref": "37-cryptography", "dependsOn": [ - "39-cffi" + "38-cffi" ] }, { - "ref": "39-cffi", + "ref": "38-cffi", "dependsOn": [ - "40-pycparser" + "39-pycparser" ] }, { - "ref": "42-google-apitools", + "ref": "41-google-auth", "dependsOn": [ - "22-fasteners", - "32-httplib2", - "36-oauth2client", - "30-six" + "42-cachetools", + "35-pyasn1-modules", + "31-six", + "26-rsa" ] }, { - "ref": "44-importlib-metadata", + "ref": "43-google-auth-httplib2", "dependsOn": [ - "45-zipp" + "41-google-auth", + "32-httplib2" ] }, { - "ref": "46-importlib-resources", + "ref": "44-google-apitools", "dependsOn": [ - "45-zipp" + "32-httplib2", + "24-fasteners", + "34-oauth2client", + "31-six" ] }, { - "ref": "47-jinja2", + "ref": "46-jinja2", "dependsOn": [ - "48-markupsafe" + "47-markupsafe" ] }, { - "ref": "49-jsonschema", + "ref": "48-jsonschema", "dependsOn": [ - "7-attrs", - "46-importlib-resources", + "6-attrs", + "49-importlib-resources", "50-jsonschema-specifications", "53-pkgutil-resolve-name", "51-referencing", "52-rpds-py" ] }, + { + "ref": "49-importlib-resources", + "dependsOn": [ + "8-zipp" + ] + }, { "ref": "50-jsonschema-specifications", "dependsOn": [ - "46-importlib-resources", + "49-importlib-resources", "51-referencing" ] }, { "ref": "51-referencing", "dependsOn": [ - "7-attrs", + "6-attrs", "52-rpds-py" ] }, { "ref": "54-lib4sbom", "dependsOn": [ - "16-defusedxml", "55-pyyaml", - "56-semantic-version" + "56-semantic-version", + "18-defusedxml" ] }, { "ref": "57-lib4vex", "dependsOn": [ - "58-csaf-tool", "54-lib4sbom", + "58-csaf-tool", "59-packageurl-python" ] }, @@ -4277,25 +5185,31 @@ ] }, { - "ref": "65-plotly", + "ref": "66-plotly", "dependsOn": [ - "64-packaging", - "66-tenacity" + "67-tenacity", + "65-packaging" ] }, { "ref": "68-requests", "dependsOn": [ - "69-certifi", - "70-charset-normalizer", - "11-idna", - "71-urllib3" + "69-charset-normalizer", + "12-idna", + "70-urllib3", + "71-certifi" + ] + }, + { + "ref": "74-xmlschema", + "dependsOn": [ + "75-elementpath" ] }, { - "ref": "75-xmlschema", + "ref": "77-zstandard", "dependsOn": [ - "76-elementpath" + "38-cffi" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index a0894598d1..c16f44a4b3 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8bef91b4-39b2-4f5c-a343-81fddf71bbda -LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-09T00:42:14Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4e74e1a-9904-46ec-beab-1e3d7d1af7ba +LicenseListVersion: 3.25 +Creator: Tool: sbom4python-0.12.1 +Created: 2024-12-16T00:39:17Z CreatorComment: This document has been automatically generated. ##### @@ -17,10 +17,12 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/intel/cve-bin-tool +PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool +ReleaseDate: 2024-09-17T18:57:44Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:* ##### @@ -33,11 +35,21 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.11/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp +PackageChecksum: SHA256: 5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) +ReleaseDate: 2024-11-13T16:36:38Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp +ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html +ExternalRef: OTHER other https://docs.aiohttp.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11 ##### @@ -49,10 +61,16 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8 PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues +ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### @@ -65,12 +83,19 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiosignal -PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3 +PackageChecksum: SHA256: f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: aiosignal: a list of registered asynchronous callbacks +ReleaseDate: 2022-11-08T16:03:57Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal +ExternalRef: OTHER other https://docs.aiosignal.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### @@ -82,63 +107,81 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist +PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence +ReleaseDate: 2024-10-23T09:46:20Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist +ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog +ExternalRef: OTHER other https://frozenlist.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### -PackageName: async-timeout -SPDXID: SPDXRef-6-async-timeout -PackageVersion: 5.0.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/async-timeout -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* -##### - PackageName: attrs -SPDXID: SPDXRef-7-attrs +SPDXID: SPDXRef-6-attrs PackageVersion: 24.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false -PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a +PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate +ReleaseDate: 2024-08-06T14:37:36Z +ExternalRef: OTHER documentation https://www.attrs.org/ +ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html +ExternalRef: OTHER vcs https://github.com/python-attrs/attrs +ExternalRef: OTHER other https://github.com/sponsors/hynek +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:* ##### -PackageName: multidict -SPDXID: SPDXRef-8-multidict -PackageVersion: 6.1.0 +PackageName: importlib-metadata +SPDXID: SPDXRef-7-importlib-metadata +PackageVersion: 8.5.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/multidict -PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 +PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION -PackageSummary: multidict implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +PackageSummary: Read metadata from Python packages +ReleaseDate: 2024-09-11T14:56:07Z +ExternalRef: OTHER vcs https://github.com/python/importlib_metadata +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* +##### + +PackageName: zipp +SPDXID: SPDXRef-8-zipp +PackageVersion: 3.20.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +FilesAnalyzed: false +PackageChecksum: SHA256: a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backport of pathlib-compatible object wrapper for zip files +ReleaseDate: 2024-09-13T13:44:14Z +ExternalRef: OTHER vcs https://github.com/jaraco/zipp +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* ##### PackageName: typing-extensions @@ -148,390 +191,477 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 +PackageHomePage: https://github.com/python/typing_extensions +PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backported and Experimental Type Hints for Python 3.8+ +ReleaseDate: 2024-06-07T18:52:13Z +ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues +ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ +ExternalRef: OTHER other https://github.com/python/typing/discussions +ExternalRef: OTHER vcs https://github.com/python/typing_extensions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### +PackageName: multidict +SPDXID: SPDXRef-10-multidict +PackageVersion: 6.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: multidict implementation +ReleaseDate: 2024-09-09T23:47:18Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict +ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://multidict.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/multidict +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-10-yarl +SPDXID: SPDXRef-11-yarl PackageVersion: 1.15.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl -PackageChecksum: SHA1: 33294bf084d2dde1ac1e8133b0125e1f142a8274 +PackageChecksum: SHA256: e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library +ReleaseDate: 2024-10-13T18:44:32Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl +ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://yarl.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/yarl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-11-idna +SPDXID: SPDXRef-12-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files FilesAnalyzed: false +PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) +ReleaseDate: 2024-09-15T18:07:37Z +ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst +ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues +ExternalRef: OTHER vcs https://github.com/kjd/idna ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: propcache -SPDXID: SPDXRef-12-propcache +SPDXID: SPDXRef-13-propcache PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache -PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda +PackageChecksum: SHA256: c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache +ReleaseDate: 2024-10-07T12:54:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache +ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/ +ExternalRef: OTHER other https://propcache.readthedocs.io +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/propcache ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* ##### +PackageName: async-timeout +SPDXID: SPDXRef-14-async-timeout +PackageVersion: 5.0.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/async-timeout +PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Timeout context manager for asyncio programs +ReleaseDate: 2024-11-06T16:41:37Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* +##### + PackageName: beautifulsoup4 -SPDXID: SPDXRef-13-beautifulsoup4 +SPDXID: SPDXRef-15-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files FilesAnalyzed: false PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ +PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Screen-scraping library +ReleaseDate: 2024-01-17T16:53:12Z +ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:* ##### PackageName: soupsieve -SPDXID: SPDXRef-14-soupsieve +SPDXID: SPDXRef-16-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve -PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 +PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. +ReleaseDate: 2024-08-13T13:39:10Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-15-cvss +SPDXID: SPDXRef-17-cvss PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss -PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 +PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 +ReleaseDate: 2024-11-01T10:05:52Z +ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases +ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss +ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues +ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml -SPDXID: SPDXRef-16-defusedxml +SPDXID: SPDXRef-18-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) -PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files +PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml FilesAnalyzed: false PackageHomePage: https://github.com/tiran/defusedxml -PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184 +PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: XML bomb protection for Python stdlib modules +ReleaseDate: 2021-03-08T10:59:24Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro -SPDXID: SPDXRef-17-distro +SPDXID: SPDXRef-19-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-distro/distro +PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Distro - an OS platform information API +ReleaseDate: 2023-12-24T09:54:30Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-18-filetype +SPDXID: SPDXRef-20-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) -PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files +PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master FilesAnalyzed: false PackageHomePage: https://github.com/h2non/filetype.py -PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585 +PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies. +ReleaseDate: 2022-11-02T17:34:01Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:* ##### PackageName: gsutil -SPDXID: SPDXRef-19-gsutil -PackageVersion: 5.32 +SPDXID: SPDXRef-21-gsutil +PackageVersion: 5.33 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files +PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil +PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* +ReleaseDate: 2024-12-11T09:40:59Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-20-argcomplete +SPDXID: SPDXRef-22-argcomplete PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete -PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc +PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse +ReleaseDate: 2024-12-06T18:24:27Z +ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete +ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete +ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues +ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-21-crcmod +SPDXID: SPDXRef-23-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) -PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files +PackageDownloadLocation: http://sourceforge.net/projects/crcmod FilesAnalyzed: false PackageHomePage: http://crcmod.sourceforge.net/ +PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CRC Generator +ReleaseDate: 2010-06-27T14:35:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-22-fasteners +SPDXID: SPDXRef-24-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files FilesAnalyzed: false PackageHomePage: https://github.com/harlowja/fasteners -PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4 +PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks +ReleaseDate: 2023-09-19T17:11:18Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files +PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin FilesAnalyzed: false PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary -PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb +PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. +ReleaseDate: 2024-05-02T14:37:31Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### -PackageName: boto -SPDXID: SPDXRef-24-boto -PackageVersion: 2.49.0 +PackageName: rsa +SPDXID: SPDXRef-26-rsa +PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) -PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files FilesAnalyzed: false -PackageHomePage: https://github.com/boto/boto/ -PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageHomePage: https://stuvel.eu/rsa +PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Amazon Web Services Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ReleaseDate: 2021-02-24T10:55:03Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-25-google-auth -PackageVersion: 2.17.0 +PackageName: pyasn1 +SPDXID: SPDXRef-27-pyasn1 +PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files FilesAnalyzed: false -PackageHomePage: https://github.com/googleapis/google-auth-library-python -PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageHomePage: https://github.com/pyasn1/pyasn1 +PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034 +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ReleaseDate: 2024-09-10T22:41:42Z +ExternalRef: OTHER documentation https://pyasn1.readthedocs.io +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1 +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues +ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* ##### -PackageName: cachetools -SPDXID: SPDXRef-26-cachetools -PackageVersion: 5.5.0 +PackageName: boto +SPDXID: SPDXRef-28-boto +PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files FilesAnalyzed: false -PackageHomePage: https://github.com/tkem/cachetools/ +PackageHomePage: https://github.com/boto/boto/ +PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +PackageSummary: Amazon Web Services Library +ReleaseDate: 2018-07-11T20:58:55Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-27-pyasn1-modules -PackageVersion: 0.4.1 +PackageName: google-reauth +SPDXID: SPDXRef-29-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageHomePage: https://github.com/Google/google-reauth-python +PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368 PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-28-pyasn1 -PackageVersion: 0.6.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1 -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ReleaseDate: 2020-12-01T17:35:45Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-29-rsa -PackageVersion: 4.7.2 +PackageName: pyu2f +SPDXID: SPDXRef-30-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files FilesAnalyzed: false -PackageHomePage: https://stuvel.eu/rsa -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageHomePage: https://github.com/google/pyu2f/ +PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ReleaseDate: 2020-10-30T20:03:07Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-30-six +SPDXID: SPDXRef-31-six PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six +PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities +ReleaseDate: 2024-12-04T17:35:26Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### -PackageName: google-auth-httplib2 -SPDXID: SPDXRef-31-google-auth-httplib2 -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 -PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library: httplib2 transport -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* -##### - PackageName: httplib2 SPDXID: SPDXRef-32-httplib2 PackageVersion: 0.20.4 @@ -540,11 +670,12 @@ PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/httplib2/httplib2 -PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4 +PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A comprehensive HTTP client library. +ReleaseDate: 2022-02-03T00:00:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### @@ -557,282 +688,339 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ +PackageChecksum: SHA256: a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars +ReleaseDate: 2024-08-25T15:00:45Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-34-google-reauth -PackageVersion: 0.1.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/Google/google-reauth-python -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* -##### - -PackageName: pyu2f -SPDXID: SPDXRef-35-pyu2f -PackageVersion: 0.1.5 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/google/pyu2f/ -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* -##### - PackageName: oauth2client -SPDXID: SPDXRef-36-oauth2client +SPDXID: SPDXRef-34-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/oauth2client/ -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: OAuth 2.0 client library +ReleaseDate: 2018-09-07T21:38:16Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### +PackageName: pyasn1-modules +SPDXID: SPDXRef-35-pyasn1-modules +PackageVersion: 0.4.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ReleaseDate: 2024-09-10T22:42:08Z +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues +ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +##### + PackageName: pyopenssl -SPDXID: SPDXRef-37-pyopenssl +SPDXID: SPDXRef-36-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ +PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library +ReleaseDate: 2024-07-20T17:26:29Z +ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography -SPDXID: SPDXRef-38-cryptography +SPDXID: SPDXRef-37-cryptography PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography +PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. +ReleaseDate: 2024-10-18T15:57:36Z +ExternalRef: OTHER documentation https://cryptography.io/ +ExternalRef: OTHER vcs https://github.com/pyca/cryptography/ +ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues +ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-39-cffi +SPDXID: SPDXRef-38-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org -PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 +PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Foreign Function Interface for Python calling C code. +ReleaseDate: 2024-09-04T20:43:30Z +ExternalRef: OTHER documentation http://cffi.readthedocs.org/ +ExternalRef: OTHER vcs https://github.com/python-cffi/cffi +ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues +ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html +ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases +ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:* ##### PackageName: pycparser -SPDXID: SPDXRef-40-pycparser +SPDXID: SPDXRef-39-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files FilesAnalyzed: false PackageHomePage: https://github.com/eliben/pycparser -PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 +PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: C parser in Python +ReleaseDate: 2024-03-30T13:22:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-41-retry-decorator +SPDXID: SPDXRef-40-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/pnpnpn/retry-decorator -PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 +PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Retry Decorator +ReleaseDate: 2020-03-10T23:56:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### +PackageName: google-auth +SPDXID: SPDXRef-41-google-auth +PackageVersion: 2.17.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/googleapis/google-auth-library-python +PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library +ReleaseDate: 2023-03-28T19:51:30Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +##### + +PackageName: cachetools +SPDXID: SPDXRef-42-cachetools +PackageVersion: 5.5.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/tkem/cachetools/ +PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ReleaseDate: 2024-08-18T20:28:43Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +##### + +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-43-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 +PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library: httplib2 transport +ReleaseDate: 2023-12-12T17:40:13Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: google-apitools -SPDXID: SPDXRef-42-google-apitools +SPDXID: SPDXRef-44-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/apitools -PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1 +PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: client libraries for humans +ReleaseDate: 2021-05-05T22:12:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-43-monotonic +SPDXID: SPDXRef-45-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/atdt/monotonic -PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad +PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 +ReleaseDate: 2021-04-09T21:58:05Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### -PackageName: importlib-metadata -SPDXID: SPDXRef-44-importlib-metadata -PackageVersion: 8.5.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files -FilesAnalyzed: false -PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Read metadata from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* -##### - -PackageName: zipp -SPDXID: SPDXRef-45-zipp -PackageVersion: 3.20.2 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* -##### - -PackageName: importlib-resources -SPDXID: SPDXRef-46-importlib-resources -PackageVersion: 6.4.5 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Barry Warsaw (barry@python.org) -PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files -FilesAnalyzed: false -PackageChecksum: SHA1: 284148b005b57031a354402c446473f53cab2c49 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Read resources from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:* -##### - PackageName: jinja2 -SPDXID: SPDXRef-47-jinja2 +SPDXID: SPDXRef-46-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files FilesAnalyzed: false -PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57 +PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. +ReleaseDate: 2024-05-05T23:41:59Z +ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/ +ExternalRef: OTHER chat https://discord.gg/pallets +ExternalRef: OTHER documentation https://jinja.palletsprojects.com/ +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER vcs https://github.com/pallets/jinja/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-48-markupsafe +SPDXID: SPDXRef-47-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5/#files FilesAnalyzed: false PackageHomePage: https://palletsprojects.com/p/markupsafe/ -PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 +PackageChecksum: SHA256: a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. +ReleaseDate: 2024-02-02T16:30:04Z +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/ +ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/ +ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/ +ExternalRef: OTHER issue-tracker https://github.com/pallets/markupsafe/issues/ +ExternalRef: OTHER chat https://discord.gg/pallets ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-49-jsonschema +SPDXID: SPDXRef-48-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema +PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python +ReleaseDate: 2024-07-08T18:40:00Z +ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:* ##### +PackageName: importlib-resources +SPDXID: SPDXRef-49-importlib-resources +PackageVersion: 6.4.5 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Barry Warsaw (barry@python.org) +PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files +FilesAnalyzed: false +PackageChecksum: SHA256: ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Read resources from Python packages +ReleaseDate: 2024-09-09T17:03:13Z +ExternalRef: OTHER vcs https://github.com/python/importlib_resources +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:* +##### + PackageName: jsonschema-specifications SPDXID: SPDXRef-50-jsonschema-specifications PackageVersion: 2023.12.1 @@ -841,11 +1029,17 @@ PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVin PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications -PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76 +PackageChecksum: SHA256: 87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ReleaseDate: 2023-12-25T15:16:51Z +ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:* ##### @@ -858,11 +1052,18 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/referencing -PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845 +PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python +ReleaseDate: 2024-05-01T20:26:02Z +ExternalRef: OTHER documentation https://referencing.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/ +ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### @@ -875,11 +1076,17 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: 1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9 +PackageChecksum: SHA256: a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ReleaseDate: 2024-10-31T14:26:20Z +ExternalRef: OTHER documentation https://rpds.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/crate-py/rpds ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* ##### @@ -896,24 +1103,27 @@ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Resolve a name to an object. +ReleaseDate: 2024-10-31T14:26:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:* ##### PackageName: lib4sbom SPDXID: SPDXRef-54-lib4sbom -PackageVersion: 0.7.5 +PackageVersion: 0.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom +PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:* +ReleaseDate: 2024-12-09T20:13:26Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -921,13 +1131,20 @@ SPDXID: SPDXRef-55-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files +PackageDownloadLocation: https://pypi.org/project/PyYAML/ FilesAnalyzed: false PackageHomePage: https://pyyaml.org/ +PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python +ReleaseDate: 2024-08-06T20:31:40Z +ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues +ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions +ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation +ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core +ExternalRef: OTHER vcs https://github.com/yaml/pyyaml ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:* ##### @@ -940,12 +1157,13 @@ PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.o PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/rbarrois/python-semanticversion -PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a +PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A library implementing the 'SemVer' scheme. +ReleaseDate: 2022-05-26T13:35:21Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### @@ -958,11 +1176,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4vex -PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2 +PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library +ReleaseDate: 2024-08-29T20:36:52Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### @@ -975,11 +1194,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/csaf -PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4 +PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CSAF generator and analyser +ReleaseDate: 2024-06-12T20:10:06Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* ##### @@ -992,11 +1212,12 @@ PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 +PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder +ReleaseDate: 2024-10-22T05:51:23Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### @@ -1009,11 +1230,13 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich -PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 +PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ReleaseDate: 2024-11-01T16:43:55Z +ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### @@ -1026,11 +1249,13 @@ PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/markdown-it-py -PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d +PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ReleaseDate: 2023-06-03T06:41:11Z +ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* ##### @@ -1043,11 +1268,12 @@ PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/mdurl -PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e +PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Markdown URL utilities +ReleaseDate: 2022-08-14T12:40:09Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### @@ -1060,83 +1286,101 @@ PackageSupplier: Person: Georg Brandl (georg@python.org) PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files FilesAnalyzed: false PackageHomePage: https://pygments.org -PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb +PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. +ReleaseDate: 2024-05-04T13:41:57Z +ExternalRef: OTHER documentation https://pygments.org/docs +ExternalRef: OTHER vcs https://github.com/pygments/pygments +ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues +ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### +PackageName: python-gnupg +SPDXID: SPDXRef-64-python-gnupg +PackageVersion: 0.5.3 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) +ReleaseDate: 2024-09-20T16:43:47Z +ExternalRef: OTHER documentation https://gnupg.readthedocs.io/ +ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg +ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* +##### + PackageName: packaging -SPDXID: SPDXRef-64-packaging +SPDXID: SPDXRef-65-packaging PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f +PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages +ReleaseDate: 2024-11-08T09:47:44Z +ExternalRef: OTHER documentation https://packaging.pypa.io/ +ExternalRef: OTHER vcs https://github.com/pypa/packaging ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-65-plotly +SPDXID: SPDXRef-66-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files FilesAnalyzed: false PackageHomePage: https://plotly.com/python/ +PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python +ReleaseDate: 2024-09-12T15:36:24Z +ExternalRef: OTHER documentation https://plotly.com/python/ +ExternalRef: OTHER vcs https://github.com/plotly/plotly.py +ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-66-tenacity +SPDXID: SPDXRef-67-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/jd/tenacity -PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb +PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds +ReleaseDate: 2024-07-29T12:12:25Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### -PackageName: python-gnupg -SPDXID: SPDXRef-67-python-gnupg -PackageVersion: 0.5.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/vsajip/python-gnupg -PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* -##### - PackageName: requests SPDXID: SPDXRef-68-requests PackageVersion: 2.32.3 @@ -1145,63 +1389,78 @@ PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files FilesAnalyzed: false PackageHomePage: https://requests.readthedocs.io -PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068 +PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python HTTP for Humans. +ReleaseDate: 2024-05-29T15:37:47Z +ExternalRef: OTHER documentation https://requests.readthedocs.io +ExternalRef: OTHER vcs https://github.com/psf/requests ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:* ##### -PackageName: certifi -SPDXID: SPDXRef-69-certifi -PackageVersion: 2024.8.30 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/certifi/python-certifi -PackageLicenseDeclared: MPL-2.0 -PackageLicenseConcluded: MPL-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:* -##### - PackageName: charset-normalizer -SPDXID: SPDXRef-70-charset-normalizer +SPDXID: SPDXRef-69-charset-normalizer PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Ousret/charset_normalizer +PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ReleaseDate: 2024-10-09T07:38:02Z +ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues +ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-71-urllib3 +SPDXID: SPDXRef-70-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false -PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df +PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ReleaseDate: 2024-09-12T10:52:16Z +ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst +ExternalRef: OTHER documentation https://urllib3.readthedocs.io +ExternalRef: OTHER vcs https://github.com/urllib3/urllib3 +ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:* ##### +PackageName: certifi +SPDXID: SPDXRef-71-certifi +PackageVersion: 2024.12.14 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) +PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/certifi/python-certifi +PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 +PackageLicenseDeclared: MPL-2.0 +PackageLicenseConcluded: MPL-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Python package for providing Mozilla's CA Bundle. +ReleaseDate: 2024-12-14T13:52:36Z +ExternalRef: OTHER vcs https://github.com/certifi/python-certifi +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:* +##### + PackageName: rpmfile SPDXID: SPDXRef-72-rpmfile PackageVersion: 2.1.0 @@ -1210,11 +1469,12 @@ PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/srossross/rpmfile -PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5 +PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Read rpm archive files +ReleaseDate: 2024-07-24T21:57:45Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### @@ -1226,63 +1486,73 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files FilesAnalyzed: false +PackageChecksum: SHA256: f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ReleaseDate: 2024-10-29T10:23:24Z +ExternalRef: OTHER vcs https://github.com/pypa/setuptools +ExternalRef: OTHER documentation https://setuptools.pypa.io/ +ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* ##### -PackageName: toml -SPDXID: SPDXRef-74-toml -PackageVersion: 0.10.2 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: William Pearson (uiri@xqz.ca) -PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/uiri/toml -PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Python Library for Tom's Obvious, Minimal Language -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* -##### - PackageName: xmlschema -SPDXID: SPDXRef-75-xmlschema +SPDXID: SPDXRef-74-xmlschema PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema +PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder +ReleaseDate: 2024-10-31T09:47:12Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-76-elementpath +SPDXID: SPDXRef-75-elementpath PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath +PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml +ReleaseDate: 2024-10-27T21:52:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### +PackageName: toml +SPDXID: SPDXRef-76-toml +PackageVersion: 0.10.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: William Pearson (uiri@xqz.ca) +PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/uiri/toml +PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Python Library for Tom's Obvious, Minimal Language +ReleaseDate: 2020-11-01T01:40:20Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* +##### + PackageName: zstandard SPDXID: SPDXRef-77-zstandard PackageVersion: 0.23.0 @@ -1291,114 +1561,116 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/indygreg/python-zstandard +PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python +ReleaseDate: 2024-07-15T00:13:27Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-importlib-metadata -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-zipp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-importlib-resources -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-importlib-resources Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4sbom Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-pyyaml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-lib4vex Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-packageurl-python Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-plotly -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-plotly Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-urllib3 Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-rpmfile Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-toml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-76-toml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-77-zstandard -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2 -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-multidict +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-13-propcache +Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-14-async-timeout Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2 -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2 +Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f +Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing -Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f -Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography -Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi -Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules +Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography +Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi +Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client -Relationship: SPDXRef-44-importlib-metadata DEPENDS_ON SPDXRef-45-zipp -Relationship: SPDXRef-46-importlib-resources DEPENDS_ON SPDXRef-45-zipp -Relationship: SPDXRef-47-jinja2 DEPENDS_ON SPDXRef-48-markupsafe -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-46-importlib-resources -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-51-referencing -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-52-rpds-py -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-46-importlib-resources +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools +Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-importlib-resources +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-51-referencing +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-52-rpds-py +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-49-importlib-resources DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-49-importlib-resources Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-51-referencing Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-52-rpds-py -Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml +Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-55-pyyaml Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-56-semantic-version Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-54-lib4sbom @@ -1406,16 +1678,19 @@ Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-58-csaf-tool Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-59-packageurl-python Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-59-packageurl-python Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-60-rich +Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-61-markdown-it-py Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-63-pygments Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-9-typing-extensions Relationship: SPDXRef-61-markdown-it-py DEPENDS_ON SPDXRef-62-mdurl -Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-64-packaging -Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-66-tenacity -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-certifi -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-charset-normalizer -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-urllib3 -Relationship: SPDXRef-75-xmlschema DEPENDS_ON SPDXRef-76-elementpath -Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-65-packaging +Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-67-tenacity +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-12-idna +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-charset-normalizer +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-urllib3 +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-certifi +Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-74-xmlschema DEPENDS_ON SPDXRef-75-elementpath +Relationship: SPDXRef-77-zstandard DEPENDS_ON SPDXRef-38-cffi Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From b96293e3fc80eba03d9e3f17b635308f690a75cf Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:45:03 +0000 Subject: [PATCH 35/47] chore: update SBOM for Python 3.9 (#4628) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 2762 ++++++++++++++++++++++------------ sbom/cve-bin-tool-py3.9.spdx | 1025 ++++++++----- 2 files changed, 2497 insertions(+), 1290 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index fc9b5dcb0f..496e740e5c 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:f196410b-e7b4-45b7-be50-2cd9fa1e4b4d", + "serialNumber": "urn:uuid:7980739c-277f-4abd-b471-6eb4c197e206", "version": 1, "metadata": { - "timestamp": "2024-12-09T00:41:21Z", + "timestamp": "2024-12-16T00:39:37Z", "lifecycles": [ { "phase": "build" @@ -15,7 +15,7 @@ "components": [ { "name": "sbom4python", - "version": "0.11.3", + "version": "0.12.1", "type": "application" } ] @@ -42,6 +42,12 @@ }, "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", + "hashes": [ + { + "alg": "SHA-256", + "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d" + } + ], "licenses": [ { "license": { @@ -65,6 +71,10 @@ ], "purl": "pkg:pypi/cve-bin-tool@3.4", "properties": [ + { + "name": "release_date", + "value": "2024-09-17T18:57:44Z" + }, { "name": "language", "value": "Python" @@ -81,6 +91,12 @@ "name": "aiohttp", "version": "3.11.10", "description": "Async http client/server framework (asyncio)", + "hashes": [ + { + "alg": "SHA-256", + "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d" + } + ], "licenses": [ { "license": { @@ -100,10 +116,46 @@ "url": "https://pypi.org/project/aiohttp/3.11.10/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiohttp", + "type": "other" + }, + { + "url": "https://docs.aiohttp.org/en/stable/changes.html", + "type": "log" + }, + { + "url": "https://docs.aiohttp.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohttp", + "type": "vcs" } ], "purl": "pkg:pypi/aiohttp@3.11.10", "properties": [ + { + "name": "release_date", + "value": "2024-12-05T23:51:02Z" + }, { "name": "language", "value": "Python" @@ -111,10 +163,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-12-05T23:51:02.000Z" } ] }, @@ -133,6 +181,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-256", + "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8" + } + ], "licenses": [ { "license": { @@ -152,10 +206,30 @@ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://aiohappyeyeballs.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs", + "type": "vcs" } ], "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -163,10 +237,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -174,14 +244,8 @@ "type": "library", "bom-ref": "4-aiosignal", "name": "aiosignal", - "version": "1.3.1", + "version": "1.3.2", "description": "aiosignal: a list of registered asynchronous callbacks", - "hashes": [ - { - "alg": "SHA-1", - "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3" - } - ], "licenses": [ { "license": { @@ -198,13 +262,41 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiosignal/1.3.1/#files", + "url": "https://pypi.org/project/aiosignal/1.3.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiosignal", + "type": "other" + }, + { + "url": "https://docs.aiosignal.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiosignal", + "type": "vcs" } ], - "purl": "pkg:pypi/aiosignal@1.3.1", + "purl": "pkg:pypi/aiosignal@1.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -212,10 +304,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2022-11-08T16:03:57.000Z" } ] }, @@ -225,6 +313,12 @@ "name": "frozenlist", "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", + "hashes": [ + { + "alg": "SHA-256", + "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a" + } + ], "licenses": [ { "license": { @@ -244,10 +338,50 @@ "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/frozenlist", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog", + "type": "log" + }, + { + "url": "https://frozenlist.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/frozenlist", + "type": "vcs" } ], "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-23T09:46:20Z" + }, { "name": "language", "value": "Python" @@ -255,10 +389,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -277,6 +407,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", + "hashes": [ + { + "alg": "SHA-256", + "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c" + } + ], "licenses": [ { "license": { @@ -296,10 +432,34 @@ "url": "https://pypi.org/project/async-timeout/5.0.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/async-timeout/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/async-timeout", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/async-timeout/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/async-timeout", + "type": "vcs" } ], "purl": "pkg:pypi/async-timeout@5.0.1", "properties": [ + { + "name": "release_date", + "value": "2024-11-06T16:41:37Z" + }, { "name": "language", "value": "Python" @@ -307,10 +467,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-06T16:41:37.000Z" } ] }, @@ -331,8 +487,8 @@ "description": "Classes Without Boilerplate", "hashes": [ { - "alg": "SHA-1", - "content": "6771a04893780166e4b7826b63599f43ac30d00a" + "alg": "SHA-256", + "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2" } ], "externalReferences": [ @@ -340,10 +496,34 @@ "url": "https://pypi.org/project/attrs/24.2.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.attrs.org/", + "type": "documentation" + }, + { + "url": "https://www.attrs.org/en/stable/changelog.html", + "type": "log" + }, + { + "url": "https://github.com/python-attrs/attrs", + "type": "vcs" + }, + { + "url": "https://github.com/sponsors/hynek", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi", + "type": "other" } ], "purl": "pkg:pypi/attrs@24.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T14:37:36Z" + }, { "name": "language", "value": "Python" @@ -351,57 +531,47 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-08-06T14:37:36.000Z" } ] }, { "type": "library", - "bom-ref": "8-multidict", - "name": "multidict", - "version": "6.1.0", + "bom-ref": "8-importlib-metadata", + "name": "importlib-metadata", + "version": "8.5.0", "supplier": { - "name": "Andrew Svetlov", + "name": "Jason R .", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", - "description": "multidict implementation", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", + "description": "Read metadata from Python packages", "hashes": [ { - "alg": "SHA-1", - "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/multidict/6.1.0/#files", + "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_metadata", + "type": "vcs" } ], - "purl": "pkg:pypi/multidict@6.1.0", + "purl": "pkg:pypi/importlib-metadata@8.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-09-11T14:56:07Z" + }, { "name": "language", "value": "Python" @@ -409,43 +579,47 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "9-typing-extensions", - "name": "typing-extensions", - "version": "4.12.2", + "bom-ref": "9-zipp", + "name": "zipp", + "version": "3.21.0", "supplier": { - "name": "Guido van Jukka ukasz Michael", + "name": "Jason R .", "contact": [ { - "email": "levkivskyi@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", - "description": "Backported and Experimental Type Hints for Python 3.8+", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", + "description": "Backport of pathlib-compatible object wrapper for zip files", "hashes": [ { - "alg": "SHA-1", - "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + "alg": "SHA-256", + "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931" } ], "externalReferences": [ { - "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/jaraco/zipp", + "type": "vcs" } ], - "purl": "pkg:pypi/typing-extensions@4.12.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ + { + "name": "release_date", + "value": "2024-11-10T15:05:19Z" + }, { "name": "language", "value": "Python" @@ -453,51 +627,68 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-06-07T18:52:13.000Z" } ] }, { "type": "library", - "bom-ref": "10-propcache", - "name": "propcache", - "version": "0.2.1", + "bom-ref": "10-typing-extensions", + "name": "typing-extensions", + "version": "4.12.2", "supplier": { - "name": "Andrew Svetlov", + "name": "Guido van Jukka ukasz Michael", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "levkivskyi@gmail.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", + "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", + "url": "https://github.com/python/typing_extensions", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/propcache/0.2.1/#files", + "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/typing_extensions/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://typing-extensions.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python/typing/discussions", + "type": "other" + }, + { + "url": "https://github.com/python/typing_extensions", + "type": "vcs" } ], - "purl": "pkg:pypi/propcache@0.2.1", + "purl": "pkg:pypi/typing-extensions@4.12.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-07T18:52:13Z" + }, { "name": "language", "value": "Python" @@ -510,9 +701,9 @@ }, { "type": "library", - "bom-ref": "11-yarl", - "name": "yarl", - "version": "1.18.3", + "bom-ref": "11-multidict", + "name": "multidict", + "version": "6.1.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -521,8 +712,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", + "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-256", + "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60" + } + ], "licenses": [ { "license": { @@ -534,38 +731,262 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/multidict", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.18.3/#files", + "url": "https://pypi.org/project/multidict/6.1.0/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/yarl@1.18.3", - "properties": [ + }, { - "name": "language", - "value": "Python" + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" }, { - "name": "python_version", - "value": "3.9.20" + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" }, { - "name": "package_release_date", - "value": "2024-12-01T20:32:32.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "12-idna", - "name": "idna", - "version": "3.10", - "supplier": { + "url": "https://github.com/aio-libs/multidict/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/multidict", + "type": "other" + }, + { + "url": "https://multidict.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://multidict.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/multidict", + "type": "vcs" + } + ], + "purl": "pkg:pypi/multidict@6.1.0", + "properties": [ + { + "name": "release_date", + "value": "2024-09-09T23:47:18Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.20" + } + ] + }, + { + "type": "library", + "bom-ref": "12-propcache", + "name": "propcache", + "version": "0.2.1", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", + "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-256", + "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/propcache", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/propcache/0.2.1/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/propcache", + "type": "other" + }, + { + "url": "https://propcache.readthedocs.io/en/latest/changes/", + "type": "log" + }, + { + "url": "https://propcache.readthedocs.io", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/propcache", + "type": "vcs" + } + ], + "purl": "pkg:pypi/propcache@0.2.1", + "properties": [ + { + "name": "release_date", + "value": "2024-12-01T18:27:02Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.20" + } + ] + }, + { + "type": "library", + "bom-ref": "13-yarl", + "name": "yarl", + "version": "1.18.3", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.18.3/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/yarl", + "type": "other" + }, + { + "url": "https://yarl.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://yarl.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/yarl", + "type": "vcs" + } + ], + "purl": "pkg:pypi/yarl@1.18.3", + "properties": [ + { + "name": "release_date", + "value": "2024-12-01T20:32:32Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.20" + } + ] + }, + { + "type": "library", + "bom-ref": "14-idna", + "name": "idna", + "version": "3.10", + "supplier": { "name": "Kim Davies", "contact": [ { @@ -575,15 +996,37 @@ }, "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-256", + "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst", + "type": "log" + }, + { + "url": "https://github.com/kjd/idna/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kjd/idna", + "type": "vcs" } ], "purl": "pkg:pypi/idna@3.10", "properties": [ + { + "name": "release_date", + "value": "2024-09-15T18:07:37Z" + }, { "name": "language", "value": "Python" @@ -591,16 +1034,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-15T18:07:37.000Z" } ] }, { "type": "library", - "bom-ref": "13-beautifulsoup4", + "bom-ref": "15-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -613,11 +1052,17 @@ }, "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", "description": "Screen-scraping library", + "hashes": [ + { + "alg": "SHA-256", + "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -632,10 +1077,18 @@ "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/", + "type": "other" } ], "purl": "pkg:pypi/beautifulsoup4@4.12.3", "properties": [ + { + "name": "release_date", + "value": "2024-01-17T16:53:12Z" + }, { "name": "language", "value": "Python" @@ -643,16 +1096,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-01-17T16:53:12.000Z" } ] }, { "type": "library", - "bom-ref": "14-soupsieve", + "bom-ref": "16-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -667,8 +1116,8 @@ "description": "A modern CSS selector implementation for Beautiful Soup.", "hashes": [ { - "alg": "SHA-1", - "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + "alg": "SHA-256", + "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9" } ], "externalReferences": [ @@ -685,6 +1134,10 @@ ], "purl": "pkg:pypi/soupsieve@2.6", "properties": [ + { + "name": "release_date", + "value": "2024-08-13T13:39:10Z" + }, { "name": "language", "value": "Python" @@ -697,7 +1150,7 @@ }, { "type": "library", - "bom-ref": "15-cvss", + "bom-ref": "17-cvss", "name": "cvss", "version": "3.3", "supplier": { @@ -712,8 +1165,8 @@ "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { - "alg": "SHA-1", - "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + "alg": "SHA-256", + "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1" } ], "licenses": [ @@ -735,10 +1188,30 @@ "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/releases", + "type": "other" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "vcs" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/actions", + "type": "build-system" } ], "purl": "pkg:pypi/cvss@3.3", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T10:05:52Z" + }, { "name": "language", "value": "Python" @@ -746,16 +1219,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-01T10:05:52.000Z" } ] }, { "type": "library", - "bom-ref": "16-defusedxml", + "bom-ref": "18-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -770,8 +1239,8 @@ "description": "XML bomb protection for Python stdlib modules", "hashes": [ { - "alg": "SHA-1", - "content": "ebff1b493751e2f0775314bdd4188d64f07ea184" + "alg": "SHA-256", + "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61" } ], "licenses": [ @@ -790,13 +1259,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/defusedxml/0.7.1/#files", + "url": "https://pypi.python.org/pypi/defusedxml", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/defusedxml@0.7.1", "properties": [ + { + "name": "release_date", + "value": "2021-03-08T10:59:24Z" + }, { "name": "language", "value": "Python" @@ -804,16 +1277,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2021-03-08T10:59:24.000Z" } ] }, { "type": "library", - "bom-ref": "17-distro", + "bom-ref": "19-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -826,6 +1295,12 @@ }, "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*", "description": "Distro - an OS platform information API", + "hashes": [ + { + "alg": "SHA-256", + "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2" + } + ], "licenses": [ { "license": { @@ -849,6 +1324,10 @@ ], "purl": "pkg:pypi/distro@1.9.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-24T09:54:30Z" + }, { "name": "language", "value": "Python" @@ -856,16 +1335,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2023-12-24T09:54:30.000Z" } ] }, { "type": "library", - "bom-ref": "18-filetype", + "bom-ref": "20-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -880,15 +1355,15 @@ "description": "Infer file type and MIME type of any file/buffer. No external dependencies.", "hashes": [ { - "alg": "SHA-1", - "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585" + "alg": "SHA-256", + "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -900,13 +1375,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/filetype/1.2.0/#files", + "url": "https://github.com/h2non/filetype.py/tarball/master", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/filetype@1.2.0", "properties": [ + { + "name": "release_date", + "value": "2022-11-02T17:34:01Z" + }, { "name": "language", "value": "Python" @@ -914,18 +1393,14 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2022-11-02T17:34:01.000Z" } ] }, { "type": "library", - "bom-ref": "19-gsutil", + "bom-ref": "21-gsutil", "name": "gsutil", - "version": "5.32", + "version": "5.33", "supplier": { "name": "Google Inc .", "contact": [ @@ -934,8 +1409,14 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", + "hashes": [ + { + "alg": "SHA-256", + "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856" + } + ], "licenses": [ { "license": { @@ -952,13 +1433,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.32/#files", + "url": "https://cloud.google.com/storage/docs/gsutil_install", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.32", + "purl": "pkg:pypi/gsutil@5.33", "properties": [ + { + "name": "release_date", + "value": "2024-12-11T09:40:59Z" + }, { "name": "language", "value": "Python" @@ -966,16 +1451,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-12-04T14:56:46.000Z" } ] }, { "type": "library", - "bom-ref": "20-argcomplete", + "bom-ref": "22-argcomplete", "name": "argcomplete", "version": "3.5.2", "supplier": { @@ -990,8 +1471,8 @@ "description": "Bash tab completion for argparse", "hashes": [ { - "alg": "SHA-1", - "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + "alg": "SHA-256", + "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472" } ], "licenses": [ @@ -1013,10 +1494,30 @@ "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://kislyuk.github.io/argcomplete", + "type": "documentation" + }, + { + "url": "https://github.com/kislyuk/argcomplete", + "type": "vcs" + }, + { + "url": "https://github.com/kislyuk/argcomplete/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst", + "type": "log" } ], "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ + { + "name": "release_date", + "value": "2024-12-06T18:24:27Z" + }, { "name": "language", "value": "Python" @@ -1024,16 +1525,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-12-06T18:24:27.000Z" } ] }, { "type": "library", - "bom-ref": "21-crcmod", + "bom-ref": "23-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -1046,11 +1543,17 @@ }, "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*", "description": "CRC Generator", - "licenses": [ + "hashes": [ + { + "alg": "SHA-256", + "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e" + } + ], + "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1062,13 +1565,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/crcmod/1.7/#files", + "url": "http://sourceforge.net/projects/crcmod", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/crcmod@1.7", "properties": [ + { + "name": "release_date", + "value": "2010-06-27T14:35:29Z" + }, { "name": "language", "value": "Python" @@ -1081,7 +1588,7 @@ }, { "type": "library", - "bom-ref": "22-fasteners", + "bom-ref": "24-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -1091,8 +1598,8 @@ "description": "A python package that provides useful locks", "hashes": [ { - "alg": "SHA-1", - "content": "06c3f06cab4e135b8d921932019a231c180eb9f4" + "alg": "SHA-256", + "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237" } ], "licenses": [ @@ -1118,6 +1625,10 @@ ], "purl": "pkg:pypi/fasteners@0.19", "properties": [ + { + "name": "release_date", + "value": "2023-09-19T17:11:18Z" + }, { "name": "language", "value": "Python" @@ -1130,7 +1641,7 @@ }, { "type": "library", - "bom-ref": "23-gcs-oauth2-boto-plugin", + "bom-ref": "25-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -1145,8 +1656,8 @@ "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "hashes": [ { - "alg": "SHA-1", - "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb" + "alg": "SHA-256", + "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843" } ], "licenses": [ @@ -1165,13 +1676,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files", + "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ + { + "name": "release_date", + "value": "2024-05-02T14:37:31Z" + }, { "name": "language", "value": "Python" @@ -1179,57 +1694,57 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-05-02T14:37:31.000Z" } ] }, { "type": "library", - "bom-ref": "24-boto", - "name": "boto", - "version": "2.49.0", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", "supplier": { - "name": "Mitch Garnaat", + "name": "Sybren A . Stuvel", "contact": [ { - "email": "mitch@garnaat.com" + "email": "sybren@stuvel.eu" } ] }, - "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", - "description": "Amazon Web Services Library", + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { - "alg": "SHA-1", - "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3" + "alg": "SHA-256", + "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/boto/boto/", + "url": "https://stuvel.eu/rsa", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/boto/2.49.0/#files", + "url": "https://pypi.org/project/rsa/4.7.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/boto@2.49.0", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ + { + "name": "release_date", + "value": "2021-02-24T10:55:03Z" + }, { "name": "language", "value": "Python" @@ -1237,105 +1752,73 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2018-07-11T20:58:55.000Z" } ] }, { "type": "library", - "bom-ref": "25-google-auth", - "name": "google-auth", - "version": "2.17.0", + "bom-ref": "27-pyasn1", + "name": "pyasn1", + "version": "0.6.1", "supplier": { - "name": "Google Cloud Platform", + "name": "Ilya Etingof", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", "hashes": [ { - "alg": "SHA-1", - "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" + "alg": "SHA-256", + "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/googleapis/google-auth-library-python", + "url": "https://github.com/pyasn1/pyasn1", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth/2.17.0/#files", + "url": "https://pypi.org/project/pyasn1/0.6.1/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.17.0", - "properties": [ - { - "name": "language", - "value": "Python" }, { - "name": "python_version", - "value": "3.9.20" - } - ] - }, - { - "type": "library", - "bom-ref": "26-cachetools", - "name": "cachetools", - "version": "5.5.0", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ + "url": "https://pyasn1.readthedocs.io", + "type": "documentation" + }, { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ + "url": "https://github.com/pyasn1/pyasn1", + "type": "vcs" + }, { - "url": "https://github.com/tkem/cachetools/", - "type": "website", - "comment": "Home page for project" + "url": "https://github.com/pyasn1/pyasn1/issues", + "type": "issue-tracker" }, { - "url": "https://pypi.org/project/cachetools/5.5.0/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html", + "type": "log" } ], - "purl": "pkg:pypi/cachetools@5.5.0", + "purl": "pkg:pypi/pyasn1@0.6.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:41:42Z" + }, { "name": "language", "value": "Python" @@ -1343,51 +1826,57 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-08-18T20:28:43.000Z" } ] }, { "type": "library", - "bom-ref": "27-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.1", + "bom-ref": "28-boto", + "name": "boto", + "version": "2.49.0", "supplier": { - "name": "Ilya Etingof", + "name": "Mitch Garnaat", "contact": [ { - "email": "etingof@gmail.com" + "email": "mitch@garnaat.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", + "description": "Amazon Web Services Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1-modules", + "url": "https://github.com/boto/boto/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", + "url": "https://pypi.org/project/boto/2.49.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.1", + "purl": "pkg:pypi/boto@2.49.0", "properties": [ + { + "name": "release_date", + "value": "2018-07-11T20:58:55Z" + }, { "name": "language", "value": "Python" @@ -1395,51 +1884,57 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:42:08.000Z" } ] }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.1", + "bom-ref": "29-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1", + "url": "https://github.com/Google/google-reauth-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1/0.6.1/#files", + "url": "https://pypi.org/project/google-reauth/0.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.1", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-12-01T17:35:45Z" + }, { "name": "language", "value": "Python" @@ -1447,32 +1942,28 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:41:42.000Z" } ] }, { "type": "library", - "bom-ref": "29-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "30-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", "hashes": [ { - "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "alg": "SHA-256", + "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b" } ], "licenses": [ @@ -1486,18 +1977,22 @@ ], "externalReferences": [ { - "url": "https://stuvel.eu/rsa", + "url": "https://github.com/google/pyu2f/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rsa/4.7.2/#files", + "url": "https://pypi.org/project/pyu2f/0.1.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ + { + "name": "release_date", + "value": "2020-10-30T20:03:07Z" + }, { "name": "language", "value": "Python" @@ -1505,16 +2000,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2021-02-24T10:55:03.000Z" } ] }, { "type": "library", - "bom-ref": "30-six", + "bom-ref": "31-six", "name": "six", "version": "1.17.0", "supplier": { @@ -1527,11 +2018,17 @@ }, "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", "description": "Python 2 and 3 compatibility utilities", + "hashes": [ + { + "alg": "SHA-256", + "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1551,63 +2048,9 @@ "purl": "pkg:pypi/six@1.17.0", "properties": [ { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.9.20" + "name": "release_date", + "value": "2024-12-04T17:35:26Z" }, - { - "name": "package_release_date", - "value": "2024-12-04T17:35:26.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "31-google-auth-httplib2", - "name": "google-auth-httplib2", - "version": "0.2.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library: httplib2 transport", - "hashes": [ - { - "alg": "SHA-1", - "content": "932ac88800dd6de004c1bd59867831ccf033f031" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ - { - "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth-httplib2@0.2.0", - "properties": [ { "name": "language", "value": "Python" @@ -1615,10 +2058,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2023-12-12T17:40:13.000Z" } ] }, @@ -1639,15 +2078,15 @@ "description": "A comprehensive HTTP client library.", "hashes": [ { - "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "alg": "SHA-256", + "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1666,6 +2105,10 @@ ], "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ + { + "name": "release_date", + "value": "2022-02-03T00:00:29Z" + }, { "name": "language", "value": "Python" @@ -1685,84 +2128,36 @@ "name": "Paul McGuire", "contact": [ { - "email": "ptmcg.gm+pyparsing@gmail.com" - } - ] - }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", - "externalReferences": [ - { - "url": "https://github.com/pyparsing/pyparsing/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/pyparsing/3.2.0/#files", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/pyparsing@3.2.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-13T10:01:13.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "34-google-reauth", - "name": "google-reauth", - "version": "0.1.1", - "supplier": { - "name": "Google", - "contact": [ - { - "email": "googleapis-publisher@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", - "hashes": [ - { - "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" + "email": "ptmcg.gm+pyparsing@gmail.com" } + ] + }, + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "hashes": [ + { + "alg": "SHA-256", + "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84" } ], "externalReferences": [ { - "url": "https://github.com/Google/google-reauth-python", + "url": "https://github.com/pyparsing/pyparsing/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-reauth/0.1.1/#files", + "url": "https://pypi.org/project/pyparsing/3.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/pyparsing@3.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-13T10:01:13Z" + }, { "name": "language", "value": "Python" @@ -1770,32 +2165,28 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2020-12-01T17:35:45.000Z" } ] }, { "type": "library", - "bom-ref": "35-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "34-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { "name": "Google Inc .", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { - "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "alg": "SHA-256", + "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac" } ], "licenses": [ @@ -1809,18 +2200,22 @@ ], "externalReferences": [ { - "url": "https://github.com/google/pyu2f/", + "url": "http://github.com/google/oauth2client/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyu2f/0.1.5/#files", + "url": "https://pypi.org/project/oauth2client/4.1.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ + { + "name": "release_date", + "value": "2018-09-07T21:38:16Z" + }, { "name": "language", "value": "Python" @@ -1828,57 +2223,69 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2020-10-30T20:03:07.000Z" } ] }, { "type": "library", - "bom-ref": "36-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "35-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.1", "supplier": { - "name": "Google Inc .", + "name": "Ilya Etingof", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", "hashes": [ { - "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" + "alg": "SHA-256", + "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "http://github.com/google/oauth2client/", + "url": "https://github.com/pyasn1/pyasn1-modules", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/oauth2client/4.1.3/#files", + "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules", + "type": "vcs" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt", + "type": "log" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/pyasn1-modules@0.4.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:42:08Z" + }, { "name": "language", "value": "Python" @@ -1886,16 +2293,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2018-09-07T21:38:16.000Z" } ] }, { "type": "library", - "bom-ref": "37-pyopenssl", + "bom-ref": "36-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1908,6 +2311,12 @@ }, "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d" + } + ], "licenses": [ { "license": { @@ -1927,10 +2336,18 @@ "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyca/pyopenssl", + "type": "vcs" } ], "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ + { + "name": "release_date", + "value": "2024-07-20T17:26:29Z" + }, { "name": "language", "value": "Python" @@ -1943,7 +2360,7 @@ }, { "type": "library", - "bom-ref": "38-cryptography", + "bom-ref": "37-cryptography", "name": "cryptography", "version": "43.0.3", "supplier": { @@ -1956,6 +2373,12 @@ }, "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e" + } + ], "licenses": [ { "expression": "Apache-2.0 OR BSD-3-Clause" @@ -1971,10 +2394,30 @@ "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://cryptography.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pyca/cryptography/", + "type": "vcs" + }, + { + "url": "https://github.com/pyca/cryptography/issues", + "type": "issue-tracker" + }, + { + "url": "https://cryptography.io/en/latest/changelog/", + "type": "log" } ], "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:57:36Z" + }, { "name": "language", "value": "Python" @@ -1987,7 +2430,7 @@ }, { "type": "library", - "bom-ref": "39-cffi", + "bom-ref": "38-cffi", "name": "cffi", "version": "1.17.1", "supplier": { @@ -2002,15 +2445,15 @@ "description": "Foreign Function Interface for Python calling C code.", "hashes": [ { - "alg": "SHA-1", - "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + "alg": "SHA-256", + "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2025,10 +2468,38 @@ "url": "https://pypi.org/project/cffi/1.17.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "http://cffi.readthedocs.org/", + "type": "documentation" + }, + { + "url": "https://github.com/python-cffi/cffi", + "type": "vcs" + }, + { + "url": "https://github.com/python-cffi/cffi/issues", + "type": "issue-tracker" + }, + { + "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html", + "type": "log" + }, + { + "url": "https://github.com/python-cffi/cffi/releases", + "type": "other" + }, + { + "url": "https://groups.google.com/forum/#!forum/python-cffi", + "type": "other" } ], "purl": "pkg:pypi/cffi@1.17.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-04T20:43:30Z" + }, { "name": "language", "value": "Python" @@ -2036,16 +2507,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-04T20:43:30.000Z" } ] }, { "type": "library", - "bom-ref": "40-pycparser", + "bom-ref": "39-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -2060,8 +2527,8 @@ "description": "C parser in Python", "hashes": [ { - "alg": "SHA-1", - "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + "alg": "SHA-256", + "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc" } ], "licenses": [ @@ -2087,6 +2554,10 @@ ], "purl": "pkg:pypi/pycparser@2.22", "properties": [ + { + "name": "release_date", + "value": "2024-03-30T13:22:20Z" + }, { "name": "language", "value": "Python" @@ -2094,16 +2565,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-03-30T13:22:20.000Z" } ] }, { "type": "library", - "bom-ref": "41-retry-decorator", + "bom-ref": "40-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -2118,15 +2585,15 @@ "description": "Retry Decorator", "hashes": [ { - "alg": "SHA-1", - "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349" + "alg": "SHA-256", + "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2145,6 +2612,10 @@ ], "purl": "pkg:pypi/retry-decorator@1.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-03-10T23:56:29Z" + }, { "name": "language", "value": "Python" @@ -2152,32 +2623,28 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2020-03-10T23:56:29.000Z" } ] }, { "type": "library", - "bom-ref": "42-google-apitools", - "name": "google-apitools", - "version": "0.5.32", + "bom-ref": "41-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Craig Citro", + "name": "Google Cloud Platform", "contact": [ { - "email": "craigcitro@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*", - "description": "client libraries for humans", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { - "alg": "SHA-1", - "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1" + "alg": "SHA-256", + "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94" } ], "licenses": [ @@ -2191,18 +2658,22 @@ ], "externalReferences": [ { - "url": "http://github.com/google/apitools", + "url": "https://github.com/googleapis/google-auth-library-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-apitools/0.5.32/#files", + "url": "https://pypi.org/project/google-auth/2.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-apitools@0.5.32", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ + { + "name": "release_date", + "value": "2023-03-28T19:51:30Z" + }, { "name": "language", "value": "Python" @@ -2210,32 +2681,86 @@ { "name": "python_version", "value": "3.9.20" + } + ] + }, + { + "type": "library", + "bom-ref": "42-cachetools", + "name": "cachetools", + "version": "5.5.0", + "supplier": { + "name": "Thomas Kemmer", + "contact": [ + { + "email": "tkemmer@computer.org" + } + ] + }, + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", + "hashes": [ + { + "alg": "SHA-256", + "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/tkem/cachetools/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/cachetools/5.5.0/#files", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.5.0", + "properties": [ + { + "name": "release_date", + "value": "2024-08-18T20:28:43Z" + }, + { + "name": "language", + "value": "Python" }, { - "name": "package_release_date", - "value": "2021-05-05T22:12:58.000Z" + "name": "python_version", + "value": "3.9.20" } ] }, { "type": "library", - "bom-ref": "43-monotonic", - "name": "monotonic", - "version": "1.6", + "bom-ref": "43-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Ori Livneh", + "name": "Google Cloud Platform", "contact": [ { - "email": "ori@wikimedia.org" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*", - "description": "An implementation of time.monotonic() for Python 2 & < 3.3", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library: httplib2 transport", "hashes": [ { - "alg": "SHA-1", - "content": "80681f6604e136e513550342f977edb98f5fc5ad" + "alg": "SHA-256", + "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d" } ], "licenses": [ @@ -2249,18 +2774,22 @@ ], "externalReferences": [ { - "url": "https://github.com/atdt/monotonic", + "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/monotonic/1.6/#files", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/monotonic@1.6", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-12T17:40:13Z" + }, { "name": "language", "value": "Python" @@ -2268,43 +2797,57 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2021-04-09T21:58:05.000Z" } ] }, { "type": "library", - "bom-ref": "44-importlib-metadata", - "name": "importlib-metadata", - "version": "8.5.0", + "bom-ref": "44-google-apitools", + "name": "google-apitools", + "version": "0.5.32", "supplier": { - "name": "Jason R .", + "name": "Craig Citro", "contact": [ { - "email": "jaraco@jaraco.com" + "email": "craigcitro@google.com" } ] }, - "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", - "description": "Read metadata from Python packages", + "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*", + "description": "client libraries for humans", "hashes": [ { - "alg": "SHA-1", - "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1" + "alg": "SHA-256", + "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", + "url": "http://github.com/google/apitools", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-apitools/0.5.32/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-metadata@8.5.0", + "purl": "pkg:pypi/google-apitools@0.5.32", "properties": [ + { + "name": "release_date", + "value": "2021-05-05T22:12:58Z" + }, { "name": "language", "value": "Python" @@ -2312,37 +2855,57 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-11T14:56:07.000Z" } ] }, { "type": "library", - "bom-ref": "45-zipp", - "name": "zipp", - "version": "3.21.0", + "bom-ref": "45-monotonic", + "name": "monotonic", + "version": "1.6", "supplier": { - "name": "Jason R .", + "name": "Ori Livneh", "contact": [ { - "email": "jaraco@jaraco.com" + "email": "ori@wikimedia.org" + } + ] + }, + "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*", + "description": "An implementation of time.monotonic() for Python 2 & < 3.3", + "hashes": [ + { + "alg": "SHA-256", + "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" } - ] - }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", - "description": "Backport of pathlib-compatible object wrapper for zip files", + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.21.0/#files", + "url": "https://github.com/atdt/monotonic", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/monotonic/1.6/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.21.0", + "purl": "pkg:pypi/monotonic@1.6", "properties": [ + { + "name": "release_date", + "value": "2021-04-09T21:58:05Z" + }, { "name": "language", "value": "Python" @@ -2350,10 +2913,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-10T15:05:19.000Z" } ] }, @@ -2365,8 +2924,8 @@ "description": "A very fast and expressive template engine.", "hashes": [ { - "alg": "SHA-1", - "content": "dd4a8b5466d8790540c181590b14db4d4d889d57" + "alg": "SHA-256", + "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d" } ], "externalReferences": [ @@ -2374,10 +2933,34 @@ "url": "https://pypi.org/project/jinja2/3.1.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jinja.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" + }, + { + "url": "https://jinja.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://github.com/pallets/jinja/", + "type": "vcs" } ], "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ + { + "name": "release_date", + "value": "2024-05-05T23:41:59Z" + }, { "name": "language", "value": "Python" @@ -2385,10 +2968,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-05-05T23:41:59.000Z" } ] }, @@ -2400,8 +2979,8 @@ "description": "Safely add untrusted strings to HTML/XML markup.", "hashes": [ { - "alg": "SHA-1", - "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + "alg": "SHA-256", + "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8" } ], "externalReferences": [ @@ -2409,10 +2988,34 @@ "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://markupsafe.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://markupsafe.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://github.com/pallets/markupsafe/", + "type": "vcs" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" } ], "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:20:51Z" + }, { "name": "language", "value": "Python" @@ -2420,10 +3023,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-18T15:20:51.000Z" } ] }, @@ -2442,11 +3041,17 @@ }, "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2461,10 +3066,38 @@ "url": "https://pypi.org/project/jsonschema/4.23.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://python-jsonschema.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema@4.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-08T18:40:00Z" + }, { "name": "language", "value": "Python" @@ -2472,10 +3105,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2496,8 +3125,8 @@ "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { - "alg": "SHA-1", - "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549" + "alg": "SHA-256", + "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf" } ], "externalReferences": [ @@ -2510,10 +3139,34 @@ "url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jsonschema-specifications.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema-specifications@2024.10.1", "properties": [ + { + "name": "release_date", + "value": "2024-10-08T12:29:30Z" + }, { "name": "language", "value": "Python" @@ -2521,10 +3174,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-08T12:29:30.000Z" } ] }, @@ -2545,8 +3194,8 @@ "description": "JSON Referencing + Python", "hashes": [ { - "alg": "SHA-1", - "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845" + "alg": "SHA-256", + "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de" } ], "externalReferences": [ @@ -2559,10 +3208,38 @@ "url": "https://pypi.org/project/referencing/0.35.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://referencing.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/referencing/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://referencing.readthedocs.io/en/stable/changes/", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/referencing", + "type": "vcs" } ], "purl": "pkg:pypi/referencing@0.35.1", "properties": [ + { + "name": "release_date", + "value": "2024-05-01T20:26:02Z" + }, { "name": "language", "value": "Python" @@ -2570,10 +3247,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-05-01T20:26:02.000Z" } ] }, @@ -2592,6 +3265,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-256", + "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2602,10 +3281,38 @@ "url": "https://pypi.org/project/rpds-py/0.22.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rpds.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/crate-py/rpds/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/crate-py/rpds", + "type": "vcs" + }, + { + "url": "https://github.com/orium/rpds", + "type": "other" } ], "purl": "pkg:pypi/rpds-py@0.22.3", "properties": [ + { + "name": "release_date", + "value": "2024-12-04T15:31:31Z" + }, { "name": "language", "value": "Python" @@ -2613,10 +3320,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-12-04T15:31:31.000Z" } ] }, @@ -2624,7 +3327,7 @@ "type": "library", "bom-ref": "52-lib4sbom", "name": "lib4sbom", - "version": "0.7.5", + "version": "0.8.0", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2633,8 +3336,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-256", + "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395" + } + ], "licenses": [ { "license": { @@ -2651,13 +3360,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.7.5/#files", + "url": "https://pypi.org/project/lib4sbom/0.8.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.5", + "purl": "pkg:pypi/lib4sbom@0.8.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-09T20:13:26Z" + }, { "name": "language", "value": "Python" @@ -2665,10 +3378,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-18T21:36:24.000Z" } ] }, @@ -2687,11 +3396,17 @@ }, "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2703,13 +3418,37 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyyaml/6.0.2/#files", + "url": "https://pypi.org/project/PyYAML/", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/yaml/pyyaml/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/yaml/pyyaml/actions", + "type": "build-system" + }, + { + "url": "https://pyyaml.org/wiki/PyYAMLDocumentation", + "type": "documentation" + }, + { + "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core", + "type": "mailing-list" + }, + { + "url": "https://github.com/yaml/pyyaml", + "type": "vcs" } ], "purl": "pkg:pypi/pyyaml@6.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T20:31:40Z" + }, { "name": "language", "value": "Python" @@ -2717,10 +3456,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2741,8 +3476,8 @@ "description": "A library implementing the 'SemVer' scheme.", "hashes": [ { - "alg": "SHA-1", - "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a" + "alg": "SHA-256", + "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177" } ], "licenses": [ @@ -2768,6 +3503,10 @@ ], "purl": "pkg:pypi/semantic-version@2.10.0", "properties": [ + { + "name": "release_date", + "value": "2022-05-26T13:35:21Z" + }, { "name": "language", "value": "Python" @@ -2775,10 +3514,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2022-05-26T13:35:21.000Z" } ] }, @@ -2799,8 +3534,8 @@ "description": "VEX generator and consumer library", "hashes": [ { - "alg": "SHA-1", - "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2" + "alg": "SHA-256", + "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce" } ], "licenses": [ @@ -2826,6 +3561,10 @@ ], "purl": "pkg:pypi/lib4vex@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-29T20:36:52Z" + }, { "name": "language", "value": "Python" @@ -2833,10 +3572,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-08-29T20:36:52.000Z" } ] }, @@ -2857,15 +3592,15 @@ "description": "CSAF generator and analyser", "hashes": [ { - "alg": "SHA-1", - "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4" + "alg": "SHA-256", + "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2884,6 +3619,10 @@ ], "purl": "pkg:pypi/csaf-tool@0.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-12T20:10:06Z" + }, { "name": "language", "value": "Python" @@ -2891,10 +3630,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-06-12T20:10:06.000Z" } ] }, @@ -2910,15 +3645,15 @@ "description": "A purl aka. Package URL parser and builder", "hashes": [ { - "alg": "SHA-1", - "content": "9155d4173e4c1f29a345de86c280ab783c837882" + "alg": "SHA-256", + "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2937,6 +3672,10 @@ ], "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-22T05:51:23Z" + }, { "name": "language", "value": "Python" @@ -2944,10 +3683,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-22T05:51:23.000Z" } ] }, @@ -2968,15 +3703,15 @@ "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "hashes": [ { - "alg": "SHA-1", - "content": "43d3b04725ab9731727fb1126e35980c62f32377" + "alg": "SHA-256", + "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2991,10 +3726,18 @@ "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rich.readthedocs.io/en/latest/", + "type": "documentation" } ], "purl": "pkg:pypi/rich@13.9.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T16:43:55Z" + }, { "name": "language", "value": "Python" @@ -3002,10 +3745,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -3026,8 +3765,8 @@ "description": "Python port of markdown-it. Markdown parsing, done right!", "hashes": [ { - "alg": "SHA-1", - "content": "bee6d1953be75717a3f2f6a917da6f464bed421d" + "alg": "SHA-256", + "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1" } ], "externalReferences": [ @@ -3040,10 +3779,18 @@ "url": "https://pypi.org/project/markdown-it-py/3.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://markdown-it-py.readthedocs.io", + "type": "documentation" } ], "purl": "pkg:pypi/markdown-it-py@3.0.0", "properties": [ + { + "name": "release_date", + "value": "2023-06-03T06:41:11Z" + }, { "name": "language", "value": "Python" @@ -3051,10 +3798,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2023-06-03T06:41:11.000Z" } ] }, @@ -3075,8 +3818,8 @@ "description": "Markdown URL utilities", "hashes": [ { - "alg": "SHA-1", - "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e" + "alg": "SHA-256", + "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8" } ], "externalReferences": [ @@ -3093,6 +3836,10 @@ ], "purl": "pkg:pypi/mdurl@0.1.2", "properties": [ + { + "name": "release_date", + "value": "2022-08-14T12:40:09Z" + }, { "name": "language", "value": "Python" @@ -3100,10 +3847,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2022-08-14T12:40:09.000Z" } ] }, @@ -3124,8 +3867,8 @@ "description": "Pygments is a syntax highlighting package written in Python.", "hashes": [ { - "alg": "SHA-1", - "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb" + "alg": "SHA-256", + "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a" } ], "licenses": [ @@ -3147,10 +3890,100 @@ "url": "https://pypi.org/project/pygments/2.18.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://pygments.org/docs", + "type": "documentation" + }, + { + "url": "https://github.com/pygments/pygments", + "type": "vcs" + }, + { + "url": "https://github.com/pygments/pygments/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pygments/pygments/blob/master/CHANGES", + "type": "log" + } + ], + "purl": "pkg:pypi/pygments@2.18.0", + "properties": [ + { + "name": "release_date", + "value": "2024-05-04T13:41:57Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.20" + } + ] + }, + { + "type": "library", + "bom-ref": "62-python-gnupg", + "name": "python-gnupg", + "version": "0.5.3", + "supplier": { + "name": "Vinay Sajip", + "contact": [ + { + "email": "vinay_sajip@yahoo.co.uk" + } + ] + }, + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", + "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "hashes": [ + { + "alg": "SHA-256", + "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/vsajip/python-gnupg", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://gnupg.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/vsajip/python-gnupg", + "type": "vcs" + }, + { + "url": "https://github.com/vsajip/python-gnupg/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/pygments@2.18.0", + "purl": "pkg:pypi/python-gnupg@0.5.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-20T16:43:47Z" + }, { "name": "language", "value": "Python" @@ -3158,16 +3991,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-05-04T13:41:57.000Z" } ] }, { "type": "library", - "bom-ref": "62-packaging", + "bom-ref": "63-packaging", "name": "packaging", "version": "24.2", "supplier": { @@ -3182,8 +4011,8 @@ "description": "Core utilities for Python packages", "hashes": [ { - "alg": "SHA-1", - "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + "alg": "SHA-256", + "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759" } ], "externalReferences": [ @@ -3191,10 +4020,22 @@ "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://packaging.pypa.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pypa/packaging", + "type": "vcs" } ], "purl": "pkg:pypi/packaging@24.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-08T09:47:44Z" + }, { "name": "language", "value": "Python" @@ -3202,16 +4043,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-11-08T09:47:44.000Z" } ] }, { "type": "library", - "bom-ref": "63-plotly", + "bom-ref": "64-plotly", "name": "plotly", "version": "5.24.1", "supplier": { @@ -3224,11 +4061,17 @@ }, "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3243,10 +4086,26 @@ "url": "https://pypi.org/project/plotly/5.24.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://plotly.com/python/", + "type": "documentation" + }, + { + "url": "https://github.com/plotly/plotly.py", + "type": "vcs" + }, + { + "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md", + "type": "log" } ], "purl": "pkg:pypi/plotly@5.24.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T15:36:24Z" + }, { "name": "language", "value": "Python" @@ -3254,16 +4113,12 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-12T15:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "64-tenacity", + "bom-ref": "65-tenacity", "name": "tenacity", "version": "9.0.0", "supplier": { @@ -3278,8 +4133,8 @@ "description": "Retry code until it succeeds", "hashes": [ { - "alg": "SHA-1", - "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb" + "alg": "SHA-256", + "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539" } ], "licenses": [ @@ -3306,63 +4161,9 @@ "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-07-29T12:12:25.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "65-python-gnupg", - "name": "python-gnupg", - "version": "0.5.3", - "supplier": { - "name": "Vinay Sajip", - "contact": [ - { - "email": "vinay_sajip@yahoo.co.uk" - } - ] - }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", - "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", - "hashes": [ - { - "alg": "SHA-1", - "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ - { - "url": "https://github.com/vsajip/python-gnupg", - "type": "website", - "comment": "Home page for project" + "name": "release_date", + "value": "2024-07-29T12:12:25Z" }, - { - "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/python-gnupg@0.5.3", - "properties": [ { "name": "language", "value": "Python" @@ -3370,10 +4171,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3394,8 +4191,8 @@ "description": "Python HTTP for Humans.", "hashes": [ { - "alg": "SHA-1", - "content": "0e322af87745eff34caffe4df68456ebc20d9068" + "alg": "SHA-256", + "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6" } ], "licenses": [ @@ -3417,10 +4214,22 @@ "url": "https://pypi.org/project/requests/2.32.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://requests.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/psf/requests", + "type": "vcs" } ], "purl": "pkg:pypi/requests@2.32.3", "properties": [ + { + "name": "release_date", + "value": "2024-05-29T15:37:47Z" + }, { "name": "language", "value": "Python" @@ -3428,51 +4237,65 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-05-29T15:37:47.000Z" } ] }, { "type": "library", - "bom-ref": "67-certifi", - "name": "certifi", - "version": "2024.8.30", + "bom-ref": "67-charset-normalizer", + "name": "charset-normalizer", + "version": "3.4.0", "supplier": { - "name": "Kenneth Reitz", + "name": "Ahmed TAHRI", "contact": [ { - "email": "me@kennethreitz.com" + "email": "tahri.ahmed@proton.me" } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*", - "description": "Python package for providing Mozilla's CA Bundle.", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", + "hashes": [ + { + "alg": "SHA-256", + "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6" + } + ], "licenses": [ { "license": { - "id": "MPL-2.0", - "url": "https://www.mozilla.org/MPL/2.0/", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/certifi/python-certifi", + "url": "https://github.com/Ousret/charset_normalizer", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2024.8.30/#files", + "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/Ousret/charset_normalizer/issues", + "type": "issue-tracker" + }, + { + "url": "https://charset-normalizer.readthedocs.io/en/latest", + "type": "documentation" } ], - "purl": "pkg:pypi/certifi@2024.8.30", + "purl": "pkg:pypi/charset-normalizer@3.4.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-09T07:38:02Z" + }, { "name": "language", "value": "Python" @@ -3480,51 +4303,59 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-08-30T01:55:02.000Z" } ] }, { "type": "library", - "bom-ref": "68-charset-normalizer", - "name": "charset-normalizer", - "version": "3.4.0", + "bom-ref": "68-urllib3", + "name": "urllib3", + "version": "2.2.3", "supplier": { - "name": "Ahmed TAHRI", + "name": "Andrey Petrov", "contact": [ { - "email": "tahri.ahmed@proton.me" + "email": "andrey.petrov@shazow.net" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", - "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "licenses": [ + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac" } ], "externalReferences": [ { - "url": "https://github.com/Ousret/charset_normalizer", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", + "url": "https://pypi.org/project/urllib3/2.2.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst", + "type": "log" + }, + { + "url": "https://urllib3.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/urllib3/urllib3", + "type": "vcs" + }, + { + "url": "https://github.com/urllib3/urllib3/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/charset-normalizer@3.4.0", + "purl": "pkg:pypi/urllib3@2.2.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T10:52:16Z" + }, { "name": "language", "value": "Python" @@ -3532,43 +4363,61 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-09T07:38:02.000Z" } ] }, { "type": "library", - "bom-ref": "69-urllib3", - "name": "urllib3", - "version": "2.2.3", + "bom-ref": "69-certifi", + "name": "certifi", + "version": "2024.12.14", "supplier": { - "name": "Andrey Petrov", + "name": "Kenneth Reitz", "contact": [ { - "email": "andrey.petrov@shazow.net" + "email": "me@kennethreitz.com" } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", "hashes": [ { - "alg": "SHA-1", - "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + "alg": "SHA-256", + "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-2.0", + "url": "https://www.mozilla.org/MPL/2.0/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.3/#files", + "url": "https://github.com/certifi/python-certifi", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/certifi/2024.12.14/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/certifi/python-certifi", + "type": "vcs" } ], - "purl": "pkg:pypi/urllib3@2.2.3", + "purl": "pkg:pypi/certifi@2024.12.14", "properties": [ + { + "name": "release_date", + "value": "2024-12-14T13:52:36Z" + }, { "name": "language", "value": "Python" @@ -3576,10 +4425,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3600,15 +4445,15 @@ "description": "Read rpm archive files", "hashes": [ { - "alg": "SHA-1", - "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5" + "alg": "SHA-256", + "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3627,6 +4472,10 @@ ], "purl": "pkg:pypi/rpmfile@2.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-24T21:57:45Z" + }, { "name": "language", "value": "Python" @@ -3634,10 +4483,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3656,15 +4501,37 @@ }, "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "hashes": [ + { + "alg": "SHA-256", + "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/setuptools/75.6.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pypa/setuptools", + "type": "vcs" + }, + { + "url": "https://setuptools.pypa.io/", + "type": "documentation" + }, + { + "url": "https://setuptools.pypa.io/en/stable/history.html", + "type": "log" } ], "purl": "pkg:pypi/setuptools@75.6.0", "properties": [ + { + "name": "release_date", + "value": "2024-11-20T18:16:10Z" + }, { "name": "language", "value": "Python" @@ -3692,15 +4559,15 @@ "description": "Python Library for Tom's Obvious, Minimal Language", "hashes": [ { - "alg": "SHA-1", - "content": "3f637dba5f68db63d4b30967fedda51c82459471" + "alg": "SHA-256", + "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3719,6 +4586,10 @@ ], "purl": "pkg:pypi/toml@0.10.2", "properties": [ + { + "name": "release_date", + "value": "2020-11-01T01:40:20Z" + }, { "name": "language", "value": "Python" @@ -3726,10 +4597,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2020-11-01T01:40:20.000Z" } ] }, @@ -3748,11 +4615,17 @@ }, "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", + "hashes": [ + { + "alg": "SHA-256", + "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3771,6 +4644,10 @@ ], "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T09:47:12Z" + }, { "name": "language", "value": "Python" @@ -3778,10 +4655,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-31T09:47:12.000Z" } ] }, @@ -3800,11 +4673,17 @@ }, "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "hashes": [ + { + "alg": "SHA-256", + "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3823,6 +4702,10 @@ ], "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-27T21:52:58Z" + }, { "name": "language", "value": "Python" @@ -3830,10 +4713,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-10-27T21:52:58.000Z" } ] }, @@ -3852,6 +4731,12 @@ }, "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*", "description": "Zstandard bindings for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9" + } + ], "licenses": [ { "license": { @@ -3875,6 +4760,10 @@ ], "purl": "pkg:pypi/zstandard@0.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-15T00:13:27Z" + }, { "name": "language", "value": "Python" @@ -3882,10 +4771,6 @@ { "name": "python_version", "value": "3.9.20" - }, - { - "name": "package_release_date", - "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3901,31 +4786,31 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "13-beautifulsoup4", - "15-cvss", - "16-defusedxml", - "17-distro", - "18-filetype", - "19-gsutil", - "44-importlib-metadata", + "15-beautifulsoup4", + "17-cvss", + "18-defusedxml", + "19-distro", + "20-filetype", + "21-gsutil", + "8-importlib-metadata", "46-jinja2", "48-jsonschema", "52-lib4sbom", "55-lib4vex", + "62-python-gnupg", "57-packageurl-python", - "62-packaging", - "63-plotly", - "65-python-gnupg", + "63-packaging", + "64-plotly", "53-pyyaml", "66-requests", "58-rich", "70-rpmfile", "71-setuptools", "72-toml", - "69-urllib3", + "68-urllib3", "73-xmlschema", - "45-zipp", - "75-zstandard" + "75-zstandard", + "9-zipp" ] }, { @@ -3936,9 +4821,9 @@ "6-async-timeout", "7-attrs", "5-frozenlist", - "8-multidict", - "10-propcache", - "11-yarl" + "11-multidict", + "12-propcache", + "13-yarl" ] }, { @@ -3948,84 +4833,87 @@ ] }, { - "ref": "8-multidict", + "ref": "7-attrs", "dependsOn": [ - "9-typing-extensions" + "8-importlib-metadata" ] }, { - "ref": "11-yarl", + "ref": "8-importlib-metadata", "dependsOn": [ - "12-idna", - "8-multidict", - "10-propcache" + "9-zipp", + "10-typing-extensions" ] }, { - "ref": "13-beautifulsoup4", + "ref": "11-multidict", "dependsOn": [ - "14-soupsieve" + "10-typing-extensions" ] }, { - "ref": "19-gsutil", + "ref": "13-yarl", "dependsOn": [ - "20-argcomplete", - "21-crcmod", - "22-fasteners", - "23-gcs-oauth2-boto-plugin", - "42-google-apitools", - "25-google-auth", - "31-google-auth-httplib2", - "34-google-reauth", - "32-httplib2", - "43-monotonic", - "37-pyopenssl", - "41-retry-decorator", - "30-six" + "14-idna", + "11-multidict", + "12-propcache" + ] + }, + { + "ref": "15-beautifulsoup4", + "dependsOn": [ + "16-soupsieve" ] }, { - "ref": "23-gcs-oauth2-boto-plugin", + "ref": "21-gsutil", "dependsOn": [ - "24-boto", - "25-google-auth", - "31-google-auth-httplib2", - "34-google-reauth", + "22-argcomplete", + "23-crcmod", + "24-fasteners", + "25-gcs-oauth2-boto-plugin", + "44-google-apitools", "32-httplib2", - "36-oauth2client", - "37-pyopenssl", - "41-retry-decorator", - "29-rsa", - "30-six" + "29-google-reauth", + "45-monotonic", + "36-pyopenssl", + "40-retry-decorator", + "31-six", + "41-google-auth", + "43-google-auth-httplib2" ] }, { - "ref": "25-google-auth", + "ref": "25-gcs-oauth2-boto-plugin", "dependsOn": [ - "26-cachetools", - "27-pyasn1-modules", - "29-rsa", - "30-six" + "26-rsa", + "28-boto", + "29-google-reauth", + "32-httplib2", + "34-oauth2client", + "36-pyopenssl", + "40-retry-decorator", + "31-six", + "41-google-auth", + "43-google-auth-httplib2" ] }, { - "ref": "27-pyasn1-modules", + "ref": "26-rsa", "dependsOn": [ - "28-pyasn1" + "27-pyasn1" ] }, { - "ref": "29-rsa", + "ref": "29-google-reauth", "dependsOn": [ - "28-pyasn1" + "30-pyu2f" ] }, { - "ref": "31-google-auth-httplib2", + "ref": "30-pyu2f", "dependsOn": [ - "25-google-auth", - "32-httplib2" + "31-six" ] }, { @@ -4035,52 +4923,62 @@ ] }, { - "ref": "34-google-reauth", + "ref": "34-oauth2client", "dependsOn": [ - "35-pyu2f" + "32-httplib2", + "27-pyasn1", + "35-pyasn1-modules", + "26-rsa", + "31-six" ] }, { - "ref": "35-pyu2f", + "ref": "35-pyasn1-modules", "dependsOn": [ - "30-six" + "27-pyasn1" ] }, { - "ref": "36-oauth2client", + "ref": "36-pyopenssl", "dependsOn": [ - "32-httplib2", - "28-pyasn1", - "27-pyasn1-modules", - "29-rsa", - "30-six" + "37-cryptography" + ] + }, + { + "ref": "37-cryptography", + "dependsOn": [ + "38-cffi" ] }, { - "ref": "37-pyopenssl", + "ref": "38-cffi", "dependsOn": [ - "38-cryptography" + "39-pycparser" ] }, { - "ref": "38-cryptography", + "ref": "41-google-auth", "dependsOn": [ - "39-cffi" + "42-cachetools", + "35-pyasn1-modules", + "31-six", + "26-rsa" ] }, { - "ref": "39-cffi", + "ref": "43-google-auth-httplib2", "dependsOn": [ - "40-pycparser" + "41-google-auth", + "32-httplib2" ] }, { - "ref": "42-google-apitools", + "ref": "44-google-apitools", "dependsOn": [ - "22-fasteners", "32-httplib2", - "36-oauth2client", - "30-six" + "24-fasteners", + "34-oauth2client", + "31-six" ] }, { @@ -4114,16 +5012,16 @@ { "ref": "52-lib4sbom", "dependsOn": [ - "16-defusedxml", "53-pyyaml", - "54-semantic-version" + "54-semantic-version", + "18-defusedxml" ] }, { "ref": "55-lib4vex", "dependsOn": [ - "56-csaf-tool", "52-lib4sbom", + "56-csaf-tool", "57-packageurl-python" ] }, @@ -4139,7 +5037,7 @@ "dependsOn": [ "59-markdown-it-py", "61-pygments", - "9-typing-extensions" + "10-typing-extensions" ] }, { @@ -4149,19 +5047,19 @@ ] }, { - "ref": "63-plotly", + "ref": "64-plotly", "dependsOn": [ - "62-packaging", - "64-tenacity" + "65-tenacity", + "63-packaging" ] }, { "ref": "66-requests", "dependsOn": [ - "67-certifi", - "68-charset-normalizer", - "12-idna", - "69-urllib3" + "67-charset-normalizer", + "14-idna", + "68-urllib3", + "69-certifi" ] }, { @@ -4169,6 +5067,12 @@ "dependsOn": [ "74-elementpath" ] + }, + { + "ref": "75-zstandard", + "dependsOn": [ + "38-cffi" + ] } ] } diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index 0ea6f31d91..d4dae4efe8 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-634a9368-ed3e-4f65-9676-93d8052f2d0d -LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-09T00:40:29Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-760aa8bc-559a-4597-a2fe-bd897ceb6610 +LicenseListVersion: 3.25 +Creator: Tool: sbom4python-0.12.1 +Created: 2024-12-16T00:39:29Z CreatorComment: This document has been automatically generated. ##### @@ -17,10 +17,12 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/intel/cve-bin-tool +PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool +ReleaseDate: 2024-09-17T18:57:44Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:* ##### @@ -33,10 +35,20 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp +PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) +ReleaseDate: 2024-12-05T23:51:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp +ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html +ExternalRef: OTHER other https://docs.aiohttp.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10 ##### @@ -48,29 +60,41 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8 PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues +ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal SPDXID: SPDXRef-4-aiosignal -PackageVersion: 1.3.1 +PackageVersion: 1.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files +PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiosignal -PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: aiosignal: a list of registered asynchronous callbacks -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal +ExternalRef: OTHER other https://docs.aiosignal.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2 ##### PackageName: frozenlist @@ -81,11 +105,22 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist +PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence +ReleaseDate: 2024-10-23T09:46:20Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist +ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog +ExternalRef: OTHER other https://frozenlist.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### @@ -97,11 +132,18 @@ PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/async-timeout +PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs +ReleaseDate: 2024-11-06T16:41:37Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### @@ -113,422 +155,511 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false -PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a +PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate +ReleaseDate: 2024-08-06T14:37:36Z +ExternalRef: OTHER documentation https://www.attrs.org/ +ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html +ExternalRef: OTHER vcs https://github.com/python-attrs/attrs +ExternalRef: OTHER other https://github.com/sponsors/hynek +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:* ##### -PackageName: multidict -SPDXID: SPDXRef-8-multidict -PackageVersion: 6.1.0 +PackageName: importlib-metadata +SPDXID: SPDXRef-8-importlib-metadata +PackageVersion: 8.5.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/multidict -PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 +PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION -PackageSummary: multidict implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +PackageSummary: Read metadata from Python packages +ReleaseDate: 2024-09-11T14:56:07Z +ExternalRef: OTHER vcs https://github.com/python/importlib_metadata +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* +##### + +PackageName: zipp +SPDXID: SPDXRef-9-zipp +PackageVersion: 3.21.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files +FilesAnalyzed: false +PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backport of pathlib-compatible object wrapper for zip files +ReleaseDate: 2024-11-10T15:05:19Z +ExternalRef: OTHER vcs https://github.com/jaraco/zipp +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: typing-extensions -SPDXID: SPDXRef-9-typing-extensions +SPDXID: SPDXRef-10-typing-extensions PackageVersion: 4.12.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 +PackageHomePage: https://github.com/python/typing_extensions +PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backported and Experimental Type Hints for Python 3.8+ +ReleaseDate: 2024-06-07T18:52:13Z +ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues +ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ +ExternalRef: OTHER other https://github.com/python/typing/discussions +ExternalRef: OTHER vcs https://github.com/python/typing_extensions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### +PackageName: multidict +SPDXID: SPDXRef-11-multidict +PackageVersion: 6.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: multidict implementation +ReleaseDate: 2024-09-09T23:47:18Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict +ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://multidict.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/multidict +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +##### + PackageName: propcache -SPDXID: SPDXRef-10-propcache +SPDXID: SPDXRef-12-propcache PackageVersion: 0.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache +ReleaseDate: 2024-12-01T18:27:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache +ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/ +ExternalRef: OTHER other https://propcache.readthedocs.io +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/propcache ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-11-yarl +SPDXID: SPDXRef-13-yarl PackageVersion: 1.18.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl +PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library +ReleaseDate: 2024-12-01T20:32:32Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl +ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://yarl.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/yarl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-12-idna +SPDXID: SPDXRef-14-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files FilesAnalyzed: false +PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) +ReleaseDate: 2024-09-15T18:07:37Z +ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst +ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues +ExternalRef: OTHER vcs https://github.com/kjd/idna ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-13-beautifulsoup4 +SPDXID: SPDXRef-15-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files FilesAnalyzed: false PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ +PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Screen-scraping library +ReleaseDate: 2024-01-17T16:53:12Z +ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:* ##### PackageName: soupsieve -SPDXID: SPDXRef-14-soupsieve +SPDXID: SPDXRef-16-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve -PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 +PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. +ReleaseDate: 2024-08-13T13:39:10Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-15-cvss +SPDXID: SPDXRef-17-cvss PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss -PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 +PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 +ReleaseDate: 2024-11-01T10:05:52Z +ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases +ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss +ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues +ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml -SPDXID: SPDXRef-16-defusedxml +SPDXID: SPDXRef-18-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) -PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files +PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml FilesAnalyzed: false PackageHomePage: https://github.com/tiran/defusedxml -PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184 +PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: XML bomb protection for Python stdlib modules +ReleaseDate: 2021-03-08T10:59:24Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro -SPDXID: SPDXRef-17-distro +SPDXID: SPDXRef-19-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-distro/distro +PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Distro - an OS platform information API +ReleaseDate: 2023-12-24T09:54:30Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-18-filetype +SPDXID: SPDXRef-20-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) -PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files +PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master FilesAnalyzed: false PackageHomePage: https://github.com/h2non/filetype.py -PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585 +PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies. +ReleaseDate: 2022-11-02T17:34:01Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:* ##### PackageName: gsutil -SPDXID: SPDXRef-19-gsutil -PackageVersion: 5.32 +SPDXID: SPDXRef-21-gsutil +PackageVersion: 5.33 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files +PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil +PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* +ReleaseDate: 2024-12-11T09:40:59Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-20-argcomplete +SPDXID: SPDXRef-22-argcomplete PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete -PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc +PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse +ReleaseDate: 2024-12-06T18:24:27Z +ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete +ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete +ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues +ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-21-crcmod +SPDXID: SPDXRef-23-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) -PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files +PackageDownloadLocation: http://sourceforge.net/projects/crcmod FilesAnalyzed: false PackageHomePage: http://crcmod.sourceforge.net/ +PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CRC Generator +ReleaseDate: 2010-06-27T14:35:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-22-fasteners +SPDXID: SPDXRef-24-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files FilesAnalyzed: false PackageHomePage: https://github.com/harlowja/fasteners -PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4 +PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks +ReleaseDate: 2023-09-19T17:11:18Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files +PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin FilesAnalyzed: false PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary -PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb +PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. +ReleaseDate: 2024-05-02T14:37:31Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### -PackageName: boto -SPDXID: SPDXRef-24-boto -PackageVersion: 2.49.0 +PackageName: rsa +SPDXID: SPDXRef-26-rsa +PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) -PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files FilesAnalyzed: false -PackageHomePage: https://github.com/boto/boto/ -PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageHomePage: https://stuvel.eu/rsa +PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Amazon Web Services Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ReleaseDate: 2021-02-24T10:55:03Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-25-google-auth -PackageVersion: 2.17.0 +PackageName: pyasn1 +SPDXID: SPDXRef-27-pyasn1 +PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files FilesAnalyzed: false -PackageHomePage: https://github.com/googleapis/google-auth-library-python -PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageHomePage: https://github.com/pyasn1/pyasn1 +PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034 +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ReleaseDate: 2024-09-10T22:41:42Z +ExternalRef: OTHER documentation https://pyasn1.readthedocs.io +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1 +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues +ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* ##### -PackageName: cachetools -SPDXID: SPDXRef-26-cachetools -PackageVersion: 5.5.0 +PackageName: boto +SPDXID: SPDXRef-28-boto +PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files FilesAnalyzed: false -PackageHomePage: https://github.com/tkem/cachetools/ +PackageHomePage: https://github.com/boto/boto/ +PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +PackageSummary: Amazon Web Services Library +ReleaseDate: 2018-07-11T20:58:55Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-27-pyasn1-modules -PackageVersion: 0.4.1 +PackageName: google-reauth +SPDXID: SPDXRef-29-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageHomePage: https://github.com/Google/google-reauth-python +PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368 PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-28-pyasn1 -PackageVersion: 0.6.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1 -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ReleaseDate: 2020-12-01T17:35:45Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-29-rsa -PackageVersion: 4.7.2 +PackageName: pyu2f +SPDXID: SPDXRef-30-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files FilesAnalyzed: false -PackageHomePage: https://stuvel.eu/rsa -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageHomePage: https://github.com/google/pyu2f/ +PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ReleaseDate: 2020-10-30T20:03:07Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-30-six +SPDXID: SPDXRef-31-six PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six +PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities +ReleaseDate: 2024-12-04T17:35:26Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### -PackageName: google-auth-httplib2 -SPDXID: SPDXRef-31-google-auth-httplib2 -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 -PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library: httplib2 transport -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* -##### - PackageName: httplib2 SPDXID: SPDXRef-32-httplib2 PackageVersion: 0.20.4 @@ -537,11 +668,12 @@ PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/httplib2/httplib2 -PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4 +PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A comprehensive HTTP client library. +ReleaseDate: 2022-02-03T00:00:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### @@ -554,219 +686,253 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ +PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars +ReleaseDate: 2024-10-13T10:01:13Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-34-google-reauth -PackageVersion: 0.1.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/Google/google-reauth-python -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* -##### - -PackageName: pyu2f -SPDXID: SPDXRef-35-pyu2f -PackageVersion: 0.1.5 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/google/pyu2f/ -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* -##### - PackageName: oauth2client -SPDXID: SPDXRef-36-oauth2client +SPDXID: SPDXRef-34-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/oauth2client/ -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: OAuth 2.0 client library +ReleaseDate: 2018-09-07T21:38:16Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### +PackageName: pyasn1-modules +SPDXID: SPDXRef-35-pyasn1-modules +PackageVersion: 0.4.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ReleaseDate: 2024-09-10T22:42:08Z +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues +ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +##### + PackageName: pyopenssl -SPDXID: SPDXRef-37-pyopenssl +SPDXID: SPDXRef-36-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ +PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library +ReleaseDate: 2024-07-20T17:26:29Z +ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography -SPDXID: SPDXRef-38-cryptography +SPDXID: SPDXRef-37-cryptography PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography +PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. +ReleaseDate: 2024-10-18T15:57:36Z +ExternalRef: OTHER documentation https://cryptography.io/ +ExternalRef: OTHER vcs https://github.com/pyca/cryptography/ +ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues +ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-39-cffi +SPDXID: SPDXRef-38-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org -PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 +PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Foreign Function Interface for Python calling C code. +ReleaseDate: 2024-09-04T20:43:30Z +ExternalRef: OTHER documentation http://cffi.readthedocs.org/ +ExternalRef: OTHER vcs https://github.com/python-cffi/cffi +ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues +ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html +ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases +ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:* ##### PackageName: pycparser -SPDXID: SPDXRef-40-pycparser +SPDXID: SPDXRef-39-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files FilesAnalyzed: false PackageHomePage: https://github.com/eliben/pycparser -PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 +PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: C parser in Python +ReleaseDate: 2024-03-30T13:22:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-41-retry-decorator +SPDXID: SPDXRef-40-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/pnpnpn/retry-decorator -PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 +PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Retry Decorator +ReleaseDate: 2020-03-10T23:56:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### +PackageName: google-auth +SPDXID: SPDXRef-41-google-auth +PackageVersion: 2.17.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/googleapis/google-auth-library-python +PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library +ReleaseDate: 2023-03-28T19:51:30Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +##### + +PackageName: cachetools +SPDXID: SPDXRef-42-cachetools +PackageVersion: 5.5.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/tkem/cachetools/ +PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ReleaseDate: 2024-08-18T20:28:43Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +##### + +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-43-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 +PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library: httplib2 transport +ReleaseDate: 2023-12-12T17:40:13Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: google-apitools -SPDXID: SPDXRef-42-google-apitools +SPDXID: SPDXRef-44-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/apitools -PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1 +PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: client libraries for humans +ReleaseDate: 2021-05-05T22:12:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-43-monotonic +SPDXID: SPDXRef-45-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/atdt/monotonic -PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad +PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 +ReleaseDate: 2021-04-09T21:58:05Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### -PackageName: importlib-metadata -SPDXID: SPDXRef-44-importlib-metadata -PackageVersion: 8.5.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files -FilesAnalyzed: false -PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Read metadata from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* -##### - -PackageName: zipp -SPDXID: SPDXRef-45-zipp -PackageVersion: 3.21.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* -##### - PackageName: jinja2 SPDXID: SPDXRef-46-jinja2 PackageVersion: 3.1.4 @@ -774,11 +940,17 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files FilesAnalyzed: false -PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57 +PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. +ReleaseDate: 2024-05-05T23:41:59Z +ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/ +ExternalRef: OTHER chat https://discord.gg/pallets +ExternalRef: OTHER documentation https://jinja.palletsprojects.com/ +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER vcs https://github.com/pallets/jinja/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### @@ -789,12 +961,46 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c +PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION -PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: markupsafe declares Copyright 2010 Pallets + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. +ReleaseDate: 2024-10-18T15:20:51Z +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/ +ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/ +ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/ +ExternalRef: OTHER chat https://discord.gg/pallets ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### @@ -806,10 +1012,18 @@ PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema +PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python +ReleaseDate: 2024-07-08T18:40:00Z +ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:* ##### @@ -822,11 +1036,17 @@ PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVin PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications -PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549 +PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ReleaseDate: 2024-10-08T12:29:30Z +ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:* ##### @@ -839,11 +1059,18 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/referencing -PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845 +PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python +ReleaseDate: 2024-05-01T20:26:02Z +ExternalRef: OTHER documentation https://referencing.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/ +ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### @@ -856,28 +1083,38 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ReleaseDate: 2024-12-04T15:31:31Z +ExternalRef: OTHER documentation https://rpds.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/crate-py/rpds +ExternalRef: OTHER other https://github.com/orium/rpds ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:* ##### PackageName: lib4sbom SPDXID: SPDXRef-52-lib4sbom -PackageVersion: 0.7.5 +PackageVersion: 0.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom +PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:* +ReleaseDate: 2024-12-09T20:13:26Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -885,13 +1122,20 @@ SPDXID: SPDXRef-53-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files +PackageDownloadLocation: https://pypi.org/project/PyYAML/ FilesAnalyzed: false PackageHomePage: https://pyyaml.org/ +PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python +ReleaseDate: 2024-08-06T20:31:40Z +ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues +ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions +ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation +ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core +ExternalRef: OTHER vcs https://github.com/yaml/pyyaml ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:* ##### @@ -904,12 +1148,13 @@ PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.o PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/rbarrois/python-semanticversion -PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a +PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A library implementing the 'SemVer' scheme. +ReleaseDate: 2022-05-26T13:35:21Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### @@ -922,11 +1167,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4vex -PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2 +PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library +ReleaseDate: 2024-08-29T20:36:52Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### @@ -939,11 +1185,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/csaf -PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4 +PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CSAF generator and analyser +ReleaseDate: 2024-06-12T20:10:06Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* ##### @@ -956,11 +1203,12 @@ PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 +PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder +ReleaseDate: 2024-10-22T05:51:23Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### @@ -973,11 +1221,13 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich -PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 +PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ReleaseDate: 2024-11-01T16:43:55Z +ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### @@ -990,11 +1240,13 @@ PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/markdown-it-py -PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d +PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ReleaseDate: 2023-06-03T06:41:11Z +ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* ##### @@ -1007,11 +1259,12 @@ PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/mdurl -PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e +PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Markdown URL utilities +ReleaseDate: 2022-08-14T12:40:09Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### @@ -1024,83 +1277,101 @@ PackageSupplier: Person: Georg Brandl (georg@python.org) PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files FilesAnalyzed: false PackageHomePage: https://pygments.org -PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb +PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. +ReleaseDate: 2024-05-04T13:41:57Z +ExternalRef: OTHER documentation https://pygments.org/docs +ExternalRef: OTHER vcs https://github.com/pygments/pygments +ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues +ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### +PackageName: python-gnupg +SPDXID: SPDXRef-62-python-gnupg +PackageVersion: 0.5.3 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) +ReleaseDate: 2024-09-20T16:43:47Z +ExternalRef: OTHER documentation https://gnupg.readthedocs.io/ +ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg +ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* +##### + PackageName: packaging -SPDXID: SPDXRef-62-packaging +SPDXID: SPDXRef-63-packaging PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f +PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages +ReleaseDate: 2024-11-08T09:47:44Z +ExternalRef: OTHER documentation https://packaging.pypa.io/ +ExternalRef: OTHER vcs https://github.com/pypa/packaging ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-63-plotly +SPDXID: SPDXRef-64-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files FilesAnalyzed: false PackageHomePage: https://plotly.com/python/ +PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python +ReleaseDate: 2024-09-12T15:36:24Z +ExternalRef: OTHER documentation https://plotly.com/python/ +ExternalRef: OTHER vcs https://github.com/plotly/plotly.py +ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-64-tenacity +SPDXID: SPDXRef-65-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/jd/tenacity -PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb +PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds +ReleaseDate: 2024-07-29T12:12:25Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### -PackageName: python-gnupg -SPDXID: SPDXRef-65-python-gnupg -PackageVersion: 0.5.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/vsajip/python-gnupg -PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* -##### - PackageName: requests SPDXID: SPDXRef-66-requests PackageVersion: 2.32.3 @@ -1109,63 +1380,78 @@ PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files FilesAnalyzed: false PackageHomePage: https://requests.readthedocs.io -PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068 +PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python HTTP for Humans. +ReleaseDate: 2024-05-29T15:37:47Z +ExternalRef: OTHER documentation https://requests.readthedocs.io +ExternalRef: OTHER vcs https://github.com/psf/requests ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:* ##### -PackageName: certifi -SPDXID: SPDXRef-67-certifi -PackageVersion: 2024.8.30 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/certifi/python-certifi -PackageLicenseDeclared: MPL-2.0 -PackageLicenseConcluded: MPL-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:* -##### - PackageName: charset-normalizer -SPDXID: SPDXRef-68-charset-normalizer +SPDXID: SPDXRef-67-charset-normalizer PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Ousret/charset_normalizer +PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ReleaseDate: 2024-10-09T07:38:02Z +ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues +ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-69-urllib3 +SPDXID: SPDXRef-68-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false -PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df +PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ReleaseDate: 2024-09-12T10:52:16Z +ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst +ExternalRef: OTHER documentation https://urllib3.readthedocs.io +ExternalRef: OTHER vcs https://github.com/urllib3/urllib3 +ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:* ##### +PackageName: certifi +SPDXID: SPDXRef-69-certifi +PackageVersion: 2024.12.14 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) +PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/certifi/python-certifi +PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 +PackageLicenseDeclared: MPL-2.0 +PackageLicenseConcluded: MPL-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Python package for providing Mozilla's CA Bundle. +ReleaseDate: 2024-12-14T13:52:36Z +ExternalRef: OTHER vcs https://github.com/certifi/python-certifi +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:* +##### + PackageName: rpmfile SPDXID: SPDXRef-70-rpmfile PackageVersion: 2.1.0 @@ -1174,11 +1460,12 @@ PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/srossross/rpmfile -PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5 +PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Read rpm archive files +ReleaseDate: 2024-07-24T21:57:45Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### @@ -1190,10 +1477,15 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files FilesAnalyzed: false +PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ReleaseDate: 2024-11-20T18:16:10Z +ExternalRef: OTHER vcs https://github.com/pypa/setuptools +ExternalRef: OTHER documentation https://setuptools.pypa.io/ +ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:* ##### @@ -1206,11 +1498,12 @@ PackageSupplier: Person: William Pearson (uiri@xqz.ca) PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/uiri/toml -PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471 +PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python Library for Tom's Obvious, Minimal Language +ReleaseDate: 2020-11-01T01:40:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* ##### @@ -1223,10 +1516,12 @@ PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema +PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder +ReleaseDate: 2024-10-31T09:47:12Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### @@ -1239,10 +1534,12 @@ PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath +PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml +ReleaseDate: 2024-10-27T21:52:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### @@ -1255,24 +1552,24 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/indygreg/python-zstandard +PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python +ReleaseDate: 2024-07-15T00:13:27Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-importlib-metadata -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-zipp +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2 Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-lib4sbom @@ -1280,75 +1577,78 @@ Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-pyyaml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-lib4vex Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-packageurl-python Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-plotly Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-urllib3 Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-rpmfile Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-setuptools Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-toml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-xmlschema Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-zstandard -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2 -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-importlib-metadata +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-9-zipp +Relationship: SPDXRef-11-multidict DEPENDS_ON SPDXRef-10-typing-extensions +Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-11-multidict +Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-12-propcache +Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-14-idna +Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-multidict +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-13-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2 -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2 +Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f +Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing -Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f -Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography -Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi -Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules +Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography +Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi +Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools +Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-referencing @@ -1357,7 +1657,7 @@ Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-7-attrs Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-50-referencing Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-51-rpds-py Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml +Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-53-pyyaml Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-54-semantic-version Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-52-lib4sbom @@ -1365,16 +1665,19 @@ Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-56-csaf-tool Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-57-packageurl-python Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-57-packageurl-python Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-58-rich +Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-10-typing-extensions Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-59-markdown-it-py Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-61-pygments -Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-9-typing-extensions Relationship: SPDXRef-59-markdown-it-py DEPENDS_ON SPDXRef-60-mdurl -Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging -Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity -Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-12-idna -Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-certifi -Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-charset-normalizer -Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-urllib3 +Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-63-packaging +Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-65-tenacity +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-14-idna +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-charset-normalizer +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-urllib3 +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-certifi +Relationship: SPDXRef-7-attrs DEPENDS_ON SPDXRef-8-importlib-metadata Relationship: SPDXRef-73-xmlschema DEPENDS_ON SPDXRef-74-elementpath -Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-75-zstandard DEPENDS_ON SPDXRef-38-cffi +Relationship: SPDXRef-8-importlib-metadata DEPENDS_ON SPDXRef-10-typing-extensions +Relationship: SPDXRef-8-importlib-metadata DEPENDS_ON SPDXRef-9-zipp Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From df347a44e77971465368c7abc5f49cee92a71b2d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:46:25 +0000 Subject: [PATCH 36/47] chore: update SBOM for Python 3.10 (#4626) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 2831 ++++++++++++++++++++++----------- sbom/cve-bin-tool-py3.10.spdx | 1118 ++++++++----- 2 files changed, 2609 insertions(+), 1340 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index c0190371f3..ec697c7c36 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:cc4c1587-f7c9-47e1-9748-a28d02e87e61", + "serialNumber": "urn:uuid:9156251d-e08f-4547-bd3b-7efd92c86014", "version": 1, "metadata": { - "timestamp": "2024-12-09T00:40:33Z", + "timestamp": "2024-12-16T00:38:54Z", "lifecycles": [ { "phase": "build" @@ -15,7 +15,7 @@ "components": [ { "name": "sbom4python", - "version": "0.11.3", + "version": "0.12.1", "type": "application" } ] @@ -42,6 +42,12 @@ }, "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", + "hashes": [ + { + "alg": "SHA-256", + "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d" + } + ], "licenses": [ { "license": { @@ -65,6 +71,10 @@ ], "purl": "pkg:pypi/cve-bin-tool@3.4", "properties": [ + { + "name": "release_date", + "value": "2024-09-17T18:57:44Z" + }, { "name": "language", "value": "Python" @@ -81,6 +91,12 @@ "name": "aiohttp", "version": "3.11.10", "description": "Async http client/server framework (asyncio)", + "hashes": [ + { + "alg": "SHA-256", + "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d" + } + ], "licenses": [ { "license": { @@ -100,10 +116,46 @@ "url": "https://pypi.org/project/aiohttp/3.11.10/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiohttp", + "type": "other" + }, + { + "url": "https://docs.aiohttp.org/en/stable/changes.html", + "type": "log" + }, + { + "url": "https://docs.aiohttp.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohttp", + "type": "vcs" } ], "purl": "pkg:pypi/aiohttp@3.11.10", "properties": [ + { + "name": "release_date", + "value": "2024-12-05T23:51:02Z" + }, { "name": "language", "value": "Python" @@ -111,10 +163,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-12-05T23:51:02.000Z" } ] }, @@ -133,6 +181,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-256", + "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8" + } + ], "licenses": [ { "license": { @@ -152,10 +206,30 @@ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://aiohappyeyeballs.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs", + "type": "vcs" } ], "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -163,10 +237,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -174,14 +244,8 @@ "type": "library", "bom-ref": "4-aiosignal", "name": "aiosignal", - "version": "1.3.1", + "version": "1.3.2", "description": "aiosignal: a list of registered asynchronous callbacks", - "hashes": [ - { - "alg": "SHA-1", - "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3" - } - ], "licenses": [ { "license": { @@ -198,13 +262,41 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiosignal/1.3.1/#files", + "url": "https://pypi.org/project/aiosignal/1.3.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiosignal", + "type": "other" + }, + { + "url": "https://docs.aiosignal.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiosignal", + "type": "vcs" } ], - "purl": "pkg:pypi/aiosignal@1.3.1", + "purl": "pkg:pypi/aiosignal@1.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -212,10 +304,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2022-11-08T16:03:57.000Z" } ] }, @@ -225,6 +313,12 @@ "name": "frozenlist", "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", + "hashes": [ + { + "alg": "SHA-256", + "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a" + } + ], "licenses": [ { "license": { @@ -244,10 +338,50 @@ "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/frozenlist", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog", + "type": "log" + }, + { + "url": "https://frozenlist.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/frozenlist", + "type": "vcs" } ], "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-23T09:46:20Z" + }, { "name": "language", "value": "Python" @@ -255,10 +389,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -277,6 +407,12 @@ }, "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", + "hashes": [ + { + "alg": "SHA-256", + "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c" + } + ], "licenses": [ { "license": { @@ -296,10 +432,34 @@ "url": "https://pypi.org/project/async-timeout/5.0.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/async-timeout/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/async-timeout", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/async-timeout/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/async-timeout", + "type": "vcs" } ], "purl": "pkg:pypi/async-timeout@5.0.1", "properties": [ + { + "name": "release_date", + "value": "2024-11-06T16:41:37Z" + }, { "name": "language", "value": "Python" @@ -307,10 +467,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-06T16:41:37.000Z" } ] }, @@ -331,8 +487,8 @@ "description": "Classes Without Boilerplate", "hashes": [ { - "alg": "SHA-1", - "content": "6771a04893780166e4b7826b63599f43ac30d00a" + "alg": "SHA-256", + "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2" } ], "externalReferences": [ @@ -340,10 +496,34 @@ "url": "https://pypi.org/project/attrs/24.2.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.attrs.org/", + "type": "documentation" + }, + { + "url": "https://www.attrs.org/en/stable/changelog.html", + "type": "log" + }, + { + "url": "https://github.com/python-attrs/attrs", + "type": "vcs" + }, + { + "url": "https://github.com/sponsors/hynek", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi", + "type": "other" } ], "purl": "pkg:pypi/attrs@24.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T14:37:36Z" + }, { "name": "language", "value": "Python" @@ -351,57 +531,47 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-08-06T14:37:36.000Z" } ] }, { "type": "library", - "bom-ref": "8-multidict", - "name": "multidict", - "version": "6.1.0", + "bom-ref": "8-importlib-metadata", + "name": "importlib-metadata", + "version": "8.0.0", "supplier": { - "name": "Andrew Svetlov", + "name": "Jason R .", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", - "description": "multidict implementation", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*", + "description": "Read metadata from Python packages", "hashes": [ { - "alg": "SHA-1", - "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/multidict/6.1.0/#files", + "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_metadata", + "type": "vcs" } ], - "purl": "pkg:pypi/multidict@6.1.0", + "purl": "pkg:pypi/importlib-metadata@8.0.0", "properties": [ + { + "name": "release_date", + "value": "2024-06-25T18:38:02Z" + }, { "name": "language", "value": "Python" @@ -409,43 +579,47 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "9-typing-extensions", - "name": "typing-extensions", - "version": "4.12.2", + "bom-ref": "9-zipp", + "name": "zipp", + "version": "3.21.0", "supplier": { - "name": "Guido van Jukka ukasz Michael", + "name": "Jason R .", "contact": [ { - "email": "levkivskyi@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", - "description": "Backported and Experimental Type Hints for Python 3.8+", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", + "description": "Backport of pathlib-compatible object wrapper for zip files", "hashes": [ { - "alg": "SHA-1", - "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + "alg": "SHA-256", + "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931" } ], "externalReferences": [ { - "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/jaraco/zipp", + "type": "vcs" } ], - "purl": "pkg:pypi/typing-extensions@4.12.2", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ + { + "name": "release_date", + "value": "2024-11-10T15:05:19Z" + }, { "name": "language", "value": "Python" @@ -453,51 +627,68 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-06-07T18:52:13.000Z" } ] }, { "type": "library", - "bom-ref": "10-propcache", - "name": "propcache", - "version": "0.2.1", + "bom-ref": "10-typing-extensions", + "name": "typing-extensions", + "version": "4.12.2", "supplier": { - "name": "Andrew Svetlov", + "name": "Guido van Jukka ukasz Michael", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "levkivskyi@gmail.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", + "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", + "url": "https://github.com/python/typing_extensions", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/propcache/0.2.1/#files", + "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/typing_extensions/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://typing-extensions.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python/typing/discussions", + "type": "other" + }, + { + "url": "https://github.com/python/typing_extensions", + "type": "vcs" } ], - "purl": "pkg:pypi/propcache@0.2.1", + "purl": "pkg:pypi/typing-extensions@4.12.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-07T18:52:13Z" + }, { "name": "language", "value": "Python" @@ -510,9 +701,9 @@ }, { "type": "library", - "bom-ref": "11-yarl", - "name": "yarl", - "version": "1.18.3", + "bom-ref": "11-multidict", + "name": "multidict", + "version": "6.1.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -521,8 +712,14 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", + "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-256", + "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60" + } + ], "licenses": [ { "license": { @@ -534,18 +731,58 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/multidict", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.18.3/#files", + "url": "https://pypi.org/project/multidict/6.1.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/multidict", + "type": "other" + }, + { + "url": "https://multidict.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://multidict.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/multidict", + "type": "vcs" } ], - "purl": "pkg:pypi/yarl@1.18.3", + "purl": "pkg:pypi/multidict@6.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-09-09T23:47:18Z" + }, { "name": "language", "value": "Python" @@ -553,16 +790,200 @@ { "name": "python_version", "value": "3.10.15" + } + ] + }, + { + "type": "library", + "bom-ref": "12-propcache", + "name": "propcache", + "version": "0.2.1", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", + "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-256", + "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/propcache", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/propcache/0.2.1/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/propcache", + "type": "other" + }, + { + "url": "https://propcache.readthedocs.io/en/latest/changes/", + "type": "log" + }, + { + "url": "https://propcache.readthedocs.io", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/propcache", + "type": "vcs" + } + ], + "purl": "pkg:pypi/propcache@0.2.1", + "properties": [ + { + "name": "release_date", + "value": "2024-12-01T18:27:02Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.10.15" + } + ] + }, + { + "type": "library", + "bom-ref": "13-yarl", + "name": "yarl", + "version": "1.18.3", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.18.3/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/yarl", + "type": "other" + }, + { + "url": "https://yarl.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://yarl.aio-libs.org", + "type": "other" }, { - "name": "package_release_date", - "value": "2024-12-01T20:32:32.000Z" + "url": "https://github.com/aio-libs/yarl/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/yarl", + "type": "vcs" + } + ], + "purl": "pkg:pypi/yarl@1.18.3", + "properties": [ + { + "name": "release_date", + "value": "2024-12-01T20:32:32Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.10.15" } ] }, { "type": "library", - "bom-ref": "12-idna", + "bom-ref": "14-idna", "name": "idna", "version": "3.10", "supplier": { @@ -575,15 +996,37 @@ }, "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-256", + "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst", + "type": "log" + }, + { + "url": "https://github.com/kjd/idna/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kjd/idna", + "type": "vcs" } ], "purl": "pkg:pypi/idna@3.10", "properties": [ + { + "name": "release_date", + "value": "2024-09-15T18:07:37Z" + }, { "name": "language", "value": "Python" @@ -591,16 +1034,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-15T18:07:37.000Z" } ] }, { "type": "library", - "bom-ref": "13-beautifulsoup4", + "bom-ref": "15-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -613,11 +1052,17 @@ }, "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", "description": "Screen-scraping library", + "hashes": [ + { + "alg": "SHA-256", + "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -632,10 +1077,18 @@ "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/", + "type": "other" } ], "purl": "pkg:pypi/beautifulsoup4@4.12.3", "properties": [ + { + "name": "release_date", + "value": "2024-01-17T16:53:12Z" + }, { "name": "language", "value": "Python" @@ -643,16 +1096,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-01-17T16:53:12.000Z" } ] }, { "type": "library", - "bom-ref": "14-soupsieve", + "bom-ref": "16-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -667,8 +1116,8 @@ "description": "A modern CSS selector implementation for Beautiful Soup.", "hashes": [ { - "alg": "SHA-1", - "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + "alg": "SHA-256", + "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9" } ], "externalReferences": [ @@ -685,6 +1134,10 @@ ], "purl": "pkg:pypi/soupsieve@2.6", "properties": [ + { + "name": "release_date", + "value": "2024-08-13T13:39:10Z" + }, { "name": "language", "value": "Python" @@ -697,7 +1150,7 @@ }, { "type": "library", - "bom-ref": "15-cvss", + "bom-ref": "17-cvss", "name": "cvss", "version": "3.3", "supplier": { @@ -712,8 +1165,8 @@ "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { - "alg": "SHA-1", - "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + "alg": "SHA-256", + "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1" } ], "licenses": [ @@ -735,10 +1188,30 @@ "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/releases", + "type": "other" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "vcs" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/actions", + "type": "build-system" } ], "purl": "pkg:pypi/cvss@3.3", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T10:05:52Z" + }, { "name": "language", "value": "Python" @@ -746,16 +1219,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-01T10:05:52.000Z" } ] }, { "type": "library", - "bom-ref": "16-defusedxml", + "bom-ref": "18-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -770,8 +1239,8 @@ "description": "XML bomb protection for Python stdlib modules", "hashes": [ { - "alg": "SHA-1", - "content": "ebff1b493751e2f0775314bdd4188d64f07ea184" + "alg": "SHA-256", + "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61" } ], "licenses": [ @@ -790,13 +1259,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/defusedxml/0.7.1/#files", + "url": "https://pypi.python.org/pypi/defusedxml", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/defusedxml@0.7.1", "properties": [ + { + "name": "release_date", + "value": "2021-03-08T10:59:24Z" + }, { "name": "language", "value": "Python" @@ -804,16 +1277,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2021-03-08T10:59:24.000Z" } ] }, { "type": "library", - "bom-ref": "17-distro", + "bom-ref": "19-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -826,6 +1295,12 @@ }, "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*", "description": "Distro - an OS platform information API", + "hashes": [ + { + "alg": "SHA-256", + "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2" + } + ], "licenses": [ { "license": { @@ -849,6 +1324,10 @@ ], "purl": "pkg:pypi/distro@1.9.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-24T09:54:30Z" + }, { "name": "language", "value": "Python" @@ -856,16 +1335,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2023-12-24T09:54:30.000Z" } ] }, { "type": "library", - "bom-ref": "18-filetype", + "bom-ref": "20-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -880,15 +1355,15 @@ "description": "Infer file type and MIME type of any file/buffer. No external dependencies.", "hashes": [ { - "alg": "SHA-1", - "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585" + "alg": "SHA-256", + "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -900,13 +1375,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/filetype/1.2.0/#files", + "url": "https://github.com/h2non/filetype.py/tarball/master", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/filetype@1.2.0", "properties": [ + { + "name": "release_date", + "value": "2022-11-02T17:34:01Z" + }, { "name": "language", "value": "Python" @@ -914,18 +1393,14 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2022-11-02T17:34:01.000Z" } ] }, { "type": "library", - "bom-ref": "19-gsutil", + "bom-ref": "21-gsutil", "name": "gsutil", - "version": "5.32", + "version": "5.33", "supplier": { "name": "Google Inc .", "contact": [ @@ -934,8 +1409,14 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", + "hashes": [ + { + "alg": "SHA-256", + "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856" + } + ], "licenses": [ { "license": { @@ -952,13 +1433,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.32/#files", + "url": "https://cloud.google.com/storage/docs/gsutil_install", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.32", + "purl": "pkg:pypi/gsutil@5.33", "properties": [ + { + "name": "release_date", + "value": "2024-12-11T09:40:59Z" + }, { "name": "language", "value": "Python" @@ -966,16 +1451,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-12-04T14:56:46.000Z" } ] }, { "type": "library", - "bom-ref": "20-argcomplete", + "bom-ref": "22-argcomplete", "name": "argcomplete", "version": "3.5.2", "supplier": { @@ -990,8 +1471,8 @@ "description": "Bash tab completion for argparse", "hashes": [ { - "alg": "SHA-1", - "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + "alg": "SHA-256", + "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472" } ], "licenses": [ @@ -1013,10 +1494,30 @@ "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://kislyuk.github.io/argcomplete", + "type": "documentation" + }, + { + "url": "https://github.com/kislyuk/argcomplete", + "type": "vcs" + }, + { + "url": "https://github.com/kislyuk/argcomplete/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst", + "type": "log" } ], "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ + { + "name": "release_date", + "value": "2024-12-06T18:24:27Z" + }, { "name": "language", "value": "Python" @@ -1024,16 +1525,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-12-06T18:24:27.000Z" } ] }, { "type": "library", - "bom-ref": "21-crcmod", + "bom-ref": "23-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -1046,11 +1543,17 @@ }, "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*", "description": "CRC Generator", + "hashes": [ + { + "alg": "SHA-256", + "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1062,13 +1565,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/crcmod/1.7/#files", + "url": "http://sourceforge.net/projects/crcmod", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/crcmod@1.7", "properties": [ + { + "name": "release_date", + "value": "2010-06-27T14:35:29Z" + }, { "name": "language", "value": "Python" @@ -1081,7 +1588,7 @@ }, { "type": "library", - "bom-ref": "22-fasteners", + "bom-ref": "24-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -1091,8 +1598,8 @@ "description": "A python package that provides useful locks", "hashes": [ { - "alg": "SHA-1", - "content": "06c3f06cab4e135b8d921932019a231c180eb9f4" + "alg": "SHA-256", + "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237" } ], "licenses": [ @@ -1118,6 +1625,10 @@ ], "purl": "pkg:pypi/fasteners@0.19", "properties": [ + { + "name": "release_date", + "value": "2023-09-19T17:11:18Z" + }, { "name": "language", "value": "Python" @@ -1130,7 +1641,7 @@ }, { "type": "library", - "bom-ref": "23-gcs-oauth2-boto-plugin", + "bom-ref": "25-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -1145,8 +1656,8 @@ "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "hashes": [ { - "alg": "SHA-1", - "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb" + "alg": "SHA-256", + "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843" } ], "licenses": [ @@ -1165,13 +1676,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files", + "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ + { + "name": "release_date", + "value": "2024-05-02T14:37:31Z" + }, { "name": "language", "value": "Python" @@ -1179,57 +1694,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-05-02T14:37:31.000Z" } ] }, { "type": "library", - "bom-ref": "24-boto", - "name": "boto", - "version": "2.49.0", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", "supplier": { - "name": "Mitch Garnaat", + "name": "Sybren A . Stuvel", "contact": [ { - "email": "mitch@garnaat.com" + "email": "sybren@stuvel.eu" } ] }, - "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", - "description": "Amazon Web Services Library", + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { - "alg": "SHA-1", - "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3" + "alg": "SHA-256", + "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/boto/boto/", + "url": "https://stuvel.eu/rsa", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/boto/2.49.0/#files", + "url": "https://pypi.org/project/rsa/4.7.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/boto@2.49.0", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ + { + "name": "release_date", + "value": "2021-02-24T10:55:03Z" + }, { "name": "language", "value": "Python" @@ -1237,57 +1752,73 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2018-07-11T20:58:55.000Z" } ] }, { "type": "library", - "bom-ref": "25-google-auth", - "name": "google-auth", - "version": "2.17.0", + "bom-ref": "27-pyasn1", + "name": "pyasn1", + "version": "0.6.1", "supplier": { - "name": "Google Cloud Platform", + "name": "Ilya Etingof", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", "hashes": [ { - "alg": "SHA-1", - "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" + "alg": "SHA-256", + "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/googleapis/google-auth-library-python", + "url": "https://github.com/pyasn1/pyasn1", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth/2.17.0/#files", + "url": "https://pypi.org/project/pyasn1/0.6.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://pyasn1.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/pyasn1/pyasn1", + "type": "vcs" + }, + { + "url": "https://github.com/pyasn1/pyasn1/issues", + "type": "issue-tracker" + }, + { + "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html", + "type": "log" } ], - "purl": "pkg:pypi/google-auth@2.17.0", + "purl": "pkg:pypi/pyasn1@0.6.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:41:42Z" + }, { "name": "language", "value": "Python" @@ -1300,42 +1831,52 @@ }, { "type": "library", - "bom-ref": "26-cachetools", - "name": "cachetools", - "version": "5.5.0", + "bom-ref": "28-boto", + "name": "boto", + "version": "2.49.0", "supplier": { - "name": "Thomas Kemmer", + "name": "Mitch Garnaat", "contact": [ { - "email": "tkemmer@computer.org" + "email": "mitch@garnaat.com" } ] }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", + "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", + "description": "Amazon Web Services Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/tkem/cachetools/", + "url": "https://github.com/boto/boto/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cachetools/5.5.0/#files", + "url": "https://pypi.org/project/boto/2.49.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cachetools@5.5.0", + "purl": "pkg:pypi/boto@2.49.0", "properties": [ + { + "name": "release_date", + "value": "2018-07-11T20:58:55Z" + }, { "name": "language", "value": "Python" @@ -1343,51 +1884,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-08-18T20:28:43.000Z" } ] }, { "type": "library", - "bom-ref": "27-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.1", + "bom-ref": "29-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1-modules", + "url": "https://github.com/Google/google-reauth-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", + "url": "https://pypi.org/project/google-reauth/0.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.1", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-12-01T17:35:45Z" + }, { "name": "language", "value": "Python" @@ -1395,51 +1942,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:42:08.000Z" } ] }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.1", + "bom-ref": "30-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ + { + "alg": "SHA-256", + "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1", + "url": "https://github.com/google/pyu2f/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1/0.6.1/#files", + "url": "https://pypi.org/project/pyu2f/0.1.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.1", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ + { + "name": "release_date", + "value": "2020-10-30T20:03:07Z" + }, { "name": "language", "value": "Python" @@ -1447,57 +2000,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:41:42.000Z" } ] }, { "type": "library", - "bom-ref": "29-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "31-six", + "name": "six", + "version": "1.17.0", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Benjamin Peterson", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "benjamin@python.org" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", + "description": "Python 2 and 3 compatibility utilities", "hashes": [ { - "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "alg": "SHA-256", + "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://stuvel.eu/rsa", + "url": "https://github.com/benjaminp/six", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rsa/4.7.2/#files", + "url": "https://pypi.org/project/six/1.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/six@1.17.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-04T17:35:26Z" + }, { "name": "language", "value": "Python" @@ -1505,51 +2058,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2021-02-24T10:55:03.000Z" } ] }, { "type": "library", - "bom-ref": "30-six", - "name": "six", - "version": "1.17.0", + "bom-ref": "32-httplib2", + "name": "httplib2", + "version": "0.20.4", "supplier": { - "name": "Benjamin Peterson", + "name": "Joe Gregorio", "contact": [ { - "email": "benjamin@python.org" + "email": "joe@bitworking.org" } ] }, - "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", - "description": "Python 2 and 3 compatibility utilities", + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", + "hashes": [ + { + "alg": "SHA-256", + "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/benjaminp/six", + "url": "https://github.com/httplib2/httplib2", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/six/1.17.0/#files", + "url": "https://pypi.org/project/httplib2/0.20.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.17.0", + "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ + { + "name": "release_date", + "value": "2022-02-03T00:00:29Z" + }, { "name": "language", "value": "Python" @@ -1557,57 +2116,48 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-12-04T17:35:26.000Z" } ] }, { "type": "library", - "bom-ref": "31-google-auth-httplib2", - "name": "google-auth-httplib2", - "version": "0.2.0", + "bom-ref": "33-pyparsing", + "name": "pyparsing", + "version": "3.2.0", "supplier": { - "name": "Google Cloud Platform", + "name": "Paul McGuire", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "ptmcg.gm+pyparsing@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library: httplib2 transport", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "hashes": [ { - "alg": "SHA-1", - "content": "932ac88800dd6de004c1bd59867831ccf033f031" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84" } ], "externalReferences": [ { - "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", + "url": "https://github.com/pyparsing/pyparsing/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", + "url": "https://pypi.org/project/pyparsing/3.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth-httplib2@0.2.0", + "purl": "pkg:pypi/pyparsing@3.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-13T10:01:13Z" + }, { "name": "language", "value": "Python" @@ -1615,57 +2165,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2023-12-12T17:40:13.000Z" } ] }, { "type": "library", - "bom-ref": "32-httplib2", - "name": "httplib2", - "version": "0.20.4", + "bom-ref": "34-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Joe Gregorio", + "name": "Google Inc .", "contact": [ { - "email": "joe@bitworking.org" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", - "description": "A comprehensive HTTP client library.", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { - "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "alg": "SHA-256", + "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/httplib2/httplib2", + "url": "http://github.com/google/oauth2client/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/httplib2/0.20.4/#files", + "url": "https://pypi.org/project/oauth2client/4.1.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/httplib2@0.20.4", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ + { + "name": "release_date", + "value": "2018-09-07T21:38:16Z" + }, { "name": "language", "value": "Python" @@ -1678,33 +2228,64 @@ }, { "type": "library", - "bom-ref": "33-pyparsing", - "name": "pyparsing", - "version": "3.2.0", + "bom-ref": "35-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.1", "supplier": { - "name": "Paul McGuire", + "name": "Ilya Etingof", "contact": [ { - "email": "ptmcg.gm+pyparsing@gmail.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "hashes": [ + { + "alg": "SHA-256", + "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://github.com/pyparsing/pyparsing/", + "url": "https://github.com/pyasn1/pyasn1-modules", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyparsing/3.2.0/#files", + "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules", + "type": "vcs" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt", + "type": "log" } ], - "purl": "pkg:pypi/pyparsing@3.2.0", + "purl": "pkg:pypi/pyasn1-modules@0.4.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:42:08Z" + }, { "name": "language", "value": "Python" @@ -1712,32 +2293,28 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-10-13T10:01:13.000Z" } ] }, { "type": "library", - "bom-ref": "34-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "36-pyopenssl", + "name": "pyopenssl", + "version": "24.2.1", "supplier": { - "name": "Google", + "name": "The pyOpenSSL developers", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "cryptography-dev@python.org" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", + "description": "Python wrapper module around the OpenSSL library", "hashes": [ { - "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "alg": "SHA-256", + "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d" } ], "licenses": [ @@ -1751,18 +2328,26 @@ ], "externalReferences": [ { - "url": "https://github.com/Google/google-reauth-python", + "url": "https://pyopenssl.org/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-reauth/0.1.1/#files", + "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyca/pyopenssl", + "type": "vcs" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ + { + "name": "release_date", + "value": "2024-07-20T17:26:29Z" + }, { "name": "language", "value": "Python" @@ -1770,57 +2355,69 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2020-12-01T17:35:45.000Z" } ] }, { "type": "library", - "bom-ref": "35-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "37-cryptography", + "name": "cryptography", + "version": "43.0.3", "supplier": { - "name": "Google Inc .", + "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "cryptography-dev@python.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", + "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "hashes": [ { - "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "alg": "SHA-256", + "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e" } ], "licenses": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "expression": "Apache-2.0 OR BSD-3-Clause" } ], "externalReferences": [ { - "url": "https://github.com/google/pyu2f/", + "url": "https://github.com/pyca/cryptography", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyu2f/0.1.5/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://cryptography.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pyca/cryptography/", + "type": "vcs" + }, + { + "url": "https://github.com/pyca/cryptography/issues", + "type": "issue-tracker" + }, + { + "url": "https://cryptography.io/en/latest/changelog/", + "type": "log" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:57:36Z" + }, { "name": "language", "value": "Python" @@ -1828,57 +2425,81 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2020-10-30T20:03:07.000Z" } ] }, { "type": "library", - "bom-ref": "36-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "38-cffi", + "name": "cffi", + "version": "1.17.1", "supplier": { - "name": "Google Inc .", + "name": "Armin Maciej Fijalkowski", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "python-cffi@googlegroups.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", + "description": "Foreign Function Interface for Python calling C code.", "hashes": [ { - "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" + "alg": "SHA-256", + "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "http://github.com/google/oauth2client/", + "url": "http://cffi.readthedocs.org", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/oauth2client/4.1.3/#files", + "url": "https://pypi.org/project/cffi/1.17.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "http://cffi.readthedocs.org/", + "type": "documentation" + }, + { + "url": "https://github.com/python-cffi/cffi", + "type": "vcs" + }, + { + "url": "https://github.com/python-cffi/cffi/issues", + "type": "issue-tracker" + }, + { + "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html", + "type": "log" + }, + { + "url": "https://github.com/python-cffi/cffi/releases", + "type": "other" + }, + { + "url": "https://groups.google.com/forum/#!forum/python-cffi", + "type": "other" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/cffi@1.17.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-04T20:43:30Z" + }, { "name": "language", "value": "Python" @@ -1886,51 +2507,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2018-09-07T21:38:16.000Z" } ] }, { "type": "library", - "bom-ref": "37-pyopenssl", - "name": "pyopenssl", - "version": "24.2.1", + "bom-ref": "39-pycparser", + "name": "pycparser", + "version": "2.22", "supplier": { - "name": "The pyOpenSSL developers", + "name": "Eli Bendersky", "contact": [ { - "email": "cryptography-dev@python.org" + "email": "eliben@gmail.com" } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", - "description": "Python wrapper module around the OpenSSL library", + "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", + "description": "C parser in Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc" + } + ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://pyopenssl.org/", + "url": "https://github.com/eliben/pycparser", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", + "url": "https://pypi.org/project/pycparser/2.22/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.2.1", + "purl": "pkg:pypi/pycparser@2.22", "properties": [ + { + "name": "release_date", + "value": "2024-03-30T13:22:20Z" + }, { "name": "language", "value": "Python" @@ -1943,38 +2570,52 @@ }, { "type": "library", - "bom-ref": "38-cryptography", - "name": "cryptography", - "version": "43.0.3", + "bom-ref": "40-retry-decorator", + "name": "retry-decorator", + "version": "1.1.1", "supplier": { - "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", + "name": "Patrick Ng", "contact": [ { - "email": "cryptography-dev@python.org" + "email": "pn.appdev@gmail.com" } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", - "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", + "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*", + "description": "Retry Decorator", + "hashes": [ + { + "alg": "SHA-256", + "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe" + } + ], "licenses": [ { - "expression": "Apache-2.0 OR BSD-3-Clause" + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://github.com/pyca/cryptography", + "url": "https://github.com/pnpnpn/retry-decorator", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.3/#files", + "url": "https://pypi.org/project/retry-decorator/1.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.3", + "purl": "pkg:pypi/retry-decorator@1.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-03-10T23:56:29Z" + }, { "name": "language", "value": "Python" @@ -1987,48 +2628,52 @@ }, { "type": "library", - "bom-ref": "39-cffi", - "name": "cffi", - "version": "1.17.1", + "bom-ref": "41-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Armin Maciej Fijalkowski", + "name": "Google Cloud Platform", "contact": [ { - "email": "python-cffi@googlegroups.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", - "description": "Foreign Function Interface for Python calling C code.", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { - "alg": "SHA-1", - "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + "alg": "SHA-256", + "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "http://cffi.readthedocs.org", + "url": "https://github.com/googleapis/google-auth-library-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cffi/1.17.1/#files", + "url": "https://pypi.org/project/google-auth/2.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cffi@1.17.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ + { + "name": "release_date", + "value": "2023-03-28T19:51:30Z" + }, { "name": "language", "value": "Python" @@ -2036,57 +2681,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-04T20:43:30.000Z" } ] }, { "type": "library", - "bom-ref": "40-pycparser", - "name": "pycparser", - "version": "2.22", + "bom-ref": "42-cachetools", + "name": "cachetools", + "version": "5.5.0", "supplier": { - "name": "Eli Bendersky", + "name": "Thomas Kemmer", "contact": [ { - "email": "eliben@gmail.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", - "description": "C parser in Python", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", "hashes": [ { - "alg": "SHA-1", - "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + "alg": "SHA-256", + "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292" } ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/eliben/pycparser", + "url": "https://github.com/tkem/cachetools/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pycparser/2.22/#files", + "url": "https://pypi.org/project/cachetools/5.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pycparser@2.22", + "purl": "pkg:pypi/cachetools@5.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-18T20:28:43Z" + }, { "name": "language", "value": "Python" @@ -2094,57 +2739,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-03-30T13:22:20.000Z" } ] }, { "type": "library", - "bom-ref": "41-retry-decorator", - "name": "retry-decorator", - "version": "1.1.1", + "bom-ref": "43-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Patrick Ng", + "name": "Google Cloud Platform", "contact": [ { - "email": "pn.appdev@gmail.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*", - "description": "Retry Decorator", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library: httplib2 transport", "hashes": [ { - "alg": "SHA-1", - "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349" + "alg": "SHA-256", + "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pnpnpn/retry-decorator", + "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/retry-decorator/1.1.1/#files", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/retry-decorator@1.1.1", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-12T17:40:13Z" + }, { "name": "language", "value": "Python" @@ -2152,16 +2797,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2020-03-10T23:56:29.000Z" } ] }, { "type": "library", - "bom-ref": "42-google-apitools", + "bom-ref": "44-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -2176,8 +2817,8 @@ "description": "client libraries for humans", "hashes": [ { - "alg": "SHA-1", - "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1" + "alg": "SHA-256", + "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688" } ], "licenses": [ @@ -2203,6 +2844,10 @@ ], "purl": "pkg:pypi/google-apitools@0.5.32", "properties": [ + { + "name": "release_date", + "value": "2021-05-05T22:12:58Z" + }, { "name": "language", "value": "Python" @@ -2210,16 +2855,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2021-05-05T22:12:58.000Z" } ] }, { "type": "library", - "bom-ref": "43-monotonic", + "bom-ref": "45-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -2234,8 +2875,8 @@ "description": "An implementation of time.monotonic() for Python 2 & < 3.3", "hashes": [ { - "alg": "SHA-1", - "content": "80681f6604e136e513550342f977edb98f5fc5ad" + "alg": "SHA-256", + "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c" } ], "licenses": [ @@ -2261,6 +2902,10 @@ ], "purl": "pkg:pypi/monotonic@1.6", "properties": [ + { + "name": "release_date", + "value": "2021-04-09T21:58:05Z" + }, { "name": "language", "value": "Python" @@ -2268,23 +2913,19 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2021-04-09T21:58:05.000Z" } ] }, { "type": "library", - "bom-ref": "44-jinja2", + "bom-ref": "46-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "hashes": [ { - "alg": "SHA-1", - "content": "dd4a8b5466d8790540c181590b14db4d4d889d57" + "alg": "SHA-256", + "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d" } ], "externalReferences": [ @@ -2292,10 +2933,34 @@ "url": "https://pypi.org/project/jinja2/3.1.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jinja.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" + }, + { + "url": "https://jinja.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://github.com/pallets/jinja/", + "type": "vcs" } ], "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ + { + "name": "release_date", + "value": "2024-05-05T23:41:59Z" + }, { "name": "language", "value": "Python" @@ -2303,23 +2968,19 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-05-05T23:41:59.000Z" } ] }, { "type": "library", - "bom-ref": "45-markupsafe", + "bom-ref": "47-markupsafe", "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", "hashes": [ { - "alg": "SHA-1", - "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + "alg": "SHA-256", + "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8" } ], "externalReferences": [ @@ -2327,10 +2988,34 @@ "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://markupsafe.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://markupsafe.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://github.com/pallets/markupsafe/", + "type": "vcs" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" } ], "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:20:51Z" + }, { "name": "language", "value": "Python" @@ -2338,16 +3023,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-10-18T15:20:51.000Z" } ] }, { "type": "library", - "bom-ref": "46-jsonschema", + "bom-ref": "48-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -2360,11 +3041,17 @@ }, "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2379,10 +3066,38 @@ "url": "https://pypi.org/project/jsonschema/4.23.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://python-jsonschema.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema@4.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-08T18:40:00Z" + }, { "name": "language", "value": "Python" @@ -2390,16 +3105,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-07-08T18:40:00.000Z" } ] }, { "type": "library", - "bom-ref": "47-jsonschema-specifications", + "bom-ref": "49-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2024.10.1", "supplier": { @@ -2414,8 +3125,8 @@ "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { - "alg": "SHA-1", - "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549" + "alg": "SHA-256", + "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf" } ], "externalReferences": [ @@ -2428,10 +3139,34 @@ "url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jsonschema-specifications.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema-specifications@2024.10.1", "properties": [ + { + "name": "release_date", + "value": "2024-10-08T12:29:30Z" + }, { "name": "language", "value": "Python" @@ -2439,16 +3174,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-10-08T12:29:30.000Z" } ] }, { "type": "library", - "bom-ref": "48-referencing", + "bom-ref": "50-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -2463,8 +3194,8 @@ "description": "JSON Referencing + Python", "hashes": [ { - "alg": "SHA-1", - "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845" + "alg": "SHA-256", + "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de" } ], "externalReferences": [ @@ -2477,10 +3208,38 @@ "url": "https://pypi.org/project/referencing/0.35.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://referencing.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/referencing/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://referencing.readthedocs.io/en/stable/changes/", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/referencing", + "type": "vcs" } ], "purl": "pkg:pypi/referencing@0.35.1", "properties": [ + { + "name": "release_date", + "value": "2024-05-01T20:26:02Z" + }, { "name": "language", "value": "Python" @@ -2488,16 +3247,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-05-01T20:26:02.000Z" } ] }, { "type": "library", - "bom-ref": "49-rpds-py", + "bom-ref": "51-rpds-py", "name": "rpds-py", "version": "0.22.3", "supplier": { @@ -2510,6 +3265,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-256", + "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2520,10 +3281,38 @@ "url": "https://pypi.org/project/rpds-py/0.22.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rpds.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/crate-py/rpds/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/crate-py/rpds", + "type": "vcs" + }, + { + "url": "https://github.com/orium/rpds", + "type": "other" } ], "purl": "pkg:pypi/rpds-py@0.22.3", "properties": [ + { + "name": "release_date", + "value": "2024-12-04T15:31:31Z" + }, { "name": "language", "value": "Python" @@ -2531,18 +3320,14 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-12-04T15:31:31.000Z" } ] }, { "type": "library", - "bom-ref": "50-lib4sbom", + "bom-ref": "52-lib4sbom", "name": "lib4sbom", - "version": "0.7.5", + "version": "0.8.0", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2551,8 +3336,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-256", + "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395" + } + ], "licenses": [ { "license": { @@ -2569,13 +3360,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.7.5/#files", + "url": "https://pypi.org/project/lib4sbom/0.8.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.5", + "purl": "pkg:pypi/lib4sbom@0.8.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-09T20:13:26Z" + }, { "name": "language", "value": "Python" @@ -2583,16 +3378,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-18T21:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "51-pyyaml", + "bom-ref": "53-pyyaml", "name": "pyyaml", "version": "6.0.2", "supplier": { @@ -2605,11 +3396,17 @@ }, "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2621,13 +3418,37 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyyaml/6.0.2/#files", + "url": "https://pypi.org/project/PyYAML/", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/yaml/pyyaml/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/yaml/pyyaml/actions", + "type": "build-system" + }, + { + "url": "https://pyyaml.org/wiki/PyYAMLDocumentation", + "type": "documentation" + }, + { + "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core", + "type": "mailing-list" + }, + { + "url": "https://github.com/yaml/pyyaml", + "type": "vcs" } ], "purl": "pkg:pypi/pyyaml@6.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T20:31:40Z" + }, { "name": "language", "value": "Python" @@ -2635,16 +3456,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-08-06T20:31:40.000Z" } ] }, { "type": "library", - "bom-ref": "52-semantic-version", + "bom-ref": "54-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2659,8 +3476,8 @@ "description": "A library implementing the 'SemVer' scheme.", "hashes": [ { - "alg": "SHA-1", - "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a" + "alg": "SHA-256", + "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177" } ], "licenses": [ @@ -2686,6 +3503,10 @@ ], "purl": "pkg:pypi/semantic-version@2.10.0", "properties": [ + { + "name": "release_date", + "value": "2022-05-26T13:35:21Z" + }, { "name": "language", "value": "Python" @@ -2693,16 +3514,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2022-05-26T13:35:21.000Z" } ] }, { "type": "library", - "bom-ref": "53-lib4vex", + "bom-ref": "55-lib4vex", "name": "lib4vex", "version": "0.2.0", "supplier": { @@ -2717,8 +3534,8 @@ "description": "VEX generator and consumer library", "hashes": [ { - "alg": "SHA-1", - "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2" + "alg": "SHA-256", + "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce" } ], "licenses": [ @@ -2744,6 +3561,10 @@ ], "purl": "pkg:pypi/lib4vex@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-29T20:36:52Z" + }, { "name": "language", "value": "Python" @@ -2751,16 +3572,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-08-29T20:36:52.000Z" } ] }, { "type": "library", - "bom-ref": "54-csaf-tool", + "bom-ref": "56-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2775,15 +3592,15 @@ "description": "CSAF generator and analyser", "hashes": [ { - "alg": "SHA-1", - "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4" + "alg": "SHA-256", + "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2802,6 +3619,10 @@ ], "purl": "pkg:pypi/csaf-tool@0.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-12T20:10:06Z" + }, { "name": "language", "value": "Python" @@ -2809,16 +3630,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-06-12T20:10:06.000Z" } ] }, { "type": "library", - "bom-ref": "55-packageurl-python", + "bom-ref": "57-packageurl-python", "name": "packageurl-python", "version": "0.16.0", "supplier": { @@ -2828,15 +3645,15 @@ "description": "A purl aka. Package URL parser and builder", "hashes": [ { - "alg": "SHA-1", - "content": "9155d4173e4c1f29a345de86c280ab783c837882" + "alg": "SHA-256", + "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2855,6 +3672,10 @@ ], "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-22T05:51:23Z" + }, { "name": "language", "value": "Python" @@ -2862,16 +3683,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-10-22T05:51:23.000Z" } ] }, { "type": "library", - "bom-ref": "56-rich", + "bom-ref": "58-rich", "name": "rich", "version": "13.9.4", "supplier": { @@ -2886,15 +3703,15 @@ "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "hashes": [ { - "alg": "SHA-1", - "content": "43d3b04725ab9731727fb1126e35980c62f32377" + "alg": "SHA-256", + "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2909,10 +3726,18 @@ "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rich.readthedocs.io/en/latest/", + "type": "documentation" } ], "purl": "pkg:pypi/rich@13.9.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T16:43:55Z" + }, { "name": "language", "value": "Python" @@ -2920,16 +3745,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-01T16:43:55.000Z" } ] }, { "type": "library", - "bom-ref": "57-markdown-it-py", + "bom-ref": "59-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2944,8 +3765,8 @@ "description": "Python port of markdown-it. Markdown parsing, done right!", "hashes": [ { - "alg": "SHA-1", - "content": "bee6d1953be75717a3f2f6a917da6f464bed421d" + "alg": "SHA-256", + "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1" } ], "externalReferences": [ @@ -2958,10 +3779,18 @@ "url": "https://pypi.org/project/markdown-it-py/3.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://markdown-it-py.readthedocs.io", + "type": "documentation" } ], "purl": "pkg:pypi/markdown-it-py@3.0.0", "properties": [ + { + "name": "release_date", + "value": "2023-06-03T06:41:11Z" + }, { "name": "language", "value": "Python" @@ -2969,16 +3798,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2023-06-03T06:41:11.000Z" } ] }, { "type": "library", - "bom-ref": "58-mdurl", + "bom-ref": "60-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2993,8 +3818,8 @@ "description": "Markdown URL utilities", "hashes": [ { - "alg": "SHA-1", - "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e" + "alg": "SHA-256", + "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8" } ], "externalReferences": [ @@ -3011,6 +3836,10 @@ ], "purl": "pkg:pypi/mdurl@0.1.2", "properties": [ + { + "name": "release_date", + "value": "2022-08-14T12:40:09Z" + }, { "name": "language", "value": "Python" @@ -3018,16 +3847,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2022-08-14T12:40:09.000Z" } ] }, { "type": "library", - "bom-ref": "59-pygments", + "bom-ref": "61-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -3042,8 +3867,8 @@ "description": "Pygments is a syntax highlighting package written in Python.", "hashes": [ { - "alg": "SHA-1", - "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb" + "alg": "SHA-256", + "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a" } ], "licenses": [ @@ -3065,10 +3890,30 @@ "url": "https://pypi.org/project/pygments/2.18.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://pygments.org/docs", + "type": "documentation" + }, + { + "url": "https://github.com/pygments/pygments", + "type": "vcs" + }, + { + "url": "https://github.com/pygments/pygments/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pygments/pygments/blob/master/CHANGES", + "type": "log" } ], "purl": "pkg:pypi/pygments@2.18.0", "properties": [ + { + "name": "release_date", + "value": "2024-05-04T13:41:57Z" + }, { "name": "language", "value": "Python" @@ -3076,43 +3921,69 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-05-04T13:41:57.000Z" } ] }, { "type": "library", - "bom-ref": "60-packaging", - "name": "packaging", - "version": "24.2", + "bom-ref": "62-python-gnupg", + "name": "python-gnupg", + "version": "0.5.3", "supplier": { - "name": "Donald Stufft", + "name": "Vinay Sajip", "contact": [ { - "email": "donald@stufft.io" + "email": "vinay_sajip@yahoo.co.uk" } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", - "description": "Core utilities for Python packages", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", + "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "hashes": [ { - "alg": "SHA-1", - "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + "alg": "SHA-256", + "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.2/#files", + "url": "https://github.com/vsajip/python-gnupg", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gnupg.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/vsajip/python-gnupg", + "type": "vcs" + }, + { + "url": "https://github.com/vsajip/python-gnupg/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/packaging@24.2", + "purl": "pkg:pypi/python-gnupg@0.5.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-20T16:43:47Z" + }, { "name": "language", "value": "Python" @@ -3120,51 +3991,51 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-08T09:47:44.000Z" } ] }, { "type": "library", - "bom-ref": "61-plotly", - "name": "plotly", - "version": "5.24.1", + "bom-ref": "63-packaging", + "name": "packaging", + "version": "24.2", "supplier": { - "name": "Chris P", + "name": "Donald Stufft", "contact": [ { - "email": "chris@plot.ly" + "email": "donald@stufft.io" } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", - "description": "An open-source, interactive data visualization library for Python", - "licenses": [ + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", + "description": "Core utilities for Python packages", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759" } ], "externalReferences": [ { - "url": "https://plotly.com/python/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/plotly/5.24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://packaging.pypa.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pypa/packaging", + "type": "vcs" } ], - "purl": "pkg:pypi/plotly@5.24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-08T09:47:44Z" + }, { "name": "language", "value": "Python" @@ -3172,57 +4043,69 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-12T15:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "62-tenacity", - "name": "tenacity", - "version": "9.0.0", + "bom-ref": "64-plotly", + "name": "plotly", + "version": "5.24.1", "supplier": { - "name": "Julien Danjou", + "name": "Chris P", "contact": [ { - "email": "julien@danjou.info" + "email": "chris@plot.ly" } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", - "description": "Retry code until it succeeds", + "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", + "description": "An open-source, interactive data visualization library for Python", "hashes": [ { - "alg": "SHA-1", - "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb" + "alg": "SHA-256", + "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/jd/tenacity", + "url": "https://plotly.com/python/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/tenacity/9.0.0/#files", + "url": "https://pypi.org/project/plotly/5.24.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://plotly.com/python/", + "type": "documentation" + }, + { + "url": "https://github.com/plotly/plotly.py", + "type": "vcs" + }, + { + "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md", + "type": "log" } ], - "purl": "pkg:pypi/tenacity@9.0.0", + "purl": "pkg:pypi/plotly@5.24.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T15:36:24Z" + }, { "name": "language", "value": "Python" @@ -3230,57 +4113,57 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-07-29T12:12:25.000Z" } ] }, { "type": "library", - "bom-ref": "63-python-gnupg", - "name": "python-gnupg", - "version": "0.5.3", + "bom-ref": "65-tenacity", + "name": "tenacity", + "version": "9.0.0", "supplier": { - "name": "Vinay Sajip", + "name": "Julien Danjou", "contact": [ { - "email": "vinay_sajip@yahoo.co.uk" + "email": "julien@danjou.info" } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", - "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", + "description": "Retry code until it succeeds", "hashes": [ { - "alg": "SHA-1", - "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + "alg": "SHA-256", + "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539" } ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/vsajip/python-gnupg", + "url": "https://github.com/jd/tenacity", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", + "url": "https://pypi.org/project/tenacity/9.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.3", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-29T12:12:25Z" + }, { "name": "language", "value": "Python" @@ -3288,16 +4171,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-20T16:43:47.000Z" } ] }, { "type": "library", - "bom-ref": "64-requests", + "bom-ref": "66-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -3312,8 +4191,8 @@ "description": "Python HTTP for Humans.", "hashes": [ { - "alg": "SHA-1", - "content": "0e322af87745eff34caffe4df68456ebc20d9068" + "alg": "SHA-256", + "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6" } ], "licenses": [ @@ -3335,10 +4214,22 @@ "url": "https://pypi.org/project/requests/2.32.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://requests.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/psf/requests", + "type": "vcs" } ], "purl": "pkg:pypi/requests@2.32.3", "properties": [ + { + "name": "release_date", + "value": "2024-05-29T15:37:47Z" + }, { "name": "language", "value": "Python" @@ -3346,51 +4237,65 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-05-29T15:37:47.000Z" } ] }, { "type": "library", - "bom-ref": "65-certifi", - "name": "certifi", - "version": "2024.8.30", + "bom-ref": "67-charset-normalizer", + "name": "charset-normalizer", + "version": "3.4.0", "supplier": { - "name": "Kenneth Reitz", + "name": "Ahmed TAHRI", "contact": [ { - "email": "me@kennethreitz.com" + "email": "tahri.ahmed@proton.me" } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*", - "description": "Python package for providing Mozilla's CA Bundle.", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", + "hashes": [ + { + "alg": "SHA-256", + "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6" + } + ], "licenses": [ { "license": { - "id": "MPL-2.0", - "url": "https://www.mozilla.org/MPL/2.0/", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/certifi/python-certifi", + "url": "https://github.com/Ousret/charset_normalizer", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2024.8.30/#files", + "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/Ousret/charset_normalizer/issues", + "type": "issue-tracker" + }, + { + "url": "https://charset-normalizer.readthedocs.io/en/latest", + "type": "documentation" } ], - "purl": "pkg:pypi/certifi@2024.8.30", + "purl": "pkg:pypi/charset-normalizer@3.4.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-09T07:38:02Z" + }, { "name": "language", "value": "Python" @@ -3398,51 +4303,59 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-08-30T01:55:02.000Z" } ] }, { "type": "library", - "bom-ref": "66-charset-normalizer", - "name": "charset-normalizer", - "version": "3.4.0", + "bom-ref": "68-urllib3", + "name": "urllib3", + "version": "2.2.3", "supplier": { - "name": "Ahmed TAHRI", + "name": "Andrey Petrov", "contact": [ { - "email": "tahri.ahmed@proton.me" + "email": "andrey.petrov@shazow.net" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", - "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "licenses": [ + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac" } ], "externalReferences": [ { - "url": "https://github.com/Ousret/charset_normalizer", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", + "url": "https://pypi.org/project/urllib3/2.2.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst", + "type": "log" + }, + { + "url": "https://urllib3.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/urllib3/urllib3", + "type": "vcs" + }, + { + "url": "https://github.com/urllib3/urllib3/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/charset-normalizer@3.4.0", + "purl": "pkg:pypi/urllib3@2.2.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T10:52:16Z" + }, { "name": "language", "value": "Python" @@ -3450,43 +4363,61 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-10-09T07:38:02.000Z" } ] }, { "type": "library", - "bom-ref": "67-urllib3", - "name": "urllib3", - "version": "2.2.3", + "bom-ref": "69-certifi", + "name": "certifi", + "version": "2024.12.14", "supplier": { - "name": "Andrey Petrov", + "name": "Kenneth Reitz", "contact": [ { - "email": "andrey.petrov@shazow.net" + "email": "me@kennethreitz.com" } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", "hashes": [ { - "alg": "SHA-1", - "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + "alg": "SHA-256", + "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-2.0", + "url": "https://www.mozilla.org/MPL/2.0/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.3/#files", + "url": "https://github.com/certifi/python-certifi", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/certifi/2024.12.14/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/certifi/python-certifi", + "type": "vcs" } ], - "purl": "pkg:pypi/urllib3@2.2.3", + "purl": "pkg:pypi/certifi@2024.12.14", "properties": [ + { + "name": "release_date", + "value": "2024-12-14T13:52:36Z" + }, { "name": "language", "value": "Python" @@ -3494,16 +4425,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-09-12T10:52:16.000Z" } ] }, { "type": "library", - "bom-ref": "68-rpmfile", + "bom-ref": "70-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -3518,15 +4445,15 @@ "description": "Read rpm archive files", "hashes": [ { - "alg": "SHA-1", - "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5" + "alg": "SHA-256", + "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3545,6 +4472,10 @@ ], "purl": "pkg:pypi/rpmfile@2.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-24T21:57:45Z" + }, { "name": "language", "value": "Python" @@ -3552,16 +4483,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-07-24T21:57:45.000Z" } ] }, { "type": "library", - "bom-ref": "69-setuptools", + "bom-ref": "71-setuptools", "name": "setuptools", "version": "75.6.0", "supplier": { @@ -3574,15 +4501,37 @@ }, "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "hashes": [ + { + "alg": "SHA-256", + "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/setuptools/75.6.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pypa/setuptools", + "type": "vcs" + }, + { + "url": "https://setuptools.pypa.io/", + "type": "documentation" + }, + { + "url": "https://setuptools.pypa.io/en/stable/history.html", + "type": "log" } ], "purl": "pkg:pypi/setuptools@75.6.0", "properties": [ + { + "name": "release_date", + "value": "2024-11-20T18:16:10Z" + }, { "name": "language", "value": "Python" @@ -3595,7 +4544,7 @@ }, { "type": "library", - "bom-ref": "70-toml", + "bom-ref": "72-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -3610,15 +4559,15 @@ "description": "Python Library for Tom's Obvious, Minimal Language", "hashes": [ { - "alg": "SHA-1", - "content": "3f637dba5f68db63d4b30967fedda51c82459471" + "alg": "SHA-256", + "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3637,6 +4586,10 @@ ], "purl": "pkg:pypi/toml@0.10.2", "properties": [ + { + "name": "release_date", + "value": "2020-11-01T01:40:20Z" + }, { "name": "language", "value": "Python" @@ -3644,16 +4597,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2020-11-01T01:40:20.000Z" } ] }, { "type": "library", - "bom-ref": "71-xmlschema", + "bom-ref": "73-xmlschema", "name": "xmlschema", "version": "3.4.3", "supplier": { @@ -3666,11 +4615,17 @@ }, "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", + "hashes": [ + { + "alg": "SHA-256", + "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3689,6 +4644,10 @@ ], "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T09:47:12Z" + }, { "name": "language", "value": "Python" @@ -3696,16 +4655,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-10-31T09:47:12.000Z" } ] }, { "type": "library", - "bom-ref": "72-elementpath", + "bom-ref": "74-elementpath", "name": "elementpath", "version": "4.6.0", "supplier": { @@ -3718,11 +4673,17 @@ }, "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "hashes": [ + { + "alg": "SHA-256", + "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3742,43 +4703,9 @@ "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.10.15" + "name": "release_date", + "value": "2024-10-27T21:52:58Z" }, - { - "name": "package_release_date", - "value": "2024-10-27T21:52:58.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "73-zipp", - "name": "zipp", - "version": "3.21.0", - "supplier": { - "name": "Jason R .", - "contact": [ - { - "email": "jaraco@jaraco.com" - } - ] - }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", - "description": "Backport of pathlib-compatible object wrapper for zip files", - "externalReferences": [ - { - "url": "https://pypi.org/project/zipp/3.21.0/#files", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/zipp@3.21.0", - "properties": [ { "name": "language", "value": "Python" @@ -3786,16 +4713,12 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-11-10T15:05:19.000Z" } ] }, { "type": "library", - "bom-ref": "74-zstandard", + "bom-ref": "75-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -3808,6 +4731,12 @@ }, "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*", "description": "Zstandard bindings for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9" + } + ], "licenses": [ { "license": { @@ -3831,6 +4760,10 @@ ], "purl": "pkg:pypi/zstandard@0.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-15T00:13:27Z" + }, { "name": "language", "value": "Python" @@ -3838,10 +4771,6 @@ { "name": "python_version", "value": "3.10.15" - }, - { - "name": "package_release_date", - "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3857,30 +4786,31 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "13-beautifulsoup4", - "15-cvss", - "16-defusedxml", - "17-distro", - "18-filetype", - "19-gsutil", - "44-jinja2", - "46-jsonschema", - "50-lib4sbom", - "53-lib4vex", - "55-packageurl-python", - "60-packaging", - "61-plotly", - "63-python-gnupg", - "51-pyyaml", - "64-requests", - "56-rich", - "68-rpmfile", - "69-setuptools", - "70-toml", - "67-urllib3", - "71-xmlschema", - "73-zipp", - "74-zstandard" + "15-beautifulsoup4", + "17-cvss", + "18-defusedxml", + "19-distro", + "20-filetype", + "21-gsutil", + "8-importlib-metadata", + "46-jinja2", + "48-jsonschema", + "52-lib4sbom", + "55-lib4vex", + "62-python-gnupg", + "57-packageurl-python", + "63-packaging", + "64-plotly", + "53-pyyaml", + "66-requests", + "58-rich", + "70-rpmfile", + "71-setuptools", + "72-toml", + "68-urllib3", + "73-xmlschema", + "75-zstandard", + "9-zipp" ] }, { @@ -3891,9 +4821,9 @@ "6-async-timeout", "7-attrs", "5-frozenlist", - "8-multidict", - "10-propcache", - "11-yarl" + "11-multidict", + "12-propcache", + "13-yarl" ] }, { @@ -3903,84 +4833,87 @@ ] }, { - "ref": "8-multidict", + "ref": "7-attrs", "dependsOn": [ - "9-typing-extensions" + "8-importlib-metadata" ] }, { - "ref": "11-yarl", + "ref": "8-importlib-metadata", "dependsOn": [ - "12-idna", - "8-multidict", - "10-propcache" + "9-zipp", + "10-typing-extensions" ] }, { - "ref": "13-beautifulsoup4", + "ref": "11-multidict", "dependsOn": [ - "14-soupsieve" + "10-typing-extensions" ] }, { - "ref": "19-gsutil", + "ref": "13-yarl", "dependsOn": [ - "20-argcomplete", - "21-crcmod", - "22-fasteners", - "23-gcs-oauth2-boto-plugin", - "42-google-apitools", - "25-google-auth", - "31-google-auth-httplib2", - "34-google-reauth", - "32-httplib2", - "43-monotonic", - "37-pyopenssl", - "41-retry-decorator", - "30-six" + "14-idna", + "11-multidict", + "12-propcache" + ] + }, + { + "ref": "15-beautifulsoup4", + "dependsOn": [ + "16-soupsieve" ] }, { - "ref": "23-gcs-oauth2-boto-plugin", + "ref": "21-gsutil", "dependsOn": [ - "24-boto", - "25-google-auth", - "31-google-auth-httplib2", - "34-google-reauth", + "22-argcomplete", + "23-crcmod", + "24-fasteners", + "25-gcs-oauth2-boto-plugin", + "44-google-apitools", "32-httplib2", - "36-oauth2client", - "37-pyopenssl", - "41-retry-decorator", - "29-rsa", - "30-six" + "29-google-reauth", + "45-monotonic", + "36-pyopenssl", + "40-retry-decorator", + "31-six", + "41-google-auth", + "43-google-auth-httplib2" ] }, { - "ref": "25-google-auth", + "ref": "25-gcs-oauth2-boto-plugin", "dependsOn": [ - "26-cachetools", - "27-pyasn1-modules", - "29-rsa", - "30-six" + "26-rsa", + "28-boto", + "29-google-reauth", + "32-httplib2", + "34-oauth2client", + "36-pyopenssl", + "40-retry-decorator", + "31-six", + "41-google-auth", + "43-google-auth-httplib2" ] }, { - "ref": "27-pyasn1-modules", + "ref": "26-rsa", "dependsOn": [ - "28-pyasn1" + "27-pyasn1" ] }, { - "ref": "29-rsa", + "ref": "29-google-reauth", "dependsOn": [ - "28-pyasn1" + "30-pyu2f" ] }, { - "ref": "31-google-auth-httplib2", + "ref": "30-pyu2f", "dependsOn": [ - "25-google-auth", - "32-httplib2" + "31-six" ] }, { @@ -3990,139 +4923,155 @@ ] }, { - "ref": "34-google-reauth", + "ref": "34-oauth2client", "dependsOn": [ - "35-pyu2f" + "32-httplib2", + "27-pyasn1", + "35-pyasn1-modules", + "26-rsa", + "31-six" ] }, { - "ref": "35-pyu2f", + "ref": "35-pyasn1-modules", "dependsOn": [ - "30-six" + "27-pyasn1" ] }, { - "ref": "36-oauth2client", + "ref": "36-pyopenssl", "dependsOn": [ - "32-httplib2", - "28-pyasn1", - "27-pyasn1-modules", - "29-rsa", - "30-six" + "37-cryptography" + ] + }, + { + "ref": "37-cryptography", + "dependsOn": [ + "38-cffi" ] }, { - "ref": "37-pyopenssl", + "ref": "38-cffi", "dependsOn": [ - "38-cryptography" + "39-pycparser" ] }, { - "ref": "38-cryptography", + "ref": "41-google-auth", "dependsOn": [ - "39-cffi" + "42-cachetools", + "35-pyasn1-modules", + "31-six", + "26-rsa" ] }, { - "ref": "39-cffi", + "ref": "43-google-auth-httplib2", "dependsOn": [ - "40-pycparser" + "41-google-auth", + "32-httplib2" ] }, { - "ref": "42-google-apitools", + "ref": "44-google-apitools", "dependsOn": [ - "22-fasteners", "32-httplib2", - "36-oauth2client", - "30-six" + "24-fasteners", + "34-oauth2client", + "31-six" ] }, { - "ref": "44-jinja2", + "ref": "46-jinja2", "dependsOn": [ - "45-markupsafe" + "47-markupsafe" ] }, { - "ref": "46-jsonschema", + "ref": "48-jsonschema", "dependsOn": [ "7-attrs", - "47-jsonschema-specifications", - "48-referencing", - "49-rpds-py" + "49-jsonschema-specifications", + "50-referencing", + "51-rpds-py" ] }, { - "ref": "47-jsonschema-specifications", + "ref": "49-jsonschema-specifications", "dependsOn": [ - "48-referencing" + "50-referencing" ] }, { - "ref": "48-referencing", + "ref": "50-referencing", "dependsOn": [ "7-attrs", - "49-rpds-py" + "51-rpds-py" + ] + }, + { + "ref": "52-lib4sbom", + "dependsOn": [ + "53-pyyaml", + "54-semantic-version", + "18-defusedxml" ] }, { - "ref": "50-lib4sbom", + "ref": "55-lib4vex", "dependsOn": [ - "16-defusedxml", - "51-pyyaml", - "52-semantic-version" + "52-lib4sbom", + "56-csaf-tool", + "57-packageurl-python" ] }, { - "ref": "53-lib4vex", + "ref": "56-csaf-tool", "dependsOn": [ - "54-csaf-tool", - "50-lib4sbom", - "55-packageurl-python" + "57-packageurl-python", + "58-rich" ] }, { - "ref": "54-csaf-tool", + "ref": "58-rich", "dependsOn": [ - "55-packageurl-python", - "56-rich" + "59-markdown-it-py", + "61-pygments", + "10-typing-extensions" ] }, { - "ref": "56-rich", + "ref": "59-markdown-it-py", "dependsOn": [ - "57-markdown-it-py", - "59-pygments", - "9-typing-extensions" + "60-mdurl" ] }, { - "ref": "57-markdown-it-py", + "ref": "64-plotly", "dependsOn": [ - "58-mdurl" + "65-tenacity", + "63-packaging" ] }, { - "ref": "61-plotly", + "ref": "66-requests", "dependsOn": [ - "60-packaging", - "62-tenacity" + "67-charset-normalizer", + "14-idna", + "68-urllib3", + "69-certifi" ] }, { - "ref": "64-requests", + "ref": "73-xmlschema", "dependsOn": [ - "65-certifi", - "66-charset-normalizer", - "12-idna", - "67-urllib3" + "74-elementpath" ] }, { - "ref": "71-xmlschema", + "ref": "75-zstandard", "dependsOn": [ - "72-elementpath" + "38-cffi" ] } ] diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 345f7bc049..b2777fea05 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-3116a9e0-cfe7-4bba-8c51-73272f16f233 -LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-09T00:39:40Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-261079ca-b6a6-4bd6-8da8-337df97f2e0f +LicenseListVersion: 3.25 +Creator: Tool: sbom4python-0.12.1 +Created: 2024-12-16T00:38:46Z CreatorComment: This document has been automatically generated. ##### @@ -17,10 +17,12 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/intel/cve-bin-tool +PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool +ReleaseDate: 2024-09-17T18:57:44Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:* ##### @@ -33,10 +35,20 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp +PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) +ReleaseDate: 2024-12-05T23:51:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp +ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html +ExternalRef: OTHER other https://docs.aiohttp.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10 ##### @@ -48,29 +60,41 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8 PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues +ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal SPDXID: SPDXRef-4-aiosignal -PackageVersion: 1.3.1 +PackageVersion: 1.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files +PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiosignal -PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: aiosignal: a list of registered asynchronous callbacks -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal +ExternalRef: OTHER other https://docs.aiosignal.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2 ##### PackageName: frozenlist @@ -81,11 +105,22 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist +PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence +ReleaseDate: 2024-10-23T09:46:20Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist +ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog +ExternalRef: OTHER other https://frozenlist.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### @@ -97,11 +132,18 @@ PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/async-timeout +PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs +ReleaseDate: 2024-11-06T16:41:37Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### @@ -113,422 +155,511 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false -PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a +PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate +ReleaseDate: 2024-08-06T14:37:36Z +ExternalRef: OTHER documentation https://www.attrs.org/ +ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html +ExternalRef: OTHER vcs https://github.com/python-attrs/attrs +ExternalRef: OTHER other https://github.com/sponsors/hynek +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:* ##### -PackageName: multidict -SPDXID: SPDXRef-8-multidict -PackageVersion: 6.1.0 +PackageName: importlib-metadata +SPDXID: SPDXRef-8-importlib-metadata +PackageVersion: 8.0.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/multidict -PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 +PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION -PackageSummary: multidict implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +PackageSummary: Read metadata from Python packages +ReleaseDate: 2024-06-25T18:38:02Z +ExternalRef: OTHER vcs https://github.com/python/importlib_metadata +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:* +##### + +PackageName: zipp +SPDXID: SPDXRef-9-zipp +PackageVersion: 3.21.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files +FilesAnalyzed: false +PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backport of pathlib-compatible object wrapper for zip files +ReleaseDate: 2024-11-10T15:05:19Z +ExternalRef: OTHER vcs https://github.com/jaraco/zipp +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* ##### PackageName: typing-extensions -SPDXID: SPDXRef-9-typing-extensions +SPDXID: SPDXRef-10-typing-extensions PackageVersion: 4.12.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 +PackageHomePage: https://github.com/python/typing_extensions +PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backported and Experimental Type Hints for Python 3.8+ +ReleaseDate: 2024-06-07T18:52:13Z +ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues +ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ +ExternalRef: OTHER other https://github.com/python/typing/discussions +ExternalRef: OTHER vcs https://github.com/python/typing_extensions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### +PackageName: multidict +SPDXID: SPDXRef-11-multidict +PackageVersion: 6.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: multidict implementation +ReleaseDate: 2024-09-09T23:47:18Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict +ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://multidict.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/multidict +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +##### + PackageName: propcache -SPDXID: SPDXRef-10-propcache +SPDXID: SPDXRef-12-propcache PackageVersion: 0.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache +ReleaseDate: 2024-12-01T18:27:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache +ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/ +ExternalRef: OTHER other https://propcache.readthedocs.io +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/propcache ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-11-yarl +SPDXID: SPDXRef-13-yarl PackageVersion: 1.18.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl +PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library +ReleaseDate: 2024-12-01T20:32:32Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl +ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://yarl.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/yarl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-12-idna +SPDXID: SPDXRef-14-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files FilesAnalyzed: false +PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) +ReleaseDate: 2024-09-15T18:07:37Z +ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst +ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues +ExternalRef: OTHER vcs https://github.com/kjd/idna ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-13-beautifulsoup4 +SPDXID: SPDXRef-15-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files FilesAnalyzed: false PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ +PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Screen-scraping library +ReleaseDate: 2024-01-17T16:53:12Z +ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:* ##### PackageName: soupsieve -SPDXID: SPDXRef-14-soupsieve +SPDXID: SPDXRef-16-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve -PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 +PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. +ReleaseDate: 2024-08-13T13:39:10Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-15-cvss +SPDXID: SPDXRef-17-cvss PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss -PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 +PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 +ReleaseDate: 2024-11-01T10:05:52Z +ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases +ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss +ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues +ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml -SPDXID: SPDXRef-16-defusedxml +SPDXID: SPDXRef-18-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) -PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files +PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml FilesAnalyzed: false PackageHomePage: https://github.com/tiran/defusedxml -PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184 +PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: XML bomb protection for Python stdlib modules +ReleaseDate: 2021-03-08T10:59:24Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro -SPDXID: SPDXRef-17-distro +SPDXID: SPDXRef-19-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-distro/distro +PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Distro - an OS platform information API +ReleaseDate: 2023-12-24T09:54:30Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-18-filetype +SPDXID: SPDXRef-20-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) -PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files +PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master FilesAnalyzed: false PackageHomePage: https://github.com/h2non/filetype.py -PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585 +PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies. +ReleaseDate: 2022-11-02T17:34:01Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:* ##### PackageName: gsutil -SPDXID: SPDXRef-19-gsutil -PackageVersion: 5.32 +SPDXID: SPDXRef-21-gsutil +PackageVersion: 5.33 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files +PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil +PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* +ReleaseDate: 2024-12-11T09:40:59Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-20-argcomplete +SPDXID: SPDXRef-22-argcomplete PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete -PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc +PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse +ReleaseDate: 2024-12-06T18:24:27Z +ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete +ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete +ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues +ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-21-crcmod +SPDXID: SPDXRef-23-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) -PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files +PackageDownloadLocation: http://sourceforge.net/projects/crcmod FilesAnalyzed: false PackageHomePage: http://crcmod.sourceforge.net/ +PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CRC Generator +ReleaseDate: 2010-06-27T14:35:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-22-fasteners +SPDXID: SPDXRef-24-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files FilesAnalyzed: false PackageHomePage: https://github.com/harlowja/fasteners -PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4 +PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks +ReleaseDate: 2023-09-19T17:11:18Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files +PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin FilesAnalyzed: false PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary -PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb +PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. +ReleaseDate: 2024-05-02T14:37:31Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### -PackageName: boto -SPDXID: SPDXRef-24-boto -PackageVersion: 2.49.0 +PackageName: rsa +SPDXID: SPDXRef-26-rsa +PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) -PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files FilesAnalyzed: false -PackageHomePage: https://github.com/boto/boto/ -PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageHomePage: https://stuvel.eu/rsa +PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Amazon Web Services Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ReleaseDate: 2021-02-24T10:55:03Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-25-google-auth -PackageVersion: 2.17.0 +PackageName: pyasn1 +SPDXID: SPDXRef-27-pyasn1 +PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files FilesAnalyzed: false -PackageHomePage: https://github.com/googleapis/google-auth-library-python -PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageHomePage: https://github.com/pyasn1/pyasn1 +PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034 +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ReleaseDate: 2024-09-10T22:41:42Z +ExternalRef: OTHER documentation https://pyasn1.readthedocs.io +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1 +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues +ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* ##### -PackageName: cachetools -SPDXID: SPDXRef-26-cachetools -PackageVersion: 5.5.0 +PackageName: boto +SPDXID: SPDXRef-28-boto +PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files FilesAnalyzed: false -PackageHomePage: https://github.com/tkem/cachetools/ +PackageHomePage: https://github.com/boto/boto/ +PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +PackageSummary: Amazon Web Services Library +ReleaseDate: 2018-07-11T20:58:55Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-27-pyasn1-modules -PackageVersion: 0.4.1 +PackageName: google-reauth +SPDXID: SPDXRef-29-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageHomePage: https://github.com/Google/google-reauth-python +PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368 PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-28-pyasn1 -PackageVersion: 0.6.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1 -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ReleaseDate: 2020-12-01T17:35:45Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-29-rsa -PackageVersion: 4.7.2 +PackageName: pyu2f +SPDXID: SPDXRef-30-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files FilesAnalyzed: false -PackageHomePage: https://stuvel.eu/rsa -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageHomePage: https://github.com/google/pyu2f/ +PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ReleaseDate: 2020-10-30T20:03:07Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-30-six +SPDXID: SPDXRef-31-six PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six +PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities +ReleaseDate: 2024-12-04T17:35:26Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### -PackageName: google-auth-httplib2 -SPDXID: SPDXRef-31-google-auth-httplib2 -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 -PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library: httplib2 transport -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* -##### - PackageName: httplib2 SPDXID: SPDXRef-32-httplib2 PackageVersion: 0.20.4 @@ -537,11 +668,12 @@ PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/httplib2/httplib2 -PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4 +PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A comprehensive HTTP client library. +ReleaseDate: 2022-02-03T00:00:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### @@ -554,810 +686,998 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ +PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars +ReleaseDate: 2024-10-13T10:01:13Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-34-google-reauth -PackageVersion: 0.1.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/Google/google-reauth-python -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* -##### - -PackageName: pyu2f -SPDXID: SPDXRef-35-pyu2f -PackageVersion: 0.1.5 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/google/pyu2f/ -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* -##### - PackageName: oauth2client -SPDXID: SPDXRef-36-oauth2client +SPDXID: SPDXRef-34-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/oauth2client/ -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: OAuth 2.0 client library +ReleaseDate: 2018-09-07T21:38:16Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### +PackageName: pyasn1-modules +SPDXID: SPDXRef-35-pyasn1-modules +PackageVersion: 0.4.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ReleaseDate: 2024-09-10T22:42:08Z +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues +ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +##### + PackageName: pyopenssl -SPDXID: SPDXRef-37-pyopenssl +SPDXID: SPDXRef-36-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ +PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library +ReleaseDate: 2024-07-20T17:26:29Z +ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography -SPDXID: SPDXRef-38-cryptography +SPDXID: SPDXRef-37-cryptography PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography +PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. +ReleaseDate: 2024-10-18T15:57:36Z +ExternalRef: OTHER documentation https://cryptography.io/ +ExternalRef: OTHER vcs https://github.com/pyca/cryptography/ +ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues +ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-39-cffi +SPDXID: SPDXRef-38-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org -PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 +PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Foreign Function Interface for Python calling C code. +ReleaseDate: 2024-09-04T20:43:30Z +ExternalRef: OTHER documentation http://cffi.readthedocs.org/ +ExternalRef: OTHER vcs https://github.com/python-cffi/cffi +ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues +ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html +ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases +ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:* ##### PackageName: pycparser -SPDXID: SPDXRef-40-pycparser +SPDXID: SPDXRef-39-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files FilesAnalyzed: false PackageHomePage: https://github.com/eliben/pycparser -PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 +PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: C parser in Python +ReleaseDate: 2024-03-30T13:22:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-41-retry-decorator +SPDXID: SPDXRef-40-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/pnpnpn/retry-decorator -PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 +PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Retry Decorator +ReleaseDate: 2020-03-10T23:56:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### +PackageName: google-auth +SPDXID: SPDXRef-41-google-auth +PackageVersion: 2.17.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/googleapis/google-auth-library-python +PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library +ReleaseDate: 2023-03-28T19:51:30Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +##### + +PackageName: cachetools +SPDXID: SPDXRef-42-cachetools +PackageVersion: 5.5.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/tkem/cachetools/ +PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ReleaseDate: 2024-08-18T20:28:43Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +##### + +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-43-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 +PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library: httplib2 transport +ReleaseDate: 2023-12-12T17:40:13Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: google-apitools -SPDXID: SPDXRef-42-google-apitools +SPDXID: SPDXRef-44-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/apitools -PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1 +PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: client libraries for humans +ReleaseDate: 2021-05-05T22:12:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-43-monotonic +SPDXID: SPDXRef-45-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/atdt/monotonic -PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad +PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 +ReleaseDate: 2021-04-09T21:58:05Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-44-jinja2 +SPDXID: SPDXRef-46-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files FilesAnalyzed: false -PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57 +PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. +ReleaseDate: 2024-05-05T23:41:59Z +ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/ +ExternalRef: OTHER chat https://discord.gg/pallets +ExternalRef: OTHER documentation https://jinja.palletsprojects.com/ +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER vcs https://github.com/pallets/jinja/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-45-markupsafe +SPDXID: SPDXRef-47-markupsafe PackageVersion: 3.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c +PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION -PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: markupsafe declares Copyright 2010 Pallets + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. +ReleaseDate: 2024-10-18T15:20:51Z +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/ +ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/ +ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/ +ExternalRef: OTHER chat https://discord.gg/pallets ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### PackageName: jsonschema -SPDXID: SPDXRef-46-jsonschema +SPDXID: SPDXRef-48-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema +PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python +ReleaseDate: 2024-07-08T18:40:00Z +ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-47-jsonschema-specifications +SPDXID: SPDXRef-49-jsonschema-specifications PackageVersion: 2024.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications -PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549 +PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ReleaseDate: 2024-10-08T12:29:30Z +ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:* ##### PackageName: referencing -SPDXID: SPDXRef-48-referencing +SPDXID: SPDXRef-50-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/referencing -PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845 +PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python +ReleaseDate: 2024-05-01T20:26:02Z +ExternalRef: OTHER documentation https://referencing.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/ +ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-49-rpds-py +SPDXID: SPDXRef-51-rpds-py PackageVersion: 0.22.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ReleaseDate: 2024-12-04T15:31:31Z +ExternalRef: OTHER documentation https://rpds.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/crate-py/rpds +ExternalRef: OTHER other https://github.com/orium/rpds ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-50-lib4sbom -PackageVersion: 0.7.5 +SPDXID: SPDXRef-52-lib4sbom +PackageVersion: 0.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom +PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:* +ReleaseDate: 2024-12-09T20:13:26Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-51-pyyaml +SPDXID: SPDXRef-53-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files +PackageDownloadLocation: https://pypi.org/project/PyYAML/ FilesAnalyzed: false PackageHomePage: https://pyyaml.org/ +PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python +ReleaseDate: 2024-08-06T20:31:40Z +ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues +ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions +ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation +ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core +ExternalRef: OTHER vcs https://github.com/yaml/pyyaml ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:* ##### PackageName: semantic-version -SPDXID: SPDXRef-52-semantic-version +SPDXID: SPDXRef-54-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/rbarrois/python-semanticversion -PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a +PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A library implementing the 'SemVer' scheme. +ReleaseDate: 2022-05-26T13:35:21Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### PackageName: lib4vex -SPDXID: SPDXRef-53-lib4vex +SPDXID: SPDXRef-55-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4vex -PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2 +PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library +ReleaseDate: 2024-08-29T20:36:52Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-54-csaf-tool +SPDXID: SPDXRef-56-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/csaf -PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4 +PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CSAF generator and analyser +ReleaseDate: 2024-06-12T20:10:06Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-55-packageurl-python +SPDXID: SPDXRef-57-packageurl-python PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 +PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder +ReleaseDate: 2024-10-22T05:51:23Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich -SPDXID: SPDXRef-56-rich +SPDXID: SPDXRef-58-rich PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich -PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 +PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ReleaseDate: 2024-11-01T16:43:55Z +ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-57-markdown-it-py +SPDXID: SPDXRef-59-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/markdown-it-py -PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d +PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ReleaseDate: 2023-06-03T06:41:11Z +ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* ##### PackageName: mdurl -SPDXID: SPDXRef-58-mdurl +SPDXID: SPDXRef-60-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/mdurl -PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e +PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Markdown URL utilities +ReleaseDate: 2022-08-14T12:40:09Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### PackageName: pygments -SPDXID: SPDXRef-59-pygments +SPDXID: SPDXRef-61-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files FilesAnalyzed: false PackageHomePage: https://pygments.org -PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb +PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. +ReleaseDate: 2024-05-04T13:41:57Z +ExternalRef: OTHER documentation https://pygments.org/docs +ExternalRef: OTHER vcs https://github.com/pygments/pygments +ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues +ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### +PackageName: python-gnupg +SPDXID: SPDXRef-62-python-gnupg +PackageVersion: 0.5.3 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) +ReleaseDate: 2024-09-20T16:43:47Z +ExternalRef: OTHER documentation https://gnupg.readthedocs.io/ +ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg +ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* +##### + PackageName: packaging -SPDXID: SPDXRef-60-packaging +SPDXID: SPDXRef-63-packaging PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f +PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages +ReleaseDate: 2024-11-08T09:47:44Z +ExternalRef: OTHER documentation https://packaging.pypa.io/ +ExternalRef: OTHER vcs https://github.com/pypa/packaging ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-61-plotly +SPDXID: SPDXRef-64-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files FilesAnalyzed: false PackageHomePage: https://plotly.com/python/ +PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python +ReleaseDate: 2024-09-12T15:36:24Z +ExternalRef: OTHER documentation https://plotly.com/python/ +ExternalRef: OTHER vcs https://github.com/plotly/plotly.py +ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-62-tenacity +SPDXID: SPDXRef-65-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/jd/tenacity -PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb +PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds +ReleaseDate: 2024-07-29T12:12:25Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### -PackageName: python-gnupg -SPDXID: SPDXRef-63-python-gnupg -PackageVersion: 0.5.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/vsajip/python-gnupg -PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* -##### - PackageName: requests -SPDXID: SPDXRef-64-requests +SPDXID: SPDXRef-66-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files FilesAnalyzed: false PackageHomePage: https://requests.readthedocs.io -PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068 +PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python HTTP for Humans. +ReleaseDate: 2024-05-29T15:37:47Z +ExternalRef: OTHER documentation https://requests.readthedocs.io +ExternalRef: OTHER vcs https://github.com/psf/requests ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:* ##### -PackageName: certifi -SPDXID: SPDXRef-65-certifi -PackageVersion: 2024.8.30 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/certifi/python-certifi -PackageLicenseDeclared: MPL-2.0 -PackageLicenseConcluded: MPL-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:* -##### - PackageName: charset-normalizer -SPDXID: SPDXRef-66-charset-normalizer +SPDXID: SPDXRef-67-charset-normalizer PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Ousret/charset_normalizer +PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ReleaseDate: 2024-10-09T07:38:02Z +ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues +ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-67-urllib3 +SPDXID: SPDXRef-68-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false -PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df +PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ReleaseDate: 2024-09-12T10:52:16Z +ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst +ExternalRef: OTHER documentation https://urllib3.readthedocs.io +ExternalRef: OTHER vcs https://github.com/urllib3/urllib3 +ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:* ##### +PackageName: certifi +SPDXID: SPDXRef-69-certifi +PackageVersion: 2024.12.14 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) +PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/certifi/python-certifi +PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 +PackageLicenseDeclared: MPL-2.0 +PackageLicenseConcluded: MPL-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Python package for providing Mozilla's CA Bundle. +ReleaseDate: 2024-12-14T13:52:36Z +ExternalRef: OTHER vcs https://github.com/certifi/python-certifi +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:* +##### + PackageName: rpmfile -SPDXID: SPDXRef-68-rpmfile +SPDXID: SPDXRef-70-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/srossross/rpmfile -PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5 +PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Read rpm archive files +ReleaseDate: 2024-07-24T21:57:45Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### PackageName: setuptools -SPDXID: SPDXRef-69-setuptools +SPDXID: SPDXRef-71-setuptools PackageVersion: 75.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files FilesAnalyzed: false +PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ReleaseDate: 2024-11-20T18:16:10Z +ExternalRef: OTHER vcs https://github.com/pypa/setuptools +ExternalRef: OTHER documentation https://setuptools.pypa.io/ +ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-70-toml +SPDXID: SPDXRef-72-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/uiri/toml -PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471 +PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python Library for Tom's Obvious, Minimal Language +ReleaseDate: 2020-11-01T01:40:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* ##### PackageName: xmlschema -SPDXID: SPDXRef-71-xmlschema +SPDXID: SPDXRef-73-xmlschema PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema +PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder +ReleaseDate: 2024-10-31T09:47:12Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-72-elementpath +SPDXID: SPDXRef-74-elementpath PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath +PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml +ReleaseDate: 2024-10-27T21:52:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### -PackageName: zipp -SPDXID: SPDXRef-73-zipp -PackageVersion: 3.21.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* -##### - PackageName: zstandard -SPDXID: SPDXRef-74-zstandard +SPDXID: SPDXRef-75-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/indygreg/python-zstandard +PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python +ReleaseDate: 2024-07-15T00:13:27Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jsonschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-50-lib4sbom -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-pyyaml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-lib4vex -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-packageurl-python -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-plotly -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-python-gnupg -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-rpmfile -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-toml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zipp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-zstandard -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2 -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-propcache -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-lib4sbom +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-pyyaml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-lib4vex +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-rich +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-requests +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-rpmfile +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-setuptools +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-toml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-zstandard +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-importlib-metadata +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-9-zipp +Relationship: SPDXRef-11-multidict DEPENDS_ON SPDXRef-10-typing-extensions +Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-11-multidict +Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-12-propcache +Relationship: SPDXRef-13-yarl DEPENDS_ON SPDXRef-14-idna +Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-multidict +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-13-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2 -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2 +Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f +Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing -Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f -Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography -Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi -Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules +Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography +Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi +Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client -Relationship: SPDXRef-44-jinja2 DEPENDS_ON SPDXRef-45-markupsafe -Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-47-jsonschema-specifications -Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-48-referencing -Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-49-rpds-py -Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-47-jsonschema-specifications DEPENDS_ON SPDXRef-48-referencing -Relationship: SPDXRef-48-referencing DEPENDS_ON SPDXRef-49-rpds-py -Relationship: SPDXRef-48-referencing DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-50-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml -Relationship: SPDXRef-50-lib4sbom DEPENDS_ON SPDXRef-51-pyyaml -Relationship: SPDXRef-50-lib4sbom DEPENDS_ON SPDXRef-52-semantic-version -Relationship: SPDXRef-53-lib4vex DEPENDS_ON SPDXRef-50-lib4sbom -Relationship: SPDXRef-53-lib4vex DEPENDS_ON SPDXRef-54-csaf-tool -Relationship: SPDXRef-53-lib4vex DEPENDS_ON SPDXRef-55-packageurl-python -Relationship: SPDXRef-54-csaf-tool DEPENDS_ON SPDXRef-55-packageurl-python -Relationship: SPDXRef-54-csaf-tool DEPENDS_ON SPDXRef-56-rich -Relationship: SPDXRef-56-rich DEPENDS_ON SPDXRef-57-markdown-it-py -Relationship: SPDXRef-56-rich DEPENDS_ON SPDXRef-59-pygments -Relationship: SPDXRef-56-rich DEPENDS_ON SPDXRef-9-typing-extensions -Relationship: SPDXRef-57-markdown-it-py DEPENDS_ON SPDXRef-58-mdurl -Relationship: SPDXRef-61-plotly DEPENDS_ON SPDXRef-60-packaging -Relationship: SPDXRef-61-plotly DEPENDS_ON SPDXRef-62-tenacity -Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-12-idna -Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-65-certifi -Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-66-charset-normalizer -Relationship: SPDXRef-64-requests DEPENDS_ON SPDXRef-67-urllib3 -Relationship: SPDXRef-71-xmlschema DEPENDS_ON SPDXRef-72-elementpath -Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools +Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-referencing +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-51-rpds-py +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-50-referencing +Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-51-rpds-py +Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml +Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-53-pyyaml +Relationship: SPDXRef-52-lib4sbom DEPENDS_ON SPDXRef-54-semantic-version +Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-52-lib4sbom +Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-56-csaf-tool +Relationship: SPDXRef-55-lib4vex DEPENDS_ON SPDXRef-57-packageurl-python +Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-57-packageurl-python +Relationship: SPDXRef-56-csaf-tool DEPENDS_ON SPDXRef-58-rich +Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-10-typing-extensions +Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-59-markdown-it-py +Relationship: SPDXRef-58-rich DEPENDS_ON SPDXRef-61-pygments +Relationship: SPDXRef-59-markdown-it-py DEPENDS_ON SPDXRef-60-mdurl +Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-63-packaging +Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-65-tenacity +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-14-idna +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-67-charset-normalizer +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-68-urllib3 +Relationship: SPDXRef-66-requests DEPENDS_ON SPDXRef-69-certifi +Relationship: SPDXRef-7-attrs DEPENDS_ON SPDXRef-8-importlib-metadata +Relationship: SPDXRef-73-xmlschema DEPENDS_ON SPDXRef-74-elementpath +Relationship: SPDXRef-75-zstandard DEPENDS_ON SPDXRef-38-cffi +Relationship: SPDXRef-8-importlib-metadata DEPENDS_ON SPDXRef-10-typing-extensions +Relationship: SPDXRef-8-importlib-metadata DEPENDS_ON SPDXRef-9-zipp Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From f5073f301e6eb00e08f15ff61c1a58cdccf5a779 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:48:16 +0000 Subject: [PATCH 37/47] chore: update SBOM for Python 3.11 (#4624) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 2900 ++++++++++++++++++++++----------- sbom/cve-bin-tool-py3.11.spdx | 1082 +++++++----- 2 files changed, 2643 insertions(+), 1339 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index cce31ab5e3..afdb73a606 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:55e9d331-0b11-4ab5-afbc-e088eeedb8e7", + "serialNumber": "urn:uuid:e0e92f9a-bc0b-423c-bbdc-1130a4904e4f", "version": 1, "metadata": { - "timestamp": "2024-12-09T00:41:20Z", + "timestamp": "2024-12-16T00:38:54Z", "lifecycles": [ { "phase": "build" @@ -15,7 +15,7 @@ "components": [ { "name": "sbom4python", - "version": "0.11.3", + "version": "0.12.1", "type": "application" } ] @@ -42,6 +42,12 @@ }, "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", + "hashes": [ + { + "alg": "SHA-256", + "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d" + } + ], "licenses": [ { "license": { @@ -65,6 +71,10 @@ ], "purl": "pkg:pypi/cve-bin-tool@3.4", "properties": [ + { + "name": "release_date", + "value": "2024-09-17T18:57:44Z" + }, { "name": "language", "value": "Python" @@ -81,6 +91,12 @@ "name": "aiohttp", "version": "3.11.10", "description": "Async http client/server framework (asyncio)", + "hashes": [ + { + "alg": "SHA-256", + "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d" + } + ], "licenses": [ { "license": { @@ -100,10 +116,46 @@ "url": "https://pypi.org/project/aiohttp/3.11.10/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiohttp", + "type": "other" + }, + { + "url": "https://docs.aiohttp.org/en/stable/changes.html", + "type": "log" + }, + { + "url": "https://docs.aiohttp.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohttp", + "type": "vcs" } ], "purl": "pkg:pypi/aiohttp@3.11.10", "properties": [ + { + "name": "release_date", + "value": "2024-12-05T23:51:02Z" + }, { "name": "language", "value": "Python" @@ -111,10 +163,6 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-12-05T23:51:02.000Z" } ] }, @@ -133,6 +181,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-256", + "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8" + } + ], "licenses": [ { "license": { @@ -152,10 +206,30 @@ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://aiohappyeyeballs.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs", + "type": "vcs" } ], "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -163,10 +237,6 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -174,14 +244,8 @@ "type": "library", "bom-ref": "4-aiosignal", "name": "aiosignal", - "version": "1.3.1", + "version": "1.3.2", "description": "aiosignal: a list of registered asynchronous callbacks", - "hashes": [ - { - "alg": "SHA-1", - "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3" - } - ], "licenses": [ { "license": { @@ -198,13 +262,41 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiosignal/1.3.1/#files", + "url": "https://pypi.org/project/aiosignal/1.3.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiosignal", + "type": "other" + }, + { + "url": "https://docs.aiosignal.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiosignal", + "type": "vcs" } ], - "purl": "pkg:pypi/aiosignal@1.3.1", + "purl": "pkg:pypi/aiosignal@1.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -212,10 +304,6 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2022-11-08T16:03:57.000Z" } ] }, @@ -225,6 +313,12 @@ "name": "frozenlist", "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", + "hashes": [ + { + "alg": "SHA-256", + "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a" + } + ], "licenses": [ { "license": { @@ -244,10 +338,50 @@ "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/frozenlist", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog", + "type": "log" + }, + { + "url": "https://frozenlist.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/frozenlist", + "type": "vcs" } ], "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-23T09:46:20Z" + }, { "name": "language", "value": "Python" @@ -255,10 +389,6 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -279,8 +409,8 @@ "description": "Classes Without Boilerplate", "hashes": [ { - "alg": "SHA-1", - "content": "6771a04893780166e4b7826b63599f43ac30d00a" + "alg": "SHA-256", + "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2" } ], "externalReferences": [ @@ -288,10 +418,34 @@ "url": "https://pypi.org/project/attrs/24.2.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.attrs.org/", + "type": "documentation" + }, + { + "url": "https://www.attrs.org/en/stable/changelog.html", + "type": "log" + }, + { + "url": "https://github.com/python-attrs/attrs", + "type": "vcs" + }, + { + "url": "https://github.com/sponsors/hynek", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi", + "type": "other" } ], "purl": "pkg:pypi/attrs@24.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T14:37:36Z" + }, { "name": "language", "value": "Python" @@ -299,57 +453,47 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-08-06T14:37:36.000Z" } ] }, { "type": "library", - "bom-ref": "7-multidict", - "name": "multidict", - "version": "6.1.0", + "bom-ref": "7-importlib-metadata", + "name": "importlib-metadata", + "version": "8.0.0", "supplier": { - "name": "Andrew Svetlov", + "name": "Jason R .", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", - "description": "multidict implementation", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*", + "description": "Read metadata from Python packages", "hashes": [ { - "alg": "SHA-1", - "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/multidict/6.1.0/#files", + "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_metadata", + "type": "vcs" } ], - "purl": "pkg:pypi/multidict@6.1.0", + "purl": "pkg:pypi/importlib-metadata@8.0.0", "properties": [ + { + "name": "release_date", + "value": "2024-06-25T18:38:02Z" + }, { "name": "language", "value": "Python" @@ -357,51 +501,47 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "8-propcache", - "name": "propcache", - "version": "0.2.1", + "bom-ref": "8-zipp", + "name": "zipp", + "version": "3.21.0", "supplier": { - "name": "Andrew Svetlov", + "name": "Jason R .", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", + "description": "Backport of pathlib-compatible object wrapper for zip files", + "hashes": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.1/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/jaraco/zipp", + "type": "vcs" } ], - "purl": "pkg:pypi/propcache@0.2.1", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ + { + "name": "release_date", + "value": "2024-11-10T15:05:19Z" + }, { "name": "language", "value": "Python" @@ -414,80 +554,63 @@ }, { "type": "library", - "bom-ref": "9-yarl", - "name": "yarl", - "version": "1.18.3", + "bom-ref": "9-typing-extensions", + "name": "typing-extensions", + "version": "4.12.2", "supplier": { - "name": "Andrew Svetlov", + "name": "Guido van Jukka ukasz Michael", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "levkivskyi@gmail.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", - "description": "Yet another URL library", - "licenses": [ + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", + "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/python/typing_extensions", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.18.3/#files", + "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/yarl@1.18.3", - "properties": [ + }, { - "name": "language", - "value": "Python" + "url": "https://github.com/python/typing_extensions/issues", + "type": "issue-tracker" }, { - "name": "python_version", - "value": "3.11.11" + "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md", + "type": "log" }, { - "name": "package_release_date", - "value": "2024-12-01T20:32:32.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "10-idna", - "name": "idna", - "version": "3.10", - "supplier": { - "name": "Kim Davies", - "contact": [ - { - "email": "kim+pypi@gumleaf.org" - } - ] - }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", - "externalReferences": [ + "url": "https://typing-extensions.readthedocs.io/", + "type": "documentation" + }, { - "url": "https://pypi.org/project/idna/3.10/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://github.com/python/typing/discussions", + "type": "other" + }, + { + "url": "https://github.com/python/typing_extensions", + "type": "vcs" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/typing-extensions@4.12.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-07T18:52:13Z" + }, { "name": "language", "value": "Python" @@ -495,68 +618,412 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-15T18:07:37.000Z" } ] }, { "type": "library", - "bom-ref": "11-beautifulsoup4", - "name": "beautifulsoup4", - "version": "4.12.3", + "bom-ref": "10-multidict", + "name": "multidict", + "version": "6.1.0", "supplier": { - "name": "Leonard Richardson", + "name": "Andrew Svetlov", "contact": [ { - "email": "leonardr@segfault.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", - "description": "Screen-scraping library", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", + "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-256", + "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60" + } + ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://www.crummy.com/software/BeautifulSoup/bs4/", + "url": "https://github.com/aio-libs/multidict", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", + "url": "https://pypi.org/project/multidict/6.1.0/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/beautifulsoup4@4.12.3", - "properties": [ + }, { - "name": "language", - "value": "Python" + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" }, { - "name": "python_version", + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/multidict", + "type": "other" + }, + { + "url": "https://multidict.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://multidict.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/multidict", + "type": "vcs" + } + ], + "purl": "pkg:pypi/multidict@6.1.0", + "properties": [ + { + "name": "release_date", + "value": "2024-09-09T23:47:18Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.11" + } + ] + }, + { + "type": "library", + "bom-ref": "11-propcache", + "name": "propcache", + "version": "0.2.1", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", + "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-256", + "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/propcache", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/propcache/0.2.1/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/propcache", + "type": "other" + }, + { + "url": "https://propcache.readthedocs.io/en/latest/changes/", + "type": "log" + }, + { + "url": "https://propcache.readthedocs.io", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/propcache", + "type": "vcs" + } + ], + "purl": "pkg:pypi/propcache@0.2.1", + "properties": [ + { + "name": "release_date", + "value": "2024-12-01T18:27:02Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.11" + } + ] + }, + { + "type": "library", + "bom-ref": "12-yarl", + "name": "yarl", + "version": "1.18.3", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.18.3/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/yarl", + "type": "other" + }, + { + "url": "https://yarl.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://yarl.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/yarl", + "type": "vcs" + } + ], + "purl": "pkg:pypi/yarl@1.18.3", + "properties": [ + { + "name": "release_date", + "value": "2024-12-01T20:32:32Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.11" + } + ] + }, + { + "type": "library", + "bom-ref": "13-idna", + "name": "idna", + "version": "3.10", + "supplier": { + "name": "Kim Davies", + "contact": [ + { + "email": "kim+pypi@gumleaf.org" + } + ] + }, + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-256", + "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/idna/3.10/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst", + "type": "log" + }, + { + "url": "https://github.com/kjd/idna/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kjd/idna", + "type": "vcs" + } + ], + "purl": "pkg:pypi/idna@3.10", + "properties": [ + { + "name": "release_date", + "value": "2024-09-15T18:07:37Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", "value": "3.11.11" + } + ] + }, + { + "type": "library", + "bom-ref": "14-beautifulsoup4", + "name": "beautifulsoup4", + "version": "4.12.3", + "supplier": { + "name": "Leonard Richardson", + "contact": [ + { + "email": "leonardr@segfault.org" + } + ] + }, + "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", + "description": "Screen-scraping library", + "hashes": [ + { + "alg": "SHA-256", + "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", + "type": "distribution", + "comment": "Download location for component" }, { - "name": "package_release_date", - "value": "2024-01-17T16:53:12.000Z" + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/", + "type": "other" + } + ], + "purl": "pkg:pypi/beautifulsoup4@4.12.3", + "properties": [ + { + "name": "release_date", + "value": "2024-01-17T16:53:12Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.11" } ] }, { "type": "library", - "bom-ref": "12-soupsieve", + "bom-ref": "15-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -571,8 +1038,8 @@ "description": "A modern CSS selector implementation for Beautiful Soup.", "hashes": [ { - "alg": "SHA-1", - "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + "alg": "SHA-256", + "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9" } ], "externalReferences": [ @@ -589,6 +1056,10 @@ ], "purl": "pkg:pypi/soupsieve@2.6", "properties": [ + { + "name": "release_date", + "value": "2024-08-13T13:39:10Z" + }, { "name": "language", "value": "Python" @@ -601,7 +1072,7 @@ }, { "type": "library", - "bom-ref": "13-cvss", + "bom-ref": "16-cvss", "name": "cvss", "version": "3.3", "supplier": { @@ -616,8 +1087,8 @@ "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { - "alg": "SHA-1", - "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + "alg": "SHA-256", + "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1" } ], "licenses": [ @@ -639,10 +1110,30 @@ "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/releases", + "type": "other" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "vcs" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/actions", + "type": "build-system" } ], "purl": "pkg:pypi/cvss@3.3", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T10:05:52Z" + }, { "name": "language", "value": "Python" @@ -650,16 +1141,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-11-01T10:05:52.000Z" } ] }, { "type": "library", - "bom-ref": "14-defusedxml", + "bom-ref": "17-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -674,8 +1161,8 @@ "description": "XML bomb protection for Python stdlib modules", "hashes": [ { - "alg": "SHA-1", - "content": "ebff1b493751e2f0775314bdd4188d64f07ea184" + "alg": "SHA-256", + "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61" } ], "licenses": [ @@ -694,13 +1181,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/defusedxml/0.7.1/#files", + "url": "https://pypi.python.org/pypi/defusedxml", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/defusedxml@0.7.1", "properties": [ + { + "name": "release_date", + "value": "2021-03-08T10:59:24Z" + }, { "name": "language", "value": "Python" @@ -708,16 +1199,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2021-03-08T10:59:24.000Z" } ] }, { "type": "library", - "bom-ref": "15-distro", + "bom-ref": "18-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -730,6 +1217,12 @@ }, "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*", "description": "Distro - an OS platform information API", + "hashes": [ + { + "alg": "SHA-256", + "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2" + } + ], "licenses": [ { "license": { @@ -753,6 +1246,10 @@ ], "purl": "pkg:pypi/distro@1.9.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-24T09:54:30Z" + }, { "name": "language", "value": "Python" @@ -760,16 +1257,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2023-12-24T09:54:30.000Z" } ] }, { "type": "library", - "bom-ref": "16-filetype", + "bom-ref": "19-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -784,15 +1277,15 @@ "description": "Infer file type and MIME type of any file/buffer. No external dependencies.", "hashes": [ { - "alg": "SHA-1", - "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585" + "alg": "SHA-256", + "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -804,13 +1297,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/filetype/1.2.0/#files", + "url": "https://github.com/h2non/filetype.py/tarball/master", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/filetype@1.2.0", "properties": [ + { + "name": "release_date", + "value": "2022-11-02T17:34:01Z" + }, { "name": "language", "value": "Python" @@ -818,18 +1315,14 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2022-11-02T17:34:01.000Z" } ] }, { "type": "library", - "bom-ref": "17-gsutil", + "bom-ref": "20-gsutil", "name": "gsutil", - "version": "5.32", + "version": "5.33", "supplier": { "name": "Google Inc .", "contact": [ @@ -838,8 +1331,14 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", + "hashes": [ + { + "alg": "SHA-256", + "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856" + } + ], "licenses": [ { "license": { @@ -856,13 +1355,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.32/#files", + "url": "https://cloud.google.com/storage/docs/gsutil_install", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.32", + "purl": "pkg:pypi/gsutil@5.33", "properties": [ + { + "name": "release_date", + "value": "2024-12-11T09:40:59Z" + }, { "name": "language", "value": "Python" @@ -870,16 +1373,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-12-04T14:56:46.000Z" } ] }, { "type": "library", - "bom-ref": "18-argcomplete", + "bom-ref": "21-argcomplete", "name": "argcomplete", "version": "3.5.2", "supplier": { @@ -894,8 +1393,8 @@ "description": "Bash tab completion for argparse", "hashes": [ { - "alg": "SHA-1", - "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + "alg": "SHA-256", + "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472" } ], "licenses": [ @@ -917,10 +1416,30 @@ "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://kislyuk.github.io/argcomplete", + "type": "documentation" + }, + { + "url": "https://github.com/kislyuk/argcomplete", + "type": "vcs" + }, + { + "url": "https://github.com/kislyuk/argcomplete/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst", + "type": "log" } ], "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ + { + "name": "release_date", + "value": "2024-12-06T18:24:27Z" + }, { "name": "language", "value": "Python" @@ -928,16 +1447,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-12-06T18:24:27.000Z" } ] }, { "type": "library", - "bom-ref": "19-crcmod", + "bom-ref": "22-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -950,11 +1465,17 @@ }, "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*", "description": "CRC Generator", + "hashes": [ + { + "alg": "SHA-256", + "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -966,13 +1487,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/crcmod/1.7/#files", + "url": "http://sourceforge.net/projects/crcmod", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/crcmod@1.7", "properties": [ + { + "name": "release_date", + "value": "2010-06-27T14:35:29Z" + }, { "name": "language", "value": "Python" @@ -985,7 +1510,7 @@ }, { "type": "library", - "bom-ref": "20-fasteners", + "bom-ref": "23-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -995,8 +1520,8 @@ "description": "A python package that provides useful locks", "hashes": [ { - "alg": "SHA-1", - "content": "06c3f06cab4e135b8d921932019a231c180eb9f4" + "alg": "SHA-256", + "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237" } ], "licenses": [ @@ -1022,6 +1547,10 @@ ], "purl": "pkg:pypi/fasteners@0.19", "properties": [ + { + "name": "release_date", + "value": "2023-09-19T17:11:18Z" + }, { "name": "language", "value": "Python" @@ -1034,7 +1563,7 @@ }, { "type": "library", - "bom-ref": "21-gcs-oauth2-boto-plugin", + "bom-ref": "24-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -1049,8 +1578,8 @@ "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "hashes": [ { - "alg": "SHA-1", - "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb" + "alg": "SHA-256", + "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843" } ], "licenses": [ @@ -1069,13 +1598,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files", + "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ + { + "name": "release_date", + "value": "2024-05-02T14:37:31Z" + }, { "name": "language", "value": "Python" @@ -1083,57 +1616,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-05-02T14:37:31.000Z" } ] }, { "type": "library", - "bom-ref": "22-boto", - "name": "boto", - "version": "2.49.0", + "bom-ref": "25-rsa", + "name": "rsa", + "version": "4.7.2", "supplier": { - "name": "Mitch Garnaat", + "name": "Sybren A . Stuvel", "contact": [ { - "email": "mitch@garnaat.com" + "email": "sybren@stuvel.eu" } ] }, - "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", - "description": "Amazon Web Services Library", + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { - "alg": "SHA-1", - "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3" + "alg": "SHA-256", + "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/boto/boto/", + "url": "https://stuvel.eu/rsa", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/boto/2.49.0/#files", + "url": "https://pypi.org/project/rsa/4.7.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/boto@2.49.0", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ + { + "name": "release_date", + "value": "2021-02-24T10:55:03Z" + }, { "name": "language", "value": "Python" @@ -1141,57 +1674,73 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2018-07-11T20:58:55.000Z" } ] }, { "type": "library", - "bom-ref": "23-google-auth", - "name": "google-auth", - "version": "2.17.0", + "bom-ref": "26-pyasn1", + "name": "pyasn1", + "version": "0.6.1", "supplier": { - "name": "Google Cloud Platform", + "name": "Ilya Etingof", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", "hashes": [ { - "alg": "SHA-1", - "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" + "alg": "SHA-256", + "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/googleapis/google-auth-library-python", + "url": "https://github.com/pyasn1/pyasn1", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth/2.17.0/#files", + "url": "https://pypi.org/project/pyasn1/0.6.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://pyasn1.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/pyasn1/pyasn1", + "type": "vcs" + }, + { + "url": "https://github.com/pyasn1/pyasn1/issues", + "type": "issue-tracker" + }, + { + "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html", + "type": "log" } ], - "purl": "pkg:pypi/google-auth@2.17.0", + "purl": "pkg:pypi/pyasn1@0.6.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:41:42Z" + }, { "name": "language", "value": "Python" @@ -1204,42 +1753,52 @@ }, { "type": "library", - "bom-ref": "24-cachetools", - "name": "cachetools", - "version": "5.5.0", + "bom-ref": "27-boto", + "name": "boto", + "version": "2.49.0", "supplier": { - "name": "Thomas Kemmer", + "name": "Mitch Garnaat", "contact": [ { - "email": "tkemmer@computer.org" + "email": "mitch@garnaat.com" } ] }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", + "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", + "description": "Amazon Web Services Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/tkem/cachetools/", + "url": "https://github.com/boto/boto/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cachetools/5.5.0/#files", + "url": "https://pypi.org/project/boto/2.49.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cachetools@5.5.0", + "purl": "pkg:pypi/boto@2.49.0", "properties": [ + { + "name": "release_date", + "value": "2018-07-11T20:58:55Z" + }, { "name": "language", "value": "Python" @@ -1247,51 +1806,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-08-18T20:28:43.000Z" } ] }, { "type": "library", - "bom-ref": "25-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.1", + "bom-ref": "28-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1-modules", + "url": "https://github.com/Google/google-reauth-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", + "url": "https://pypi.org/project/google-reauth/0.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.1", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-12-01T17:35:45Z" + }, { "name": "language", "value": "Python" @@ -1299,51 +1864,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:42:08.000Z" } ] }, { "type": "library", - "bom-ref": "26-pyasn1", - "name": "pyasn1", - "version": "0.6.1", + "bom-ref": "29-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Ilya Etingof", + "name": "Google Inc .", "contact": [ { - "email": "etingof@gmail.com" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ + { + "alg": "SHA-256", + "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1", + "url": "https://github.com/google/pyu2f/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1/0.6.1/#files", + "url": "https://pypi.org/project/pyu2f/0.1.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.1", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ + { + "name": "release_date", + "value": "2020-10-30T20:03:07Z" + }, { "name": "language", "value": "Python" @@ -1351,57 +1922,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:41:42.000Z" } ] }, { "type": "library", - "bom-ref": "27-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "30-six", + "name": "six", + "version": "1.17.0", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Benjamin Peterson", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "benjamin@python.org" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", + "description": "Python 2 and 3 compatibility utilities", "hashes": [ { - "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "alg": "SHA-256", + "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://stuvel.eu/rsa", + "url": "https://github.com/benjaminp/six", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rsa/4.7.2/#files", + "url": "https://pypi.org/project/six/1.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/six@1.17.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-04T17:35:26Z" + }, { "name": "language", "value": "Python" @@ -1409,51 +1980,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2021-02-24T10:55:03.000Z" } ] }, { "type": "library", - "bom-ref": "28-six", - "name": "six", - "version": "1.17.0", + "bom-ref": "31-httplib2", + "name": "httplib2", + "version": "0.20.4", "supplier": { - "name": "Benjamin Peterson", + "name": "Joe Gregorio", "contact": [ { - "email": "benjamin@python.org" + "email": "joe@bitworking.org" } ] }, - "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", - "description": "Python 2 and 3 compatibility utilities", + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", + "hashes": [ + { + "alg": "SHA-256", + "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/benjaminp/six", + "url": "https://github.com/httplib2/httplib2", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/six/1.17.0/#files", + "url": "https://pypi.org/project/httplib2/0.20.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.17.0", + "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ + { + "name": "release_date", + "value": "2022-02-03T00:00:29Z" + }, { "name": "language", "value": "Python" @@ -1461,57 +2038,48 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-12-04T17:35:26.000Z" } ] }, { "type": "library", - "bom-ref": "29-google-auth-httplib2", - "name": "google-auth-httplib2", - "version": "0.2.0", + "bom-ref": "32-pyparsing", + "name": "pyparsing", + "version": "3.2.0", "supplier": { - "name": "Google Cloud Platform", + "name": "Paul McGuire", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "ptmcg.gm+pyparsing@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library: httplib2 transport", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "hashes": [ { - "alg": "SHA-1", - "content": "932ac88800dd6de004c1bd59867831ccf033f031" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84" } ], "externalReferences": [ { - "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", + "url": "https://github.com/pyparsing/pyparsing/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", + "url": "https://pypi.org/project/pyparsing/3.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth-httplib2@0.2.0", + "purl": "pkg:pypi/pyparsing@3.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-13T10:01:13Z" + }, { "name": "language", "value": "Python" @@ -1519,57 +2087,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2023-12-12T17:40:13.000Z" } ] }, { "type": "library", - "bom-ref": "30-httplib2", - "name": "httplib2", - "version": "0.20.4", + "bom-ref": "33-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Joe Gregorio", + "name": "Google Inc .", "contact": [ { - "email": "joe@bitworking.org" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", - "description": "A comprehensive HTTP client library.", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { - "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "alg": "SHA-256", + "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/httplib2/httplib2", + "url": "http://github.com/google/oauth2client/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/httplib2/0.20.4/#files", + "url": "https://pypi.org/project/oauth2client/4.1.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/httplib2@0.20.4", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ + { + "name": "release_date", + "value": "2018-09-07T21:38:16Z" + }, { "name": "language", "value": "Python" @@ -1582,66 +2150,93 @@ }, { "type": "library", - "bom-ref": "31-pyparsing", - "name": "pyparsing", - "version": "3.2.0", + "bom-ref": "34-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.1", "supplier": { - "name": "Paul McGuire", + "name": "Ilya Etingof", "contact": [ { - "email": "ptmcg.gm+pyparsing@gmail.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", + "hashes": [ + { + "alg": "SHA-256", + "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://github.com/pyparsing/pyparsing/", + "url": "https://github.com/pyasn1/pyasn1-modules", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyparsing/3.2.0/#files", + "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules", + "type": "vcs" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt", + "type": "log" } ], - "purl": "pkg:pypi/pyparsing@3.2.0", + "purl": "pkg:pypi/pyasn1-modules@0.4.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:42:08Z" + }, { "name": "language", "value": "Python" }, { "name": "python_version", - "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-10-13T10:01:13.000Z" + "value": "3.11.11" } ] }, { "type": "library", - "bom-ref": "32-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "35-pyopenssl", + "name": "pyopenssl", + "version": "24.2.1", "supplier": { - "name": "Google", + "name": "The pyOpenSSL developers", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "cryptography-dev@python.org" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", + "description": "Python wrapper module around the OpenSSL library", "hashes": [ { - "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "alg": "SHA-256", + "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d" } ], "licenses": [ @@ -1655,18 +2250,26 @@ ], "externalReferences": [ { - "url": "https://github.com/Google/google-reauth-python", + "url": "https://pyopenssl.org/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-reauth/0.1.1/#files", + "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyca/pyopenssl", + "type": "vcs" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ + { + "name": "release_date", + "value": "2024-07-20T17:26:29Z" + }, { "name": "language", "value": "Python" @@ -1674,57 +2277,69 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2020-12-01T17:35:45.000Z" } ] }, { "type": "library", - "bom-ref": "33-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "36-cryptography", + "name": "cryptography", + "version": "43.0.3", "supplier": { - "name": "Google Inc .", + "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "cryptography-dev@python.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", + "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "hashes": [ { - "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "alg": "SHA-256", + "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e" } ], "licenses": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "expression": "Apache-2.0 OR BSD-3-Clause" } ], "externalReferences": [ { - "url": "https://github.com/google/pyu2f/", + "url": "https://github.com/pyca/cryptography", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyu2f/0.1.5/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://cryptography.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pyca/cryptography/", + "type": "vcs" + }, + { + "url": "https://github.com/pyca/cryptography/issues", + "type": "issue-tracker" + }, + { + "url": "https://cryptography.io/en/latest/changelog/", + "type": "log" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:57:36Z" + }, { "name": "language", "value": "Python" @@ -1732,57 +2347,81 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2020-10-30T20:03:07.000Z" } ] }, { "type": "library", - "bom-ref": "34-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "37-cffi", + "name": "cffi", + "version": "1.17.1", "supplier": { - "name": "Google Inc .", + "name": "Armin Maciej Fijalkowski", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "python-cffi@googlegroups.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", + "description": "Foreign Function Interface for Python calling C code.", "hashes": [ { - "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" + "alg": "SHA-256", + "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "http://github.com/google/oauth2client/", + "url": "http://cffi.readthedocs.org", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/oauth2client/4.1.3/#files", + "url": "https://pypi.org/project/cffi/1.17.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "http://cffi.readthedocs.org/", + "type": "documentation" + }, + { + "url": "https://github.com/python-cffi/cffi", + "type": "vcs" + }, + { + "url": "https://github.com/python-cffi/cffi/issues", + "type": "issue-tracker" + }, + { + "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html", + "type": "log" + }, + { + "url": "https://github.com/python-cffi/cffi/releases", + "type": "other" + }, + { + "url": "https://groups.google.com/forum/#!forum/python-cffi", + "type": "other" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/cffi@1.17.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-04T20:43:30Z" + }, { "name": "language", "value": "Python" @@ -1790,51 +2429,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2018-09-07T21:38:16.000Z" } ] }, { "type": "library", - "bom-ref": "35-pyopenssl", - "name": "pyopenssl", - "version": "24.2.1", + "bom-ref": "38-pycparser", + "name": "pycparser", + "version": "2.22", "supplier": { - "name": "The pyOpenSSL developers", + "name": "Eli Bendersky", "contact": [ { - "email": "cryptography-dev@python.org" + "email": "eliben@gmail.com" } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", - "description": "Python wrapper module around the OpenSSL library", + "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", + "description": "C parser in Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc" + } + ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://pyopenssl.org/", + "url": "https://github.com/eliben/pycparser", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", + "url": "https://pypi.org/project/pycparser/2.22/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.2.1", + "purl": "pkg:pypi/pycparser@2.22", "properties": [ + { + "name": "release_date", + "value": "2024-03-30T13:22:20Z" + }, { "name": "language", "value": "Python" @@ -1847,38 +2492,52 @@ }, { "type": "library", - "bom-ref": "36-cryptography", - "name": "cryptography", - "version": "43.0.3", + "bom-ref": "39-retry-decorator", + "name": "retry-decorator", + "version": "1.1.1", "supplier": { - "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", + "name": "Patrick Ng", "contact": [ { - "email": "cryptography-dev@python.org" + "email": "pn.appdev@gmail.com" } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", - "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", + "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*", + "description": "Retry Decorator", + "hashes": [ + { + "alg": "SHA-256", + "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe" + } + ], "licenses": [ { - "expression": "Apache-2.0 OR BSD-3-Clause" + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://github.com/pyca/cryptography", + "url": "https://github.com/pnpnpn/retry-decorator", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.3/#files", + "url": "https://pypi.org/project/retry-decorator/1.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.3", + "purl": "pkg:pypi/retry-decorator@1.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-03-10T23:56:29Z" + }, { "name": "language", "value": "Python" @@ -1891,48 +2550,52 @@ }, { "type": "library", - "bom-ref": "37-cffi", - "name": "cffi", - "version": "1.17.1", + "bom-ref": "40-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Armin Maciej Fijalkowski", + "name": "Google Cloud Platform", "contact": [ { - "email": "python-cffi@googlegroups.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", - "description": "Foreign Function Interface for Python calling C code.", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { - "alg": "SHA-1", - "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + "alg": "SHA-256", + "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "http://cffi.readthedocs.org", + "url": "https://github.com/googleapis/google-auth-library-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cffi/1.17.1/#files", + "url": "https://pypi.org/project/google-auth/2.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cffi@1.17.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ + { + "name": "release_date", + "value": "2023-03-28T19:51:30Z" + }, { "name": "language", "value": "Python" @@ -1940,57 +2603,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-04T20:43:30.000Z" } ] }, { "type": "library", - "bom-ref": "38-pycparser", - "name": "pycparser", - "version": "2.22", + "bom-ref": "41-cachetools", + "name": "cachetools", + "version": "5.5.0", "supplier": { - "name": "Eli Bendersky", + "name": "Thomas Kemmer", "contact": [ { - "email": "eliben@gmail.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", - "description": "C parser in Python", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", "hashes": [ { - "alg": "SHA-1", - "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + "alg": "SHA-256", + "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292" } ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/eliben/pycparser", + "url": "https://github.com/tkem/cachetools/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pycparser/2.22/#files", + "url": "https://pypi.org/project/cachetools/5.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pycparser@2.22", + "purl": "pkg:pypi/cachetools@5.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-18T20:28:43Z" + }, { "name": "language", "value": "Python" @@ -1998,57 +2661,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-03-30T13:22:20.000Z" } ] }, { "type": "library", - "bom-ref": "39-retry-decorator", - "name": "retry-decorator", - "version": "1.1.1", + "bom-ref": "42-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Patrick Ng", + "name": "Google Cloud Platform", "contact": [ { - "email": "pn.appdev@gmail.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*", - "description": "Retry Decorator", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library: httplib2 transport", "hashes": [ { - "alg": "SHA-1", - "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349" + "alg": "SHA-256", + "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pnpnpn/retry-decorator", + "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/retry-decorator/1.1.1/#files", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/retry-decorator@1.1.1", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-12T17:40:13Z" + }, { "name": "language", "value": "Python" @@ -2056,16 +2719,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2020-03-10T23:56:29.000Z" } ] }, { "type": "library", - "bom-ref": "40-google-apitools", + "bom-ref": "43-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -2080,8 +2739,8 @@ "description": "client libraries for humans", "hashes": [ { - "alg": "SHA-1", - "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1" + "alg": "SHA-256", + "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688" } ], "licenses": [ @@ -2107,6 +2766,10 @@ ], "purl": "pkg:pypi/google-apitools@0.5.32", "properties": [ + { + "name": "release_date", + "value": "2021-05-05T22:12:58Z" + }, { "name": "language", "value": "Python" @@ -2114,16 +2777,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2021-05-05T22:12:58.000Z" } ] }, { "type": "library", - "bom-ref": "41-monotonic", + "bom-ref": "44-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -2138,8 +2797,8 @@ "description": "An implementation of time.monotonic() for Python 2 & < 3.3", "hashes": [ { - "alg": "SHA-1", - "content": "80681f6604e136e513550342f977edb98f5fc5ad" + "alg": "SHA-256", + "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c" } ], "licenses": [ @@ -2165,6 +2824,10 @@ ], "purl": "pkg:pypi/monotonic@1.6", "properties": [ + { + "name": "release_date", + "value": "2021-04-09T21:58:05Z" + }, { "name": "language", "value": "Python" @@ -2172,23 +2835,19 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2021-04-09T21:58:05.000Z" } ] }, { "type": "library", - "bom-ref": "42-jinja2", + "bom-ref": "45-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "hashes": [ { - "alg": "SHA-1", - "content": "dd4a8b5466d8790540c181590b14db4d4d889d57" + "alg": "SHA-256", + "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d" } ], "externalReferences": [ @@ -2196,10 +2855,34 @@ "url": "https://pypi.org/project/jinja2/3.1.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jinja.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" + }, + { + "url": "https://jinja.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://github.com/pallets/jinja/", + "type": "vcs" } ], "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ + { + "name": "release_date", + "value": "2024-05-05T23:41:59Z" + }, { "name": "language", "value": "Python" @@ -2207,23 +2890,19 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-05-05T23:41:59.000Z" } ] }, { "type": "library", - "bom-ref": "43-markupsafe", + "bom-ref": "46-markupsafe", "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", "hashes": [ { - "alg": "SHA-1", - "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + "alg": "SHA-256", + "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8" } ], "externalReferences": [ @@ -2231,10 +2910,34 @@ "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://markupsafe.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://markupsafe.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://github.com/pallets/markupsafe/", + "type": "vcs" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" } ], "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:20:51Z" + }, { "name": "language", "value": "Python" @@ -2242,16 +2945,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-10-18T15:20:51.000Z" } ] }, { "type": "library", - "bom-ref": "44-jsonschema", + "bom-ref": "47-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -2264,11 +2963,17 @@ }, "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2283,10 +2988,38 @@ "url": "https://pypi.org/project/jsonschema/4.23.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://python-jsonschema.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema@4.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-08T18:40:00Z" + }, { "name": "language", "value": "Python" @@ -2294,16 +3027,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-07-08T18:40:00.000Z" } ] }, { "type": "library", - "bom-ref": "45-jsonschema-specifications", + "bom-ref": "48-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2024.10.1", "supplier": { @@ -2318,8 +3047,8 @@ "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { - "alg": "SHA-1", - "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549" + "alg": "SHA-256", + "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf" } ], "externalReferences": [ @@ -2332,10 +3061,34 @@ "url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jsonschema-specifications.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema-specifications@2024.10.1", "properties": [ + { + "name": "release_date", + "value": "2024-10-08T12:29:30Z" + }, { "name": "language", "value": "Python" @@ -2343,16 +3096,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-10-08T12:29:30.000Z" } ] }, { "type": "library", - "bom-ref": "46-referencing", + "bom-ref": "49-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -2367,8 +3116,8 @@ "description": "JSON Referencing + Python", "hashes": [ { - "alg": "SHA-1", - "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845" + "alg": "SHA-256", + "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de" } ], "externalReferences": [ @@ -2381,10 +3130,38 @@ "url": "https://pypi.org/project/referencing/0.35.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://referencing.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/referencing/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://referencing.readthedocs.io/en/stable/changes/", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/referencing", + "type": "vcs" } ], "purl": "pkg:pypi/referencing@0.35.1", "properties": [ + { + "name": "release_date", + "value": "2024-05-01T20:26:02Z" + }, { "name": "language", "value": "Python" @@ -2392,16 +3169,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-05-01T20:26:02.000Z" } ] }, { "type": "library", - "bom-ref": "47-rpds-py", + "bom-ref": "50-rpds-py", "name": "rpds-py", "version": "0.22.3", "supplier": { @@ -2414,6 +3187,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-256", + "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2424,10 +3203,38 @@ "url": "https://pypi.org/project/rpds-py/0.22.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rpds.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/crate-py/rpds/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/crate-py/rpds", + "type": "vcs" + }, + { + "url": "https://github.com/orium/rpds", + "type": "other" } ], "purl": "pkg:pypi/rpds-py@0.22.3", "properties": [ + { + "name": "release_date", + "value": "2024-12-04T15:31:31Z" + }, { "name": "language", "value": "Python" @@ -2435,18 +3242,14 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-12-04T15:31:31.000Z" } ] }, { "type": "library", - "bom-ref": "48-lib4sbom", + "bom-ref": "51-lib4sbom", "name": "lib4sbom", - "version": "0.7.5", + "version": "0.8.0", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2455,8 +3258,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-256", + "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395" + } + ], "licenses": [ { "license": { @@ -2473,13 +3282,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.7.5/#files", + "url": "https://pypi.org/project/lib4sbom/0.8.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.5", + "purl": "pkg:pypi/lib4sbom@0.8.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-09T20:13:26Z" + }, { "name": "language", "value": "Python" @@ -2487,16 +3300,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-18T21:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "49-pyyaml", + "bom-ref": "52-pyyaml", "name": "pyyaml", "version": "6.0.2", "supplier": { @@ -2509,11 +3318,17 @@ }, "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2525,13 +3340,37 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyyaml/6.0.2/#files", + "url": "https://pypi.org/project/PyYAML/", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/yaml/pyyaml/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/yaml/pyyaml/actions", + "type": "build-system" + }, + { + "url": "https://pyyaml.org/wiki/PyYAMLDocumentation", + "type": "documentation" + }, + { + "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core", + "type": "mailing-list" + }, + { + "url": "https://github.com/yaml/pyyaml", + "type": "vcs" } ], "purl": "pkg:pypi/pyyaml@6.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T20:31:40Z" + }, { "name": "language", "value": "Python" @@ -2539,16 +3378,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-08-06T20:31:40.000Z" } ] }, { "type": "library", - "bom-ref": "50-semantic-version", + "bom-ref": "53-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2563,8 +3398,8 @@ "description": "A library implementing the 'SemVer' scheme.", "hashes": [ { - "alg": "SHA-1", - "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a" + "alg": "SHA-256", + "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177" } ], "licenses": [ @@ -2590,6 +3425,10 @@ ], "purl": "pkg:pypi/semantic-version@2.10.0", "properties": [ + { + "name": "release_date", + "value": "2022-05-26T13:35:21Z" + }, { "name": "language", "value": "Python" @@ -2597,16 +3436,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2022-05-26T13:35:21.000Z" } ] }, { "type": "library", - "bom-ref": "51-lib4vex", + "bom-ref": "54-lib4vex", "name": "lib4vex", "version": "0.2.0", "supplier": { @@ -2621,8 +3456,8 @@ "description": "VEX generator and consumer library", "hashes": [ { - "alg": "SHA-1", - "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2" + "alg": "SHA-256", + "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce" } ], "licenses": [ @@ -2648,6 +3483,10 @@ ], "purl": "pkg:pypi/lib4vex@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-29T20:36:52Z" + }, { "name": "language", "value": "Python" @@ -2655,16 +3494,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-08-29T20:36:52.000Z" } ] }, { "type": "library", - "bom-ref": "52-csaf-tool", + "bom-ref": "55-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2679,15 +3514,15 @@ "description": "CSAF generator and analyser", "hashes": [ { - "alg": "SHA-1", - "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4" + "alg": "SHA-256", + "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2706,6 +3541,10 @@ ], "purl": "pkg:pypi/csaf-tool@0.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-12T20:10:06Z" + }, { "name": "language", "value": "Python" @@ -2713,16 +3552,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-06-12T20:10:06.000Z" } ] }, { "type": "library", - "bom-ref": "53-packageurl-python", + "bom-ref": "56-packageurl-python", "name": "packageurl-python", "version": "0.16.0", "supplier": { @@ -2732,15 +3567,15 @@ "description": "A purl aka. Package URL parser and builder", "hashes": [ { - "alg": "SHA-1", - "content": "9155d4173e4c1f29a345de86c280ab783c837882" + "alg": "SHA-256", + "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2759,6 +3594,10 @@ ], "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-22T05:51:23Z" + }, { "name": "language", "value": "Python" @@ -2766,16 +3605,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-10-22T05:51:23.000Z" } ] }, { "type": "library", - "bom-ref": "54-rich", + "bom-ref": "57-rich", "name": "rich", "version": "13.9.4", "supplier": { @@ -2790,15 +3625,15 @@ "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "hashes": [ { - "alg": "SHA-1", - "content": "43d3b04725ab9731727fb1126e35980c62f32377" + "alg": "SHA-256", + "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2813,10 +3648,18 @@ "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rich.readthedocs.io/en/latest/", + "type": "documentation" } ], "purl": "pkg:pypi/rich@13.9.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T16:43:55Z" + }, { "name": "language", "value": "Python" @@ -2824,16 +3667,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-11-01T16:43:55.000Z" } ] }, { "type": "library", - "bom-ref": "55-markdown-it-py", + "bom-ref": "58-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2848,8 +3687,8 @@ "description": "Python port of markdown-it. Markdown parsing, done right!", "hashes": [ { - "alg": "SHA-1", - "content": "bee6d1953be75717a3f2f6a917da6f464bed421d" + "alg": "SHA-256", + "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1" } ], "externalReferences": [ @@ -2862,10 +3701,18 @@ "url": "https://pypi.org/project/markdown-it-py/3.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://markdown-it-py.readthedocs.io", + "type": "documentation" } ], "purl": "pkg:pypi/markdown-it-py@3.0.0", "properties": [ + { + "name": "release_date", + "value": "2023-06-03T06:41:11Z" + }, { "name": "language", "value": "Python" @@ -2873,16 +3720,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2023-06-03T06:41:11.000Z" } ] }, { "type": "library", - "bom-ref": "56-mdurl", + "bom-ref": "59-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2897,8 +3740,8 @@ "description": "Markdown URL utilities", "hashes": [ { - "alg": "SHA-1", - "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e" + "alg": "SHA-256", + "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8" } ], "externalReferences": [ @@ -2915,6 +3758,10 @@ ], "purl": "pkg:pypi/mdurl@0.1.2", "properties": [ + { + "name": "release_date", + "value": "2022-08-14T12:40:09Z" + }, { "name": "language", "value": "Python" @@ -2922,16 +3769,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2022-08-14T12:40:09.000Z" } ] }, { "type": "library", - "bom-ref": "57-pygments", + "bom-ref": "60-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2946,8 +3789,8 @@ "description": "Pygments is a syntax highlighting package written in Python.", "hashes": [ { - "alg": "SHA-1", - "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb" + "alg": "SHA-256", + "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a" } ], "licenses": [ @@ -2969,10 +3812,30 @@ "url": "https://pypi.org/project/pygments/2.18.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://pygments.org/docs", + "type": "documentation" + }, + { + "url": "https://github.com/pygments/pygments", + "type": "vcs" + }, + { + "url": "https://github.com/pygments/pygments/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pygments/pygments/blob/master/CHANGES", + "type": "log" } ], "purl": "pkg:pypi/pygments@2.18.0", "properties": [ + { + "name": "release_date", + "value": "2024-05-04T13:41:57Z" + }, { "name": "language", "value": "Python" @@ -2980,43 +3843,69 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-05-04T13:41:57.000Z" } ] }, { "type": "library", - "bom-ref": "58-packaging", - "name": "packaging", - "version": "24.2", + "bom-ref": "61-python-gnupg", + "name": "python-gnupg", + "version": "0.5.3", "supplier": { - "name": "Donald Stufft", + "name": "Vinay Sajip", "contact": [ { - "email": "donald@stufft.io" + "email": "vinay_sajip@yahoo.co.uk" } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", - "description": "Core utilities for Python packages", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", + "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "hashes": [ { - "alg": "SHA-1", - "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + "alg": "SHA-256", + "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.2/#files", + "url": "https://github.com/vsajip/python-gnupg", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gnupg.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/vsajip/python-gnupg", + "type": "vcs" + }, + { + "url": "https://github.com/vsajip/python-gnupg/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/packaging@24.2", + "purl": "pkg:pypi/python-gnupg@0.5.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-20T16:43:47Z" + }, { "name": "language", "value": "Python" @@ -3024,51 +3913,51 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-11-08T09:47:44.000Z" } ] }, { "type": "library", - "bom-ref": "59-plotly", - "name": "plotly", - "version": "5.24.1", + "bom-ref": "62-packaging", + "name": "packaging", + "version": "24.2", "supplier": { - "name": "Chris P", + "name": "Donald Stufft", "contact": [ { - "email": "chris@plot.ly" + "email": "donald@stufft.io" } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", - "description": "An open-source, interactive data visualization library for Python", - "licenses": [ + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", + "description": "Core utilities for Python packages", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759" } ], "externalReferences": [ { - "url": "https://plotly.com/python/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/plotly/5.24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://packaging.pypa.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pypa/packaging", + "type": "vcs" } ], - "purl": "pkg:pypi/plotly@5.24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-08T09:47:44Z" + }, { "name": "language", "value": "Python" @@ -3076,57 +3965,69 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-12T15:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "60-tenacity", - "name": "tenacity", - "version": "9.0.0", + "bom-ref": "63-plotly", + "name": "plotly", + "version": "5.24.1", "supplier": { - "name": "Julien Danjou", + "name": "Chris P", "contact": [ { - "email": "julien@danjou.info" + "email": "chris@plot.ly" } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", - "description": "Retry code until it succeeds", + "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", + "description": "An open-source, interactive data visualization library for Python", "hashes": [ { - "alg": "SHA-1", - "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb" + "alg": "SHA-256", + "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089" } ], "licenses": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/jd/tenacity", + "url": "https://plotly.com/python/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/tenacity/9.0.0/#files", + "url": "https://pypi.org/project/plotly/5.24.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://plotly.com/python/", + "type": "documentation" + }, + { + "url": "https://github.com/plotly/plotly.py", + "type": "vcs" + }, + { + "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md", + "type": "log" } ], - "purl": "pkg:pypi/tenacity@9.0.0", + "purl": "pkg:pypi/plotly@5.24.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T15:36:24Z" + }, { "name": "language", "value": "Python" @@ -3134,57 +4035,57 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-07-29T12:12:25.000Z" } ] }, { "type": "library", - "bom-ref": "61-python-gnupg", - "name": "python-gnupg", - "version": "0.5.3", + "bom-ref": "64-tenacity", + "name": "tenacity", + "version": "9.0.0", "supplier": { - "name": "Vinay Sajip", + "name": "Julien Danjou", "contact": [ { - "email": "vinay_sajip@yahoo.co.uk" + "email": "julien@danjou.info" } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", - "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", + "description": "Retry code until it succeeds", "hashes": [ { - "alg": "SHA-1", - "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + "alg": "SHA-256", + "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539" } ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/vsajip/python-gnupg", + "url": "https://github.com/jd/tenacity", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", + "url": "https://pypi.org/project/tenacity/9.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.3", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-29T12:12:25Z" + }, { "name": "language", "value": "Python" @@ -3192,16 +4093,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-20T16:43:47.000Z" } ] }, { "type": "library", - "bom-ref": "62-requests", + "bom-ref": "65-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -3216,8 +4113,8 @@ "description": "Python HTTP for Humans.", "hashes": [ { - "alg": "SHA-1", - "content": "0e322af87745eff34caffe4df68456ebc20d9068" + "alg": "SHA-256", + "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6" } ], "licenses": [ @@ -3239,10 +4136,22 @@ "url": "https://pypi.org/project/requests/2.32.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://requests.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/psf/requests", + "type": "vcs" } ], "purl": "pkg:pypi/requests@2.32.3", "properties": [ + { + "name": "release_date", + "value": "2024-05-29T15:37:47Z" + }, { "name": "language", "value": "Python" @@ -3250,51 +4159,65 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-05-29T15:37:47.000Z" } ] }, { "type": "library", - "bom-ref": "63-certifi", - "name": "certifi", - "version": "2024.8.30", + "bom-ref": "66-charset-normalizer", + "name": "charset-normalizer", + "version": "3.4.0", "supplier": { - "name": "Kenneth Reitz", + "name": "Ahmed TAHRI", "contact": [ { - "email": "me@kennethreitz.com" + "email": "tahri.ahmed@proton.me" } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*", - "description": "Python package for providing Mozilla's CA Bundle.", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", + "hashes": [ + { + "alg": "SHA-256", + "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6" + } + ], "licenses": [ { "license": { - "id": "MPL-2.0", - "url": "https://www.mozilla.org/MPL/2.0/", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/certifi/python-certifi", + "url": "https://github.com/Ousret/charset_normalizer", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2024.8.30/#files", + "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/Ousret/charset_normalizer/issues", + "type": "issue-tracker" + }, + { + "url": "https://charset-normalizer.readthedocs.io/en/latest", + "type": "documentation" } ], - "purl": "pkg:pypi/certifi@2024.8.30", + "purl": "pkg:pypi/charset-normalizer@3.4.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-09T07:38:02Z" + }, { "name": "language", "value": "Python" @@ -3302,51 +4225,59 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-08-30T01:55:02.000Z" } ] }, { "type": "library", - "bom-ref": "64-charset-normalizer", - "name": "charset-normalizer", - "version": "3.4.0", + "bom-ref": "67-urllib3", + "name": "urllib3", + "version": "2.2.3", "supplier": { - "name": "Ahmed TAHRI", + "name": "Andrey Petrov", "contact": [ { - "email": "tahri.ahmed@proton.me" + "email": "andrey.petrov@shazow.net" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", - "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "licenses": [ + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac" } ], "externalReferences": [ { - "url": "https://github.com/Ousret/charset_normalizer", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", + "url": "https://pypi.org/project/urllib3/2.2.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst", + "type": "log" + }, + { + "url": "https://urllib3.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/urllib3/urllib3", + "type": "vcs" + }, + { + "url": "https://github.com/urllib3/urllib3/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/charset-normalizer@3.4.0", + "purl": "pkg:pypi/urllib3@2.2.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T10:52:16Z" + }, { "name": "language", "value": "Python" @@ -3354,43 +4285,61 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-10-09T07:38:02.000Z" } ] }, { "type": "library", - "bom-ref": "65-urllib3", - "name": "urllib3", - "version": "2.2.3", + "bom-ref": "68-certifi", + "name": "certifi", + "version": "2024.12.14", "supplier": { - "name": "Andrey Petrov", + "name": "Kenneth Reitz", "contact": [ { - "email": "andrey.petrov@shazow.net" + "email": "me@kennethreitz.com" } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", "hashes": [ { - "alg": "SHA-1", - "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + "alg": "SHA-256", + "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-2.0", + "url": "https://www.mozilla.org/MPL/2.0/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.3/#files", + "url": "https://github.com/certifi/python-certifi", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/certifi/2024.12.14/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/certifi/python-certifi", + "type": "vcs" } ], - "purl": "pkg:pypi/urllib3@2.2.3", + "purl": "pkg:pypi/certifi@2024.12.14", "properties": [ + { + "name": "release_date", + "value": "2024-12-14T13:52:36Z" + }, { "name": "language", "value": "Python" @@ -3398,16 +4347,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-09-12T10:52:16.000Z" } ] }, { "type": "library", - "bom-ref": "66-rpmfile", + "bom-ref": "69-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -3422,15 +4367,15 @@ "description": "Read rpm archive files", "hashes": [ { - "alg": "SHA-1", - "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5" + "alg": "SHA-256", + "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3449,6 +4394,10 @@ ], "purl": "pkg:pypi/rpmfile@2.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-24T21:57:45Z" + }, { "name": "language", "value": "Python" @@ -3456,16 +4405,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-07-24T21:57:45.000Z" } ] }, { "type": "library", - "bom-ref": "67-setuptools", + "bom-ref": "70-setuptools", "name": "setuptools", "version": "75.6.0", "supplier": { @@ -3478,15 +4423,37 @@ }, "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "hashes": [ + { + "alg": "SHA-256", + "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/setuptools/75.6.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pypa/setuptools", + "type": "vcs" + }, + { + "url": "https://setuptools.pypa.io/", + "type": "documentation" + }, + { + "url": "https://setuptools.pypa.io/en/stable/history.html", + "type": "log" } ], "purl": "pkg:pypi/setuptools@75.6.0", "properties": [ + { + "name": "release_date", + "value": "2024-11-20T18:16:10Z" + }, { "name": "language", "value": "Python" @@ -3499,7 +4466,7 @@ }, { "type": "library", - "bom-ref": "68-xmlschema", + "bom-ref": "71-xmlschema", "name": "xmlschema", "version": "3.4.3", "supplier": { @@ -3512,11 +4479,17 @@ }, "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", + "hashes": [ + { + "alg": "SHA-256", + "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3535,6 +4508,10 @@ ], "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T09:47:12Z" + }, { "name": "language", "value": "Python" @@ -3542,16 +4519,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-10-31T09:47:12.000Z" } ] }, { "type": "library", - "bom-ref": "69-elementpath", + "bom-ref": "72-elementpath", "name": "elementpath", "version": "4.6.0", "supplier": { @@ -3564,11 +4537,17 @@ }, "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "hashes": [ + { + "alg": "SHA-256", + "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3588,43 +4567,9 @@ "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.11.11" + "name": "release_date", + "value": "2024-10-27T21:52:58Z" }, - { - "name": "package_release_date", - "value": "2024-10-27T21:52:58.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "70-zipp", - "name": "zipp", - "version": "3.21.0", - "supplier": { - "name": "Jason R .", - "contact": [ - { - "email": "jaraco@jaraco.com" - } - ] - }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", - "description": "Backport of pathlib-compatible object wrapper for zip files", - "externalReferences": [ - { - "url": "https://pypi.org/project/zipp/3.21.0/#files", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/zipp@3.21.0", - "properties": [ { "name": "language", "value": "Python" @@ -3632,16 +4577,12 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-11-10T15:05:19.000Z" } ] }, { "type": "library", - "bom-ref": "71-zstandard", + "bom-ref": "73-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -3654,6 +4595,12 @@ }, "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*", "description": "Zstandard bindings for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9" + } + ], "licenses": [ { "license": { @@ -3677,6 +4624,10 @@ ], "purl": "pkg:pypi/zstandard@0.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-15T00:13:27Z" + }, { "name": "language", "value": "Python" @@ -3684,10 +4635,6 @@ { "name": "python_version", "value": "3.11.11" - }, - { - "name": "package_release_date", - "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3703,29 +4650,30 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "11-beautifulsoup4", - "13-cvss", - "14-defusedxml", - "15-distro", - "16-filetype", - "17-gsutil", - "42-jinja2", - "44-jsonschema", - "48-lib4sbom", - "51-lib4vex", - "53-packageurl-python", - "58-packaging", - "59-plotly", + "14-beautifulsoup4", + "16-cvss", + "17-defusedxml", + "18-distro", + "19-filetype", + "20-gsutil", + "7-importlib-metadata", + "45-jinja2", + "47-jsonschema", + "51-lib4sbom", + "54-lib4vex", "61-python-gnupg", - "49-pyyaml", - "62-requests", - "54-rich", - "66-rpmfile", - "67-setuptools", - "65-urllib3", - "68-xmlschema", - "70-zipp", - "71-zstandard" + "56-packageurl-python", + "62-packaging", + "63-plotly", + "52-pyyaml", + "65-requests", + "57-rich", + "69-rpmfile", + "70-setuptools", + "67-urllib3", + "71-xmlschema", + "73-zstandard", + "8-zipp" ] }, { @@ -3735,9 +4683,9 @@ "4-aiosignal", "6-attrs", "5-frozenlist", - "7-multidict", - "8-propcache", - "9-yarl" + "10-multidict", + "11-propcache", + "12-yarl" ] }, { @@ -3747,106 +4695,109 @@ ] }, { - "ref": "9-yarl", + "ref": "6-attrs", "dependsOn": [ - "10-idna", - "7-multidict", - "8-propcache" + "7-importlib-metadata" ] }, { - "ref": "11-beautifulsoup4", + "ref": "7-importlib-metadata", "dependsOn": [ - "12-soupsieve" + "8-zipp", + "9-typing-extensions" ] }, { - "ref": "17-gsutil", + "ref": "10-multidict", "dependsOn": [ - "18-argcomplete", - "19-crcmod", - "20-fasteners", - "21-gcs-oauth2-boto-plugin", - "40-google-apitools", - "23-google-auth", - "29-google-auth-httplib2", - "32-google-reauth", - "30-httplib2", - "41-monotonic", - "35-pyopenssl", - "39-retry-decorator", - "28-six" + "9-typing-extensions" ] }, { - "ref": "21-gcs-oauth2-boto-plugin", + "ref": "12-yarl", "dependsOn": [ - "22-boto", - "23-google-auth", - "29-google-auth-httplib2", - "32-google-reauth", - "30-httplib2", - "34-oauth2client", - "35-pyopenssl", - "39-retry-decorator", - "27-rsa", - "28-six" + "13-idna", + "10-multidict", + "11-propcache" ] }, { - "ref": "23-google-auth", + "ref": "14-beautifulsoup4", "dependsOn": [ - "24-cachetools", - "25-pyasn1-modules", - "27-rsa", - "28-six" + "15-soupsieve" ] }, { - "ref": "25-pyasn1-modules", + "ref": "20-gsutil", "dependsOn": [ - "26-pyasn1" + "21-argcomplete", + "22-crcmod", + "23-fasteners", + "24-gcs-oauth2-boto-plugin", + "43-google-apitools", + "31-httplib2", + "28-google-reauth", + "44-monotonic", + "35-pyopenssl", + "39-retry-decorator", + "30-six", + "40-google-auth", + "42-google-auth-httplib2" ] }, { - "ref": "27-rsa", + "ref": "24-gcs-oauth2-boto-plugin", "dependsOn": [ - "26-pyasn1" + "25-rsa", + "27-boto", + "28-google-reauth", + "31-httplib2", + "33-oauth2client", + "35-pyopenssl", + "39-retry-decorator", + "30-six", + "40-google-auth", + "42-google-auth-httplib2" ] }, { - "ref": "29-google-auth-httplib2", + "ref": "25-rsa", "dependsOn": [ - "23-google-auth", - "30-httplib2" + "26-pyasn1" ] }, { - "ref": "30-httplib2", + "ref": "28-google-reauth", "dependsOn": [ - "31-pyparsing" + "29-pyu2f" ] }, { - "ref": "32-google-reauth", + "ref": "29-pyu2f", "dependsOn": [ - "33-pyu2f" + "30-six" ] }, { - "ref": "33-pyu2f", + "ref": "31-httplib2", "dependsOn": [ - "28-six" + "32-pyparsing" ] }, { - "ref": "34-oauth2client", + "ref": "33-oauth2client", "dependsOn": [ - "30-httplib2", + "31-httplib2", "26-pyasn1", - "25-pyasn1-modules", - "27-rsa", - "28-six" + "34-pyasn1-modules", + "25-rsa", + "30-six" + ] + }, + { + "ref": "34-pyasn1-modules", + "dependsOn": [ + "26-pyasn1" ] }, { @@ -3868,98 +4819,121 @@ ] }, { - "ref": "40-google-apitools", + "ref": "40-google-auth", + "dependsOn": [ + "41-cachetools", + "34-pyasn1-modules", + "30-six", + "25-rsa" + ] + }, + { + "ref": "42-google-auth-httplib2", + "dependsOn": [ + "40-google-auth", + "31-httplib2" + ] + }, + { + "ref": "43-google-apitools", "dependsOn": [ - "20-fasteners", - "30-httplib2", - "34-oauth2client", - "28-six" + "31-httplib2", + "23-fasteners", + "33-oauth2client", + "30-six" ] }, { - "ref": "42-jinja2", + "ref": "45-jinja2", "dependsOn": [ - "43-markupsafe" + "46-markupsafe" ] }, { - "ref": "44-jsonschema", + "ref": "47-jsonschema", "dependsOn": [ "6-attrs", - "45-jsonschema-specifications", - "46-referencing", - "47-rpds-py" + "48-jsonschema-specifications", + "49-referencing", + "50-rpds-py" ] }, { - "ref": "45-jsonschema-specifications", + "ref": "48-jsonschema-specifications", "dependsOn": [ - "46-referencing" + "49-referencing" ] }, { - "ref": "46-referencing", + "ref": "49-referencing", "dependsOn": [ "6-attrs", - "47-rpds-py" + "50-rpds-py" + ] + }, + { + "ref": "51-lib4sbom", + "dependsOn": [ + "52-pyyaml", + "53-semantic-version", + "17-defusedxml" ] }, { - "ref": "48-lib4sbom", + "ref": "54-lib4vex", "dependsOn": [ - "14-defusedxml", - "49-pyyaml", - "50-semantic-version" + "51-lib4sbom", + "55-csaf-tool", + "56-packageurl-python" ] }, { - "ref": "51-lib4vex", + "ref": "55-csaf-tool", "dependsOn": [ - "52-csaf-tool", - "48-lib4sbom", - "53-packageurl-python" + "56-packageurl-python", + "57-rich" ] }, { - "ref": "52-csaf-tool", + "ref": "57-rich", "dependsOn": [ - "53-packageurl-python", - "54-rich" + "58-markdown-it-py", + "60-pygments", + "9-typing-extensions" ] }, { - "ref": "54-rich", + "ref": "58-markdown-it-py", "dependsOn": [ - "55-markdown-it-py", - "57-pygments" + "59-mdurl" ] }, { - "ref": "55-markdown-it-py", + "ref": "63-plotly", "dependsOn": [ - "56-mdurl" + "64-tenacity", + "62-packaging" ] }, { - "ref": "59-plotly", + "ref": "65-requests", "dependsOn": [ - "58-packaging", - "60-tenacity" + "66-charset-normalizer", + "13-idna", + "67-urllib3", + "68-certifi" ] }, { - "ref": "62-requests", + "ref": "71-xmlschema", "dependsOn": [ - "63-certifi", - "64-charset-normalizer", - "10-idna", - "65-urllib3" + "72-elementpath" ] }, { - "ref": "68-xmlschema", + "ref": "73-zstandard", "dependsOn": [ - "69-elementpath" + "37-cffi" ] } ] diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index e75779bebc..569bc038d9 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-359c54b4-dec7-40dd-9ecd-e087abb23d21 -LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-09T00:40:38Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-479e7f06-c2d9-487c-8d53-2e39f567cb03 +LicenseListVersion: 3.25 +Creator: Tool: sbom4python-0.12.1 +Created: 2024-12-16T00:38:46Z CreatorComment: This document has been automatically generated. ##### @@ -17,10 +17,12 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/intel/cve-bin-tool +PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool +ReleaseDate: 2024-09-17T18:57:44Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:* ##### @@ -33,10 +35,20 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp +PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) +ReleaseDate: 2024-12-05T23:51:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp +ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html +ExternalRef: OTHER other https://docs.aiohttp.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10 ##### @@ -48,29 +60,41 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8 PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues +ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal SPDXID: SPDXRef-4-aiosignal -PackageVersion: 1.3.1 +PackageVersion: 1.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files +PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiosignal -PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: aiosignal: a list of registered asynchronous callbacks -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal +ExternalRef: OTHER other https://docs.aiosignal.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2 ##### PackageName: frozenlist @@ -81,11 +105,22 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist +PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence +ReleaseDate: 2024-10-23T09:46:20Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist +ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog +ExternalRef: OTHER other https://frozenlist.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### @@ -96,336 +131,413 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false -PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a +PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate +ReleaseDate: 2024-08-06T14:37:36Z +ExternalRef: OTHER documentation https://www.attrs.org/ +ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html +ExternalRef: OTHER vcs https://github.com/python-attrs/attrs +ExternalRef: OTHER other https://github.com/sponsors/hynek +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:* ##### +PackageName: importlib-metadata +SPDXID: SPDXRef-7-importlib-metadata +PackageVersion: 8.0.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files +FilesAnalyzed: false +PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Read metadata from Python packages +ReleaseDate: 2024-06-25T18:38:02Z +ExternalRef: OTHER vcs https://github.com/python/importlib_metadata +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:* +##### + +PackageName: zipp +SPDXID: SPDXRef-8-zipp +PackageVersion: 3.21.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files +FilesAnalyzed: false +PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backport of pathlib-compatible object wrapper for zip files +ReleaseDate: 2024-11-10T15:05:19Z +ExternalRef: OTHER vcs https://github.com/jaraco/zipp +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* +##### + +PackageName: typing-extensions +SPDXID: SPDXRef-9-typing-extensions +PackageVersion: 4.12.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) +PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/python/typing_extensions +PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backported and Experimental Type Hints for Python 3.8+ +ReleaseDate: 2024-06-07T18:52:13Z +ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues +ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ +ExternalRef: OTHER other https://github.com/python/typing/discussions +ExternalRef: OTHER vcs https://github.com/python/typing_extensions +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* +##### + PackageName: multidict -SPDXID: SPDXRef-7-multidict +SPDXID: SPDXRef-10-multidict PackageVersion: 6.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/multidict -PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 +PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: multidict implementation +ReleaseDate: 2024-09-09T23:47:18Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict +ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://multidict.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/multidict ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* ##### PackageName: propcache -SPDXID: SPDXRef-8-propcache +SPDXID: SPDXRef-11-propcache PackageVersion: 0.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache +ReleaseDate: 2024-12-01T18:27:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache +ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/ +ExternalRef: OTHER other https://propcache.readthedocs.io +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/propcache ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-9-yarl +SPDXID: SPDXRef-12-yarl PackageVersion: 1.18.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl +PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library +ReleaseDate: 2024-12-01T20:32:32Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl +ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://yarl.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/yarl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-10-idna +SPDXID: SPDXRef-13-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files FilesAnalyzed: false +PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) +ReleaseDate: 2024-09-15T18:07:37Z +ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst +ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues +ExternalRef: OTHER vcs https://github.com/kjd/idna ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-11-beautifulsoup4 +SPDXID: SPDXRef-14-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files FilesAnalyzed: false PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ +PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Screen-scraping library +ReleaseDate: 2024-01-17T16:53:12Z +ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:* ##### PackageName: soupsieve -SPDXID: SPDXRef-12-soupsieve +SPDXID: SPDXRef-15-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve -PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 +PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. +ReleaseDate: 2024-08-13T13:39:10Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-13-cvss +SPDXID: SPDXRef-16-cvss PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss -PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 +PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 +ReleaseDate: 2024-11-01T10:05:52Z +ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases +ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss +ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues +ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml -SPDXID: SPDXRef-14-defusedxml +SPDXID: SPDXRef-17-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) -PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files +PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml FilesAnalyzed: false PackageHomePage: https://github.com/tiran/defusedxml -PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184 +PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: XML bomb protection for Python stdlib modules +ReleaseDate: 2021-03-08T10:59:24Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro -SPDXID: SPDXRef-15-distro +SPDXID: SPDXRef-18-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-distro/distro +PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Distro - an OS platform information API +ReleaseDate: 2023-12-24T09:54:30Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-16-filetype +SPDXID: SPDXRef-19-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) -PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files +PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master FilesAnalyzed: false PackageHomePage: https://github.com/h2non/filetype.py -PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585 +PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies. +ReleaseDate: 2022-11-02T17:34:01Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:* ##### PackageName: gsutil -SPDXID: SPDXRef-17-gsutil -PackageVersion: 5.32 +SPDXID: SPDXRef-20-gsutil +PackageVersion: 5.33 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files +PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil +PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* +ReleaseDate: 2024-12-11T09:40:59Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-18-argcomplete +SPDXID: SPDXRef-21-argcomplete PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete -PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc +PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse +ReleaseDate: 2024-12-06T18:24:27Z +ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete +ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete +ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues +ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-19-crcmod +SPDXID: SPDXRef-22-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) -PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files +PackageDownloadLocation: http://sourceforge.net/projects/crcmod FilesAnalyzed: false PackageHomePage: http://crcmod.sourceforge.net/ +PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CRC Generator +ReleaseDate: 2010-06-27T14:35:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-20-fasteners +SPDXID: SPDXRef-23-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files FilesAnalyzed: false PackageHomePage: https://github.com/harlowja/fasteners -PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4 +PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks +ReleaseDate: 2023-09-19T17:11:18Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-21-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-24-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files +PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin FilesAnalyzed: false PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary -PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb +PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. +ReleaseDate: 2024-05-02T14:37:31Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### -PackageName: boto -SPDXID: SPDXRef-22-boto -PackageVersion: 2.49.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) -PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/boto/boto/ -PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Amazon Web Services Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* -##### - -PackageName: google-auth -SPDXID: SPDXRef-23-google-auth -PackageVersion: 2.17.0 +PackageName: rsa +SPDXID: SPDXRef-25-rsa +PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files FilesAnalyzed: false -PackageHomePage: https://github.com/googleapis/google-auth-library-python -PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 +PackageHomePage: https://stuvel.eu/rsa +PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-24-cachetools -PackageVersion: 5.5.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/tkem/cachetools/ -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* -##### - -PackageName: pyasn1-modules -SPDXID: SPDXRef-25-pyasn1-modules -PackageVersion: 0.4.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1-modules -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ReleaseDate: 2021-02-24T10:55:03Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: pyasn1 @@ -436,153 +548,171 @@ PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyasn1/pyasn1 +PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ReleaseDate: 2024-09-10T22:41:42Z +ExternalRef: OTHER documentation https://pyasn1.readthedocs.io +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1 +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues +ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-27-rsa -PackageVersion: 4.7.2 +PackageName: boto +SPDXID: SPDXRef-27-boto +PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files +PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files FilesAnalyzed: false -PackageHomePage: https://stuvel.eu/rsa -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageHomePage: https://github.com/boto/boto/ +PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Amazon Web Services Library +ReleaseDate: 2018-07-11T20:58:55Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* +##### + +PackageName: google-reauth +SPDXID: SPDXRef-28-google-reauth +PackageVersion: 0.1.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/Google/google-reauth-python +PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ReleaseDate: 2020-12-01T17:35:45Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +##### + +PackageName: pyu2f +SPDXID: SPDXRef-29-pyu2f +PackageVersion: 0.1.5 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/google/pyu2f/ +PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: U2F host library for interacting with a U2F device over USB. +ReleaseDate: 2020-10-30T20:03:07Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-28-six +SPDXID: SPDXRef-30-six PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six +PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities +ReleaseDate: 2024-12-04T17:35:26Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### -PackageName: google-auth-httplib2 -SPDXID: SPDXRef-29-google-auth-httplib2 -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 -PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library: httplib2 transport -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* -##### - PackageName: httplib2 -SPDXID: SPDXRef-30-httplib2 +SPDXID: SPDXRef-31-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/httplib2/httplib2 -PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4 +PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A comprehensive HTTP client library. +ReleaseDate: 2022-02-03T00:00:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-31-pyparsing +SPDXID: SPDXRef-32-pyparsing PackageVersion: 3.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ +PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars +ReleaseDate: 2024-10-13T10:01:13Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-32-google-reauth -PackageVersion: 0.1.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/Google/google-reauth-python -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* -##### - -PackageName: pyu2f -SPDXID: SPDXRef-33-pyu2f -PackageVersion: 0.1.5 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/google/pyu2f/ -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* -##### - PackageName: oauth2client -SPDXID: SPDXRef-34-oauth2client +SPDXID: SPDXRef-33-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/oauth2client/ -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: OAuth 2.0 client library +ReleaseDate: 2018-09-07T21:38:16Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### +PackageName: pyasn1-modules +SPDXID: SPDXRef-34-pyasn1-modules +PackageVersion: 0.4.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ReleaseDate: 2024-09-10T22:42:08Z +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues +ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +##### + PackageName: pyopenssl SPDXID: SPDXRef-35-pyopenssl PackageVersion: 24.2.1 @@ -591,11 +721,14 @@ PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ +PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library +ReleaseDate: 2024-07-20T17:26:29Z +ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### @@ -608,10 +741,16 @@ PackageSupplier: Organization: The cryptography developers The Python Cryptograp PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography +PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. +ReleaseDate: 2024-10-18T15:57:36Z +ExternalRef: OTHER documentation https://cryptography.io/ +ExternalRef: OTHER vcs https://github.com/pyca/cryptography/ +ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues +ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### @@ -624,11 +763,18 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org -PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 +PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Foreign Function Interface for Python calling C code. +ReleaseDate: 2024-09-04T20:43:30Z +ExternalRef: OTHER documentation http://cffi.readthedocs.org/ +ExternalRef: OTHER vcs https://github.com/python-cffi/cffi +ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues +ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html +ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases +ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:* ##### @@ -641,11 +787,12 @@ PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files FilesAnalyzed: false PackageHomePage: https://github.com/eliben/pycparser -PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 +PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: C parser in Python +ReleaseDate: 2024-03-30T13:22:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:* ##### @@ -658,652 +805,835 @@ PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/pnpnpn/retry-decorator -PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 +PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Retry Decorator +ReleaseDate: 2020-03-10T23:56:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### +PackageName: google-auth +SPDXID: SPDXRef-40-google-auth +PackageVersion: 2.17.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/googleapis/google-auth-library-python +PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library +ReleaseDate: 2023-03-28T19:51:30Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +##### + +PackageName: cachetools +SPDXID: SPDXRef-41-cachetools +PackageVersion: 5.5.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/tkem/cachetools/ +PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ReleaseDate: 2024-08-18T20:28:43Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +##### + +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-42-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 +PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library: httplib2 transport +ReleaseDate: 2023-12-12T17:40:13Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: google-apitools -SPDXID: SPDXRef-40-google-apitools +SPDXID: SPDXRef-43-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/apitools -PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1 +PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: client libraries for humans +ReleaseDate: 2021-05-05T22:12:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-41-monotonic +SPDXID: SPDXRef-44-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/atdt/monotonic -PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad +PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 +ReleaseDate: 2021-04-09T21:58:05Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-42-jinja2 +SPDXID: SPDXRef-45-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files FilesAnalyzed: false -PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57 +PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. +ReleaseDate: 2024-05-05T23:41:59Z +ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/ +ExternalRef: OTHER chat https://discord.gg/pallets +ExternalRef: OTHER documentation https://jinja.palletsprojects.com/ +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER vcs https://github.com/pallets/jinja/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-43-markupsafe +SPDXID: SPDXRef-46-markupsafe PackageVersion: 3.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c +PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION -PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: markupsafe declares Copyright 2010 Pallets + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. +ReleaseDate: 2024-10-18T15:20:51Z +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/ +ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/ +ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/ +ExternalRef: OTHER chat https://discord.gg/pallets ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### PackageName: jsonschema -SPDXID: SPDXRef-44-jsonschema +SPDXID: SPDXRef-47-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema +PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python +ReleaseDate: 2024-07-08T18:40:00Z +ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-45-jsonschema-specifications +SPDXID: SPDXRef-48-jsonschema-specifications PackageVersion: 2024.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications -PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549 +PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ReleaseDate: 2024-10-08T12:29:30Z +ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:* ##### PackageName: referencing -SPDXID: SPDXRef-46-referencing +SPDXID: SPDXRef-49-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/referencing -PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845 +PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python +ReleaseDate: 2024-05-01T20:26:02Z +ExternalRef: OTHER documentation https://referencing.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/ +ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-47-rpds-py +SPDXID: SPDXRef-50-rpds-py PackageVersion: 0.22.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ReleaseDate: 2024-12-04T15:31:31Z +ExternalRef: OTHER documentation https://rpds.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/crate-py/rpds +ExternalRef: OTHER other https://github.com/orium/rpds ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-48-lib4sbom -PackageVersion: 0.7.5 +SPDXID: SPDXRef-51-lib4sbom +PackageVersion: 0.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom +PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:* +ReleaseDate: 2024-12-09T20:13:26Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-49-pyyaml +SPDXID: SPDXRef-52-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files +PackageDownloadLocation: https://pypi.org/project/PyYAML/ FilesAnalyzed: false PackageHomePage: https://pyyaml.org/ +PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python +ReleaseDate: 2024-08-06T20:31:40Z +ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues +ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions +ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation +ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core +ExternalRef: OTHER vcs https://github.com/yaml/pyyaml ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:* ##### PackageName: semantic-version -SPDXID: SPDXRef-50-semantic-version +SPDXID: SPDXRef-53-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/rbarrois/python-semanticversion -PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a +PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A library implementing the 'SemVer' scheme. +ReleaseDate: 2022-05-26T13:35:21Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### PackageName: lib4vex -SPDXID: SPDXRef-51-lib4vex +SPDXID: SPDXRef-54-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4vex -PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2 +PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library +ReleaseDate: 2024-08-29T20:36:52Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-52-csaf-tool +SPDXID: SPDXRef-55-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/csaf -PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4 +PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CSAF generator and analyser +ReleaseDate: 2024-06-12T20:10:06Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-53-packageurl-python +SPDXID: SPDXRef-56-packageurl-python PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 +PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder +ReleaseDate: 2024-10-22T05:51:23Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich -SPDXID: SPDXRef-54-rich +SPDXID: SPDXRef-57-rich PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich -PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 +PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ReleaseDate: 2024-11-01T16:43:55Z +ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-55-markdown-it-py +SPDXID: SPDXRef-58-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/markdown-it-py -PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d +PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ReleaseDate: 2023-06-03T06:41:11Z +ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* ##### PackageName: mdurl -SPDXID: SPDXRef-56-mdurl +SPDXID: SPDXRef-59-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/mdurl -PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e +PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Markdown URL utilities +ReleaseDate: 2022-08-14T12:40:09Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### PackageName: pygments -SPDXID: SPDXRef-57-pygments +SPDXID: SPDXRef-60-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files FilesAnalyzed: false PackageHomePage: https://pygments.org -PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb +PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. +ReleaseDate: 2024-05-04T13:41:57Z +ExternalRef: OTHER documentation https://pygments.org/docs +ExternalRef: OTHER vcs https://github.com/pygments/pygments +ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues +ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### +PackageName: python-gnupg +SPDXID: SPDXRef-61-python-gnupg +PackageVersion: 0.5.3 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) +ReleaseDate: 2024-09-20T16:43:47Z +ExternalRef: OTHER documentation https://gnupg.readthedocs.io/ +ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg +ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* +##### + PackageName: packaging -SPDXID: SPDXRef-58-packaging +SPDXID: SPDXRef-62-packaging PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f +PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages +ReleaseDate: 2024-11-08T09:47:44Z +ExternalRef: OTHER documentation https://packaging.pypa.io/ +ExternalRef: OTHER vcs https://github.com/pypa/packaging ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-59-plotly +SPDXID: SPDXRef-63-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files FilesAnalyzed: false PackageHomePage: https://plotly.com/python/ +PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python +ReleaseDate: 2024-09-12T15:36:24Z +ExternalRef: OTHER documentation https://plotly.com/python/ +ExternalRef: OTHER vcs https://github.com/plotly/plotly.py +ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-60-tenacity +SPDXID: SPDXRef-64-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/jd/tenacity -PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb +PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds +ReleaseDate: 2024-07-29T12:12:25Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### -PackageName: python-gnupg -SPDXID: SPDXRef-61-python-gnupg -PackageVersion: 0.5.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/vsajip/python-gnupg -PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* -##### - PackageName: requests -SPDXID: SPDXRef-62-requests +SPDXID: SPDXRef-65-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files FilesAnalyzed: false PackageHomePage: https://requests.readthedocs.io -PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068 +PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python HTTP for Humans. +ReleaseDate: 2024-05-29T15:37:47Z +ExternalRef: OTHER documentation https://requests.readthedocs.io +ExternalRef: OTHER vcs https://github.com/psf/requests ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:* ##### -PackageName: certifi -SPDXID: SPDXRef-63-certifi -PackageVersion: 2024.8.30 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/certifi/python-certifi -PackageLicenseDeclared: MPL-2.0 -PackageLicenseConcluded: MPL-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:* -##### - PackageName: charset-normalizer -SPDXID: SPDXRef-64-charset-normalizer +SPDXID: SPDXRef-66-charset-normalizer PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Ousret/charset_normalizer +PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ReleaseDate: 2024-10-09T07:38:02Z +ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues +ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-65-urllib3 +SPDXID: SPDXRef-67-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false -PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df +PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ReleaseDate: 2024-09-12T10:52:16Z +ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst +ExternalRef: OTHER documentation https://urllib3.readthedocs.io +ExternalRef: OTHER vcs https://github.com/urllib3/urllib3 +ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:* ##### +PackageName: certifi +SPDXID: SPDXRef-68-certifi +PackageVersion: 2024.12.14 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) +PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/certifi/python-certifi +PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 +PackageLicenseDeclared: MPL-2.0 +PackageLicenseConcluded: MPL-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Python package for providing Mozilla's CA Bundle. +ReleaseDate: 2024-12-14T13:52:36Z +ExternalRef: OTHER vcs https://github.com/certifi/python-certifi +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:* +##### + PackageName: rpmfile -SPDXID: SPDXRef-66-rpmfile +SPDXID: SPDXRef-69-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/srossross/rpmfile -PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5 +PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Read rpm archive files +ReleaseDate: 2024-07-24T21:57:45Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### PackageName: setuptools -SPDXID: SPDXRef-67-setuptools +SPDXID: SPDXRef-70-setuptools PackageVersion: 75.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files FilesAnalyzed: false +PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ReleaseDate: 2024-11-20T18:16:10Z +ExternalRef: OTHER vcs https://github.com/pypa/setuptools +ExternalRef: OTHER documentation https://setuptools.pypa.io/ +ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:* ##### PackageName: xmlschema -SPDXID: SPDXRef-68-xmlschema +SPDXID: SPDXRef-71-xmlschema PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema +PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder +ReleaseDate: 2024-10-31T09:47:12Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-69-elementpath +SPDXID: SPDXRef-72-elementpath PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath +PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml +ReleaseDate: 2024-10-27T21:52:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### -PackageName: zipp -SPDXID: SPDXRef-70-zipp -PackageVersion: 3.21.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* -##### - PackageName: zstandard -SPDXID: SPDXRef-71-zstandard +SPDXID: SPDXRef-73-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/indygreg/python-zstandard +PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python +ReleaseDate: 2024-07-15T00:13:27Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-11-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-distro +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-filetype Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-42-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jsonschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-lib4sbom -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-pyyaml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4vex -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-packageurl-python -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4sbom +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-pyyaml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4vex +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-rich Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-python-gnupg -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-rpmfile -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-xmlschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-zipp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-zstandard -Relationship: SPDXRef-11-beautifulsoup4 DEPENDS_ON SPDXRef-12-soupsieve -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-18-argcomplete -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-19-crcmod -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-20-fasteners -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-21-gcs-oauth2-boto-plugin -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-23-google-auth -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-29-google-auth-httplib2 -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-30-httplib2 -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-32-google-reauth -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-35-pyopenssl -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-39-retry-decorator -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-40-google-apitools -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-41-monotonic +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-requests +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-rpmfile +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-setuptools +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zstandard +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-10-multidict +Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-11-propcache +Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-13-idna +Relationship: SPDXRef-14-beautifulsoup4 DEPENDS_ON SPDXRef-15-soupsieve +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-propcache -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-auth-httplib2 -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-httplib2 -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-google-reauth -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator -Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-24-cachetools -Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-25-pyasn1-modules -Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-27-rsa -Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-25-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1 -Relationship: SPDXRef-27-rsa DEPENDS_ON SPDXRef-26-pyasn1 -Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-23-google-auth -Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-30-httplib2 -Relationship: SPDXRef-30-httplib2 DEPENDS_ON SPDXRef-31-pyparsing -Relationship: SPDXRef-32-google-reauth DEPENDS_ON SPDXRef-33-pyu2f -Relationship: SPDXRef-33-pyu2f DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-25-pyasn1-modules -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-pyasn1 -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-rsa -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-21-argcomplete +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-22-crcmod +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-23-fasteners +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-24-gcs-oauth2-boto-plugin +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-28-google-reauth +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-35-pyopenssl +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-39-retry-decorator +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-40-google-auth +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-42-google-auth-httplib2 +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-43-google-apitools +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-44-monotonic +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-rsa +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-boto +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-google-reauth +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-oauth2client +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-42-google-auth-httplib2 +Relationship: SPDXRef-25-rsa DEPENDS_ON SPDXRef-26-pyasn1 +Relationship: SPDXRef-28-google-reauth DEPENDS_ON SPDXRef-29-pyu2f +Relationship: SPDXRef-29-pyu2f DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-31-httplib2 DEPENDS_ON SPDXRef-32-pyparsing +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-25-rsa +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-26-pyasn1 +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-34-pyasn1-modules +Relationship: SPDXRef-34-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1 Relationship: SPDXRef-35-pyopenssl DEPENDS_ON SPDXRef-36-cryptography Relationship: SPDXRef-36-cryptography DEPENDS_ON SPDXRef-37-cffi Relationship: SPDXRef-37-cffi DEPENDS_ON SPDXRef-38-pycparser Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-20-fasteners -Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-30-httplib2 -Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-34-oauth2client -Relationship: SPDXRef-42-jinja2 DEPENDS_ON SPDXRef-43-markupsafe -Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-45-jsonschema-specifications -Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-46-referencing -Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-47-rpds-py -Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-45-jsonschema-specifications DEPENDS_ON SPDXRef-46-referencing -Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-47-rpds-py -Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-14-defusedxml -Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-49-pyyaml -Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-50-semantic-version -Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-48-lib4sbom -Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-52-csaf-tool -Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-53-packageurl-python -Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-53-packageurl-python -Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-54-rich -Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-55-markdown-it-py -Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments -Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl -Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging -Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-10-idna -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath -Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna -Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-8-propcache +Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-25-rsa +Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-34-pyasn1-modules +Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-41-cachetools +Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-40-google-auth +Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-23-fasteners +Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-33-oauth2client +Relationship: SPDXRef-45-jinja2 DEPENDS_ON SPDXRef-46-markupsafe +Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-48-jsonschema-specifications +Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-49-referencing +Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-50-rpds-py +Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-48-jsonschema-specifications DEPENDS_ON SPDXRef-49-referencing +Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-50-rpds-py +Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-17-defusedxml +Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-52-pyyaml +Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-53-semantic-version +Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-51-lib4sbom +Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-55-csaf-tool +Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-56-packageurl-python +Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python +Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich +Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py +Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments +Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl +Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata +Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging +Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity +Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-13-idna +Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-66-charset-normalizer +Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-67-urllib3 +Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-68-certifi +Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-71-xmlschema DEPENDS_ON SPDXRef-72-elementpath +Relationship: SPDXRef-73-zstandard DEPENDS_ON SPDXRef-37-cffi Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From 114ac569860447ba865c7db9fc9500643aa7f223 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:50:23 +0000 Subject: [PATCH 38/47] chore: update SBOM for Python 3.12 (#4625) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 2992 ++++++++++++++++++++++----------- sbom/cve-bin-tool-py3.12.spdx | 1098 +++++++----- 2 files changed, 2695 insertions(+), 1395 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 10554f9235..1d141c581a 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:d683370e-a755-4d53-bb8c-717dc6173956", + "serialNumber": "urn:uuid:2fbc005e-051d-4dd7-8f24-b4905f4d23f2", "version": 1, "metadata": { - "timestamp": "2024-12-09T00:40:28Z", + "timestamp": "2024-12-16T00:38:53Z", "lifecycles": [ { "phase": "build" @@ -15,7 +15,7 @@ "components": [ { "name": "sbom4python", - "version": "0.11.3", + "version": "0.12.1", "type": "application" } ] @@ -42,6 +42,12 @@ }, "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", + "hashes": [ + { + "alg": "SHA-256", + "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d" + } + ], "licenses": [ { "license": { @@ -65,6 +71,10 @@ ], "purl": "pkg:pypi/cve-bin-tool@3.4", "properties": [ + { + "name": "release_date", + "value": "2024-09-17T18:57:44Z" + }, { "name": "language", "value": "Python" @@ -81,6 +91,12 @@ "name": "aiohttp", "version": "3.11.10", "description": "Async http client/server framework (asyncio)", + "hashes": [ + { + "alg": "SHA-256", + "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d" + } + ], "licenses": [ { "license": { @@ -100,10 +116,46 @@ "url": "https://pypi.org/project/aiohttp/3.11.10/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiohttp", + "type": "other" + }, + { + "url": "https://docs.aiohttp.org/en/stable/changes.html", + "type": "log" + }, + { + "url": "https://docs.aiohttp.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohttp", + "type": "vcs" } ], "purl": "pkg:pypi/aiohttp@3.11.10", "properties": [ + { + "name": "release_date", + "value": "2024-12-05T23:51:02Z" + }, { "name": "language", "value": "Python" @@ -111,10 +163,6 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-12-05T23:51:02.000Z" } ] }, @@ -133,6 +181,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-256", + "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8" + } + ], "licenses": [ { "license": { @@ -152,10 +206,30 @@ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://aiohappyeyeballs.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs", + "type": "vcs" } ], "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -163,10 +237,6 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -174,14 +244,8 @@ "type": "library", "bom-ref": "4-aiosignal", "name": "aiosignal", - "version": "1.3.1", + "version": "1.3.2", "description": "aiosignal: a list of registered asynchronous callbacks", - "hashes": [ - { - "alg": "SHA-1", - "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3" - } - ], "licenses": [ { "license": { @@ -198,13 +262,41 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiosignal/1.3.1/#files", + "url": "https://pypi.org/project/aiosignal/1.3.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiosignal", + "type": "other" + }, + { + "url": "https://docs.aiosignal.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiosignal", + "type": "vcs" } ], - "purl": "pkg:pypi/aiosignal@1.3.1", + "purl": "pkg:pypi/aiosignal@1.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -212,10 +304,6 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2022-11-08T16:03:57.000Z" } ] }, @@ -225,6 +313,12 @@ "name": "frozenlist", "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", + "hashes": [ + { + "alg": "SHA-256", + "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a" + } + ], "licenses": [ { "license": { @@ -244,10 +338,50 @@ "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/frozenlist", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog", + "type": "log" + }, + { + "url": "https://frozenlist.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/frozenlist", + "type": "vcs" } ], "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-23T09:46:20Z" + }, { "name": "language", "value": "Python" @@ -255,10 +389,6 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-10-23T09:46:20.000Z" } ] }, @@ -279,8 +409,8 @@ "description": "Classes Without Boilerplate", "hashes": [ { - "alg": "SHA-1", - "content": "6771a04893780166e4b7826b63599f43ac30d00a" + "alg": "SHA-256", + "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2" } ], "externalReferences": [ @@ -288,10 +418,34 @@ "url": "https://pypi.org/project/attrs/24.2.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.attrs.org/", + "type": "documentation" + }, + { + "url": "https://www.attrs.org/en/stable/changelog.html", + "type": "log" + }, + { + "url": "https://github.com/python-attrs/attrs", + "type": "vcs" + }, + { + "url": "https://github.com/sponsors/hynek", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi", + "type": "other" } ], "purl": "pkg:pypi/attrs@24.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T14:37:36Z" + }, { "name": "language", "value": "Python" @@ -299,57 +453,47 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-08-06T14:37:36.000Z" } ] }, { "type": "library", - "bom-ref": "7-multidict", - "name": "multidict", - "version": "6.1.0", + "bom-ref": "7-importlib-metadata", + "name": "importlib-metadata", + "version": "8.0.0", "supplier": { - "name": "Andrew Svetlov", + "name": "Jason R .", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", - "description": "multidict implementation", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*", + "description": "Read metadata from Python packages", "hashes": [ { - "alg": "SHA-1", - "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/multidict/6.1.0/#files", + "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_metadata", + "type": "vcs" } ], - "purl": "pkg:pypi/multidict@6.1.0", + "purl": "pkg:pypi/importlib-metadata@8.0.0", "properties": [ + { + "name": "release_date", + "value": "2024-06-25T18:38:02Z" + }, { "name": "language", "value": "Python" @@ -357,51 +501,47 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-09T23:47:18.000Z" } ] }, { "type": "library", - "bom-ref": "8-propcache", - "name": "propcache", - "version": "0.2.1", + "bom-ref": "8-zipp", + "name": "zipp", + "version": "3.21.0", "supplier": { - "name": "Andrew Svetlov", + "name": "Jason R .", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", - "description": "Accelerated property cache", - "licenses": [ + "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", + "description": "Backport of pathlib-compatible object wrapper for zip files", + "hashes": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/propcache", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/propcache/0.2.1/#files", + "url": "https://pypi.org/project/zipp/3.21.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/jaraco/zipp", + "type": "vcs" } ], - "purl": "pkg:pypi/propcache@0.2.1", + "purl": "pkg:pypi/zipp@3.21.0", "properties": [ + { + "name": "release_date", + "value": "2024-11-10T15:05:19Z" + }, { "name": "language", "value": "Python" @@ -414,80 +554,63 @@ }, { "type": "library", - "bom-ref": "9-yarl", - "name": "yarl", - "version": "1.18.3", + "bom-ref": "9-typing-extensions", + "name": "typing-extensions", + "version": "4.12.2", "supplier": { - "name": "Andrew Svetlov", + "name": "Guido van Jukka ukasz Michael", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "levkivskyi@gmail.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", - "description": "Yet another URL library", - "licenses": [ + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", + "description": "Backported and Experimental Type Hints for Python 3.8+", + "hashes": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/python/typing_extensions", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.18.3/#files", + "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/yarl@1.18.3", - "properties": [ + }, { - "name": "language", - "value": "Python" + "url": "https://github.com/python/typing_extensions/issues", + "type": "issue-tracker" }, { - "name": "python_version", - "value": "3.12.8" + "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md", + "type": "log" }, { - "name": "package_release_date", - "value": "2024-12-01T20:32:32.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "10-idna", - "name": "idna", - "version": "3.10", - "supplier": { - "name": "Kim Davies", - "contact": [ - { - "email": "kim+pypi@gumleaf.org" - } - ] - }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", - "externalReferences": [ + "url": "https://typing-extensions.readthedocs.io/", + "type": "documentation" + }, { - "url": "https://pypi.org/project/idna/3.10/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://github.com/python/typing/discussions", + "type": "other" + }, + { + "url": "https://github.com/python/typing_extensions", + "type": "vcs" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/typing-extensions@4.12.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-07T18:52:13Z" + }, { "name": "language", "value": "Python" @@ -495,68 +618,412 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-15T18:07:37.000Z" } ] }, { "type": "library", - "bom-ref": "11-beautifulsoup4", - "name": "beautifulsoup4", - "version": "4.12.3", + "bom-ref": "10-multidict", + "name": "multidict", + "version": "6.1.0", "supplier": { - "name": "Leonard Richardson", + "name": "Andrew Svetlov", "contact": [ { - "email": "leonardr@segfault.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", - "description": "Screen-scraping library", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", + "description": "multidict implementation", + "hashes": [ + { + "alg": "SHA-256", + "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60" + } + ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://www.crummy.com/software/BeautifulSoup/bs4/", + "url": "https://github.com/aio-libs/multidict", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", + "url": "https://pypi.org/project/multidict/6.1.0/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/beautifulsoup4@4.12.3", - "properties": [ + }, { - "name": "language", - "value": "Python" + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" }, { - "name": "python_version", + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/multidict", + "type": "other" + }, + { + "url": "https://multidict.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://multidict.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/multidict", + "type": "vcs" + } + ], + "purl": "pkg:pypi/multidict@6.1.0", + "properties": [ + { + "name": "release_date", + "value": "2024-09-09T23:47:18Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.8" + } + ] + }, + { + "type": "library", + "bom-ref": "11-propcache", + "name": "propcache", + "version": "0.2.1", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*", + "description": "Accelerated property cache", + "hashes": [ + { + "alg": "SHA-256", + "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/propcache", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/propcache/0.2.1/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/propcache", + "type": "other" + }, + { + "url": "https://propcache.readthedocs.io/en/latest/changes/", + "type": "log" + }, + { + "url": "https://propcache.readthedocs.io", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/propcache", + "type": "vcs" + } + ], + "purl": "pkg:pypi/propcache@0.2.1", + "properties": [ + { + "name": "release_date", + "value": "2024-12-01T18:27:02Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.8" + } + ] + }, + { + "type": "library", + "bom-ref": "12-yarl", + "name": "yarl", + "version": "1.18.3", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.18.3/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/yarl", + "type": "other" + }, + { + "url": "https://yarl.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://yarl.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/yarl", + "type": "vcs" + } + ], + "purl": "pkg:pypi/yarl@1.18.3", + "properties": [ + { + "name": "release_date", + "value": "2024-12-01T20:32:32Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", "value": "3.12.8" + } + ] + }, + { + "type": "library", + "bom-ref": "13-idna", + "name": "idna", + "version": "3.10", + "supplier": { + "name": "Kim Davies", + "contact": [ + { + "email": "kim+pypi@gumleaf.org" + } + ] + }, + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-256", + "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/idna/3.10/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst", + "type": "log" + }, + { + "url": "https://github.com/kjd/idna/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kjd/idna", + "type": "vcs" + } + ], + "purl": "pkg:pypi/idna@3.10", + "properties": [ + { + "name": "release_date", + "value": "2024-09-15T18:07:37Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.8" + } + ] + }, + { + "type": "library", + "bom-ref": "14-beautifulsoup4", + "name": "beautifulsoup4", + "version": "4.12.3", + "supplier": { + "name": "Leonard Richardson", + "contact": [ + { + "email": "leonardr@segfault.org" + } + ] + }, + "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", + "description": "Screen-scraping library", + "hashes": [ + { + "alg": "SHA-256", + "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/", + "type": "website", + "comment": "Home page for project" }, { - "name": "package_release_date", - "value": "2024-01-17T16:53:12.000Z" + "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/", + "type": "other" + } + ], + "purl": "pkg:pypi/beautifulsoup4@4.12.3", + "properties": [ + { + "name": "release_date", + "value": "2024-01-17T16:53:12Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.8" } ] }, { "type": "library", - "bom-ref": "12-soupsieve", + "bom-ref": "15-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -571,8 +1038,8 @@ "description": "A modern CSS selector implementation for Beautiful Soup.", "hashes": [ { - "alg": "SHA-1", - "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + "alg": "SHA-256", + "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9" } ], "externalReferences": [ @@ -589,6 +1056,10 @@ ], "purl": "pkg:pypi/soupsieve@2.6", "properties": [ + { + "name": "release_date", + "value": "2024-08-13T13:39:10Z" + }, { "name": "language", "value": "Python" @@ -601,7 +1072,7 @@ }, { "type": "library", - "bom-ref": "13-cvss", + "bom-ref": "16-cvss", "name": "cvss", "version": "3.3", "supplier": { @@ -616,8 +1087,8 @@ "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { - "alg": "SHA-1", - "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + "alg": "SHA-256", + "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1" } ], "licenses": [ @@ -639,10 +1110,30 @@ "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/releases", + "type": "other" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "vcs" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/actions", + "type": "build-system" } ], "purl": "pkg:pypi/cvss@3.3", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T10:05:52Z" + }, { "name": "language", "value": "Python" @@ -650,16 +1141,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-11-01T10:05:52.000Z" } ] }, { "type": "library", - "bom-ref": "14-defusedxml", + "bom-ref": "17-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -674,8 +1161,8 @@ "description": "XML bomb protection for Python stdlib modules", "hashes": [ { - "alg": "SHA-1", - "content": "ebff1b493751e2f0775314bdd4188d64f07ea184" + "alg": "SHA-256", + "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61" } ], "licenses": [ @@ -694,13 +1181,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/defusedxml/0.7.1/#files", + "url": "https://pypi.python.org/pypi/defusedxml", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/defusedxml@0.7.1", "properties": [ + { + "name": "release_date", + "value": "2021-03-08T10:59:24Z" + }, { "name": "language", "value": "Python" @@ -708,16 +1199,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2021-03-08T10:59:24.000Z" } ] }, { "type": "library", - "bom-ref": "15-distro", + "bom-ref": "18-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -730,6 +1217,12 @@ }, "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*", "description": "Distro - an OS platform information API", + "hashes": [ + { + "alg": "SHA-256", + "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2" + } + ], "licenses": [ { "license": { @@ -753,6 +1246,10 @@ ], "purl": "pkg:pypi/distro@1.9.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-24T09:54:30Z" + }, { "name": "language", "value": "Python" @@ -760,16 +1257,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2023-12-24T09:54:30.000Z" } ] }, { "type": "library", - "bom-ref": "16-filetype", + "bom-ref": "19-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -784,15 +1277,15 @@ "description": "Infer file type and MIME type of any file/buffer. No external dependencies.", "hashes": [ { - "alg": "SHA-1", - "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585" + "alg": "SHA-256", + "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -804,13 +1297,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/filetype/1.2.0/#files", + "url": "https://github.com/h2non/filetype.py/tarball/master", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/filetype@1.2.0", "properties": [ + { + "name": "release_date", + "value": "2022-11-02T17:34:01Z" + }, { "name": "language", "value": "Python" @@ -818,18 +1315,14 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2022-11-02T17:34:01.000Z" } ] }, { "type": "library", - "bom-ref": "17-gsutil", + "bom-ref": "20-gsutil", "name": "gsutil", - "version": "5.31", + "version": "5.33", "supplier": { "name": "Google Inc .", "contact": [ @@ -838,8 +1331,14 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", + "hashes": [ + { + "alg": "SHA-256", + "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856" + } + ], "licenses": [ { "license": { @@ -856,13 +1355,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.31/#files", + "url": "https://cloud.google.com/storage/docs/gsutil_install", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.31", + "purl": "pkg:pypi/gsutil@5.33", "properties": [ + { + "name": "release_date", + "value": "2024-12-11T09:40:59Z" + }, { "name": "language", "value": "Python" @@ -875,7 +1378,7 @@ }, { "type": "library", - "bom-ref": "18-argcomplete", + "bom-ref": "21-argcomplete", "name": "argcomplete", "version": "3.5.2", "supplier": { @@ -890,8 +1393,8 @@ "description": "Bash tab completion for argparse", "hashes": [ { - "alg": "SHA-1", - "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + "alg": "SHA-256", + "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472" } ], "licenses": [ @@ -913,10 +1416,30 @@ "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://kislyuk.github.io/argcomplete", + "type": "documentation" + }, + { + "url": "https://github.com/kislyuk/argcomplete", + "type": "vcs" + }, + { + "url": "https://github.com/kislyuk/argcomplete/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst", + "type": "log" } ], "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ + { + "name": "release_date", + "value": "2024-12-06T18:24:27Z" + }, { "name": "language", "value": "Python" @@ -924,16 +1447,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-12-06T18:24:27.000Z" } ] }, { "type": "library", - "bom-ref": "19-crcmod", + "bom-ref": "22-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -946,11 +1465,17 @@ }, "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*", "description": "CRC Generator", + "hashes": [ + { + "alg": "SHA-256", + "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -962,13 +1487,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/crcmod/1.7/#files", + "url": "http://sourceforge.net/projects/crcmod", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/crcmod@1.7", "properties": [ + { + "name": "release_date", + "value": "2010-06-27T14:35:29Z" + }, { "name": "language", "value": "Python" @@ -981,7 +1510,7 @@ }, { "type": "library", - "bom-ref": "20-fasteners", + "bom-ref": "23-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -991,8 +1520,8 @@ "description": "A python package that provides useful locks", "hashes": [ { - "alg": "SHA-1", - "content": "06c3f06cab4e135b8d921932019a231c180eb9f4" + "alg": "SHA-256", + "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237" } ], "licenses": [ @@ -1018,6 +1547,10 @@ ], "purl": "pkg:pypi/fasteners@0.19", "properties": [ + { + "name": "release_date", + "value": "2023-09-19T17:11:18Z" + }, { "name": "language", "value": "Python" @@ -1030,7 +1563,7 @@ }, { "type": "library", - "bom-ref": "21-gcs-oauth2-boto-plugin", + "bom-ref": "24-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -1045,8 +1578,8 @@ "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "hashes": [ { - "alg": "SHA-1", - "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb" + "alg": "SHA-256", + "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843" } ], "licenses": [ @@ -1065,13 +1598,149 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", + "properties": [ + { + "name": "release_date", + "value": "2024-05-02T14:37:31Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.8" + } + ] + }, + { + "type": "library", + "bom-ref": "25-rsa", + "name": "rsa", + "version": "4.7.2", + "supplier": { + "name": "Sybren A . Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", + "hashes": [ + { + "alg": "SHA-256", + "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://stuvel.eu/rsa", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/rsa/4.7.2/#files", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/rsa@4.7.2", + "properties": [ + { + "name": "release_date", + "value": "2021-02-24T10:55:03Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.8" + } + ] + }, + { + "type": "library", + "bom-ref": "26-pyasn1", + "name": "pyasn1", + "version": "0.6.1", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "hashes": [ + { + "alg": "SHA-256", + "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/pyasn1/pyasn1", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pyasn1/0.6.1/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://pyasn1.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/pyasn1/pyasn1", + "type": "vcs" + }, + { + "url": "https://github.com/pyasn1/pyasn1/issues", + "type": "issue-tracker" + }, + { + "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html", + "type": "log" } ], - "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", + "purl": "pkg:pypi/pyasn1@0.6.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:41:42Z" + }, { "name": "language", "value": "Python" @@ -1079,16 +1748,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-05-02T14:37:31.000Z" } ] }, { "type": "library", - "bom-ref": "22-boto", + "bom-ref": "27-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -1103,15 +1768,15 @@ "description": "Amazon Web Services Library", "hashes": [ { - "alg": "SHA-1", - "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3" + "alg": "SHA-256", + "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1130,6 +1795,10 @@ ], "purl": "pkg:pypi/boto@2.49.0", "properties": [ + { + "name": "release_date", + "value": "2018-07-11T20:58:55Z" + }, { "name": "language", "value": "Python" @@ -1137,32 +1806,28 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2018-07-11T20:58:55.000Z" } ] }, { "type": "library", - "bom-ref": "23-google-auth", - "name": "google-auth", - "version": "2.17.0", + "bom-ref": "28-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Google Cloud Platform", + "name": "Google", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", "hashes": [ { - "alg": "SHA-1", - "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" + "alg": "SHA-256", + "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368" } ], "licenses": [ @@ -1176,18 +1841,22 @@ ], "externalReferences": [ { - "url": "https://github.com/googleapis/google-auth-library-python", + "url": "https://github.com/Google/google-reauth-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth/2.17.0/#files", + "url": "https://pypi.org/project/google-reauth/0.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.17.0", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-12-01T17:35:45Z" + }, { "name": "language", "value": "Python" @@ -1200,94 +1869,52 @@ }, { "type": "library", - "bom-ref": "24-cachetools", - "name": "cachetools", - "version": "5.5.0", + "bom-ref": "29-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Thomas Kemmer", + "name": "Google Inc .", "contact": [ { - "email": "tkemmer@computer.org" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ - { - "url": "https://github.com/tkem/cachetools/", - "type": "website", - "comment": "Home page for project" - }, + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", + "hashes": [ { - "url": "https://pypi.org/project/cachetools/5.5.0/#files", - "type": "distribution", - "comment": "Download location for component" + "alg": "SHA-256", + "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b" } ], - "purl": "pkg:pypi/cachetools@5.5.0", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-08-18T20:28:43.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "25-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.1", - "supplier": { - "name": "Ilya Etingof", - "contact": [ - { - "email": "etingof@gmail.com" - } - ] - }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1-modules", + "url": "https://github.com/google/pyu2f/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", + "url": "https://pypi.org/project/pyu2f/0.1.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.1", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ + { + "name": "release_date", + "value": "2020-10-30T20:03:07Z" + }, { "name": "language", "value": "Python" @@ -1295,51 +1922,57 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:42:08.000Z" } ] }, { "type": "library", - "bom-ref": "26-pyasn1", - "name": "pyasn1", - "version": "0.6.1", + "bom-ref": "30-six", + "name": "six", + "version": "1.17.0", "supplier": { - "name": "Ilya Etingof", + "name": "Benjamin Peterson", "contact": [ { - "email": "etingof@gmail.com" + "email": "benjamin@python.org" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", + "description": "Python 2 and 3 compatibility utilities", + "hashes": [ + { + "alg": "SHA-256", + "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1", + "url": "https://github.com/benjaminp/six", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1/0.6.1/#files", + "url": "https://pypi.org/project/six/1.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.1", + "purl": "pkg:pypi/six@1.17.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-04T17:35:26Z" + }, { "name": "language", "value": "Python" @@ -1347,57 +1980,57 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:41:42.000Z" } ] }, { "type": "library", - "bom-ref": "27-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "31-httplib2", + "name": "httplib2", + "version": "0.20.4", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Joe Gregorio", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "joe@bitworking.org" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", "hashes": [ { - "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "alg": "SHA-256", + "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://stuvel.eu/rsa", + "url": "https://github.com/httplib2/httplib2", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rsa/4.7.2/#files", + "url": "https://pypi.org/project/httplib2/0.20.4/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ + { + "name": "release_date", + "value": "2022-02-03T00:00:29Z" + }, { "name": "language", "value": "Python" @@ -1405,51 +2038,48 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2021-02-24T10:55:03.000Z" } ] }, { "type": "library", - "bom-ref": "28-six", - "name": "six", - "version": "1.17.0", + "bom-ref": "32-pyparsing", + "name": "pyparsing", + "version": "3.2.0", "supplier": { - "name": "Benjamin Peterson", + "name": "Paul McGuire", "contact": [ { - "email": "benjamin@python.org" + "email": "ptmcg.gm+pyparsing@gmail.com" } ] }, - "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", - "description": "Python 2 and 3 compatibility utilities", - "licenses": [ + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84" } ], "externalReferences": [ { - "url": "https://github.com/benjaminp/six", + "url": "https://github.com/pyparsing/pyparsing/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/six/1.17.0/#files", + "url": "https://pypi.org/project/pyparsing/3.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.17.0", + "purl": "pkg:pypi/pyparsing@3.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-13T10:01:13Z" + }, { "name": "language", "value": "Python" @@ -1457,32 +2087,28 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-12-04T17:35:26.000Z" } ] }, { "type": "library", - "bom-ref": "29-google-auth-httplib2", - "name": "google-auth-httplib2", - "version": "0.2.0", + "bom-ref": "33-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Google Cloud Platform", + "name": "Google Inc .", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library: httplib2 transport", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { - "alg": "SHA-1", - "content": "932ac88800dd6de004c1bd59867831ccf033f031" + "alg": "SHA-256", + "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac" } ], "licenses": [ @@ -1496,18 +2122,22 @@ ], "externalReferences": [ { - "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", + "url": "http://github.com/google/oauth2client/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", + "url": "https://pypi.org/project/oauth2client/4.1.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth-httplib2@0.2.0", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ + { + "name": "release_date", + "value": "2018-09-07T21:38:16Z" + }, { "name": "language", "value": "Python" @@ -1515,96 +2145,69 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2023-12-12T17:40:13.000Z" } ] }, { "type": "library", - "bom-ref": "30-httplib2", - "name": "httplib2", - "version": "0.20.4", + "bom-ref": "34-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.1", "supplier": { - "name": "Joe Gregorio", + "name": "Ilya Etingof", "contact": [ { - "email": "joe@bitworking.org" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", - "description": "A comprehensive HTTP client library.", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", "hashes": [ { - "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "alg": "SHA-256", + "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/httplib2/httplib2", + "url": "https://github.com/pyasn1/pyasn1-modules", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/httplib2/0.20.4/#files", + "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/httplib2@0.20.4", - "properties": [ - { - "name": "language", - "value": "Python" }, { - "name": "python_version", - "value": "3.12.8" - } - ] - }, - { - "type": "library", - "bom-ref": "31-pyparsing", - "name": "pyparsing", - "version": "3.2.0", - "supplier": { - "name": "Paul McGuire", - "contact": [ - { - "email": "ptmcg.gm+pyparsing@gmail.com" - } - ] - }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", - "description": "pyparsing module - Classes and methods to define and execute parsing grammars", - "externalReferences": [ + "url": "https://github.com/pyasn1/pyasn1-modules", + "type": "vcs" + }, { - "url": "https://github.com/pyparsing/pyparsing/", - "type": "website", - "comment": "Home page for project" + "url": "https://github.com/pyasn1/pyasn1-modules/issues", + "type": "issue-tracker" }, { - "url": "https://pypi.org/project/pyparsing/3.2.0/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt", + "type": "log" } ], - "purl": "pkg:pypi/pyparsing@3.2.0", + "purl": "pkg:pypi/pyasn1-modules@0.4.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:42:08Z" + }, { "name": "language", "value": "Python" @@ -1612,32 +2215,28 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-10-13T10:01:13.000Z" } ] }, { "type": "library", - "bom-ref": "32-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "35-pyopenssl", + "name": "pyopenssl", + "version": "24.2.1", "supplier": { - "name": "Google", + "name": "The pyOpenSSL developers", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "cryptography-dev@python.org" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", + "description": "Python wrapper module around the OpenSSL library", "hashes": [ { - "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "alg": "SHA-256", + "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d" } ], "licenses": [ @@ -1651,18 +2250,26 @@ ], "externalReferences": [ { - "url": "https://github.com/Google/google-reauth-python", + "url": "https://pyopenssl.org/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-reauth/0.1.1/#files", + "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyca/pyopenssl", + "type": "vcs" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ + { + "name": "release_date", + "value": "2024-07-20T17:26:29Z" + }, { "name": "language", "value": "Python" @@ -1670,57 +2277,69 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2020-12-01T17:35:45.000Z" } ] }, { "type": "library", - "bom-ref": "33-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "36-cryptography", + "name": "cryptography", + "version": "43.0.3", "supplier": { - "name": "Google Inc .", + "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "cryptography-dev@python.org" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", + "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "hashes": [ { - "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "alg": "SHA-256", + "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e" } ], "licenses": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "expression": "Apache-2.0 OR BSD-3-Clause" } ], "externalReferences": [ { - "url": "https://github.com/google/pyu2f/", + "url": "https://github.com/pyca/cryptography", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyu2f/0.1.5/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://cryptography.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pyca/cryptography/", + "type": "vcs" + }, + { + "url": "https://github.com/pyca/cryptography/issues", + "type": "issue-tracker" + }, + { + "url": "https://cryptography.io/en/latest/changelog/", + "type": "log" } ], - "purl": "pkg:pypi/pyu2f@0.1.5", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:57:36Z" + }, { "name": "language", "value": "Python" @@ -1728,57 +2347,81 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2020-10-30T20:03:07.000Z" } ] }, { "type": "library", - "bom-ref": "34-oauth2client", - "name": "oauth2client", - "version": "4.1.3", + "bom-ref": "37-cffi", + "name": "cffi", + "version": "1.17.1", "supplier": { - "name": "Google Inc .", + "name": "Armin Maciej Fijalkowski", "contact": [ { - "email": "jonwayne+oauth2client@google.com" + "email": "python-cffi@googlegroups.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", + "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", + "description": "Foreign Function Interface for Python calling C code.", "hashes": [ { - "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" + "alg": "SHA-256", + "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "http://github.com/google/oauth2client/", + "url": "http://cffi.readthedocs.org", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/oauth2client/4.1.3/#files", + "url": "https://pypi.org/project/cffi/1.17.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "http://cffi.readthedocs.org/", + "type": "documentation" + }, + { + "url": "https://github.com/python-cffi/cffi", + "type": "vcs" + }, + { + "url": "https://github.com/python-cffi/cffi/issues", + "type": "issue-tracker" + }, + { + "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html", + "type": "log" + }, + { + "url": "https://github.com/python-cffi/cffi/releases", + "type": "other" + }, + { + "url": "https://groups.google.com/forum/#!forum/python-cffi", + "type": "other" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/cffi@1.17.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-04T20:43:30Z" + }, { "name": "language", "value": "Python" @@ -1786,51 +2429,57 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2018-09-07T21:38:16.000Z" } ] }, { "type": "library", - "bom-ref": "35-pyopenssl", - "name": "pyopenssl", - "version": "24.3.0", + "bom-ref": "38-pycparser", + "name": "pycparser", + "version": "2.22", "supplier": { - "name": "The pyOpenSSL developers", + "name": "Eli Bendersky", "contact": [ { - "email": "cryptography-dev@python.org" + "email": "eliben@gmail.com" } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*", - "description": "Python wrapper module around the OpenSSL library", + "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", + "description": "C parser in Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc" + } + ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://pyopenssl.org/", + "url": "https://github.com/eliben/pycparser", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyopenssl/24.3.0/#files", + "url": "https://pypi.org/project/pycparser/2.22/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@24.3.0", + "purl": "pkg:pypi/pycparser@2.22", "properties": [ + { + "name": "release_date", + "value": "2024-03-30T13:22:20Z" + }, { "name": "language", "value": "Python" @@ -1838,47 +2487,57 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-11-27T20:43:21.000Z" } ] }, { "type": "library", - "bom-ref": "36-cryptography", - "name": "cryptography", - "version": "44.0.0", + "bom-ref": "39-retry-decorator", + "name": "retry-decorator", + "version": "1.1.1", "supplier": { - "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", + "name": "Patrick Ng", "contact": [ { - "email": "cryptography-dev@python.org" + "email": "pn.appdev@gmail.com" } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*", - "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", + "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*", + "description": "Retry Decorator", + "hashes": [ + { + "alg": "SHA-256", + "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe" + } + ], "licenses": [ { - "expression": "Apache-2.0 OR BSD-3-Clause" + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://github.com/pyca/cryptography", + "url": "https://github.com/pnpnpn/retry-decorator", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/44.0.0/#files", + "url": "https://pypi.org/project/retry-decorator/1.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@44.0.0", + "purl": "pkg:pypi/retry-decorator@1.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-03-10T23:56:29Z" + }, { "name": "language", "value": "Python" @@ -1886,57 +2545,57 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-11-27T18:05:55.000Z" } ] }, { "type": "library", - "bom-ref": "37-cffi", - "name": "cffi", - "version": "1.17.1", + "bom-ref": "40-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Armin Maciej Fijalkowski", + "name": "Google Cloud Platform", "contact": [ { - "email": "python-cffi@googlegroups.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*", - "description": "Foreign Function Interface for Python calling C code.", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { - "alg": "SHA-1", - "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + "alg": "SHA-256", + "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "http://cffi.readthedocs.org", + "url": "https://github.com/googleapis/google-auth-library-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cffi/1.17.1/#files", + "url": "https://pypi.org/project/google-auth/2.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cffi@1.17.1", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ + { + "name": "release_date", + "value": "2023-03-28T19:51:30Z" + }, { "name": "language", "value": "Python" @@ -1944,57 +2603,57 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-04T20:43:30.000Z" } ] }, { "type": "library", - "bom-ref": "38-pycparser", - "name": "pycparser", - "version": "2.22", + "bom-ref": "41-cachetools", + "name": "cachetools", + "version": "5.5.0", "supplier": { - "name": "Eli Bendersky", + "name": "Thomas Kemmer", "contact": [ { - "email": "eliben@gmail.com" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*", - "description": "C parser in Python", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", "hashes": [ { - "alg": "SHA-1", - "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + "alg": "SHA-256", + "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292" } ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/eliben/pycparser", + "url": "https://github.com/tkem/cachetools/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pycparser/2.22/#files", + "url": "https://pypi.org/project/cachetools/5.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pycparser@2.22", + "purl": "pkg:pypi/cachetools@5.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-18T20:28:43Z" + }, { "name": "language", "value": "Python" @@ -2002,57 +2661,57 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-03-30T13:22:20.000Z" } ] }, { "type": "library", - "bom-ref": "39-retry-decorator", - "name": "retry-decorator", - "version": "1.1.1", + "bom-ref": "42-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Patrick Ng", + "name": "Google Cloud Platform", "contact": [ { - "email": "pn.appdev@gmail.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*", - "description": "Retry Decorator", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library: httplib2 transport", "hashes": [ { - "alg": "SHA-1", - "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349" + "alg": "SHA-256", + "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pnpnpn/retry-decorator", + "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/retry-decorator/1.1.1/#files", + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/retry-decorator@1.1.1", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-12T17:40:13Z" + }, { "name": "language", "value": "Python" @@ -2060,16 +2719,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2020-03-10T23:56:29.000Z" } ] }, { "type": "library", - "bom-ref": "40-google-apitools", + "bom-ref": "43-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -2084,8 +2739,8 @@ "description": "client libraries for humans", "hashes": [ { - "alg": "SHA-1", - "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1" + "alg": "SHA-256", + "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688" } ], "licenses": [ @@ -2111,6 +2766,10 @@ ], "purl": "pkg:pypi/google-apitools@0.5.32", "properties": [ + { + "name": "release_date", + "value": "2021-05-05T22:12:58Z" + }, { "name": "language", "value": "Python" @@ -2118,16 +2777,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2021-05-05T22:12:58.000Z" } ] }, { "type": "library", - "bom-ref": "41-monotonic", + "bom-ref": "44-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -2142,8 +2797,8 @@ "description": "An implementation of time.monotonic() for Python 2 & < 3.3", "hashes": [ { - "alg": "SHA-1", - "content": "80681f6604e136e513550342f977edb98f5fc5ad" + "alg": "SHA-256", + "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c" } ], "licenses": [ @@ -2169,6 +2824,10 @@ ], "purl": "pkg:pypi/monotonic@1.6", "properties": [ + { + "name": "release_date", + "value": "2021-04-09T21:58:05Z" + }, { "name": "language", "value": "Python" @@ -2176,23 +2835,19 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2021-04-09T21:58:05.000Z" } ] }, { "type": "library", - "bom-ref": "42-jinja2", + "bom-ref": "45-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "hashes": [ { - "alg": "SHA-1", - "content": "dd4a8b5466d8790540c181590b14db4d4d889d57" + "alg": "SHA-256", + "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d" } ], "externalReferences": [ @@ -2200,10 +2855,34 @@ "url": "https://pypi.org/project/jinja2/3.1.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jinja.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" + }, + { + "url": "https://jinja.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://github.com/pallets/jinja/", + "type": "vcs" } ], "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ + { + "name": "release_date", + "value": "2024-05-05T23:41:59Z" + }, { "name": "language", "value": "Python" @@ -2211,23 +2890,19 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-05-05T23:41:59.000Z" } ] }, { "type": "library", - "bom-ref": "43-markupsafe", + "bom-ref": "46-markupsafe", "name": "markupsafe", "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", "hashes": [ { - "alg": "SHA-1", - "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c" + "alg": "SHA-256", + "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8" } ], "externalReferences": [ @@ -2235,10 +2910,34 @@ "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://markupsafe.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://markupsafe.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://github.com/pallets/markupsafe/", + "type": "vcs" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" } ], "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:20:51Z" + }, { "name": "language", "value": "Python" @@ -2246,16 +2945,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-10-18T15:20:51.000Z" } ] }, { "type": "library", - "bom-ref": "44-jsonschema", + "bom-ref": "47-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -2268,11 +2963,17 @@ }, "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2287,10 +2988,38 @@ "url": "https://pypi.org/project/jsonschema/4.23.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://python-jsonschema.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema@4.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-08T18:40:00Z" + }, { "name": "language", "value": "Python" @@ -2298,16 +3027,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-07-08T18:40:00.000Z" } ] }, { "type": "library", - "bom-ref": "45-jsonschema-specifications", + "bom-ref": "48-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2024.10.1", "supplier": { @@ -2322,8 +3047,8 @@ "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { - "alg": "SHA-1", - "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549" + "alg": "SHA-256", + "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf" } ], "externalReferences": [ @@ -2336,10 +3061,34 @@ "url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jsonschema-specifications.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema-specifications@2024.10.1", "properties": [ + { + "name": "release_date", + "value": "2024-10-08T12:29:30Z" + }, { "name": "language", "value": "Python" @@ -2347,16 +3096,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-10-08T12:29:30.000Z" } ] }, { "type": "library", - "bom-ref": "46-referencing", + "bom-ref": "49-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -2371,8 +3116,8 @@ "description": "JSON Referencing + Python", "hashes": [ { - "alg": "SHA-1", - "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845" + "alg": "SHA-256", + "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de" } ], "externalReferences": [ @@ -2385,10 +3130,38 @@ "url": "https://pypi.org/project/referencing/0.35.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://referencing.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/referencing/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://referencing.readthedocs.io/en/stable/changes/", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/referencing", + "type": "vcs" } ], "purl": "pkg:pypi/referencing@0.35.1", "properties": [ + { + "name": "release_date", + "value": "2024-05-01T20:26:02Z" + }, { "name": "language", "value": "Python" @@ -2396,16 +3169,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-05-01T20:26:02.000Z" } ] }, { "type": "library", - "bom-ref": "47-rpds-py", + "bom-ref": "50-rpds-py", "name": "rpds-py", "version": "0.22.3", "supplier": { @@ -2418,6 +3187,12 @@ }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", + "hashes": [ + { + "alg": "SHA-256", + "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967" + } + ], "externalReferences": [ { "url": "https://github.com/crate-py/rpds", @@ -2428,10 +3203,38 @@ "url": "https://pypi.org/project/rpds-py/0.22.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rpds.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/crate-py/rpds/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/crate-py/rpds", + "type": "vcs" + }, + { + "url": "https://github.com/orium/rpds", + "type": "other" } ], "purl": "pkg:pypi/rpds-py@0.22.3", "properties": [ + { + "name": "release_date", + "value": "2024-12-04T15:31:31Z" + }, { "name": "language", "value": "Python" @@ -2439,18 +3242,14 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-12-04T15:31:31.000Z" } ] }, { "type": "library", - "bom-ref": "48-lib4sbom", + "bom-ref": "51-lib4sbom", "name": "lib4sbom", - "version": "0.7.5", + "version": "0.8.0", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2459,8 +3258,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-256", + "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395" + } + ], "licenses": [ { "license": { @@ -2477,13 +3282,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.7.5/#files", + "url": "https://pypi.org/project/lib4sbom/0.8.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.5", + "purl": "pkg:pypi/lib4sbom@0.8.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-09T20:13:26Z" + }, { "name": "language", "value": "Python" @@ -2491,16 +3300,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-18T21:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "49-pyyaml", + "bom-ref": "52-pyyaml", "name": "pyyaml", "version": "6.0.2", "supplier": { @@ -2513,11 +3318,17 @@ }, "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2529,13 +3340,37 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyyaml/6.0.2/#files", + "url": "https://pypi.org/project/PyYAML/", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/yaml/pyyaml/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/yaml/pyyaml/actions", + "type": "build-system" + }, + { + "url": "https://pyyaml.org/wiki/PyYAMLDocumentation", + "type": "documentation" + }, + { + "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core", + "type": "mailing-list" + }, + { + "url": "https://github.com/yaml/pyyaml", + "type": "vcs" } ], "purl": "pkg:pypi/pyyaml@6.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T20:31:40Z" + }, { "name": "language", "value": "Python" @@ -2543,16 +3378,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-08-06T20:31:40.000Z" } ] }, { "type": "library", - "bom-ref": "50-semantic-version", + "bom-ref": "53-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2567,8 +3398,8 @@ "description": "A library implementing the 'SemVer' scheme.", "hashes": [ { - "alg": "SHA-1", - "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a" + "alg": "SHA-256", + "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177" } ], "licenses": [ @@ -2594,6 +3425,10 @@ ], "purl": "pkg:pypi/semantic-version@2.10.0", "properties": [ + { + "name": "release_date", + "value": "2022-05-26T13:35:21Z" + }, { "name": "language", "value": "Python" @@ -2601,16 +3436,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2022-05-26T13:35:21.000Z" } ] }, { "type": "library", - "bom-ref": "51-lib4vex", + "bom-ref": "54-lib4vex", "name": "lib4vex", "version": "0.2.0", "supplier": { @@ -2625,8 +3456,8 @@ "description": "VEX generator and consumer library", "hashes": [ { - "alg": "SHA-1", - "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2" + "alg": "SHA-256", + "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce" } ], "licenses": [ @@ -2652,6 +3483,10 @@ ], "purl": "pkg:pypi/lib4vex@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-29T20:36:52Z" + }, { "name": "language", "value": "Python" @@ -2659,16 +3494,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-08-29T20:36:52.000Z" } ] }, { "type": "library", - "bom-ref": "52-csaf-tool", + "bom-ref": "55-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2683,15 +3514,15 @@ "description": "CSAF generator and analyser", "hashes": [ { - "alg": "SHA-1", - "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4" + "alg": "SHA-256", + "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2710,6 +3541,10 @@ ], "purl": "pkg:pypi/csaf-tool@0.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-12T20:10:06Z" + }, { "name": "language", "value": "Python" @@ -2717,16 +3552,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-06-12T20:10:06.000Z" } ] }, { "type": "library", - "bom-ref": "53-packageurl-python", + "bom-ref": "56-packageurl-python", "name": "packageurl-python", "version": "0.16.0", "supplier": { @@ -2736,15 +3567,15 @@ "description": "A purl aka. Package URL parser and builder", "hashes": [ { - "alg": "SHA-1", - "content": "9155d4173e4c1f29a345de86c280ab783c837882" + "alg": "SHA-256", + "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2763,6 +3594,10 @@ ], "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-22T05:51:23Z" + }, { "name": "language", "value": "Python" @@ -2770,16 +3605,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-10-22T05:51:23.000Z" } ] }, { "type": "library", - "bom-ref": "54-rich", + "bom-ref": "57-rich", "name": "rich", "version": "13.9.4", "supplier": { @@ -2794,15 +3625,15 @@ "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "hashes": [ { - "alg": "SHA-1", - "content": "43d3b04725ab9731727fb1126e35980c62f32377" + "alg": "SHA-256", + "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2817,10 +3648,18 @@ "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rich.readthedocs.io/en/latest/", + "type": "documentation" } ], "purl": "pkg:pypi/rich@13.9.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T16:43:55Z" + }, { "name": "language", "value": "Python" @@ -2828,16 +3667,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-11-01T16:43:55.000Z" } ] }, { "type": "library", - "bom-ref": "55-markdown-it-py", + "bom-ref": "58-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2852,8 +3687,8 @@ "description": "Python port of markdown-it. Markdown parsing, done right!", "hashes": [ { - "alg": "SHA-1", - "content": "bee6d1953be75717a3f2f6a917da6f464bed421d" + "alg": "SHA-256", + "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1" } ], "externalReferences": [ @@ -2866,10 +3701,18 @@ "url": "https://pypi.org/project/markdown-it-py/3.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://markdown-it-py.readthedocs.io", + "type": "documentation" } ], "purl": "pkg:pypi/markdown-it-py@3.0.0", "properties": [ + { + "name": "release_date", + "value": "2023-06-03T06:41:11Z" + }, { "name": "language", "value": "Python" @@ -2877,16 +3720,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2023-06-03T06:41:11.000Z" } ] }, { "type": "library", - "bom-ref": "56-mdurl", + "bom-ref": "59-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2901,8 +3740,8 @@ "description": "Markdown URL utilities", "hashes": [ { - "alg": "SHA-1", - "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e" + "alg": "SHA-256", + "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8" } ], "externalReferences": [ @@ -2919,6 +3758,10 @@ ], "purl": "pkg:pypi/mdurl@0.1.2", "properties": [ + { + "name": "release_date", + "value": "2022-08-14T12:40:09Z" + }, { "name": "language", "value": "Python" @@ -2926,16 +3769,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2022-08-14T12:40:09.000Z" } ] }, { "type": "library", - "bom-ref": "57-pygments", + "bom-ref": "60-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2950,8 +3789,8 @@ "description": "Pygments is a syntax highlighting package written in Python.", "hashes": [ { - "alg": "SHA-1", - "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb" + "alg": "SHA-256", + "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a" } ], "licenses": [ @@ -2973,10 +3812,30 @@ "url": "https://pypi.org/project/pygments/2.18.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://pygments.org/docs", + "type": "documentation" + }, + { + "url": "https://github.com/pygments/pygments", + "type": "vcs" + }, + { + "url": "https://github.com/pygments/pygments/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pygments/pygments/blob/master/CHANGES", + "type": "log" } ], "purl": "pkg:pypi/pygments@2.18.0", "properties": [ + { + "name": "release_date", + "value": "2024-05-04T13:41:57Z" + }, { "name": "language", "value": "Python" @@ -2984,43 +3843,69 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-05-04T13:41:57.000Z" } ] }, { "type": "library", - "bom-ref": "58-packaging", - "name": "packaging", - "version": "24.2", + "bom-ref": "61-python-gnupg", + "name": "python-gnupg", + "version": "0.5.3", "supplier": { - "name": "Donald Stufft", + "name": "Vinay Sajip", "contact": [ { - "email": "donald@stufft.io" + "email": "vinay_sajip@yahoo.co.uk" } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", - "description": "Core utilities for Python packages", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", + "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "hashes": [ { - "alg": "SHA-1", - "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + "alg": "SHA-256", + "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.2/#files", + "url": "https://github.com/vsajip/python-gnupg", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gnupg.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/vsajip/python-gnupg", + "type": "vcs" + }, + { + "url": "https://github.com/vsajip/python-gnupg/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/packaging@24.2", + "purl": "pkg:pypi/python-gnupg@0.5.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-20T16:43:47Z" + }, { "name": "language", "value": "Python" @@ -3028,51 +3913,51 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-11-08T09:47:44.000Z" } ] }, { "type": "library", - "bom-ref": "59-plotly", - "name": "plotly", - "version": "5.24.1", + "bom-ref": "62-packaging", + "name": "packaging", + "version": "24.2", "supplier": { - "name": "Chris P", + "name": "Donald Stufft", "contact": [ { - "email": "chris@plot.ly" + "email": "donald@stufft.io" } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", - "description": "An open-source, interactive data visualization library for Python", - "licenses": [ + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", + "description": "Core utilities for Python packages", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759" } ], "externalReferences": [ { - "url": "https://plotly.com/python/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/plotly/5.24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://packaging.pypa.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pypa/packaging", + "type": "vcs" } ], - "purl": "pkg:pypi/plotly@5.24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-08T09:47:44Z" + }, { "name": "language", "value": "Python" @@ -3080,57 +3965,69 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-12T15:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "60-tenacity", - "name": "tenacity", - "version": "9.0.0", + "bom-ref": "63-plotly", + "name": "plotly", + "version": "5.24.1", "supplier": { - "name": "Julien Danjou", + "name": "Chris P", "contact": [ { - "email": "julien@danjou.info" + "email": "chris@plot.ly" } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", - "description": "Retry code until it succeeds", + "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", + "description": "An open-source, interactive data visualization library for Python", "hashes": [ { - "alg": "SHA-1", - "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb" + "alg": "SHA-256", + "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089" } ], "licenses": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/jd/tenacity", + "url": "https://plotly.com/python/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/tenacity/9.0.0/#files", + "url": "https://pypi.org/project/plotly/5.24.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://plotly.com/python/", + "type": "documentation" + }, + { + "url": "https://github.com/plotly/plotly.py", + "type": "vcs" + }, + { + "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md", + "type": "log" } ], - "purl": "pkg:pypi/tenacity@9.0.0", + "purl": "pkg:pypi/plotly@5.24.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T15:36:24Z" + }, { "name": "language", "value": "Python" @@ -3138,57 +4035,57 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-07-29T12:12:25.000Z" } ] }, { "type": "library", - "bom-ref": "61-python-gnupg", - "name": "python-gnupg", - "version": "0.5.3", + "bom-ref": "64-tenacity", + "name": "tenacity", + "version": "9.0.0", "supplier": { - "name": "Vinay Sajip", + "name": "Julien Danjou", "contact": [ { - "email": "vinay_sajip@yahoo.co.uk" + "email": "julien@danjou.info" } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", - "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", + "description": "Retry code until it succeeds", "hashes": [ { - "alg": "SHA-1", - "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + "alg": "SHA-256", + "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539" } ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/vsajip/python-gnupg", + "url": "https://github.com/jd/tenacity", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", + "url": "https://pypi.org/project/tenacity/9.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.3", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-29T12:12:25Z" + }, { "name": "language", "value": "Python" @@ -3196,16 +4093,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-20T16:43:47.000Z" } ] }, { "type": "library", - "bom-ref": "62-requests", + "bom-ref": "65-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -3220,8 +4113,8 @@ "description": "Python HTTP for Humans.", "hashes": [ { - "alg": "SHA-1", - "content": "0e322af87745eff34caffe4df68456ebc20d9068" + "alg": "SHA-256", + "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6" } ], "licenses": [ @@ -3243,10 +4136,22 @@ "url": "https://pypi.org/project/requests/2.32.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://requests.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/psf/requests", + "type": "vcs" } ], "purl": "pkg:pypi/requests@2.32.3", "properties": [ + { + "name": "release_date", + "value": "2024-05-29T15:37:47Z" + }, { "name": "language", "value": "Python" @@ -3254,51 +4159,65 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-05-29T15:37:47.000Z" } ] }, { "type": "library", - "bom-ref": "63-certifi", - "name": "certifi", - "version": "2024.8.30", + "bom-ref": "66-charset-normalizer", + "name": "charset-normalizer", + "version": "3.4.0", "supplier": { - "name": "Kenneth Reitz", + "name": "Ahmed TAHRI", "contact": [ { - "email": "me@kennethreitz.com" + "email": "tahri.ahmed@proton.me" } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*", - "description": "Python package for providing Mozilla's CA Bundle.", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", + "hashes": [ + { + "alg": "SHA-256", + "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6" + } + ], "licenses": [ { "license": { - "id": "MPL-2.0", - "url": "https://www.mozilla.org/MPL/2.0/", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/certifi/python-certifi", + "url": "https://github.com/Ousret/charset_normalizer", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2024.8.30/#files", + "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/Ousret/charset_normalizer/issues", + "type": "issue-tracker" + }, + { + "url": "https://charset-normalizer.readthedocs.io/en/latest", + "type": "documentation" } ], - "purl": "pkg:pypi/certifi@2024.8.30", + "purl": "pkg:pypi/charset-normalizer@3.4.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-09T07:38:02Z" + }, { "name": "language", "value": "Python" @@ -3306,51 +4225,59 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-08-30T01:55:02.000Z" } ] }, { "type": "library", - "bom-ref": "64-charset-normalizer", - "name": "charset-normalizer", - "version": "3.4.0", + "bom-ref": "67-urllib3", + "name": "urllib3", + "version": "2.2.3", "supplier": { - "name": "Ahmed TAHRI", + "name": "Andrey Petrov", "contact": [ { - "email": "tahri.ahmed@proton.me" + "email": "andrey.petrov@shazow.net" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", - "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "licenses": [ + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac" } ], "externalReferences": [ { - "url": "https://github.com/Ousret/charset_normalizer", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", + "url": "https://pypi.org/project/urllib3/2.2.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst", + "type": "log" + }, + { + "url": "https://urllib3.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/urllib3/urllib3", + "type": "vcs" + }, + { + "url": "https://github.com/urllib3/urllib3/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/charset-normalizer@3.4.0", + "purl": "pkg:pypi/urllib3@2.2.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T10:52:16Z" + }, { "name": "language", "value": "Python" @@ -3358,43 +4285,61 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-10-09T07:38:02.000Z" } ] }, { "type": "library", - "bom-ref": "65-urllib3", - "name": "urllib3", - "version": "2.2.3", + "bom-ref": "68-certifi", + "name": "certifi", + "version": "2024.12.14", "supplier": { - "name": "Andrey Petrov", + "name": "Kenneth Reitz", "contact": [ { - "email": "andrey.petrov@shazow.net" + "email": "me@kennethreitz.com" } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", "hashes": [ { - "alg": "SHA-1", - "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + "alg": "SHA-256", + "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-2.0", + "url": "https://www.mozilla.org/MPL/2.0/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.3/#files", + "url": "https://github.com/certifi/python-certifi", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/certifi/2024.12.14/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/certifi/python-certifi", + "type": "vcs" } ], - "purl": "pkg:pypi/urllib3@2.2.3", + "purl": "pkg:pypi/certifi@2024.12.14", "properties": [ + { + "name": "release_date", + "value": "2024-12-14T13:52:36Z" + }, { "name": "language", "value": "Python" @@ -3402,16 +4347,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-09-12T10:52:16.000Z" } ] }, { "type": "library", - "bom-ref": "66-rpmfile", + "bom-ref": "69-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -3426,15 +4367,15 @@ "description": "Read rpm archive files", "hashes": [ { - "alg": "SHA-1", - "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5" + "alg": "SHA-256", + "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3453,6 +4394,10 @@ ], "purl": "pkg:pypi/rpmfile@2.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-24T21:57:45Z" + }, { "name": "language", "value": "Python" @@ -3460,16 +4405,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-07-24T21:57:45.000Z" } ] }, { "type": "library", - "bom-ref": "67-setuptools", + "bom-ref": "70-setuptools", "name": "setuptools", "version": "75.6.0", "supplier": { @@ -3482,15 +4423,37 @@ }, "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "hashes": [ + { + "alg": "SHA-256", + "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/setuptools/75.6.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pypa/setuptools", + "type": "vcs" + }, + { + "url": "https://setuptools.pypa.io/", + "type": "documentation" + }, + { + "url": "https://setuptools.pypa.io/en/stable/history.html", + "type": "log" } ], "purl": "pkg:pypi/setuptools@75.6.0", "properties": [ + { + "name": "release_date", + "value": "2024-11-20T18:16:10Z" + }, { "name": "language", "value": "Python" @@ -3503,7 +4466,7 @@ }, { "type": "library", - "bom-ref": "68-xmlschema", + "bom-ref": "71-xmlschema", "name": "xmlschema", "version": "3.4.3", "supplier": { @@ -3516,11 +4479,17 @@ }, "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", + "hashes": [ + { + "alg": "SHA-256", + "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3539,6 +4508,10 @@ ], "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T09:47:12Z" + }, { "name": "language", "value": "Python" @@ -3546,16 +4519,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-10-31T09:47:12.000Z" } ] }, { "type": "library", - "bom-ref": "69-elementpath", + "bom-ref": "72-elementpath", "name": "elementpath", "version": "4.6.0", "supplier": { @@ -3568,11 +4537,17 @@ }, "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "hashes": [ + { + "alg": "SHA-256", + "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3592,43 +4567,9 @@ "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.12.8" + "name": "release_date", + "value": "2024-10-27T21:52:58Z" }, - { - "name": "package_release_date", - "value": "2024-10-27T21:52:58.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "70-zipp", - "name": "zipp", - "version": "3.21.0", - "supplier": { - "name": "Jason R .", - "contact": [ - { - "email": "jaraco@jaraco.com" - } - ] - }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*", - "description": "Backport of pathlib-compatible object wrapper for zip files", - "externalReferences": [ - { - "url": "https://pypi.org/project/zipp/3.21.0/#files", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/zipp@3.21.0", - "properties": [ { "name": "language", "value": "Python" @@ -3636,16 +4577,12 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-11-10T15:05:19.000Z" } ] }, { "type": "library", - "bom-ref": "71-zstandard", + "bom-ref": "73-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -3658,6 +4595,12 @@ }, "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*", "description": "Zstandard bindings for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9" + } + ], "licenses": [ { "license": { @@ -3681,6 +4624,10 @@ ], "purl": "pkg:pypi/zstandard@0.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-15T00:13:27Z" + }, { "name": "language", "value": "Python" @@ -3688,10 +4635,6 @@ { "name": "python_version", "value": "3.12.8" - }, - { - "name": "package_release_date", - "value": "2024-07-15T00:13:27.000Z" } ] } @@ -3707,29 +4650,30 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "11-beautifulsoup4", - "13-cvss", - "14-defusedxml", - "15-distro", - "16-filetype", - "17-gsutil", - "42-jinja2", - "44-jsonschema", - "48-lib4sbom", - "51-lib4vex", - "53-packageurl-python", - "58-packaging", - "59-plotly", + "14-beautifulsoup4", + "16-cvss", + "17-defusedxml", + "18-distro", + "19-filetype", + "20-gsutil", + "7-importlib-metadata", + "45-jinja2", + "47-jsonschema", + "51-lib4sbom", + "54-lib4vex", "61-python-gnupg", - "49-pyyaml", - "62-requests", - "54-rich", - "66-rpmfile", - "67-setuptools", - "65-urllib3", - "68-xmlschema", - "70-zipp", - "71-zstandard" + "56-packageurl-python", + "62-packaging", + "63-plotly", + "52-pyyaml", + "65-requests", + "57-rich", + "69-rpmfile", + "70-setuptools", + "67-urllib3", + "71-xmlschema", + "73-zstandard", + "8-zipp" ] }, { @@ -3739,9 +4683,9 @@ "4-aiosignal", "6-attrs", "5-frozenlist", - "7-multidict", - "8-propcache", - "9-yarl" + "10-multidict", + "11-propcache", + "12-yarl" ] }, { @@ -3751,106 +4695,109 @@ ] }, { - "ref": "9-yarl", + "ref": "6-attrs", "dependsOn": [ - "10-idna", - "7-multidict", - "8-propcache" + "7-importlib-metadata" ] }, { - "ref": "11-beautifulsoup4", + "ref": "7-importlib-metadata", "dependsOn": [ - "12-soupsieve" + "8-zipp", + "9-typing-extensions" ] }, { - "ref": "17-gsutil", + "ref": "10-multidict", "dependsOn": [ - "18-argcomplete", - "19-crcmod", - "20-fasteners", - "21-gcs-oauth2-boto-plugin", - "40-google-apitools", - "23-google-auth", - "29-google-auth-httplib2", - "32-google-reauth", - "30-httplib2", - "41-monotonic", - "35-pyopenssl", - "39-retry-decorator", - "28-six" + "9-typing-extensions" ] }, { - "ref": "21-gcs-oauth2-boto-plugin", + "ref": "12-yarl", "dependsOn": [ - "22-boto", - "23-google-auth", - "29-google-auth-httplib2", - "32-google-reauth", - "30-httplib2", - "34-oauth2client", - "35-pyopenssl", - "39-retry-decorator", - "27-rsa", - "28-six" + "13-idna", + "10-multidict", + "11-propcache" ] }, { - "ref": "23-google-auth", + "ref": "14-beautifulsoup4", "dependsOn": [ - "24-cachetools", - "25-pyasn1-modules", - "27-rsa", - "28-six" + "15-soupsieve" ] }, { - "ref": "25-pyasn1-modules", + "ref": "20-gsutil", "dependsOn": [ - "26-pyasn1" + "21-argcomplete", + "22-crcmod", + "23-fasteners", + "24-gcs-oauth2-boto-plugin", + "43-google-apitools", + "31-httplib2", + "28-google-reauth", + "44-monotonic", + "35-pyopenssl", + "39-retry-decorator", + "30-six", + "40-google-auth", + "42-google-auth-httplib2" ] }, { - "ref": "27-rsa", + "ref": "24-gcs-oauth2-boto-plugin", "dependsOn": [ - "26-pyasn1" + "25-rsa", + "27-boto", + "28-google-reauth", + "31-httplib2", + "33-oauth2client", + "35-pyopenssl", + "39-retry-decorator", + "30-six", + "40-google-auth", + "42-google-auth-httplib2" ] }, { - "ref": "29-google-auth-httplib2", + "ref": "25-rsa", "dependsOn": [ - "23-google-auth", - "30-httplib2" + "26-pyasn1" ] }, { - "ref": "30-httplib2", + "ref": "28-google-reauth", "dependsOn": [ - "31-pyparsing" + "29-pyu2f" ] }, { - "ref": "32-google-reauth", + "ref": "29-pyu2f", "dependsOn": [ - "33-pyu2f" + "30-six" ] }, { - "ref": "33-pyu2f", + "ref": "31-httplib2", "dependsOn": [ - "28-six" + "32-pyparsing" ] }, { - "ref": "34-oauth2client", + "ref": "33-oauth2client", "dependsOn": [ - "30-httplib2", + "31-httplib2", "26-pyasn1", - "25-pyasn1-modules", - "27-rsa", - "28-six" + "34-pyasn1-modules", + "25-rsa", + "30-six" + ] + }, + { + "ref": "34-pyasn1-modules", + "dependsOn": [ + "26-pyasn1" ] }, { @@ -3872,98 +4819,121 @@ ] }, { - "ref": "40-google-apitools", + "ref": "40-google-auth", + "dependsOn": [ + "41-cachetools", + "34-pyasn1-modules", + "30-six", + "25-rsa" + ] + }, + { + "ref": "42-google-auth-httplib2", + "dependsOn": [ + "40-google-auth", + "31-httplib2" + ] + }, + { + "ref": "43-google-apitools", "dependsOn": [ - "20-fasteners", - "30-httplib2", - "34-oauth2client", - "28-six" + "31-httplib2", + "23-fasteners", + "33-oauth2client", + "30-six" ] }, { - "ref": "42-jinja2", + "ref": "45-jinja2", "dependsOn": [ - "43-markupsafe" + "46-markupsafe" ] }, { - "ref": "44-jsonschema", + "ref": "47-jsonschema", "dependsOn": [ "6-attrs", - "45-jsonschema-specifications", - "46-referencing", - "47-rpds-py" + "48-jsonschema-specifications", + "49-referencing", + "50-rpds-py" ] }, { - "ref": "45-jsonschema-specifications", + "ref": "48-jsonschema-specifications", "dependsOn": [ - "46-referencing" + "49-referencing" ] }, { - "ref": "46-referencing", + "ref": "49-referencing", "dependsOn": [ "6-attrs", - "47-rpds-py" + "50-rpds-py" + ] + }, + { + "ref": "51-lib4sbom", + "dependsOn": [ + "52-pyyaml", + "53-semantic-version", + "17-defusedxml" ] }, { - "ref": "48-lib4sbom", + "ref": "54-lib4vex", "dependsOn": [ - "14-defusedxml", - "49-pyyaml", - "50-semantic-version" + "51-lib4sbom", + "55-csaf-tool", + "56-packageurl-python" ] }, { - "ref": "51-lib4vex", + "ref": "55-csaf-tool", "dependsOn": [ - "52-csaf-tool", - "48-lib4sbom", - "53-packageurl-python" + "56-packageurl-python", + "57-rich" ] }, { - "ref": "52-csaf-tool", + "ref": "57-rich", "dependsOn": [ - "53-packageurl-python", - "54-rich" + "58-markdown-it-py", + "60-pygments", + "9-typing-extensions" ] }, { - "ref": "54-rich", + "ref": "58-markdown-it-py", "dependsOn": [ - "55-markdown-it-py", - "57-pygments" + "59-mdurl" ] }, { - "ref": "55-markdown-it-py", + "ref": "63-plotly", "dependsOn": [ - "56-mdurl" + "64-tenacity", + "62-packaging" ] }, { - "ref": "59-plotly", + "ref": "65-requests", "dependsOn": [ - "58-packaging", - "60-tenacity" + "66-charset-normalizer", + "13-idna", + "67-urllib3", + "68-certifi" ] }, { - "ref": "62-requests", + "ref": "71-xmlschema", "dependsOn": [ - "63-certifi", - "64-charset-normalizer", - "10-idna", - "65-urllib3" + "72-elementpath" ] }, { - "ref": "68-xmlschema", + "ref": "73-zstandard", "dependsOn": [ - "69-elementpath" + "37-cffi" ] } ] diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 527de7fa6a..a5c39654ae 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-cb307ebd-78db-456e-9dbf-34b317e8df15 -LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-09T00:39:39Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c6831ef6-a03c-48eb-a9a4-f1950eb624d9 +LicenseListVersion: 3.25 +Creator: Tool: sbom4python-0.12.1 +Created: 2024-12-16T00:38:46Z CreatorComment: This document has been automatically generated. ##### @@ -17,10 +17,12 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/intel/cve-bin-tool +PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool +ReleaseDate: 2024-09-17T18:57:44Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:* ##### @@ -33,10 +35,20 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp +PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) +ReleaseDate: 2024-12-05T23:51:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp +ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html +ExternalRef: OTHER other https://docs.aiohttp.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10 ##### @@ -48,29 +60,41 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8 PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues +ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### PackageName: aiosignal SPDXID: SPDXRef-4-aiosignal -PackageVersion: 1.3.1 +PackageVersion: 1.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files +PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiosignal -PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: aiosignal: a list of registered asynchronous callbacks -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal +ExternalRef: OTHER other https://docs.aiosignal.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2 ##### PackageName: frozenlist @@ -81,11 +105,22 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist +PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence +ReleaseDate: 2024-10-23T09:46:20Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist +ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog +ExternalRef: OTHER other https://frozenlist.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### @@ -96,336 +131,413 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false -PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a +PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate +ReleaseDate: 2024-08-06T14:37:36Z +ExternalRef: OTHER documentation https://www.attrs.org/ +ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html +ExternalRef: OTHER vcs https://github.com/python-attrs/attrs +ExternalRef: OTHER other https://github.com/sponsors/hynek +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:* ##### +PackageName: importlib-metadata +SPDXID: SPDXRef-7-importlib-metadata +PackageVersion: 8.0.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files +FilesAnalyzed: false +PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Read metadata from Python packages +ReleaseDate: 2024-06-25T18:38:02Z +ExternalRef: OTHER vcs https://github.com/python/importlib_metadata +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:* +##### + +PackageName: zipp +SPDXID: SPDXRef-8-zipp +PackageVersion: 3.21.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files +FilesAnalyzed: false +PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backport of pathlib-compatible object wrapper for zip files +ReleaseDate: 2024-11-10T15:05:19Z +ExternalRef: OTHER vcs https://github.com/jaraco/zipp +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* +##### + +PackageName: typing-extensions +SPDXID: SPDXRef-9-typing-extensions +PackageVersion: 4.12.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) +PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/python/typing_extensions +PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backported and Experimental Type Hints for Python 3.8+ +ReleaseDate: 2024-06-07T18:52:13Z +ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues +ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ +ExternalRef: OTHER other https://github.com/python/typing/discussions +ExternalRef: OTHER vcs https://github.com/python/typing_extensions +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* +##### + PackageName: multidict -SPDXID: SPDXRef-7-multidict +SPDXID: SPDXRef-10-multidict PackageVersion: 6.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/multidict -PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 +PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: multidict implementation +ReleaseDate: 2024-09-09T23:47:18Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict +ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://multidict.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/multidict ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* ##### PackageName: propcache -SPDXID: SPDXRef-8-propcache +SPDXID: SPDXRef-11-propcache PackageVersion: 0.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache +PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache +ReleaseDate: 2024-12-01T18:27:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache +ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/ +ExternalRef: OTHER other https://propcache.readthedocs.io +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/propcache ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-9-yarl +SPDXID: SPDXRef-12-yarl PackageVersion: 1.18.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl +PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library +ReleaseDate: 2024-12-01T20:32:32Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl +ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://yarl.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/yarl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-10-idna +SPDXID: SPDXRef-13-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files FilesAnalyzed: false +PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) +ReleaseDate: 2024-09-15T18:07:37Z +ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst +ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues +ExternalRef: OTHER vcs https://github.com/kjd/idna ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-11-beautifulsoup4 +SPDXID: SPDXRef-14-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files FilesAnalyzed: false PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ +PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Screen-scraping library +ReleaseDate: 2024-01-17T16:53:12Z +ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:* ##### PackageName: soupsieve -SPDXID: SPDXRef-12-soupsieve +SPDXID: SPDXRef-15-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve -PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 +PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. +ReleaseDate: 2024-08-13T13:39:10Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-13-cvss +SPDXID: SPDXRef-16-cvss PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss -PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 +PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 +ReleaseDate: 2024-11-01T10:05:52Z +ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases +ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss +ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues +ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml -SPDXID: SPDXRef-14-defusedxml +SPDXID: SPDXRef-17-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) -PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files +PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml FilesAnalyzed: false PackageHomePage: https://github.com/tiran/defusedxml -PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184 +PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: XML bomb protection for Python stdlib modules +ReleaseDate: 2021-03-08T10:59:24Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro -SPDXID: SPDXRef-15-distro +SPDXID: SPDXRef-18-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-distro/distro +PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Distro - an OS platform information API +ReleaseDate: 2023-12-24T09:54:30Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-16-filetype +SPDXID: SPDXRef-19-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) -PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files +PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master FilesAnalyzed: false PackageHomePage: https://github.com/h2non/filetype.py -PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585 +PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies. +ReleaseDate: 2022-11-02T17:34:01Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:* ##### PackageName: gsutil -SPDXID: SPDXRef-17-gsutil -PackageVersion: 5.31 +SPDXID: SPDXRef-20-gsutil +PackageVersion: 5.33 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files +PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil +PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:* +ReleaseDate: 2024-12-11T09:40:59Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-18-argcomplete +SPDXID: SPDXRef-21-argcomplete PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete -PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc +PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse +ReleaseDate: 2024-12-06T18:24:27Z +ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete +ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete +ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues +ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-19-crcmod +SPDXID: SPDXRef-22-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) -PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files +PackageDownloadLocation: http://sourceforge.net/projects/crcmod FilesAnalyzed: false PackageHomePage: http://crcmod.sourceforge.net/ +PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CRC Generator +ReleaseDate: 2010-06-27T14:35:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-20-fasteners +SPDXID: SPDXRef-23-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files FilesAnalyzed: false PackageHomePage: https://github.com/harlowja/fasteners -PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4 +PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks +ReleaseDate: 2023-09-19T17:11:18Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-21-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-24-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files +PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin FilesAnalyzed: false PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary -PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb +PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. +ReleaseDate: 2024-05-02T14:37:31Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### -PackageName: boto -SPDXID: SPDXRef-22-boto -PackageVersion: 2.49.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) -PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/boto/boto/ -PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Amazon Web Services Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* -##### - -PackageName: google-auth -SPDXID: SPDXRef-23-google-auth -PackageVersion: 2.17.0 +PackageName: rsa +SPDXID: SPDXRef-25-rsa +PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files FilesAnalyzed: false -PackageHomePage: https://github.com/googleapis/google-auth-library-python -PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 +PackageHomePage: https://stuvel.eu/rsa +PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* -##### - -PackageName: cachetools -SPDXID: SPDXRef-24-cachetools -PackageVersion: 5.5.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/tkem/cachetools/ -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* -##### - -PackageName: pyasn1-modules -SPDXID: SPDXRef-25-pyasn1-modules -PackageVersion: 0.4.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1-modules -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ReleaseDate: 2021-02-24T10:55:03Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: pyasn1 @@ -436,184 +548,211 @@ PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyasn1/pyasn1 +PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ReleaseDate: 2024-09-10T22:41:42Z +ExternalRef: OTHER documentation https://pyasn1.readthedocs.io +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1 +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues +ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-27-rsa -PackageVersion: 4.7.2 +PackageName: boto +SPDXID: SPDXRef-27-boto +PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files +PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files FilesAnalyzed: false -PackageHomePage: https://stuvel.eu/rsa -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageHomePage: https://github.com/boto/boto/ +PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Amazon Web Services Library +ReleaseDate: 2018-07-11T20:58:55Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* +##### + +PackageName: google-reauth +SPDXID: SPDXRef-28-google-reauth +PackageVersion: 0.1.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/Google/google-reauth-python +PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ReleaseDate: 2020-12-01T17:35:45Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* +##### + +PackageName: pyu2f +SPDXID: SPDXRef-29-pyu2f +PackageVersion: 0.1.5 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/google/pyu2f/ +PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: U2F host library for interacting with a U2F device over USB. +ReleaseDate: 2020-10-30T20:03:07Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-28-six +SPDXID: SPDXRef-30-six PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six +PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities +ReleaseDate: 2024-12-04T17:35:26Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### -PackageName: google-auth-httplib2 -SPDXID: SPDXRef-29-google-auth-httplib2 -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 -PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library: httplib2 transport -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* -##### - PackageName: httplib2 -SPDXID: SPDXRef-30-httplib2 +SPDXID: SPDXRef-31-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/httplib2/httplib2 -PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4 +PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A comprehensive HTTP client library. +ReleaseDate: 2022-02-03T00:00:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-31-pyparsing +SPDXID: SPDXRef-32-pyparsing PackageVersion: 3.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ +PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars +ReleaseDate: 2024-10-13T10:01:13Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-32-google-reauth -PackageVersion: 0.1.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/Google/google-reauth-python -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* -##### - -PackageName: pyu2f -SPDXID: SPDXRef-33-pyu2f -PackageVersion: 0.1.5 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/google/pyu2f/ -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* -##### - PackageName: oauth2client -SPDXID: SPDXRef-34-oauth2client +SPDXID: SPDXRef-33-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/oauth2client/ -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: OAuth 2.0 client library +ReleaseDate: 2018-09-07T21:38:16Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### +PackageName: pyasn1-modules +SPDXID: SPDXRef-34-pyasn1-modules +PackageVersion: 0.4.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ReleaseDate: 2024-09-10T22:42:08Z +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues +ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +##### + PackageName: pyopenssl SPDXID: SPDXRef-35-pyopenssl -PackageVersion: 24.3.0 +PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ +PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:* +ReleaseDate: 2024-07-20T17:26:29Z +ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-36-cryptography -PackageVersion: 44.0.0 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography +PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:* +ReleaseDate: 2024-10-18T15:57:36Z +ExternalRef: OTHER documentation https://cryptography.io/ +ExternalRef: OTHER vcs https://github.com/pyca/cryptography/ +ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues +ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/ +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -624,11 +763,18 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org -PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 +PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Foreign Function Interface for Python calling C code. +ReleaseDate: 2024-09-04T20:43:30Z +ExternalRef: OTHER documentation http://cffi.readthedocs.org/ +ExternalRef: OTHER vcs https://github.com/python-cffi/cffi +ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues +ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html +ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases +ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:* ##### @@ -641,11 +787,12 @@ PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files FilesAnalyzed: false PackageHomePage: https://github.com/eliben/pycparser -PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 +PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: C parser in Python +ReleaseDate: 2024-03-30T13:22:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:* ##### @@ -658,652 +805,835 @@ PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/pnpnpn/retry-decorator -PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 +PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Retry Decorator +ReleaseDate: 2020-03-10T23:56:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### +PackageName: google-auth +SPDXID: SPDXRef-40-google-auth +PackageVersion: 2.17.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/googleapis/google-auth-library-python +PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library +ReleaseDate: 2023-03-28T19:51:30Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +##### + +PackageName: cachetools +SPDXID: SPDXRef-41-cachetools +PackageVersion: 5.5.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/tkem/cachetools/ +PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ReleaseDate: 2024-08-18T20:28:43Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +##### + +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-42-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 +PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library: httplib2 transport +ReleaseDate: 2023-12-12T17:40:13Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: google-apitools -SPDXID: SPDXRef-40-google-apitools +SPDXID: SPDXRef-43-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/apitools -PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1 +PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: client libraries for humans +ReleaseDate: 2021-05-05T22:12:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-41-monotonic +SPDXID: SPDXRef-44-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/atdt/monotonic -PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad +PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 +ReleaseDate: 2021-04-09T21:58:05Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-42-jinja2 +SPDXID: SPDXRef-45-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files FilesAnalyzed: false -PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57 +PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. +ReleaseDate: 2024-05-05T23:41:59Z +ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/ +ExternalRef: OTHER chat https://discord.gg/pallets +ExternalRef: OTHER documentation https://jinja.palletsprojects.com/ +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER vcs https://github.com/pallets/jinja/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-43-markupsafe +SPDXID: SPDXRef-46-markupsafe PackageVersion: 3.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c +PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION -PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: markupsafe declares Copyright 2010 Pallets + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. +ReleaseDate: 2024-10-18T15:20:51Z +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/ +ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/ +ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/ +ExternalRef: OTHER chat https://discord.gg/pallets ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### PackageName: jsonschema -SPDXID: SPDXRef-44-jsonschema +SPDXID: SPDXRef-47-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema +PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python +ReleaseDate: 2024-07-08T18:40:00Z +ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-45-jsonschema-specifications +SPDXID: SPDXRef-48-jsonschema-specifications PackageVersion: 2024.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications -PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549 +PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ReleaseDate: 2024-10-08T12:29:30Z +ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:* ##### PackageName: referencing -SPDXID: SPDXRef-46-referencing +SPDXID: SPDXRef-49-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/referencing -PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845 +PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python +ReleaseDate: 2024-05-01T20:26:02Z +ExternalRef: OTHER documentation https://referencing.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/ +ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-47-rpds-py +SPDXID: SPDXRef-50-rpds-py PackageVersion: 0.22.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds +PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ReleaseDate: 2024-12-04T15:31:31Z +ExternalRef: OTHER documentation https://rpds.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/crate-py/rpds +ExternalRef: OTHER other https://github.com/orium/rpds ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-48-lib4sbom -PackageVersion: 0.7.5 +SPDXID: SPDXRef-51-lib4sbom +PackageVersion: 0.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom +PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:* +ReleaseDate: 2024-12-09T20:13:26Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-49-pyyaml +SPDXID: SPDXRef-52-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files +PackageDownloadLocation: https://pypi.org/project/PyYAML/ FilesAnalyzed: false PackageHomePage: https://pyyaml.org/ +PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python +ReleaseDate: 2024-08-06T20:31:40Z +ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues +ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions +ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation +ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core +ExternalRef: OTHER vcs https://github.com/yaml/pyyaml ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:* ##### PackageName: semantic-version -SPDXID: SPDXRef-50-semantic-version +SPDXID: SPDXRef-53-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/rbarrois/python-semanticversion -PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a +PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A library implementing the 'SemVer' scheme. +ReleaseDate: 2022-05-26T13:35:21Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### PackageName: lib4vex -SPDXID: SPDXRef-51-lib4vex +SPDXID: SPDXRef-54-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4vex -PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2 +PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library +ReleaseDate: 2024-08-29T20:36:52Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-52-csaf-tool +SPDXID: SPDXRef-55-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/csaf -PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4 +PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CSAF generator and analyser +ReleaseDate: 2024-06-12T20:10:06Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-53-packageurl-python +SPDXID: SPDXRef-56-packageurl-python PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 +PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder +ReleaseDate: 2024-10-22T05:51:23Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich -SPDXID: SPDXRef-54-rich +SPDXID: SPDXRef-57-rich PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich -PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 +PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ReleaseDate: 2024-11-01T16:43:55Z +ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-55-markdown-it-py +SPDXID: SPDXRef-58-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/markdown-it-py -PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d +PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ReleaseDate: 2023-06-03T06:41:11Z +ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* ##### PackageName: mdurl -SPDXID: SPDXRef-56-mdurl +SPDXID: SPDXRef-59-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/mdurl -PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e +PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Markdown URL utilities +ReleaseDate: 2022-08-14T12:40:09Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### PackageName: pygments -SPDXID: SPDXRef-57-pygments +SPDXID: SPDXRef-60-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files FilesAnalyzed: false PackageHomePage: https://pygments.org -PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb +PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. +ReleaseDate: 2024-05-04T13:41:57Z +ExternalRef: OTHER documentation https://pygments.org/docs +ExternalRef: OTHER vcs https://github.com/pygments/pygments +ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues +ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### +PackageName: python-gnupg +SPDXID: SPDXRef-61-python-gnupg +PackageVersion: 0.5.3 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) +ReleaseDate: 2024-09-20T16:43:47Z +ExternalRef: OTHER documentation https://gnupg.readthedocs.io/ +ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg +ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* +##### + PackageName: packaging -SPDXID: SPDXRef-58-packaging +SPDXID: SPDXRef-62-packaging PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f +PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages +ReleaseDate: 2024-11-08T09:47:44Z +ExternalRef: OTHER documentation https://packaging.pypa.io/ +ExternalRef: OTHER vcs https://github.com/pypa/packaging ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-59-plotly +SPDXID: SPDXRef-63-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files FilesAnalyzed: false PackageHomePage: https://plotly.com/python/ +PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python +ReleaseDate: 2024-09-12T15:36:24Z +ExternalRef: OTHER documentation https://plotly.com/python/ +ExternalRef: OTHER vcs https://github.com/plotly/plotly.py +ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-60-tenacity +SPDXID: SPDXRef-64-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/jd/tenacity -PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb +PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds +ReleaseDate: 2024-07-29T12:12:25Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### -PackageName: python-gnupg -SPDXID: SPDXRef-61-python-gnupg -PackageVersion: 0.5.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/vsajip/python-gnupg -PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* -##### - PackageName: requests -SPDXID: SPDXRef-62-requests +SPDXID: SPDXRef-65-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files FilesAnalyzed: false PackageHomePage: https://requests.readthedocs.io -PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068 +PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python HTTP for Humans. +ReleaseDate: 2024-05-29T15:37:47Z +ExternalRef: OTHER documentation https://requests.readthedocs.io +ExternalRef: OTHER vcs https://github.com/psf/requests ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:* ##### -PackageName: certifi -SPDXID: SPDXRef-63-certifi -PackageVersion: 2024.8.30 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/certifi/python-certifi -PackageLicenseDeclared: MPL-2.0 -PackageLicenseConcluded: MPL-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:* -##### - PackageName: charset-normalizer -SPDXID: SPDXRef-64-charset-normalizer +SPDXID: SPDXRef-66-charset-normalizer PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Ousret/charset_normalizer +PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ReleaseDate: 2024-10-09T07:38:02Z +ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues +ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-65-urllib3 +SPDXID: SPDXRef-67-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false -PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df +PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ReleaseDate: 2024-09-12T10:52:16Z +ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst +ExternalRef: OTHER documentation https://urllib3.readthedocs.io +ExternalRef: OTHER vcs https://github.com/urllib3/urllib3 +ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:* ##### +PackageName: certifi +SPDXID: SPDXRef-68-certifi +PackageVersion: 2024.12.14 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) +PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/certifi/python-certifi +PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 +PackageLicenseDeclared: MPL-2.0 +PackageLicenseConcluded: MPL-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Python package for providing Mozilla's CA Bundle. +ReleaseDate: 2024-12-14T13:52:36Z +ExternalRef: OTHER vcs https://github.com/certifi/python-certifi +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:* +##### + PackageName: rpmfile -SPDXID: SPDXRef-66-rpmfile +SPDXID: SPDXRef-69-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/srossross/rpmfile -PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5 +PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Read rpm archive files +ReleaseDate: 2024-07-24T21:57:45Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### PackageName: setuptools -SPDXID: SPDXRef-67-setuptools +SPDXID: SPDXRef-70-setuptools PackageVersion: 75.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files FilesAnalyzed: false +PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ReleaseDate: 2024-11-20T18:16:10Z +ExternalRef: OTHER vcs https://github.com/pypa/setuptools +ExternalRef: OTHER documentation https://setuptools.pypa.io/ +ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:* ##### PackageName: xmlschema -SPDXID: SPDXRef-68-xmlschema +SPDXID: SPDXRef-71-xmlschema PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema +PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder +ReleaseDate: 2024-10-31T09:47:12Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-69-elementpath +SPDXID: SPDXRef-72-elementpath PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath +PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml +ReleaseDate: 2024-10-27T21:52:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### -PackageName: zipp -SPDXID: SPDXRef-70-zipp -PackageVersion: 3.21.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:* -##### - PackageName: zstandard -SPDXID: SPDXRef-71-zstandard +SPDXID: SPDXRef-73-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/indygreg/python-zstandard +PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python +ReleaseDate: 2024-07-15T00:13:27Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-11-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-distro +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-filetype Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-42-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jsonschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-lib4sbom -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-pyyaml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4vex -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-packageurl-python -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4sbom +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-pyyaml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4vex +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-rich Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-python-gnupg -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-rpmfile -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-xmlschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-zipp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-zstandard -Relationship: SPDXRef-11-beautifulsoup4 DEPENDS_ON SPDXRef-12-soupsieve -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-18-argcomplete -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-19-crcmod -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-20-fasteners -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-21-gcs-oauth2-boto-plugin -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-23-google-auth -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-29-google-auth-httplib2 -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-30-httplib2 -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-32-google-reauth -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-35-pyopenssl -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-39-retry-decorator -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-40-google-apitools -Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-41-monotonic +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-requests +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-rpmfile +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-setuptools +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zstandard +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-10-multidict +Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-11-propcache +Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-13-idna +Relationship: SPDXRef-14-beautifulsoup4 DEPENDS_ON SPDXRef-15-soupsieve +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-propcache +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-propcache -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-auth-httplib2 -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-httplib2 -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-google-reauth -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl -Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator -Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-24-cachetools -Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-25-pyasn1-modules -Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-27-rsa -Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-25-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1 -Relationship: SPDXRef-27-rsa DEPENDS_ON SPDXRef-26-pyasn1 -Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-23-google-auth -Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-30-httplib2 -Relationship: SPDXRef-30-httplib2 DEPENDS_ON SPDXRef-31-pyparsing -Relationship: SPDXRef-32-google-reauth DEPENDS_ON SPDXRef-33-pyu2f -Relationship: SPDXRef-33-pyu2f DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-25-pyasn1-modules -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-pyasn1 -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-rsa -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-21-argcomplete +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-22-crcmod +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-23-fasteners +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-24-gcs-oauth2-boto-plugin +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-28-google-reauth +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-35-pyopenssl +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-39-retry-decorator +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-40-google-auth +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-42-google-auth-httplib2 +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-43-google-apitools +Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-44-monotonic +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-rsa +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-boto +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-google-reauth +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-oauth2client +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth +Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-42-google-auth-httplib2 +Relationship: SPDXRef-25-rsa DEPENDS_ON SPDXRef-26-pyasn1 +Relationship: SPDXRef-28-google-reauth DEPENDS_ON SPDXRef-29-pyu2f +Relationship: SPDXRef-29-pyu2f DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-31-httplib2 DEPENDS_ON SPDXRef-32-pyparsing +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-25-rsa +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-26-pyasn1 +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-34-pyasn1-modules +Relationship: SPDXRef-34-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1 Relationship: SPDXRef-35-pyopenssl DEPENDS_ON SPDXRef-36-cryptography Relationship: SPDXRef-36-cryptography DEPENDS_ON SPDXRef-37-cffi Relationship: SPDXRef-37-cffi DEPENDS_ON SPDXRef-38-pycparser Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-20-fasteners -Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-28-six -Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-30-httplib2 -Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-34-oauth2client -Relationship: SPDXRef-42-jinja2 DEPENDS_ON SPDXRef-43-markupsafe -Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-45-jsonschema-specifications -Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-46-referencing -Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-47-rpds-py -Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-45-jsonschema-specifications DEPENDS_ON SPDXRef-46-referencing -Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-47-rpds-py -Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-14-defusedxml -Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-49-pyyaml -Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-50-semantic-version -Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-48-lib4sbom -Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-52-csaf-tool -Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-53-packageurl-python -Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-53-packageurl-python -Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-54-rich -Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-55-markdown-it-py -Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments -Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl -Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging -Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-10-idna -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer -Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3 -Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath -Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna -Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict -Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-8-propcache +Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-25-rsa +Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-34-pyasn1-modules +Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-41-cachetools +Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-40-google-auth +Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-23-fasteners +Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-33-oauth2client +Relationship: SPDXRef-45-jinja2 DEPENDS_ON SPDXRef-46-markupsafe +Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-48-jsonschema-specifications +Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-49-referencing +Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-50-rpds-py +Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-48-jsonschema-specifications DEPENDS_ON SPDXRef-49-referencing +Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-50-rpds-py +Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-17-defusedxml +Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-52-pyyaml +Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-53-semantic-version +Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-51-lib4sbom +Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-55-csaf-tool +Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-56-packageurl-python +Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python +Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich +Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py +Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments +Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl +Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata +Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging +Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity +Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-13-idna +Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-66-charset-normalizer +Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-67-urllib3 +Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-68-certifi +Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-71-xmlschema DEPENDS_ON SPDXRef-72-elementpath +Relationship: SPDXRef-73-zstandard DEPENDS_ON SPDXRef-37-cffi Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool From 9d951f0aa460187a23de2f33bfaf09e93cb3661c Mon Sep 17 00:00:00 2001 From: Joydeep Tripathy <113792434+joydeep049@users.noreply.github.com> Date: Tue, 17 Dec 2024 23:19:10 +0530 Subject: [PATCH 39/47] fix: cyclonedx vex test fix (#4622) Signed-off-by: joydeep049 --- test/test_vex.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/test_vex.py b/test/test_vex.py index 6f43d8d08f..fb6cb8d166 100644 --- a/test/test_vex.py +++ b/test/test_vex.py @@ -87,7 +87,7 @@ class TestVexGeneration(unittest.TestCase): ), } - @pytest.mark.skip(reason="Needs an update to match what lib4vex produces.") + # @pytest.mark.skip(reason="Needs an update to match what lib4vex produces.") def test_output_cyclonedx(self): """Test VEX output generation""" @@ -108,6 +108,7 @@ def test_output_cyclonedx(self): for vulnerability in json_data.get("vulnerabilities", []): vulnerability.pop("published", None) vulnerability.pop("updated", None) + vulnerability.pop("properties", None) with open(str(VEX_PATH / "test_cyclonedx_vex.json")) as f: expected_json = json.load(f) From 9716ad157a81928a254158a8423c1d5059fb4574 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:49:35 -0800 Subject: [PATCH 40/47] chore(deps): bump github/codeql-action from 3.27.4 to 3.27.9 (#4630) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.4 to 3.27.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...df409f7d9260372bd5f19e5b04e83cb3c43714ae) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 86efaccec7..cc9e7ae6d3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 From d76c7b725e546066b02657f5bac024b266530e03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:57:16 -0800 Subject: [PATCH 41/47] chore(deps): bump actions/attest-build-provenance from 1.4.4 to 2.1.0 (#4629) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 1.4.4 to 2.1.0. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/ef244123eb79f2f7a7e75d99086184180e6d0018...7668571508540a607bdfd90a87a560489fe372eb) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build-wheel.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 77f770d804..3e1f10de2d 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -44,11 +44,11 @@ jobs: echo "tar=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT echo "whl=$(cd dist/ && echo *.tar.gz)" >> $GITHUB_OUTPUT - name: Attest Build Provenance for tar - uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: subject-path: "dist/${{ steps.filename.outputs.tar }}" - name: Attest Build Provenance for whl - uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: subject-path: "dist/${{ steps.filename.outputs.whl }}" # TODO Upload to pypi on release creation From 46fc5790fec85c610eec7c4da53f7bdfc9d0d4b0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:58:29 -0800 Subject: [PATCH 42/47] chore(deps): bump codecov/codecov-action from 5.0.2 to 5.1.1 (#4612) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.0.2 to 5.1.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5c47607acb93fed5485fdbf7232e8a31425f672a...7f8b4b4bde536c465e797be725718b88c5d95e0e) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/testing.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 59ed6c2aeb..75c89439c3 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -339,7 +339,7 @@ jobs: test/test_cvedb.py - name: Upload code coverage to codecov if: env.sbom != 'true' - uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 with: files: ./coverage.xml flags: longtests @@ -583,7 +583,7 @@ jobs: - name: Test PDF generation on Windows run: pytest test/test_output_engine.py -k test_output_pdf --cov --cov-append --cov-report=xml --durations=50 - name: Upload code coverage to codecov - uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 with: files: ./coverage.xml flags: win-longtests From f6cdfe7e995d41654edde8c2d91363bbb22151c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:59:22 -0800 Subject: [PATCH 43/47] chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#4615) Bumps [actions/cache](https://github.com/actions/cache) from 4.1.2 to 4.2.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/6849a6489940f00c2f30c0fb92c6274307ccb58a...1bd1e32a3bdc45362d1e726936510720a7c30a57) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cve_scan.yml | 2 +- .github/workflows/fuzzing.yml | 4 ++-- .github/workflows/testing.yml | 18 +++++++++--------- .github/workflows/update-cache.yml | 2 +- .github/workflows/update-js-dependencies.yml | 2 +- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index 56d60d6a22..52d238a6fe 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -32,7 +32,7 @@ jobs: run: | echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT - name: Get cached database - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index b4fb4a9fcb..ea981003ec 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -51,13 +51,13 @@ jobs: echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT - name: Get today's cached database - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: todays-cache with: path: fuzz-cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: fuzz-cache diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 75c89439c3..cb4021e186 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -135,13 +135,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -267,13 +267,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -411,13 +411,13 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" - name: Get today's cached database - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} - name: Get yesterday's cached database if today's is not available - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -517,14 +517,14 @@ jobs: echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }}" echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.YESTERDAY }}" - name: Get today's cached database - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 id: todays-cache with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.DATE }} enableCrossOsArchive: true - name: Get yesterday's cached database if today's is not available - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 if: steps.todays-cache.outputs.cache-hit != 'true' with: path: cache @@ -558,7 +558,7 @@ jobs: test/test_cli.py test/test_cvedb.py - name: Cache conda - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 env: # Increase to reset cache if requirements.txt file has not changed CACHE_NUMBER: 0 diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index 3ff143f678..f61a4c70d6 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -39,7 +39,7 @@ jobs: id: get-date run: | echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT - - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index be00a1298d..950b74f967 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -36,7 +36,7 @@ jobs: run: python .github/workflows/update_js_dependencies.py - name: Get cached Python packages - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} From a4bf7eb7cb155ca0a787f0389c927b128702035d Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Tue, 17 Dec 2024 14:01:53 -0800 Subject: [PATCH 44/47] ci: attempt to divide up longtests (#4631) The longtests are taking long enough to cause unexpected timeouts. This attempts to break them up into 4 groups of tests to help make them more manageable: synchronous tests, scanner/binary checker tests, language parser tests and everything else. Signed-off-by: Terri Oda --- .github/workflows/testing.yml | 322 +++++++++++++++++++++++++++------- 1 file changed, 262 insertions(+), 60 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index cb4021e186..0ea4070d42 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -201,44 +201,8 @@ jobs: timeout-minutes: 120 env: LONG_TESTS: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - egress-policy: block - allowed-endpoints: > - access.redhat.com:443 - api.codecov.io:443 - api.github.com:443 - archives.fedoraproject.org:443 - azure.archive.ubuntu.com:80 - cli.codecov.io:443 - codecov.io:443 - curl.se:443 - epss.cyentia.com:443 - esm.ubuntu.com:443 - files.pythonhosted.org:443 - ftp.fr.debian.org:80 - github.com:443 - gitlab.com:443 - mirror.cveb.in:443 - mirror.cveb.in:80 - motd.ubuntu.com:443 - nvd.nist.gov:443 - osv-vulnerabilities.storage.googleapis.com:443 - packages.microsoft.com:443 - ppa.launchpadcontent.net:443 - pypi.org:443 - raw.githubusercontent.com:443 - release-monitoring.org:443 - rpmfind.net:443 - security-tracker.debian.org:443 - services.nvd.nist.gov:443 - storage.googleapis.com:443 - uploader.codecov.io:443 - www.cisa.gov:443 - www.sqlite.org:443 + steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: @@ -278,24 +242,7 @@ jobs: with: path: cache key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} - - uses: technote-space/get-diff-action@f27caffdd0fb9b13f4fc191c016bb4e0632844af # v6.1.2 - with: - PATTERNS: | - cve_bin_tool/*.py - cve_bin_tool/data_sources/*.py - cve_bin_tool/checkers/*.py - test/condensed-downloads/* - FILES: | - cvedb.py - test_scanner.py - test_cli.py - cli.py - - uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1 - id: git-diff - with: - cond: ${{ (github.event.inputs.longTests == 'true') || (env.GIT_DIFF != '') }} - if_true: '1' - if_false: '0' + - name: Install cabextract if: env.sbom != 'true' run: sudo apt-get update && sudo apt-get install cabextract @@ -320,19 +267,273 @@ jobs: cp -r ~/.cache/cve-bin-tool cache - name: Run async tests if: env.sbom != 'true' - env: - LONG_TESTS: ${{ steps.git-diff.outputs.value }} run: > - pytest --cov --cov-append -n 4 -v --durations=50 + pytest --cov --cov-append -n 32 --cov-report=xml -v --durations=50 --ignore=test/test_cli.py --ignore=test/test_cvedb.py --ignore=test/test_requirements.py --ignore=test/test_html.py --ignore=test/test_json.py - - name: Run synchronous tests + --ignore=test/test_scanner.py + --ignore=test/test_language_parser.py + - name: Upload code coverage to codecov + if: env.sbom != 'true' + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + with: + files: ./coverage.xml + flags: longtests + name: codecov-umbrella + fail_ci_if_error: false + + long_tests_languages: + name: Long tests on Python 3.10 (language parsers) + permissions: + contents: read + if: | + ! github.event.pull_request.user.login == 'github-actions[bot]' || + ! ( + startsWith(github.head_ref, 'chore-sbom-py') || + contains( + fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'), + github.head_ref + ) + ) + runs-on: 'ubuntu-latest' + timeout-minutes: 120 + env: + LONG_TESTS: 1 + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: '3.10' + cache: 'pip' + + - name: "Skip tests if this is an automated sbom job" + env: + COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }} + run: | + if ${COMMIT_VAR} == true; then + echo "sbom=true" >> $GITHUB_ENV + echo "sbom set to true" + else + echo "sbom=false" >> $GITHUB_ENV + echo "sbom set to false" + fi + + - name: Get date + id: get-date + run: | + echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT + echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT + - name: Print Cache Keys + run: | + echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" + echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" + - name: Get today's cached database + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + id: todays-cache + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} + - name: Get yesterday's cached database if today's is not available + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + if: steps.todays-cache.outputs.cache-hit != 'true' + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + + - name: Install cve-bin-tool + if: env.sbom != 'true' + run: | + python -m pip install --upgrade pip + python -m pip install --upgrade setuptools + python -m pip install --upgrade wheel + python -m pip install --upgrade -r dev-requirements.txt + python -m pip install --editable . + - name: Try single CLI run of tool + if: env.sbom != 'true' + run: | + [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool + NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out + cp -r ~/.cache/cve-bin-tool cache + - name: Run language scanner tests + if: env.sbom != 'true' + run: > + pytest --cov --cov-append -n 32 --cov-report=xml -v --durations=50 + test/test_language_scanner.py + - name: Upload code coverage to codecov + if: env.sbom != 'true' + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + with: + files: ./coverage.xml + flags: longtests + name: codecov-umbrella + fail_ci_if_error: false + + long_tests_scanners: + name: Long tests on Python 3.10 (scanners) + permissions: + contents: read + if: | + ! github.event.pull_request.user.login == 'github-actions[bot]' || + ! ( + startsWith(github.head_ref, 'chore-sbom-py') || + contains( + fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'), + github.head_ref + ) + ) + runs-on: 'ubuntu-latest' + timeout-minutes: 120 + env: + LONG_TESTS: 1 + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: '3.10' + cache: 'pip' + + - name: "Skip tests if this is an automated sbom job" + env: + COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }} + run: | + if ${COMMIT_VAR} == true; then + echo "sbom=true" >> $GITHUB_ENV + echo "sbom set to true" + else + echo "sbom=false" >> $GITHUB_ENV + echo "sbom set to false" + fi + + - name: Get date + id: get-date + run: | + echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT + echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT + - name: Print Cache Keys + run: | + echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" + echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" + - name: Get today's cached database + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + id: todays-cache + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} + - name: Get yesterday's cached database if today's is not available + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + if: steps.todays-cache.outputs.cache-hit != 'true' + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + + - name: Install cve-bin-tool + if: env.sbom != 'true' + run: | + python -m pip install --upgrade pip + python -m pip install --upgrade setuptools + python -m pip install --upgrade wheel + python -m pip install --upgrade -r dev-requirements.txt + python -m pip install --editable . + - name: Try single CLI run of tool + if: env.sbom != 'true' + run: | + [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool + NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out + cp -r ~/.cache/cve-bin-tool cache + - name: Run binary scanner tests if: env.sbom != 'true' + run: > + pytest --cov --cov-append -n 32 --cov-report=xml -v --durations=50 + test/test_scanner.py + - name: Upload code coverage to codecov + if: env.sbom != 'true' + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + with: + files: ./coverage.xml + flags: longtests + name: codecov-umbrella + fail_ci_if_error: false + + long_tests_sync: + name: Long tests on Python 3.10 (synchronous) + permissions: + contents: read + if: | + ! github.event.pull_request.user.login == 'github-actions[bot]' || + ! ( + startsWith(github.head_ref, 'chore-sbom-py') || + contains( + fromJSON('["chore-update-table","chore-precommit-config","chore-spdx-header"]'), + github.head_ref + ) + ) + runs-on: 'ubuntu-latest' + timeout-minutes: 120 + env: + LONG_TESTS: 1 + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: '3.10' + cache: 'pip' + + - name: "Skip tests if this is an automated sbom job" env: - LONG_TESTS: ${{ steps.git-diff.outputs.value }} + COMMIT_VAR: ${{ startsWith(github.head_ref, 'chore-sbom-py') && github.event.pull_request.user.login == 'github-actions[bot]' }} + run: | + if ${COMMIT_VAR} == true; then + echo "sbom=true" >> $GITHUB_ENV + echo "sbom set to true" + else + echo "sbom=false" >> $GITHUB_ENV + echo "sbom set to false" + fi + + - name: Get date + id: get-date + run: | + echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT + echo "yesterday=$(/bin/date -d "-1 day" -u "+%Y%m%d")" >> $GITHUB_OUTPUT + - name: Print Cache Keys + run: | + echo "Today's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }}" + echo "Yesterday's Cache Key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }}" + - name: Get today's cached database + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + id: todays-cache + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.date }} + - name: Get yesterday's cached database if today's is not available + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + if: steps.todays-cache.outputs.cache-hit != 'true' + with: + path: cache + key: Linux-cve-bin-tool-${{ steps.get-date.outputs.yesterday }} + + - name: Install pdftotext, reportlab and cve-bin-tool + if: env.sbom != 'true' + run: | + python -m pip install --upgrade pip + python -m pip install --upgrade setuptools + python -m pip install --upgrade wheel + python -m pip install --upgrade -r dev-requirements.txt + python -m pip install --editable . + - name: Try single CLI run of tool + if: env.sbom != 'true' + run: | + [[ -e cache ]] && mkdir -p .cache && mv cache ~/.cache/cve-bin-tool + NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out + cp -r ~/.cache/cve-bin-tool cache + - name: Run synchronous tests + if: env.sbom != 'true' run: > pytest -v --cov --cov-append --cov-report=xml --durations=50 test/test_cli.py @@ -346,6 +547,7 @@ jobs: name: codecov-umbrella fail_ci_if_error: false + linux-mayfail: name: Tests that may fail due to network or HTML permissions: From 7153e9e67460e39ebec2258961d5b7960736db1d Mon Sep 17 00:00:00 2001 From: Aryan Bakliwal <106430579+AryanBakliwal@users.noreply.github.com> Date: Wed, 18 Dec 2024 03:54:07 +0530 Subject: [PATCH 45/47] feat: add json2 schema and test (#4623) Signed-off-by: Aryan Bakliwal --- cve_bin_tool/schemas/json2.json | 481 ++++++++++++++++++++++++++++++++ test/test_output_engine.py | 103 ++++++- 2 files changed, 583 insertions(+), 1 deletion(-) create mode 100644 cve_bin_tool/schemas/json2.json diff --git a/cve_bin_tool/schemas/json2.json b/cve_bin_tool/schemas/json2.json new file mode 100644 index 0000000000..e926c2e037 --- /dev/null +++ b/cve_bin_tool/schemas/json2.json @@ -0,0 +1,481 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Generated schema for Root", + "type": "object", + "properties": { + "$schema": { + "type": "string" + }, + "metadata": { + "type": "object", + "properties": { + "tool": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "version" + ] + }, + "generation_date": { + "type": "string" + }, + "parameter": { + "type": "object", + "properties": { + "options": { + "type": "object", + "properties": { + "help": {}, + "exclude": { + "type": "array", + "items": {} + }, + "version": {}, + "disable-version-check": { + "type": "boolean" + }, + "disable-validation-check": { + "type": "boolean" + }, + "offline": { + "type": "boolean" + }, + "detailed": { + "type": "boolean" + } + }, + "required": [ + "help", + "exclude", + "version", + "disable-version-check", + "disable-validation-check", + "offline", + "detailed" + ] + }, + "cve_data_download": { + "type": "object", + "properties": { + "nvd": { + "type": "string" + }, + "update": { + "type": "string" + }, + "nvd-api-key": { + "type": "string" + }, + "disable-data-source": { + "type": "array", + "items": {} + }, + "use-mirror": { + "type": "string" + } + }, + "required": [ + "nvd", + "update", + "nvd-api-key", + "disable-data-source", + "use-mirror" + ] + }, + "input": { + "type": "object", + "properties": { + "directory": { + "type": "string" + }, + "input-file": { + "type": "string" + }, + "triage-input-file": { + "type": "string" + }, + "config": { + "type": "string" + }, + "package-list": { + "type": "string" + }, + "sbom": { + "type": "string" + }, + "sbom-file": { + "type": "string" + } + }, + "required": [ + "directory", + "input-file", + "triage-input-file", + "config", + "package-list", + "sbom", + "sbom-file" + ] + }, + "output": { + "type": "object", + "properties": { + "quiet": { + "type": "boolean" + }, + "log-level": { + "type": "string" + }, + "output-file": { + "type": "string" + }, + "html-theme": { + "type": "string" + }, + "format": { + "type": "string" + }, + "generate-config": { + "type": "string" + }, + "cvss": { + "type": "number" + }, + "severity": { + "type": "string" + }, + "metrics": { + "type": "boolean" + }, + "epss-percentile": {}, + "epss-probability": {}, + "no-0-cve-report": { + "type": "boolean" + }, + "available-fix": { + "type": "string" + }, + "backport-fix": { + "type": "string" + }, + "affected-versions": { + "type": "number" + }, + "vex": { + "type": "string" + }, + "sbom-output": { + "type": "string" + }, + "sbom-type": { + "type": "string" + }, + "sbom-format": { + "type": "string" + } + }, + "required": [ + "quiet", + "log-level", + "output-file", + "html-theme", + "format", + "generate-config", + "cvss", + "severity", + "metrics", + "epss-percentile", + "epss-probability", + "no-0-cve-report", + "available-fix", + "backport-fix", + "affected-versions", + "vex", + "sbom-output", + "sbom-type", + "sbom-format" + ] + }, + "merge_report": { + "type": "object", + "properties": { + "append": { + "type": "boolean" + }, + "tag": { + "type": "string" + }, + "merge": {}, + "filter": { + "type": "array", + "items": {} + } + }, + "required": [ + "append", + "tag", + "merge", + "filter" + ] + }, + "checkers": { + "type": "object", + "properties": { + "skips": { + "type": "string" + }, + "runs": { + "type": "string" + } + }, + "required": [ + "skips", + "runs" + ] + }, + "database_management": { + "type": "object", + "properties": { + "import-json": { + "type": "string" + }, + "ignore-sig": { + "type": "boolean" + }, + "log-signature-error": { + "type": "boolean" + }, + "verify": { + "type": "string" + }, + "export-json": { + "type": "string" + }, + "pgp-sign": { + "type": "string" + }, + "passphrase": { + "type": "string" + }, + "export": { + "type": "string" + }, + "import": { + "type": "string" + } + }, + "required": [ + "import-json", + "ignore-sig", + "log-signature-error", + "verify", + "export-json", + "pgp-sign", + "passphrase", + "export", + "import" + ] + }, + "exploits": { + "type": "object", + "properties": { + "exploits": { + "type": "boolean" + } + }, + "required": [ + "exploits" + ] + }, + "deprecated": { + "type": "object", + "properties": { + "extract": { + "type": "boolean" + }, + "report": { + "type": "boolean" + } + }, + "required": [ + "extract", + "report" + ] + } + }, + "required": [ + "options", + "cve_data_download", + "input", + "output", + "merge_report", + "checkers", + "database_management", + "exploits", + "deprecated" + ] + } + }, + "required": [ + "tool", + "generation_date", + "parameter" + ] + }, + "database_info": { + "type": "object", + "properties": { + "last_updated": { + "type": "string" + }, + "total_entries": { + "type": "object", + "properties": { + "NVD": { + "type": "number" + }, + "OSV": { + "type": "number" + }, + "GAD": { + "type": "number" + }, + "REDHAT": { + "type": "number" + } + }, + "required": [ + "NVD" + ] + } + }, + "required": [ + "last_updated", + "total_entries" + ] + }, + "vulnerabilities": { + "type": "object", + "properties": { + "summary": { + "type": "object", + "properties": { + "CRITICAL": { + "type": "number" + }, + "HIGH": { + "type": "number" + }, + "MEDIUM": { + "type": "number" + }, + "LOW": { + "type": "number" + }, + "UNKNOWN": { + "type": "number" + } + }, + "required": [ + "CRITICAL", + "HIGH", + "MEDIUM", + "LOW", + "UNKNOWN" + ] + }, + "report": { + "type": "array", + "items": { + "type": "object", + "properties": { + "datasource": { + "type": "string" + }, + "entries": { + "type": "array", + "items": { + "type": "object", + "properties": { + "vendor": { + "type": "string" + }, + "product": { + "type": "string" + }, + "version": { + "type": "string" + }, + "cve_number": { + "type": "string" + }, + "severity": { + "type": "string" + }, + "score": { + "type": "string" + }, + "source": { + "type": "string" + }, + "cvss_version": { + "type": "string" + }, + "cvss_vector": { + "type": "string" + }, + "paths": { + "type": "string" + }, + "remarks": { + "type": "string" + }, + "comments": { + "type": "string" + } + }, + "required": [ + "vendor", + "product", + "version", + "cve_number", + "severity", + "score", + "source", + "cvss_version", + "cvss_vector", + "paths", + "remarks", + "comments" + ] + } + } + }, + "required": [ + "datasource", + "entries" + ] + } + } + }, + "required": [ + "summary", + "report" + ] + } + }, + "required": [ + "$schema", + "metadata", + "database_info", + "vulnerabilities" + ] +} \ No newline at end of file diff --git a/test/test_output_engine.py b/test/test_output_engine.py index 5a65e5c4cd..8bd1864fb1 100644 --- a/test/test_output_engine.py +++ b/test/test_output_engine.py @@ -14,11 +14,13 @@ from pathlib import Path from unittest.mock import MagicMock, call, patch +from jsonschema import validate +from jsonschema.exceptions import ValidationError from rich.console import Console from cve_bin_tool.output_engine import OutputEngine, output_csv, output_pdf from cve_bin_tool.output_engine.console import output_console -from cve_bin_tool.output_engine.json_output import output_json +from cve_bin_tool.output_engine.json_output import output_json, output_json2 from cve_bin_tool.output_engine.util import format_output from cve_bin_tool.sbom_manager.generate import SBOMGenerate from cve_bin_tool.util import CVE, CVEData, ProductInfo, Remarks, VersionInfo @@ -465,6 +467,75 @@ class TestOutputEngine(unittest.TestCase): "CVE-9999-0008": VersionInfo("", "", "", "1.2.0"), } + MOCK_ORGANIZED_PARAMETERS = { + "options": { + "help": {"arg_value": None}, + "exclude": {"arg_value": []}, + "version": {"arg_value": None}, + "disable-version-check": {"arg_value": False}, + "disable-validation-check": {"arg_value": False}, + "offline": {"arg_value": False}, + "detailed": {"arg_value": False}, + }, + "cve_data_download": { + "nvd": {"arg_value": "json-mirror"}, + "update": {"arg_value": "daily"}, + "nvd-api-key": {"arg_value": ""}, + "disable-data-source": {"arg_value": []}, + "use-mirror": {"arg_value": ""}, + }, + "input": { + "directory": {"arg_value": "test/language_data/pubspec.lock"}, + "input-file": {"arg_value": ""}, + "triage-input-file": {"arg_value": ""}, + "config": {"arg_value": ""}, + "package-list": {"arg_value": ""}, + "sbom": {"arg_value": ""}, + "sbom-file": {"arg_value": ""}, + }, + "output": { + "quiet": {"arg_value": False}, + "log-level": {"arg_value": "debug"}, + "output-file": {"arg_value": "temp_test_json2"}, + "html-theme": {"arg_value": ""}, + "format": {"arg_value": "json2"}, + "generate-config": {"arg_value": ""}, + "cvss": {"arg_value": 0}, + "severity": {"arg_value": "low"}, + "metrics": {"arg_value": False}, + "epss-percentile": {"arg_value": None}, + "epss-probability": {"arg_value": None}, + "no-0-cve-report": {"arg_value": False}, + "available-fix": {"arg_value": ""}, + "backport-fix": {"arg_value": ""}, + "affected-versions": {"arg_value": 0}, + "vex": {"arg_value": ""}, + "sbom-output": {"arg_value": ""}, + "sbom-type": {"arg_value": "spdx"}, + "sbom-format": {"arg_value": "tag"}, + }, + "merge_report": { + "append": {"arg_value": False}, + "tag": {"arg_value": ""}, + "merge": {"arg_value": None}, + "filter": {"arg_value": []}, + }, + "checkers": {"skips": {"arg_value": ""}, "runs": {"arg_value": ""}}, + "database_management": { + "import-json": {"arg_value": ""}, + "ignore-sig": {"arg_value": False}, + "log-signature-error": {"arg_value": False}, + "verify": {"arg_value": ""}, + "export-json": {"arg_value": ""}, + "pgp-sign": {"arg_value": ""}, + "passphrase": {"arg_value": ""}, + "export": {"arg_value": ""}, + "import": {"arg_value": ""}, + }, + "exploits": {"exploits": {"arg_value": False}}, + "deprecated": {"extract": {"arg_value": True}, "report": {"arg_value": False}}, + } + FORMATTED_OUTPUT = [ { "vendor": "vendor0", @@ -998,6 +1069,36 @@ def test_output_json(self): self.mock_file.seek(0) # reset file position self.assertEqual(json.load(self.mock_file), self.FORMATTED_OUTPUT) + def test_output_json2(self): + """Test formatting output as JSON2""" + output_json2( + self.MOCK_OUTPUT, + None, + datetime.today(), + self.mock_file, + 0, + self.MOCK_ORGANIZED_PARAMETERS, + metrics=True, + ) + + # Load the JSON2 schema + schema_path = ( + Path(__file__).resolve().parent.parent + / "cve_bin_tool" + / "schemas" + / "json2.json" + ) + with open(schema_path, encoding="utf-8") as schema_file: + json2_schema = json.load(schema_file) + + self.mock_file.seek(0) # reset file position + + # Validate -- will raise a ValidationError if not valid and fail the test + try: + validate(json.load(self.mock_file), json2_schema) + except ValidationError as ve: + self.fail(f"Validation error occurred: {ve}") + def test_output_csv(self): """Test formatting output as CSV""" output_csv(self.MOCK_OUTPUT, None, self.mock_file, metrics=True) From fc85cc8e4e24df8fa699d9baba3dfcb98f0631ae Mon Sep 17 00:00:00 2001 From: Terri Oda Date: Wed, 18 Dec 2024 10:36:03 -0800 Subject: [PATCH 46/47] fix: treat 1.0 and 1 as the same for excel users (#4543) * fix: treat 1.0 and 1 as the same for excel users * fixes #4467 If you edit a csv/spreadsheet in excel, it will modify values that "look like" integers to it, so the version 1.0 becomes 1, truncating the final ".0" from the version string. This adds an edge case in to the version compare function so it treats these truncated versions as the same (which was the behaviour in previous versions of cve-bin-tool). Signed-off-by: Terri Oda --- cve_bin_tool/version_compare.py | 18 ++++++++++++++++++ test/test_version_compare.py | 9 +++++++++ 2 files changed, 27 insertions(+) diff --git a/cve_bin_tool/version_compare.py b/cve_bin_tool/version_compare.py index 11716ac202..b719272fc6 100644 --- a/cve_bin_tool/version_compare.py +++ b/cve_bin_tool/version_compare.py @@ -134,6 +134,15 @@ def version_compare(v1: str, v2: str): if v1_array[i] in pre_release_words: return -1 + # special edge case for folk editing version info in excel + # who may lose the trailing .0 in versions like 1.0 + try: + if int(v1_array[i]) == 0 and len(v1_array) == len(v2_array) + 1: + return 0 + + except ValueError: + return 1 + # Otherwise, v1 has more digits than v2 and the previous ones matched, # so it's probably later. e.g. 1.2.3 amd 1.2.q are both > 1.2 return 1 @@ -150,6 +159,15 @@ def version_compare(v1: str, v2: str): if v2_array[len(v1_array)] in pre_release_words: return 1 + # special edge case for folk editing version info in excel + # who may lose the trailing .0 in versions like 1.0 + try: + if int(v2_array[len(v1_array)]) == 0 and len(v2_array) == len(v1_array) + 1: + return 0 + + except ValueError: + return -1 + return -1 return 0 diff --git a/test/test_version_compare.py b/test/test_version_compare.py index c826c4dc7e..b6af209905 100644 --- a/test/test_version_compare.py +++ b/test/test_version_compare.py @@ -16,6 +16,12 @@ def test_eq(self): assert Version("4.4.A") == Version("4.4.a") assert Version("5.6 ") == Version("5.6") assert Version("f835f2caaa") == Version("f835f2caaa") + assert Version("42.0") == Version( + "42" + ) # edge case for folk editing versions in excel + assert Version("1") == Version( + "1.0" + ) # edge case for folk editing versions in excel def test_lt(self): """Make sure < works between versions, including some with unusual version schemes""" @@ -75,3 +81,6 @@ def test_ne(self): """Test some != cases with hashes to make sure we aren't comparing the string 'HASH'""" assert Version("f835f2caab") != Version("f835f2caaa") assert Version("HASH") != Version("f835f2caaa") + assert Version("1") != Version( + "1.0.0" + ) # the edge case for excel only works on single .0 From 37f514c375bb5f1c5d8b5f7b992a6c2e4366ad2c Mon Sep 17 00:00:00 2001 From: Aryan Bakliwal <106430579+AryanBakliwal@users.noreply.github.com> Date: Thu, 19 Dec 2024 00:12:57 +0530 Subject: [PATCH 47/47] feat(parser): add conan parser (#4569) --------- Signed-off-by: Aryan Bakliwal Co-authored-by: Terri Oda --- .github/actions/spelling/allow.txt | 1 + .github/actions/spelling/expect.txt | 2 +- cve_bin_tool/parsers/__init__.py | 1 + cve_bin_tool/parsers/ccpp.py | 65 +++++++++++++++++++++++++++++ doc/MANUAL.md | 9 +++- test/language_data/conan.lock | 12 ++++++ test/test_language_scanner.py | 14 +++++++ 7 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 cve_bin_tool/parsers/ccpp.py create mode 100644 test/language_data/conan.lock diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 88c55c264d..8c76555602 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -94,6 +94,7 @@ codecov collectd commons compress +conan conda config connman diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index fd3171373d..5ba2fec4af 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -13,4 +13,4 @@ NOTKNOWN pyyaml skontar Svunknown -urllib +urllib \ No newline at end of file diff --git a/cve_bin_tool/parsers/__init__.py b/cve_bin_tool/parsers/__init__.py index 5ed25c87ad..8394ccebd0 100644 --- a/cve_bin_tool/parsers/__init__.py +++ b/cve_bin_tool/parsers/__init__.py @@ -26,6 +26,7 @@ "perl", "dart", "env", + "ccpp", ] diff --git a/cve_bin_tool/parsers/ccpp.py b/cve_bin_tool/parsers/ccpp.py new file mode 100644 index 0000000000..8d4452e940 --- /dev/null +++ b/cve_bin_tool/parsers/ccpp.py @@ -0,0 +1,65 @@ +# Copyright (C) 2024 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later +"""Python script containing all functionalities related to parsing of C/C++ conan.lock files.""" + +import json +import re + +from cve_bin_tool.parsers import Parser + + +class CCppParser(Parser): + """ + Parser for C/C++ conan.lock files based on + https://docs.conan.io/2/tutorial/versioning/lockfiles.html + """ + + PARSER_MATCH_FILENAMES = [ + "conan.lock", + ] + + def __init__(self, cve_db, logger): + super().__init__(cve_db, logger) + self.purl_pkg_type = "conan" + + def generate_purl(self, product, vendor="", version="", qualifier={}, subpath=None): + """Generates PURL after normalizing all components.""" + product = re.sub(r"[^a-zA-Z0-9._-]", "", product).lower() + + if not product: + return None + + purl = super().generate_purl( + product, + vendor, + version, + qualifier, + subpath, + ) + + return purl + + def run_checker(self, filename): + """Parse the file and yield valid PURLs.""" + self.filename = filename + with open(self.filename) as fh: + data = json.load(fh) + requires = data["requires"] + build_requires = data["build_requires"] + if requires: + for require in requires: + product = require.split("#")[0].split("/")[0] + version = require.split("#")[0].split("/")[1] + purl = self.generate_purl(product) + vendor = self.get_vendor(purl, product, version) + if vendor is not None: + yield from vendor + if build_requires: + for build_require in build_requires: + product = build_require.split("#")[0].split("/")[0] + version = build_require.split("#")[0].split("/")[1] + purl = self.generate_purl(product) + vendor = self.get_vendor(purl, product, version) + if vendor is not None: + yield from vendor + self.logger.debug(f"Done scanning file: {self.filename}") diff --git a/doc/MANUAL.md b/doc/MANUAL.md index 4a7644afff..6eea193c78 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -92,6 +92,7 @@ - [Perl](#perl) - [PHP](#php) - [Dart](#dart) + - [C/C++](#cc) - [Feedback \& Contributions](#feedback--contributions) - [Security Issues](#security-issues) @@ -1520,10 +1521,16 @@ Here's an example of what a [`composer.lock`](https://github.com/intel/cve-bin-t ### Dart -The scanner examines the pubspec.lock file, made by Dart's pub tool for managing project dependencies and versions. The package names and versions are used to search the database for vulnerabilities. +The scanner examines the `pubspec.lock` file, made by Dart's pub tool for managing project dependencies and versions. The package names and versions are used to search the database for vulnerabilities. Here's an example of what a [`pubspec.lock`](https://github.com/intel/cve-bin-tool/blob/main/test/language_data/pubspec.lock) file might look like. +### C/C++ + +The scanner examines the `conan.lock` file, generated by the Conan dependency and package manager for C and C++. The package names and versions are used to search the database for vulnerabilities. + +Here's an example of what a [`conan.lock`](https://github.com/intel/cve-bin-tool/blob/main/test/language_data/conan.lock) file might look like. + ## Feedback & Contributions Bugs and feature requests can be made via [GitHub issues](https://github.com/intel/cve-bin-tool/issues). diff --git a/test/language_data/conan.lock b/test/language_data/conan.lock new file mode 100644 index 0000000000..19bd5cdf56 --- /dev/null +++ b/test/language_data/conan.lock @@ -0,0 +1,12 @@ +{ + "version": "0.5", + "requires": [ + "zlib/1.2.11#fca992a7d96a1b92bd956caa8a97d18f%1705999194.642", + "openssl/3.0.1w#a8f0792d7c5121b954578a7149d23e03%1717541485.78" + ], + "build_requires": [ + "cmake/3.22.6#f305019023c2db74d1001c5afa5cf362" + ], + "python_requires": [], + "config_requires": [] +} \ No newline at end of file diff --git a/test/test_language_scanner.py b/test/test_language_scanner.py index ec480b5287..95d6b19c41 100644 --- a/test/test_language_scanner.py +++ b/test/test_language_scanner.py @@ -162,6 +162,8 @@ class TestLanguageScanner: DART_PRODUCTS = ["dio", "archive"] + CONAN_PRODUCTS = ["zlib", "openssl", "cmake"] + @classmethod def setup_class(cls): cls.cvedb = CVEDB() @@ -341,6 +343,18 @@ def test_language_package_none_found(self, filename: str) -> None: ) ], ), + pytest.param( + str(TEST_FILE_PATH / "conan.lock"), + parsers.ccpp.CCppParser, + CONAN_PRODUCTS, + "conan", + marks=[ + pytest.mark.skipif( + not LONG_TESTS(), + reason="Test reduction in short tests", + ) + ], + ), ], ) def test_language_package(