From 950a772b7c97fb8aeb18e63a1d06a2129ed2b676 Mon Sep 17 00:00:00 2001
From: GitHub <noreply@github.com>
Date: Mon, 16 Oct 2023 00:26:56 +0000
Subject: [PATCH] chore: update SBOM for Python 3.8

---
 sbom/cve-bin-tool-py3.8.json | 132 +++++++++++++++++++++--------------
 sbom/cve-bin-tool-py3.8.spdx | 114 +++++++++++++++++-------------
 2 files changed, 145 insertions(+), 101 deletions(-)

diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index 6faab97cf4..b2bbad7108 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:a5b77de1-d2b5-4c2a-b09f-c45e84c35cb4",
+  "serialNumber": "urn:uuid:5c8e6736-a96f-4572-a16a-14efc5051995",
   "version": 1,
   "metadata": {
-    "timestamp": "2023-10-09T00:26:21Z",
+    "timestamp": "2023-10-16T00:26:54Z",
     "tools": {
       "components": [
         {
@@ -1228,7 +1228,7 @@
       "type": "library",
       "bom-ref": "37-google-auth",
       "name": "google-auth",
-      "version": "2.23.2",
+      "version": "2.23.3",
       "supplier": {
         "name": "Google Cloud Platform",
         "contact": [
@@ -1237,7 +1237,7 @@
           }
         ]
       },
-      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.2:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*",
       "description": "Google Authentication Library",
       "licenses": [
         {
@@ -1249,12 +1249,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/google-auth/2.23.2",
+          "url": "https://pypi.org/project/google-auth/2.23.3",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/google-auth@2.23.2",
+      "purl": "pkg:pypi/google-auth@2.23.3",
       "properties": [
         {
           "name": "License Comments",
@@ -1548,11 +1548,11 @@
       "type": "library",
       "bom-ref": "48-rpds-py",
       "name": "rpds-py",
-      "version": "0.10.4",
+      "version": "0.10.6",
       "supplier": {
         "name": "Julian Berman"
       },
-      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.4:*:*:*:*:*:*:*",
+      "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*",
       "description": "Python bindings to Rust's persistent data structures (rpds)",
       "licenses": [
         {
@@ -1564,12 +1564,12 @@
       ],
       "externalReferences": [
         {
-          "url": "https://pypi.org/project/rpds-py/0.10.4",
+          "url": "https://pypi.org/project/rpds-py/0.10.6",
           "type": "distribution",
           "comment": "Download location for component"
         }
       ],
-      "purl": "pkg:pypi/rpds-py@0.10.4"
+      "purl": "pkg:pypi/rpds-py@0.10.6"
     },
     {
       "type": "library",
@@ -1699,7 +1699,34 @@
     },
     {
       "type": "library",
-      "bom-ref": "53-packaging",
+      "bom-ref": "53-packageurl-python",
+      "name": "packageurl-python",
+      "version": "0.11.2",
+      "supplier": {
+        "name": "the purl authors"
+      },
+      "cpe": "cpe:2.3:a:the_purl_authors:packageurl-python:0.11.2:*:*:*:*:*:*:*",
+      "description": "A purl aka. Package URL parser and builder",
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT",
+            "url": "https://opensource.org/licenses/MIT"
+          }
+        }
+      ],
+      "externalReferences": [
+        {
+          "url": "https://pypi.org/project/packageurl-python/0.11.2",
+          "type": "distribution",
+          "comment": "Download location for component"
+        }
+      ],
+      "purl": "pkg:pypi/packageurl-python@0.11.2"
+    },
+    {
+      "type": "library",
+      "bom-ref": "54-packaging",
       "name": "packaging",
       "version": "21.3",
       "supplier": {
@@ -1734,7 +1761,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "54-plotly",
+      "bom-ref": "55-plotly",
       "name": "plotly",
       "version": "5.17.0",
       "supplier": {
@@ -1766,7 +1793,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "55-tenacity",
+      "bom-ref": "56-tenacity",
       "name": "tenacity",
       "version": "8.2.3",
       "supplier": {
@@ -1804,7 +1831,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "56-python-gnupg",
+      "bom-ref": "57-python-gnupg",
       "name": "python-gnupg",
       "version": "0.5.1",
       "supplier": {
@@ -1842,7 +1869,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "57-requests",
+      "bom-ref": "58-requests",
       "name": "requests",
       "version": "2.31.0",
       "supplier": {
@@ -1880,7 +1907,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "58-certifi",
+      "bom-ref": "59-certifi",
       "name": "certifi",
       "version": "2023.7.22",
       "supplier": {
@@ -1912,7 +1939,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "59-urllib3",
+      "bom-ref": "60-urllib3",
       "name": "urllib3",
       "version": "2.0.6",
       "supplier": {
@@ -1936,7 +1963,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "60-rich",
+      "bom-ref": "61-rich",
       "name": "rich",
       "version": "13.6.0",
       "supplier": {
@@ -1968,7 +1995,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "61-markdown-it-py",
+      "bom-ref": "62-markdown-it-py",
       "name": "markdown-it-py",
       "version": "3.0.0",
       "supplier": {
@@ -1992,7 +2019,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "62-mdurl",
+      "bom-ref": "63-mdurl",
       "name": "mdurl",
       "version": "0.1.2",
       "supplier": {
@@ -2016,7 +2043,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "63-pygments",
+      "bom-ref": "64-pygments",
       "name": "pygments",
       "version": "2.16.1",
       "supplier": {
@@ -2048,7 +2075,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "64-typing-extensions",
+      "bom-ref": "65-typing-extensions",
       "name": "typing-extensions",
       "version": "4.8.0",
       "supplier": {
@@ -2072,7 +2099,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "65-rpmfile",
+      "bom-ref": "66-rpmfile",
       "name": "rpmfile",
       "version": "1.1.1",
       "supplier": {
@@ -2104,7 +2131,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "66-toml",
+      "bom-ref": "67-toml",
       "name": "toml",
       "version": "0.10.2",
       "supplier": {
@@ -2136,7 +2163,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "67-xmlschema",
+      "bom-ref": "68-xmlschema",
       "name": "xmlschema",
       "version": "2.5.0",
       "supplier": {
@@ -2168,7 +2195,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "68-elementpath",
+      "bom-ref": "69-elementpath",
       "name": "elementpath",
       "version": "4.1.5",
       "supplier": {
@@ -2200,7 +2227,7 @@
     },
     {
       "type": "library",
-      "bom-ref": "69-zstandard",
+      "bom-ref": "70-zstandard",
       "name": "zstandard",
       "version": "0.21.0",
       "supplier": {
@@ -2252,17 +2279,18 @@
         "43-jinja2",
         "45-jsonschema",
         "50-lib4sbom",
-        "53-packaging",
-        "54-plotly",
-        "56-python-gnupg",
+        "53-packageurl-python",
+        "54-packaging",
+        "55-plotly",
+        "57-python-gnupg",
         "51-pyyaml",
-        "57-requests",
-        "60-rich",
-        "65-rpmfile",
-        "66-toml",
-        "59-urllib3",
-        "67-xmlschema",
-        "69-zstandard"
+        "58-requests",
+        "61-rich",
+        "66-rpmfile",
+        "67-toml",
+        "60-urllib3",
+        "68-xmlschema",
+        "70-zstandard"
       ]
     },
     {
@@ -2453,45 +2481,45 @@
       ]
     },
     {
-      "ref": "53-packaging",
+      "ref": "54-packaging",
       "dependsOn": [
         "26-pyparsing"
       ]
     },
     {
-      "ref": "54-plotly",
+      "ref": "55-plotly",
       "dependsOn": [
-        "53-packaging",
-        "55-tenacity"
+        "54-packaging",
+        "56-tenacity"
       ]
     },
     {
-      "ref": "57-requests",
+      "ref": "58-requests",
       "dependsOn": [
-        "58-certifi",
+        "59-certifi",
         "7-charset-normalizer",
         "10-idna",
-        "59-urllib3"
+        "60-urllib3"
       ]
     },
     {
-      "ref": "60-rich",
+      "ref": "61-rich",
       "dependsOn": [
-        "61-markdown-it-py",
-        "63-pygments",
-        "64-typing-extensions"
+        "62-markdown-it-py",
+        "64-pygments",
+        "65-typing-extensions"
       ]
     },
     {
-      "ref": "61-markdown-it-py",
+      "ref": "62-markdown-it-py",
       "dependsOn": [
-        "62-mdurl"
+        "63-mdurl"
       ]
     },
     {
-      "ref": "67-xmlschema",
+      "ref": "68-xmlschema",
       "dependsOn": [
-        "68-elementpath"
+        "69-elementpath"
       ]
     }
   ]
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index 011666b87f..733879de83 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
 DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4c9034e7-2ae1-4a4d-b6dd-c09ed013f3a6
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4902c24e-90c5-48ae-83e2-c79044c03259
 LicenseListVersion: 3.21
 Creator: Tool: sbom4python-0.10.0
-Created: 2023-10-09T00:24:53Z
+Created: 2023-10-16T00:25:20Z
 CreatorComment: <text>This document has been automatically generated.</text>
 ##### 
 
@@ -566,18 +566,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
 
 PackageName: google-auth
 SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.23.2
+PackageVersion: 2.23.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.2
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.3
 FilesAnalyzed: false
 PackageLicenseDeclared: NOASSERTION
 PackageLicenseConcluded: Apache-2.0
 PackageLicenseComments: <text>google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.</text>
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Google Authentication Library</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*
 ##### 
 
 PackageName: cachetools
@@ -732,17 +732,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*
 
 PackageName: rpds-py
 SPDXID: SPDXRef-Package-48-rpds-py
-PackageVersion: 0.10.4
+PackageVersion: 0.10.6
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.4
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.6
 FilesAnalyzed: false
 PackageLicenseDeclared: MIT
 PackageLicenseConcluded: MIT
 PackageCopyrightText: NOASSERTION
 PackageSummary: <text>Python bindings to Rust's persistent data structures (rpds)</text>
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*
 ##### 
 
 PackageName: pkgutil-resolve-name
@@ -806,8 +806,23 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
 ##### 
 
+PackageName: packageurl-python
+SPDXID: SPDXRef-Package-53-packageurl-python
+PackageVersion: 0.11.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: the purl authors
+PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.11.2
+FilesAnalyzed: false
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: <text>A purl aka. Package URL parser and builder</text>
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.11.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.11.2:*:*:*:*:*:*:*
+##### 
+
 PackageName: packaging
-SPDXID: SPDXRef-Package-53-packaging
+SPDXID: SPDXRef-Package-54-packaging
 PackageVersion: 21.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io)
@@ -823,7 +838,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
 ##### 
 
 PackageName: plotly
-SPDXID: SPDXRef-Package-54-plotly
+SPDXID: SPDXRef-Package-55-plotly
 PackageVersion: 5.17.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris P (chris@plot.ly)
@@ -838,7 +853,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: tenacity
-SPDXID: SPDXRef-Package-55-tenacity
+SPDXID: SPDXRef-Package-56-tenacity
 PackageVersion: 8.2.3
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Julien Danjou (julien@danjou.info)
@@ -854,7 +869,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*
 ##### 
 
 PackageName: python-gnupg
-SPDXID: SPDXRef-Package-56-python-gnupg
+SPDXID: SPDXRef-Package-57-python-gnupg
 PackageVersion: 0.5.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
@@ -870,7 +885,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*
 ##### 
 
 PackageName: requests
-SPDXID: SPDXRef-Package-57-requests
+SPDXID: SPDXRef-Package-58-requests
 PackageVersion: 2.31.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
@@ -886,7 +901,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:
 ##### 
 
 PackageName: certifi
-SPDXID: SPDXRef-Package-58-certifi
+SPDXID: SPDXRef-Package-59-certifi
 PackageVersion: 2023.7.22
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
@@ -901,7 +916,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:
 ##### 
 
 PackageName: urllib3
-SPDXID: SPDXRef-Package-59-urllib3
+SPDXID: SPDXRef-Package-60-urllib3
 PackageVersion: 2.0.6
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
@@ -916,7 +931,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.0.6:*:*:*:*:*:
 ##### 
 
 PackageName: rich
-SPDXID: SPDXRef-Package-60-rich
+SPDXID: SPDXRef-Package-61-rich
 PackageVersion: 13.6.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
@@ -931,7 +946,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.6.0:*:*:*:*:*:*:*
 ##### 
 
 PackageName: markdown-it-py
-SPDXID: SPDXRef-Package-61-markdown-it-py
+SPDXID: SPDXRef-Package-62-markdown-it-py
 PackageVersion: 3.0.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
@@ -946,7 +961,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:
 ##### 
 
 PackageName: mdurl
-SPDXID: SPDXRef-Package-62-mdurl
+SPDXID: SPDXRef-Package-63-mdurl
 PackageVersion: 0.1.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
@@ -961,7 +976,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
 ##### 
 
 PackageName: pygments
-SPDXID: SPDXRef-Package-63-pygments
+SPDXID: SPDXRef-Package-64-pygments
 PackageVersion: 2.16.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Georg Brandl (georg@python.org)
@@ -976,7 +991,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*
 ##### 
 
 PackageName: typing-extensions
-SPDXID: SPDXRef-Package-64-typing-extensions
+SPDXID: SPDXRef-Package-65-typing-extensions
 PackageVersion: 4.8.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
@@ -991,7 +1006,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e
 ##### 
 
 PackageName: rpmfile
-SPDXID: SPDXRef-Package-65-rpmfile
+SPDXID: SPDXRef-Package-66-rpmfile
 PackageVersion: 1.1.1
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Sean Ross (srossross@gmail.com)
@@ -1006,7 +1021,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*
 ##### 
 
 PackageName: toml
-SPDXID: SPDXRef-Package-66-toml
+SPDXID: SPDXRef-Package-67-toml
 PackageVersion: 0.10.2
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: William Pearson (uiri@xqz.ca)
@@ -1021,7 +1036,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
 ##### 
 
 PackageName: xmlschema
-SPDXID: SPDXRef-Package-67-xmlschema
+SPDXID: SPDXRef-Package-68-xmlschema
 PackageVersion: 2.5.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
@@ -1036,7 +1051,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*
 ##### 
 
 PackageName: elementpath
-SPDXID: SPDXRef-Package-68-elementpath
+SPDXID: SPDXRef-Package-69-elementpath
 PackageVersion: 4.1.5
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
@@ -1051,7 +1066,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*
 ##### 
 
 PackageName: zstandard
-SPDXID: SPDXRef-Package-69-zstandard
+SPDXID: SPDXRef-Package-70-zstandard
 PackageVersion: 0.21.0
 PrimaryPackagePurpose: LIBRARY
 PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
@@ -1078,16 +1093,17 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja
 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema
 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4sbom
 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-pyyaml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packaging
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-plotly
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-python-gnupg
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-requests
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-urllib3
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rich
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-toml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packageurl-python
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packaging
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-plotly
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-python-gnupg
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-requests
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-urllib3
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-rich
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-rpmfile
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-toml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-xmlschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-zstandard
 Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve
 Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete
 Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod
@@ -1153,18 +1169,18 @@ Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-6-attrs
 Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-14-defusedxml
 Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-51-pyyaml
 Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-52-semantic-version
-Relationship: SPDXRef-Package-53-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing
-Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-53-packaging
-Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-55-tenacity
-Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-10-idna
-Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-58-certifi
-Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-59-urllib3
-Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-61-markdown-it-py
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-63-pygments
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-64-typing-extensions
-Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-62-mdurl
-Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath
+Relationship: SPDXRef-Package-54-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing
+Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-54-packaging
+Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-56-tenacity
+Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-10-idna
+Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-59-certifi
+Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-60-urllib3
+Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer
+Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-62-markdown-it-py
+Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-64-pygments
+Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-65-typing-extensions
+Relationship: SPDXRef-Package-62-markdown-it-py DEPENDS_ON SPDXRef-Package-63-mdurl
+Relationship: SPDXRef-Package-68-xmlschema DEPENDS_ON SPDXRef-Package-69-elementpath
 Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna
 Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict
 Relationship: SPDXRef-Package-None DESCRIBES SPDXRef-Package-1-cve-bin-tool