diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 6faab97cf4..b2bbad7108 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.5",
- "serialNumber": "urn:uuid:a5b77de1-d2b5-4c2a-b09f-c45e84c35cb4",
+ "serialNumber": "urn:uuid:5c8e6736-a96f-4572-a16a-14efc5051995",
"version": 1,
"metadata": {
- "timestamp": "2023-10-09T00:26:21Z",
+ "timestamp": "2023-10-16T00:26:54Z",
"tools": {
"components": [
{
@@ -1228,7 +1228,7 @@
"type": "library",
"bom-ref": "37-google-auth",
"name": "google-auth",
- "version": "2.23.2",
+ "version": "2.23.3",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1237,7 +1237,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1249,12 +1249,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.23.2",
+ "url": "https://pypi.org/project/google-auth/2.23.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.23.2",
+ "purl": "pkg:pypi/google-auth@2.23.3",
"properties": [
{
"name": "License Comments",
@@ -1548,11 +1548,11 @@
"type": "library",
"bom-ref": "48-rpds-py",
"name": "rpds-py",
- "version": "0.10.4",
+ "version": "0.10.6",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
@@ -1564,12 +1564,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpds-py/0.10.4",
+ "url": "https://pypi.org/project/rpds-py/0.10.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.10.4"
+ "purl": "pkg:pypi/rpds-py@0.10.6"
},
{
"type": "library",
@@ -1699,7 +1699,34 @@
},
{
"type": "library",
- "bom-ref": "53-packaging",
+ "bom-ref": "53-packageurl-python",
+ "name": "packageurl-python",
+ "version": "0.11.2",
+ "supplier": {
+ "name": "the purl authors"
+ },
+ "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.11.2:*:*:*:*:*:*:*",
+ "description": "A purl aka. Package URL parser and builder",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/packageurl-python/0.11.2",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/packageurl-python@0.11.2"
+ },
+ {
+ "type": "library",
+ "bom-ref": "54-packaging",
"name": "packaging",
"version": "21.3",
"supplier": {
@@ -1734,7 +1761,7 @@
},
{
"type": "library",
- "bom-ref": "54-plotly",
+ "bom-ref": "55-plotly",
"name": "plotly",
"version": "5.17.0",
"supplier": {
@@ -1766,7 +1793,7 @@
},
{
"type": "library",
- "bom-ref": "55-tenacity",
+ "bom-ref": "56-tenacity",
"name": "tenacity",
"version": "8.2.3",
"supplier": {
@@ -1804,7 +1831,7 @@
},
{
"type": "library",
- "bom-ref": "56-python-gnupg",
+ "bom-ref": "57-python-gnupg",
"name": "python-gnupg",
"version": "0.5.1",
"supplier": {
@@ -1842,7 +1869,7 @@
},
{
"type": "library",
- "bom-ref": "57-requests",
+ "bom-ref": "58-requests",
"name": "requests",
"version": "2.31.0",
"supplier": {
@@ -1880,7 +1907,7 @@
},
{
"type": "library",
- "bom-ref": "58-certifi",
+ "bom-ref": "59-certifi",
"name": "certifi",
"version": "2023.7.22",
"supplier": {
@@ -1912,7 +1939,7 @@
},
{
"type": "library",
- "bom-ref": "59-urllib3",
+ "bom-ref": "60-urllib3",
"name": "urllib3",
"version": "2.0.6",
"supplier": {
@@ -1936,7 +1963,7 @@
},
{
"type": "library",
- "bom-ref": "60-rich",
+ "bom-ref": "61-rich",
"name": "rich",
"version": "13.6.0",
"supplier": {
@@ -1968,7 +1995,7 @@
},
{
"type": "library",
- "bom-ref": "61-markdown-it-py",
+ "bom-ref": "62-markdown-it-py",
"name": "markdown-it-py",
"version": "3.0.0",
"supplier": {
@@ -1992,7 +2019,7 @@
},
{
"type": "library",
- "bom-ref": "62-mdurl",
+ "bom-ref": "63-mdurl",
"name": "mdurl",
"version": "0.1.2",
"supplier": {
@@ -2016,7 +2043,7 @@
},
{
"type": "library",
- "bom-ref": "63-pygments",
+ "bom-ref": "64-pygments",
"name": "pygments",
"version": "2.16.1",
"supplier": {
@@ -2048,7 +2075,7 @@
},
{
"type": "library",
- "bom-ref": "64-typing-extensions",
+ "bom-ref": "65-typing-extensions",
"name": "typing-extensions",
"version": "4.8.0",
"supplier": {
@@ -2072,7 +2099,7 @@
},
{
"type": "library",
- "bom-ref": "65-rpmfile",
+ "bom-ref": "66-rpmfile",
"name": "rpmfile",
"version": "1.1.1",
"supplier": {
@@ -2104,7 +2131,7 @@
},
{
"type": "library",
- "bom-ref": "66-toml",
+ "bom-ref": "67-toml",
"name": "toml",
"version": "0.10.2",
"supplier": {
@@ -2136,7 +2163,7 @@
},
{
"type": "library",
- "bom-ref": "67-xmlschema",
+ "bom-ref": "68-xmlschema",
"name": "xmlschema",
"version": "2.5.0",
"supplier": {
@@ -2168,7 +2195,7 @@
},
{
"type": "library",
- "bom-ref": "68-elementpath",
+ "bom-ref": "69-elementpath",
"name": "elementpath",
"version": "4.1.5",
"supplier": {
@@ -2200,7 +2227,7 @@
},
{
"type": "library",
- "bom-ref": "69-zstandard",
+ "bom-ref": "70-zstandard",
"name": "zstandard",
"version": "0.21.0",
"supplier": {
@@ -2252,17 +2279,18 @@
"43-jinja2",
"45-jsonschema",
"50-lib4sbom",
- "53-packaging",
- "54-plotly",
- "56-python-gnupg",
+ "53-packageurl-python",
+ "54-packaging",
+ "55-plotly",
+ "57-python-gnupg",
"51-pyyaml",
- "57-requests",
- "60-rich",
- "65-rpmfile",
- "66-toml",
- "59-urllib3",
- "67-xmlschema",
- "69-zstandard"
+ "58-requests",
+ "61-rich",
+ "66-rpmfile",
+ "67-toml",
+ "60-urllib3",
+ "68-xmlschema",
+ "70-zstandard"
]
},
{
@@ -2453,45 +2481,45 @@
]
},
{
- "ref": "53-packaging",
+ "ref": "54-packaging",
"dependsOn": [
"26-pyparsing"
]
},
{
- "ref": "54-plotly",
+ "ref": "55-plotly",
"dependsOn": [
- "53-packaging",
- "55-tenacity"
+ "54-packaging",
+ "56-tenacity"
]
},
{
- "ref": "57-requests",
+ "ref": "58-requests",
"dependsOn": [
- "58-certifi",
+ "59-certifi",
"7-charset-normalizer",
"10-idna",
- "59-urllib3"
+ "60-urllib3"
]
},
{
- "ref": "60-rich",
+ "ref": "61-rich",
"dependsOn": [
- "61-markdown-it-py",
- "63-pygments",
- "64-typing-extensions"
+ "62-markdown-it-py",
+ "64-pygments",
+ "65-typing-extensions"
]
},
{
- "ref": "61-markdown-it-py",
+ "ref": "62-markdown-it-py",
"dependsOn": [
- "62-mdurl"
+ "63-mdurl"
]
},
{
- "ref": "67-xmlschema",
+ "ref": "68-xmlschema",
"dependsOn": [
- "68-elementpath"
+ "69-elementpath"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index 011666b87f..733879de83 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4c9034e7-2ae1-4a4d-b6dd-c09ed013f3a6
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4902c24e-90c5-48ae-83e2-c79044c03259
LicenseListVersion: 3.21
Creator: Tool: sbom4python-0.10.0
-Created: 2023-10-09T00:24:53Z
+Created: 2023-10-16T00:25:20Z
CreatorComment: This document has been automatically generated.
#####
@@ -566,18 +566,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
PackageName: google-auth
SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.23.2
+PackageVersion: 2.23.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.3
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*
#####
PackageName: cachetools
@@ -732,17 +732,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*
PackageName: rpds-py
SPDXID: SPDXRef-Package-48-rpds-py
-PackageVersion: 0.10.4
+PackageVersion: 0.10.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.4
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.6
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*
#####
PackageName: pkgutil-resolve-name
@@ -806,8 +806,23 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
+PackageName: packageurl-python
+SPDXID: SPDXRef-Package-53-packageurl-python
+PackageVersion: 0.11.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: the purl authors
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.11.2
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: A purl aka. Package URL parser and builder
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.11.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.11.2:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-Package-53-packaging
+SPDXID: SPDXRef-Package-54-packaging
PackageVersion: 21.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io)
@@ -823,7 +838,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
#####
PackageName: plotly
-SPDXID: SPDXRef-Package-54-plotly
+SPDXID: SPDXRef-Package-55-plotly
PackageVersion: 5.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
@@ -838,7 +853,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-Package-55-tenacity
+SPDXID: SPDXRef-Package-56-tenacity
PackageVersion: 8.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
@@ -854,7 +869,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*
#####
PackageName: python-gnupg
-SPDXID: SPDXRef-Package-56-python-gnupg
+SPDXID: SPDXRef-Package-57-python-gnupg
PackageVersion: 0.5.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
@@ -870,7 +885,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*
#####
PackageName: requests
-SPDXID: SPDXRef-Package-57-requests
+SPDXID: SPDXRef-Package-58-requests
PackageVersion: 2.31.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
@@ -886,7 +901,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:
#####
PackageName: certifi
-SPDXID: SPDXRef-Package-58-certifi
+SPDXID: SPDXRef-Package-59-certifi
PackageVersion: 2023.7.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
@@ -901,7 +916,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:
#####
PackageName: urllib3
-SPDXID: SPDXRef-Package-59-urllib3
+SPDXID: SPDXRef-Package-60-urllib3
PackageVersion: 2.0.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
@@ -916,7 +931,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.0.6:*:*:*:*:*:
#####
PackageName: rich
-SPDXID: SPDXRef-Package-60-rich
+SPDXID: SPDXRef-Package-61-rich
PackageVersion: 13.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
@@ -931,7 +946,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.6.0:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
-SPDXID: SPDXRef-Package-61-markdown-it-py
+SPDXID: SPDXRef-Package-62-markdown-it-py
PackageVersion: 3.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
@@ -946,7 +961,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:
#####
PackageName: mdurl
-SPDXID: SPDXRef-Package-62-mdurl
+SPDXID: SPDXRef-Package-63-mdurl
PackageVersion: 0.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
@@ -961,7 +976,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
#####
PackageName: pygments
-SPDXID: SPDXRef-Package-63-pygments
+SPDXID: SPDXRef-Package-64-pygments
PackageVersion: 2.16.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
@@ -976,7 +991,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*
#####
PackageName: typing-extensions
-SPDXID: SPDXRef-Package-64-typing-extensions
+SPDXID: SPDXRef-Package-65-typing-extensions
PackageVersion: 4.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
@@ -991,7 +1006,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
#####
PackageName: rpmfile
-SPDXID: SPDXRef-Package-65-rpmfile
+SPDXID: SPDXRef-Package-66-rpmfile
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
@@ -1006,7 +1021,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*
#####
PackageName: toml
-SPDXID: SPDXRef-Package-66-toml
+SPDXID: SPDXRef-Package-67-toml
PackageVersion: 0.10.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: William Pearson (uiri@xqz.ca)
@@ -1021,7 +1036,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
#####
PackageName: xmlschema
-SPDXID: SPDXRef-Package-67-xmlschema
+SPDXID: SPDXRef-Package-68-xmlschema
PackageVersion: 2.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
@@ -1036,7 +1051,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-Package-68-elementpath
+SPDXID: SPDXRef-Package-69-elementpath
PackageVersion: 4.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
@@ -1051,7 +1066,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*
#####
PackageName: zstandard
-SPDXID: SPDXRef-Package-69-zstandard
+SPDXID: SPDXRef-Package-70-zstandard
PackageVersion: 0.21.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
@@ -1078,16 +1093,17 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4sbom
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-pyyaml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packaging
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-plotly
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-python-gnupg
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-requests
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-urllib3
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rich
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-toml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packageurl-python
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packaging
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-plotly
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-python-gnupg
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-requests
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-urllib3
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-rich
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-rpmfile
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-toml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-xmlschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-zstandard
Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve
Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete
Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod
@@ -1153,18 +1169,18 @@ Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-6-attrs
Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-14-defusedxml
Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-51-pyyaml
Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-52-semantic-version
-Relationship: SPDXRef-Package-53-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing
-Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-53-packaging
-Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-55-tenacity
-Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-10-idna
-Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-58-certifi
-Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-59-urllib3
-Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-61-markdown-it-py
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-63-pygments
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-64-typing-extensions
-Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-62-mdurl
-Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath
+Relationship: SPDXRef-Package-54-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing
+Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-54-packaging
+Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-56-tenacity
+Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-10-idna
+Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-59-certifi
+Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-60-urllib3
+Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer
+Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-62-markdown-it-py
+Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-64-pygments
+Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-65-typing-extensions
+Relationship: SPDXRef-Package-62-markdown-it-py DEPENDS_ON SPDXRef-Package-63-mdurl
+Relationship: SPDXRef-Package-68-xmlschema DEPENDS_ON SPDXRef-Package-69-elementpath
Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna
Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict
Relationship: SPDXRef-Package-None DESCRIBES SPDXRef-Package-1-cve-bin-tool