diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json
index eca4e9591a..e6a506694b 100644
--- a/sbom/cve-bin-tool-py3.8.json
+++ b/sbom/cve-bin-tool-py3.8.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:195f1fda-4d35-404c-96c8-fec25e970985",
+ "serialNumber": "urn:uuid:f9224672-5e3f-460a-8fd4-51f97229adfe",
"version": 1,
"metadata": {
- "timestamp": "2024-12-09T00:43:24Z",
+ "timestamp": "2024-12-16T00:39:25Z",
"lifecycles": [
{
"phase": "build"
@@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
- "version": "0.11.3",
+ "version": "0.12.1",
"type": "application"
}
]
@@ -42,6 +42,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -65,6 +71,10 @@
],
"purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-17T18:57:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -81,6 +91,12 @@
"name": "aiohttp",
"version": "3.10.11",
"description": "Async http client/server framework (asyncio)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e"
+ }
+ ],
"licenses": [
{
"license": {
@@ -100,10 +116,46 @@
"url": "https://pypi.org/project/aiohttp/3.10.11/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiohttp",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiohttp.org/en/stable/changes.html",
+ "type": "log"
+ },
+ {
+ "url": "https://docs.aiohttp.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/aiohttp@3.10.11",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-13T16:36:38Z"
+ },
{
"name": "language",
"value": "Python"
@@ -129,6 +181,12 @@
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8"
+ }
+ ],
"licenses": [
{
"license": {
@@ -148,10 +206,30 @@
"url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://aiohappyeyeballs.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
@@ -159,10 +237,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-30T18:43:39.000Z"
}
]
},
@@ -174,8 +248,8 @@
"description": "aiosignal: a list of registered asynchronous callbacks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
+ "alg": "SHA-256",
+ "content": "f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17"
}
],
"licenses": [
@@ -197,10 +271,38 @@
"url": "https://pypi.org/project/aiosignal/1.3.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiosignal",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiosignal.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/aiosignal@1.3.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-08T16:03:57Z"
+ },
{
"name": "language",
"value": "Python"
@@ -208,10 +310,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-08T16:03:57.000Z"
}
]
},
@@ -221,6 +319,12 @@
"name": "frozenlist",
"version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -240,10 +344,50 @@
"url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/frozenlist",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog",
+ "type": "log"
+ },
+ {
+ "url": "https://frozenlist.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-23T09:46:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -251,51 +395,63 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-23T09:46:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "6-async-timeout",
- "name": "async-timeout",
- "version": "5.0.1",
+ "bom-ref": "6-attrs",
+ "name": "attrs",
+ "version": "24.2.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Hynek Schlawack",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "hs@ox.cx"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*",
- "description": "Timeout context manager for asyncio programs",
- "licenses": [
+ "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
+ "description": "Classes Without Boilerplate",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/async-timeout",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/async-timeout/5.0.1/#files",
+ "url": "https://pypi.org/project/attrs/24.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.attrs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://www.attrs.org/en/stable/changelog.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-attrs/attrs",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/sponsors/hynek",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi",
+ "type": "other"
}
],
- "purl": "pkg:pypi/async-timeout@5.0.1",
+ "purl": "pkg:pypi/attrs@24.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T14:37:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -303,43 +459,47 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-06T16:41:37.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "7-attrs",
- "name": "attrs",
- "version": "24.2.0",
+ "bom-ref": "7-importlib-metadata",
+ "name": "importlib-metadata",
+ "version": "8.5.0",
"supplier": {
- "name": "Hynek Schlawack",
+ "name": "Jason R .",
"contact": [
{
- "email": "hs@ox.cx"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
- "description": "Classes Without Boilerplate",
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
+ "description": "Read metadata from Python packages",
"hashes": [
{
- "alg": "SHA-1",
- "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ "alg": "SHA-256",
+ "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/attrs/24.2.0/#files",
+ "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_metadata",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/attrs@24.2.0",
+ "purl": "pkg:pypi/importlib-metadata@8.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-11T14:56:07Z"
+ },
{
"name": "language",
"value": "Python"
@@ -347,57 +507,47 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-06T14:37:36.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "8-multidict",
- "name": "multidict",
- "version": "6.1.0",
+ "bom-ref": "8-zipp",
+ "name": "zipp",
+ "version": "3.20.2",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
+ "description": "Backport of pathlib-compatible object wrapper for zip files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
+ "url": "https://pypi.org/project/zipp/3.20.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/jaraco/zipp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/multidict@6.1.0",
+ "purl": "pkg:pypi/zipp@3.20.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-13T13:44:14Z"
+ },
{
"name": "language",
"value": "Python"
@@ -405,10 +555,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-09T23:47:18.000Z"
}
]
},
@@ -429,19 +575,48 @@
"description": "Backported and Experimental Type Hints for Python 3.8+",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3"
+ "alg": "SHA-256",
+ "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
}
],
"externalReferences": [
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "website",
+ "comment": "Home page for project"
+ },
{
"url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://typing-extensions.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python/typing/discussions",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/typing-extensions@4.12.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-07T18:52:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -449,18 +624,14 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-06-07T18:52:13.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "10-yarl",
- "name": "yarl",
- "version": "1.15.2",
+ "bom-ref": "10-multidict",
+ "name": "multidict",
+ "version": "6.1.0",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -469,12 +640,12 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
"hashes": [
{
- "alg": "SHA-1",
- "content": "33294bf084d2dde1ac1e8133b0125e1f142a8274"
+ "alg": "SHA-256",
+ "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
}
],
"licenses": [
@@ -488,18 +659,58 @@
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/yarl",
+ "url": "https://github.com/aio-libs/multidict",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.15.2/#files",
+ "url": "https://pypi.org/project/multidict/6.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/multidict",
+ "type": "other"
+ },
+ {
+ "url": "https://multidict.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://multidict.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/yarl@1.15.2",
+ "purl": "pkg:pypi/multidict@6.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T23:47:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -512,28 +723,88 @@
},
{
"type": "library",
- "bom-ref": "11-idna",
- "name": "idna",
- "version": "3.10",
+ "bom-ref": "11-yarl",
+ "name": "yarl",
+ "version": "1.15.2",
"supplier": {
- "name": "Kim Davies",
+ "name": "Andrew Svetlov",
"contact": [
{
- "email": "kim+pypi@gumleaf.org"
+ "email": "andrew.svetlov@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/idna/3.10/#files",
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*",
+ "description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/yarl/1.15.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/yarl",
+ "type": "other"
+ },
+ {
+ "url": "https://yarl.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://yarl.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/yarl@1.15.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-13T18:44:32Z"
+ },
{
"name": "language",
"value": "Python"
@@ -541,16 +812,68 @@
{
"name": "python_version",
"value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "12-idna",
+ "name": "idna",
+ "version": "3.10",
+ "supplier": {
+ "name": "Kim Davies",
+ "contact": [
+ {
+ "email": "kim+pypi@gumleaf.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
+ "description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/idna/3.10/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/kjd/idna/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kjd/idna",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/idna@3.10",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-15T18:07:37Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
},
{
- "name": "package_release_date",
- "value": "2024-09-15T18:07:37.000Z"
+ "name": "python_version",
+ "value": "3.8.18"
}
]
},
{
"type": "library",
- "bom-ref": "12-propcache",
+ "bom-ref": "13-propcache",
"name": "propcache",
"version": "0.2.0",
"supplier": {
@@ -565,8 +888,8 @@
"description": "Accelerated property cache",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda"
+ "alg": "SHA-256",
+ "content": "c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58"
}
],
"licenses": [
@@ -588,10 +911,50 @@
"url": "https://pypi.org/project/propcache/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/propcache",
+ "type": "other"
+ },
+ {
+ "url": "https://propcache.readthedocs.io/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://propcache.readthedocs.io",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/propcache@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-07T12:54:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -599,16 +962,90 @@
{
"name": "python_version",
"value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "14-async-timeout",
+ "name": "async-timeout",
+ "version": "5.0.1",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*",
+ "description": "Timeout context manager for asyncio programs",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/async-timeout",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/async-timeout/5.0.1/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/async-timeout",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/async-timeout",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/async-timeout@5.0.1",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-06T16:41:37Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
},
{
- "name": "package_release_date",
- "value": "2024-10-07T12:54:02.000Z"
+ "name": "python_version",
+ "value": "3.8.18"
}
]
},
{
"type": "library",
- "bom-ref": "13-beautifulsoup4",
+ "bom-ref": "15-beautifulsoup4",
"name": "beautifulsoup4",
"version": "4.12.3",
"supplier": {
@@ -621,11 +1058,17 @@
},
"cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
"description": "Screen-scraping library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -640,10 +1083,18 @@
"url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/",
+ "type": "other"
}
],
"purl": "pkg:pypi/beautifulsoup4@4.12.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-01-17T16:53:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -651,16 +1102,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-01-17T16:53:12.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "14-soupsieve",
+ "bom-ref": "16-soupsieve",
"name": "soupsieve",
"version": "2.6",
"supplier": {
@@ -675,8 +1122,8 @@
"description": "A modern CSS selector implementation for Beautiful Soup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ "alg": "SHA-256",
+ "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"
}
],
"externalReferences": [
@@ -693,6 +1140,10 @@
],
"purl": "pkg:pypi/soupsieve@2.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-13T13:39:10Z"
+ },
{
"name": "language",
"value": "Python"
@@ -705,7 +1156,7 @@
},
{
"type": "library",
- "bom-ref": "15-cvss",
+ "bom-ref": "17-cvss",
"name": "cvss",
"version": "3.3",
"supplier": {
@@ -720,8 +1171,8 @@
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261"
+ "alg": "SHA-256",
+ "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
}
],
"licenses": [
@@ -743,10 +1194,30 @@
"url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/actions",
+ "type": "build-system"
}
],
"purl": "pkg:pypi/cvss@3.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T10:05:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -754,16 +1225,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-01T10:05:52.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "16-defusedxml",
+ "bom-ref": "18-defusedxml",
"name": "defusedxml",
"version": "0.7.1",
"supplier": {
@@ -778,8 +1245,8 @@
"description": "XML bomb protection for Python stdlib modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ "alg": "SHA-256",
+ "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
}
],
"licenses": [
@@ -798,13 +1265,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/defusedxml/0.7.1/#files",
+ "url": "https://pypi.python.org/pypi/defusedxml",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/defusedxml@0.7.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-03-08T10:59:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -812,16 +1283,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-03-08T10:59:24.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "17-distro",
+ "bom-ref": "19-distro",
"name": "distro",
"version": "1.9.0",
"supplier": {
@@ -834,6 +1301,12 @@
},
"cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
"description": "Distro - an OS platform information API",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
+ }
+ ],
"licenses": [
{
"license": {
@@ -857,6 +1330,10 @@
],
"purl": "pkg:pypi/distro@1.9.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-24T09:54:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -864,16 +1341,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-24T09:54:30.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "18-filetype",
+ "bom-ref": "20-filetype",
"name": "filetype",
"version": "1.2.0",
"supplier": {
@@ -888,15 +1361,15 @@
"description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ "alg": "SHA-256",
+ "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -908,13 +1381,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/filetype/1.2.0/#files",
+ "url": "https://github.com/h2non/filetype.py/tarball/master",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/filetype@1.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-02T17:34:01Z"
+ },
{
"name": "language",
"value": "Python"
@@ -922,18 +1399,14 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-02T17:34:01.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "19-gsutil",
+ "bom-ref": "21-gsutil",
"name": "gsutil",
- "version": "5.32",
+ "version": "5.33",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -942,8 +1415,14 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856"
+ }
+ ],
"licenses": [
{
"license": {
@@ -960,13 +1439,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.32/#files",
+ "url": "https://cloud.google.com/storage/docs/gsutil_install",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.32",
+ "purl": "pkg:pypi/gsutil@5.33",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-11T09:40:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -974,16 +1457,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-12-04T14:56:46.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "20-argcomplete",
+ "bom-ref": "22-argcomplete",
"name": "argcomplete",
"version": "3.5.2",
"supplier": {
@@ -998,8 +1477,8 @@
"description": "Bash tab completion for argparse",
"hashes": [
{
- "alg": "SHA-1",
- "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc"
+ "alg": "SHA-256",
+ "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
}
],
"licenses": [
@@ -1021,10 +1500,30 @@
"url": "https://pypi.org/project/argcomplete/3.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://kislyuk.github.io/argcomplete",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst",
+ "type": "log"
}
],
"purl": "pkg:pypi/argcomplete@3.5.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-06T18:24:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1032,16 +1531,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-12-06T18:24:27.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "21-crcmod",
+ "bom-ref": "23-crcmod",
"name": "crcmod",
"version": "1.7",
"supplier": {
@@ -1054,11 +1549,17 @@
},
"cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
"description": "CRC Generator",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1070,13 +1571,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/crcmod/1.7/#files",
+ "url": "http://sourceforge.net/projects/crcmod",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/crcmod@1.7",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2010-06-27T14:35:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1089,7 +1594,7 @@
},
{
"type": "library",
- "bom-ref": "22-fasteners",
+ "bom-ref": "24-fasteners",
"name": "fasteners",
"version": "0.19",
"supplier": {
@@ -1099,8 +1604,8 @@
"description": "A python package that provides useful locks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ "alg": "SHA-256",
+ "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237"
}
],
"licenses": [
@@ -1126,6 +1631,10 @@
],
"purl": "pkg:pypi/fasteners@0.19",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-09-19T17:11:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1138,7 +1647,7 @@
},
{
"type": "library",
- "bom-ref": "23-gcs-oauth2-boto-plugin",
+ "bom-ref": "25-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
"version": "3.2",
"supplier": {
@@ -1153,8 +1662,8 @@
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+ "alg": "SHA-256",
+ "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843"
}
],
"licenses": [
@@ -1173,13 +1682,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files",
+ "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-02T14:37:31Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1187,57 +1700,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-02T14:37:31.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "24-boto",
- "name": "boto",
- "version": "2.49.0",
+ "bom-ref": "26-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
"supplier": {
- "name": "Mitch Garnaat",
+ "name": "Sybren A . Stuvel",
"contact": [
{
- "email": "mitch@garnaat.com"
+ "email": "sybren@stuvel.eu"
}
]
},
- "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
- "description": "Amazon Web Services Library",
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
"hashes": [
{
- "alg": "SHA-1",
- "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ "alg": "SHA-256",
+ "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/boto/boto/",
+ "url": "https://stuvel.eu/rsa",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/boto/2.49.0/#files",
+ "url": "https://pypi.org/project/rsa/4.7.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/boto@2.49.0",
+ "purl": "pkg:pypi/rsa@4.7.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-02-24T10:55:03Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1245,105 +1758,73 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2018-07-11T20:58:55.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "25-google-auth",
- "name": "google-auth",
- "version": "2.17.0",
+ "bom-ref": "27-pyasn1",
+ "name": "pyasn1",
+ "version": "0.6.1",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243"
+ "alg": "SHA-256",
+ "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/googleapis/google-auth-library-python",
+ "url": "https://github.com/pyasn1/pyasn1",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth/2.17.0/#files",
+ "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-auth@2.17.0",
- "properties": [
- {
- "name": "language",
- "value": "Python"
},
{
- "name": "python_version",
- "value": "3.8.18"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "26-cachetools",
- "name": "cachetools",
- "version": "5.5.0",
- "supplier": {
- "name": "Thomas Kemmer",
- "contact": [
- {
- "email": "tkemmer@computer.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
- "licenses": [
+ "url": "https://pyasn1.readthedocs.io",
+ "type": "documentation"
+ },
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "vcs"
+ },
{
- "url": "https://github.com/tkem/cachetools/",
- "type": "website",
- "comment": "Home page for project"
+ "url": "https://github.com/pyasn1/pyasn1/issues",
+ "type": "issue-tracker"
},
{
- "url": "https://pypi.org/project/cachetools/5.5.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/cachetools@5.5.0",
+ "purl": "pkg:pypi/pyasn1@0.6.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:41:42Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1351,51 +1832,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-18T20:28:43.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "27-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.1",
+ "bom-ref": "28-boto",
+ "name": "boto",
+ "version": "2.49.0",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Mitch Garnaat",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "mitch@garnaat.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
+ "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*",
+ "description": "Amazon Web Services Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1-modules",
+ "url": "https://github.com/boto/boto/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
+ "url": "https://pypi.org/project/boto/2.49.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.4.1",
+ "purl": "pkg:pypi/boto@2.49.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-07-11T20:58:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1403,51 +1890,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-10T22:42:08.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "28-pyasn1",
- "name": "pyasn1",
- "version": "0.6.1",
+ "bom-ref": "29-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "googleapis-publisher@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1",
+ "url": "https://github.com/Google/google-reauth-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
+ "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.6.1",
+ "purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-12-01T17:35:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1455,32 +1948,28 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-10T22:41:42.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "29-rsa",
- "name": "rsa",
- "version": "4.7.2",
+ "bom-ref": "30-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
"supplier": {
- "name": "Sybren A . Stuvel",
+ "name": "Google Inc .",
"contact": [
{
- "email": "sybren@stuvel.eu"
+ "email": "pyu2f-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ "alg": "SHA-256",
+ "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b"
}
],
"licenses": [
@@ -1494,18 +1983,22 @@
],
"externalReferences": [
{
- "url": "https://stuvel.eu/rsa",
+ "url": "https://github.com/google/pyu2f/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rsa/4.7.2/#files",
+ "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2",
+ "purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-10-30T20:03:07Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1513,16 +2006,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-02-24T10:55:03.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "30-six",
+ "bom-ref": "31-six",
"name": "six",
"version": "1.17.0",
"supplier": {
@@ -1535,11 +2024,17 @@
},
"cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
"description": "Python 2 and 3 compatibility utilities",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1559,63 +2054,9 @@
"purl": "pkg:pypi/six@1.17.0",
"properties": [
{
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-12-04T17:35:26.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "31-google-auth-httplib2",
- "name": "google-auth-httplib2",
- "version": "0.2.0",
- "supplier": {
- "name": "Google Cloud Platform",
- "contact": [
- {
- "email": "googleapis-packages@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library: httplib2 transport",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "932ac88800dd6de004c1bd59867831ccf033f031"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
- "type": "website",
- "comment": "Home page for project"
+ "name": "release_date",
+ "value": "2024-12-04T17:35:26Z"
},
- {
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
- "properties": [
{
"name": "language",
"value": "Python"
@@ -1623,10 +2064,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-12T17:40:13.000Z"
}
]
},
@@ -1647,15 +2084,15 @@
"description": "A comprehensive HTTP client library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ "alg": "SHA-256",
+ "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1674,6 +2111,10 @@
],
"purl": "pkg:pypi/httplib2@0.20.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-02-03T00:00:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1699,6 +2140,12 @@
},
"cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/pyparsing/pyparsing/",
@@ -1713,6 +2160,10 @@
],
"purl": "pkg:pypi/pyparsing@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-25T15:00:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1725,23 +2176,23 @@
},
{
"type": "library",
- "bom-ref": "34-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
+ "bom-ref": "34-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
"supplier": {
- "name": "Google",
+ "name": "Google Inc .",
"contact": [
{
- "email": "googleapis-publisher@google.com"
+ "email": "jonwayne+oauth2client@google.com"
}
]
},
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ "alg": "SHA-256",
+ "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac"
}
],
"licenses": [
@@ -1755,18 +2206,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/Google/google-reauth-python",
+ "url": "http://github.com/google/oauth2client/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
+ "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1",
+ "purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-09-07T21:38:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1774,115 +2229,69 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2020-12-01T17:35:45.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "35-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
+ "bom-ref": "35-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.4.1",
"supplier": {
- "name": "Google Inc .",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "pyu2f-team@google.com"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ "alg": "SHA-256",
+ "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/google/pyu2f/",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
+ "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/pyu2f@0.1.5",
- "properties": [
- {
- "name": "language",
- "value": "Python"
},
{
- "name": "python_version",
- "value": "3.8.18"
+ "url": "https://github.com/pyasn1/pyasn1-modules",
+ "type": "vcs"
},
{
- "name": "package_release_date",
- "value": "2020-10-30T20:03:07.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "36-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
- "supplier": {
- "name": "Google Inc .",
- "contact": [
- {
- "email": "jonwayne+oauth2client@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "http://github.com/google/oauth2client/",
- "type": "website",
- "comment": "Home page for project"
+ "url": "https://github.com/pyasn1/pyasn1-modules/issues",
+ "type": "issue-tracker"
},
{
- "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt",
+ "type": "log"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:42:08Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1890,16 +2299,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2018-09-07T21:38:16.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "37-pyopenssl",
+ "bom-ref": "36-pyopenssl",
"name": "pyopenssl",
"version": "24.2.1",
"supplier": {
@@ -1912,6 +2317,12 @@
},
"cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
"description": "Python wrapper module around the OpenSSL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -1931,10 +2342,18 @@
"url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyca/pyopenssl",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-20T17:26:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1947,7 +2366,7 @@
},
{
"type": "library",
- "bom-ref": "38-cryptography",
+ "bom-ref": "37-cryptography",
"name": "cryptography",
"version": "43.0.3",
"supplier": {
@@ -1960,6 +2379,12 @@
},
"cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"
+ }
+ ],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
@@ -1975,10 +2400,30 @@
"url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://cryptography.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cryptography.io/en/latest/changelog/",
+ "type": "log"
}
],
"purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:57:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1991,7 +2436,7 @@
},
{
"type": "library",
- "bom-ref": "39-cffi",
+ "bom-ref": "38-cffi",
"name": "cffi",
"version": "1.17.1",
"supplier": {
@@ -2006,15 +2451,15 @@
"description": "Foreign Function Interface for Python calling C code.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+ "alg": "SHA-256",
+ "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2029,10 +2474,38 @@
"url": "https://pypi.org/project/cffi/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "http://cffi.readthedocs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/python-cffi",
+ "type": "other"
}
],
"purl": "pkg:pypi/cffi@1.17.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-04T20:43:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2040,16 +2513,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-04T20:43:30.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "40-pycparser",
+ "bom-ref": "39-pycparser",
"name": "pycparser",
"version": "2.22",
"supplier": {
@@ -2064,8 +2533,8 @@
"description": "C parser in Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+ "alg": "SHA-256",
+ "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
}
],
"licenses": [
@@ -2091,6 +2560,10 @@
],
"purl": "pkg:pypi/pycparser@2.22",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-03-30T13:22:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2098,16 +2571,12 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-03-30T13:22:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "41-retry-decorator",
+ "bom-ref": "40-retry-decorator",
"name": "retry-decorator",
"version": "1.1.1",
"supplier": {
@@ -2122,15 +2591,15 @@
"description": "Retry Decorator",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ "alg": "SHA-256",
+ "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2149,6 +2618,10 @@
],
"purl": "pkg:pypi/retry-decorator@1.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-03-10T23:56:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2156,32 +2629,28 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2020-03-10T23:56:29.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "42-google-apitools",
- "name": "google-apitools",
- "version": "0.5.32",
+ "bom-ref": "41-google-auth",
+ "name": "google-auth",
+ "version": "2.17.0",
"supplier": {
- "name": "Craig Citro",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "craigcitro@google.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
- "description": "client libraries for humans",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ "alg": "SHA-256",
+ "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94"
}
],
"licenses": [
@@ -2195,18 +2664,22 @@
],
"externalReferences": [
{
- "url": "http://github.com/google/apitools",
+ "url": "https://github.com/googleapis/google-auth-library-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
+ "url": "https://pypi.org/project/google-auth/2.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-apitools@0.5.32",
+ "purl": "pkg:pypi/google-auth@2.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-03-28T19:51:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2214,57 +2687,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T22:12:58.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "43-monotonic",
- "name": "monotonic",
- "version": "1.6",
+ "bom-ref": "42-cachetools",
+ "name": "cachetools",
+ "version": "5.5.0",
"supplier": {
- "name": "Ori Livneh",
+ "name": "Thomas Kemmer",
"contact": [
{
- "email": "ori@wikimedia.org"
+ "email": "tkemmer@computer.org"
}
]
},
- "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
- "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
"hashes": [
{
- "alg": "SHA-1",
- "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ "alg": "SHA-256",
+ "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/atdt/monotonic",
+ "url": "https://github.com/tkem/cachetools/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/monotonic/1.6/#files",
+ "url": "https://pypi.org/project/cachetools/5.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/monotonic@1.6",
+ "purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-18T20:28:43Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2272,43 +2745,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-04-09T21:58:05.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "44-importlib-metadata",
- "name": "importlib-metadata",
- "version": "8.5.0",
+ "bom-ref": "43-google-auth-httplib2",
+ "name": "google-auth-httplib2",
+ "version": "0.2.0",
"supplier": {
- "name": "Jason R .",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "jaraco@jaraco.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*",
- "description": "Read metadata from Python packages",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1"
+ "alg": "SHA-256",
+ "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files",
+ "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-metadata@8.5.0",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-12T17:40:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2316,37 +2803,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-11T14:56:07.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "45-zipp",
- "name": "zipp",
- "version": "3.20.2",
+ "bom-ref": "44-google-apitools",
+ "name": "google-apitools",
+ "version": "0.5.32",
"supplier": {
- "name": "Jason R .",
+ "name": "Craig Citro",
"contact": [
{
- "email": "jaraco@jaraco.com"
+ "email": "craigcitro@google.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
+ "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*",
+ "description": "client libraries for humans",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
"externalReferences": [
{
- "url": "https://pypi.org/project/zipp/3.20.2/#files",
+ "url": "http://github.com/google/apitools",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/google-apitools/0.5.32/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/zipp@3.20.2",
+ "purl": "pkg:pypi/google-apitools@0.5.32",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-05-05T22:12:58Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2359,34 +2866,52 @@
},
{
"type": "library",
- "bom-ref": "46-importlib-resources",
- "name": "importlib-resources",
- "version": "6.4.5",
+ "bom-ref": "45-monotonic",
+ "name": "monotonic",
+ "version": "1.6",
"supplier": {
- "name": "Barry Warsaw",
+ "name": "Ori Livneh",
"contact": [
{
- "email": "barry@python.org"
+ "email": "ori@wikimedia.org"
}
]
},
- "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*",
- "description": "Read resources from Python packages",
+ "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*",
+ "description": "An implementation of time.monotonic() for Python 2 & < 3.3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "284148b005b57031a354402c446473f53cab2c49"
+ "alg": "SHA-256",
+ "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-resources/6.4.5/#files",
+ "url": "https://github.com/atdt/monotonic",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/monotonic/1.6/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/importlib-resources@6.4.5",
+ "purl": "pkg:pypi/monotonic@1.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-04-09T21:58:05Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2394,23 +2919,19 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-09T17:03:13.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "47-jinja2",
+ "bom-ref": "46-jinja2",
"name": "jinja2",
"version": "3.1.4",
"description": "A very fast and expressive template engine.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+ "alg": "SHA-256",
+ "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
}
],
"externalReferences": [
@@ -2418,10 +2939,34 @@
"url": "https://pypi.org/project/jinja2/3.1.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/pallets/jinja/",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jinja2@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-05T23:41:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2429,23 +2974,19 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-05T23:41:59.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "48-markupsafe",
+ "bom-ref": "47-markupsafe",
"name": "markupsafe",
"version": "2.1.5",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "fbba4acd0312826cec9cfe18371c7df07962cb65"
+ "alg": "SHA-256",
+ "content": "a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc"
}
],
"licenses": [
@@ -2467,10 +3008,38 @@
"url": "https://pypi.org/project/markupsafe/2.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
}
],
"purl": "pkg:pypi/markupsafe@2.1.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-02-02T16:30:04Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2483,42 +3052,124 @@
},
{
"type": "library",
- "bom-ref": "49-jsonschema",
+ "bom-ref": "48-jsonschema",
"name": "jsonschema",
"version": "4.23.0",
"supplier": {
"name": "Julian Berman",
"contact": [
{
- "email": "Julian+jsonschema@GrayVines.com"
+ "email": "Julian+jsonschema@GrayVines.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
+ "description": "An implementation of JSON Schema validation for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/jsonschema/4.23.0/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://python-jsonschema.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/jsonschema@4.23.0",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-08T18:40:00Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.8.18"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "49-importlib-resources",
+ "name": "importlib-resources",
+ "version": "6.4.5",
+ "supplier": {
+ "name": "Barry Warsaw",
+ "contact": [
+ {
+ "email": "barry@python.org"
}
]
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
- "description": "An implementation of JSON Schema validation for Python",
- "licenses": [
+ "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*",
+ "description": "Read resources from Python packages",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717"
}
],
"externalReferences": [
{
- "url": "https://github.com/python-jsonschema/jsonschema",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/jsonschema/4.23.0/#files",
+ "url": "https://pypi.org/project/importlib-resources/6.4.5/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_resources",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/jsonschema@4.23.0",
+ "purl": "pkg:pypi/importlib-resources@6.4.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T17:03:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2526,10 +3177,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-07-08T18:40:00.000Z"
}
]
},
@@ -2550,15 +3197,15 @@
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
- "alg": "SHA-1",
- "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76"
+ "alg": "SHA-256",
+ "content": "87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2573,10 +3220,34 @@
"url": "https://pypi.org/project/jsonschema-specifications/2023.12.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jsonschema-specifications.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema-specifications@2023.12.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-25T15:16:51Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2604,8 +3275,8 @@
"description": "JSON Referencing + Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ "alg": "SHA-256",
+ "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
}
],
"externalReferences": [
@@ -2618,10 +3289,38 @@
"url": "https://pypi.org/project/referencing/0.35.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/en/stable/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/referencing@0.35.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-01T20:26:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2629,10 +3328,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-01T20:26:02.000Z"
}
]
},
@@ -2653,15 +3348,15 @@
"description": "Python bindings to Rust's persistent data structures (rpds)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9"
+ "alg": "SHA-256",
+ "content": "a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2676,10 +3371,34 @@
"url": "https://pypi.org/project/rpds-py/0.20.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rpds.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/rpds-py@0.20.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T14:26:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2719,6 +3438,10 @@
],
"purl": "pkg:pypi/pkgutil-resolve-name@1.3.10",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T14:26:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2726,10 +3449,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2021-07-21T08:19:03.000Z"
}
]
},
@@ -2737,7 +3456,7 @@
"type": "library",
"bom-ref": "54-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.5",
+ "version": "0.8.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2746,8 +3465,14 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2764,13 +3489,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.7.5/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.5",
+ "purl": "pkg:pypi/lib4sbom@0.8.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-09T20:13:26Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2778,10 +3507,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-18T21:36:24.000Z"
}
]
},
@@ -2800,11 +3525,17 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2816,13 +3547,37 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyyaml/6.0.2/#files",
+ "url": "https://pypi.org/project/PyYAML/",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://pyyaml.org/wiki/PyYAMLDocumentation",
+ "type": "documentation"
+ },
+ {
+ "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core",
+ "type": "mailing-list"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyyaml@6.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T20:31:40Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2830,10 +3585,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-06T20:31:40.000Z"
}
]
},
@@ -2854,8 +3605,8 @@
"description": "A library implementing the 'SemVer' scheme.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ "alg": "SHA-256",
+ "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177"
}
],
"licenses": [
@@ -2881,6 +3632,10 @@
],
"purl": "pkg:pypi/semantic-version@2.10.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-05-26T13:35:21Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2888,10 +3643,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2022-05-26T13:35:21.000Z"
}
]
},
@@ -2912,8 +3663,8 @@
"description": "VEX generator and consumer library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ "alg": "SHA-256",
+ "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
}
],
"licenses": [
@@ -2939,6 +3690,10 @@
],
"purl": "pkg:pypi/lib4vex@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-29T20:36:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2946,10 +3701,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-29T20:36:52.000Z"
}
]
},
@@ -2970,15 +3721,15 @@
"description": "CSAF generator and analyser",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4"
+ "alg": "SHA-256",
+ "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2997,6 +3748,10 @@
],
"purl": "pkg:pypi/csaf-tool@0.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-12T20:10:06Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3004,10 +3759,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-06-12T20:10:06.000Z"
}
]
},
@@ -3023,15 +3774,15 @@
"description": "A purl aka. Package URL parser and builder",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9155d4173e4c1f29a345de86c280ab783c837882"
+ "alg": "SHA-256",
+ "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3050,6 +3801,10 @@
],
"purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-22T05:51:23Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3057,10 +3812,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-22T05:51:23.000Z"
}
]
},
@@ -3081,15 +3832,15 @@
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
- "alg": "SHA-1",
- "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ "alg": "SHA-256",
+ "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3104,10 +3855,18 @@
"url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rich.readthedocs.io/en/latest/",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/rich@13.9.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T16:43:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3115,10 +3874,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-01T16:43:55.000Z"
}
]
},
@@ -3139,8 +3894,8 @@
"description": "Python port of markdown-it. Markdown parsing, done right!",
"hashes": [
{
- "alg": "SHA-1",
- "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ "alg": "SHA-256",
+ "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"
}
],
"externalReferences": [
@@ -3153,10 +3908,18 @@
"url": "https://pypi.org/project/markdown-it-py/3.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://markdown-it-py.readthedocs.io",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/markdown-it-py@3.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-06-03T06:41:11Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3164,10 +3927,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2023-06-03T06:41:11.000Z"
}
]
},
@@ -3188,8 +3947,8 @@
"description": "Markdown URL utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ "alg": "SHA-256",
+ "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"
}
],
"externalReferences": [
@@ -3206,6 +3965,10 @@
],
"purl": "pkg:pypi/mdurl@0.1.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-08-14T12:40:09Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3213,10 +3976,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2022-08-14T12:40:09.000Z"
}
]
},
@@ -3237,8 +3996,8 @@
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ "alg": "SHA-256",
+ "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
}
],
"licenses": [
@@ -3260,10 +4019,30 @@
"url": "https://pypi.org/project/pygments/2.18.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pygments.org/docs",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pygments/pygments",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/blob/master/CHANGES",
+ "type": "log"
}
],
"purl": "pkg:pypi/pygments@2.18.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-04T13:41:57Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3271,43 +4050,69 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-04T13:41:57.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "64-packaging",
- "name": "packaging",
- "version": "24.2",
+ "bom-ref": "64-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.3",
"supplier": {
- "name": "Donald Stufft",
+ "name": "Vinay Sajip",
"contact": [
{
- "email": "donald@stufft.io"
+ "email": "vinay_sajip@yahoo.co.uk"
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
- "description": "Core utilities for Python packages",
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d8e3b31b734926ebbcaff654279f6855a73e052f"
+ "alg": "SHA-256",
+ "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.2/#files",
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gnupg.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/packaging@24.2",
+ "purl": "pkg:pypi/python-gnupg@0.5.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-20T16:43:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3315,51 +4120,51 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-08T09:47:44.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "65-plotly",
- "name": "plotly",
- "version": "5.24.1",
+ "bom-ref": "65-packaging",
+ "name": "packaging",
+ "version": "24.2",
"supplier": {
- "name": "Chris P",
+ "name": "Donald Stufft",
"contact": [
{
- "email": "chris@plot.ly"
+ "email": "donald@stufft.io"
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
- "description": "An open-source, interactive data visualization library for Python",
- "licenses": [
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
+ "description": "Core utilities for Python packages",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
}
],
"externalReferences": [
{
- "url": "https://plotly.com/python/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/plotly/5.24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://packaging.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pypa/packaging",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/plotly@5.24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-08T09:47:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3367,57 +4172,69 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-12T15:36:24.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "66-tenacity",
- "name": "tenacity",
- "version": "9.0.0",
+ "bom-ref": "66-plotly",
+ "name": "plotly",
+ "version": "5.24.1",
"supplier": {
- "name": "Julien Danjou",
+ "name": "Chris P",
"contact": [
{
- "email": "julien@danjou.info"
+ "email": "chris@plot.ly"
}
]
},
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
- "description": "Retry code until it succeeds",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
+ "description": "An open-source, interactive data visualization library for Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+ "alg": "SHA-256",
+ "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/jd/tenacity",
+ "url": "https://plotly.com/python/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/tenacity/9.0.0/#files",
+ "url": "https://pypi.org/project/plotly/5.24.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://plotly.com/python/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
+ "type": "log"
}
],
- "purl": "pkg:pypi/tenacity@9.0.0",
+ "purl": "pkg:pypi/plotly@5.24.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T15:36:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3425,57 +4242,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-07-29T12:12:25.000Z"
}
]
},
{
- "type": "library",
- "bom-ref": "67-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.3",
+ "type": "library",
+ "bom-ref": "67-tenacity",
+ "name": "tenacity",
+ "version": "9.0.0",
"supplier": {
- "name": "Vinay Sajip",
+ "name": "Julien Danjou",
"contact": [
{
- "email": "vinay_sajip@yahoo.co.uk"
+ "email": "julien@danjou.info"
}
]
},
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
+ "description": "Retry code until it succeeds",
"hashes": [
{
- "alg": "SHA-1",
- "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c"
+ "alg": "SHA-256",
+ "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
}
],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/vsajip/python-gnupg",
+ "url": "https://github.com/jd/tenacity",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
+ "url": "https://pypi.org/project/tenacity/9.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
+ "purl": "pkg:pypi/tenacity@9.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-29T12:12:25Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3483,10 +4300,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-20T16:43:47.000Z"
}
]
},
@@ -3507,8 +4320,8 @@
"description": "Python HTTP for Humans.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "0e322af87745eff34caffe4df68456ebc20d9068"
+ "alg": "SHA-256",
+ "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
}
],
"licenses": [
@@ -3530,10 +4343,22 @@
"url": "https://pypi.org/project/requests/2.32.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://requests.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/psf/requests",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/requests@2.32.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-29T15:37:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3541,51 +4366,65 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-29T15:37:47.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "69-certifi",
- "name": "certifi",
- "version": "2024.8.30",
+ "bom-ref": "69-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.4.0",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Ahmed TAHRI",
"contact": [
{
- "email": "me@kennethreitz.com"
+ "email": "tahri.ahmed@proton.me"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/certifi/python-certifi",
+ "url": "https://github.com/Ousret/charset_normalizer",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2024.8.30/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/Ousret/charset_normalizer/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://charset-normalizer.readthedocs.io/en/latest",
+ "type": "documentation"
}
],
- "purl": "pkg:pypi/certifi@2024.8.30",
+ "purl": "pkg:pypi/charset-normalizer@3.4.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-09T07:38:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3593,51 +4432,59 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-30T01:55:02.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "70-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.4.0",
+ "bom-ref": "70-urllib3",
+ "name": "urllib3",
+ "version": "2.2.3",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Andrey Petrov",
"contact": [
{
- "email": "tahri.ahmed@proton.me"
+ "email": "andrey.petrov@shazow.net"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
}
],
"externalReferences": [
{
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+ "url": "https://pypi.org/project/urllib3/2.2.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://urllib3.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
+ "purl": "pkg:pypi/urllib3@2.2.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T10:52:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3645,43 +4492,61 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-09T07:38:02.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "71-urllib3",
- "name": "urllib3",
- "version": "2.2.3",
+ "bom-ref": "71-certifi",
+ "name": "certifi",
+ "version": "2024.12.14",
"supplier": {
- "name": "Andrey Petrov",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "andrey.petrov@shazow.net"
+ "email": "me@kennethreitz.com"
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df"
+ "alg": "SHA-256",
+ "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/certifi/2024.12.14/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/urllib3@2.2.3",
+ "purl": "pkg:pypi/certifi@2024.12.14",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-14T13:52:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3689,10 +4554,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-12T10:52:16.000Z"
}
]
},
@@ -3713,15 +4574,15 @@
"description": "Read rpm archive files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5"
+ "alg": "SHA-256",
+ "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3740,6 +4601,10 @@
],
"purl": "pkg:pypi/rpmfile@2.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-24T21:57:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3747,10 +4612,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-07-24T21:57:45.000Z"
}
]
},
@@ -3769,15 +4630,37 @@
},
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/setuptools/75.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pypa/setuptools",
+ "type": "vcs"
+ },
+ {
+ "url": "https://setuptools.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://setuptools.pypa.io/en/stable/history.html",
+ "type": "log"
}
],
"purl": "pkg:pypi/setuptools@75.3.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-29T10:23:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3790,48 +4673,52 @@
},
{
"type": "library",
- "bom-ref": "74-toml",
- "name": "toml",
- "version": "0.10.2",
+ "bom-ref": "74-xmlschema",
+ "name": "xmlschema",
+ "version": "3.4.3",
"supplier": {
- "name": "William Pearson",
+ "name": "Davide Brunato",
"contact": [
{
- "email": "uiri@xqz.ca"
+ "email": "brunato@sissa.it"
}
]
},
- "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*",
- "description": "Python Library for Tom's Obvious, Minimal Language",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
+ "description": "An XML Schema validator and decoder",
"hashes": [
{
- "alg": "SHA-1",
- "content": "3f637dba5f68db63d4b30967fedda51c82459471"
+ "alg": "SHA-256",
+ "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/uiri/toml",
+ "url": "https://github.com/sissaschool/xmlschema",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/toml/0.10.2/#files",
+ "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/toml@0.10.2",
+ "purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T09:47:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3839,18 +4726,14 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2020-11-01T01:40:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "75-xmlschema",
- "name": "xmlschema",
- "version": "3.4.3",
+ "bom-ref": "75-elementpath",
+ "name": "elementpath",
+ "version": "4.6.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -3859,31 +4742,41 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
- "description": "An XML Schema validator and decoder",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
+ "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/sissaschool/xmlschema",
+ "url": "https://github.com/sissaschool/elementpath",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/xmlschema/3.4.3/#files",
+ "url": "https://pypi.org/project/elementpath/4.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@3.4.3",
+ "purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-27T21:52:58Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3891,51 +4784,57 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-31T09:47:12.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "76-elementpath",
- "name": "elementpath",
- "version": "4.6.0",
+ "bom-ref": "76-toml",
+ "name": "toml",
+ "version": "0.10.2",
"supplier": {
- "name": "Davide Brunato",
+ "name": "William Pearson",
"contact": [
{
- "email": "brunato@sissa.it"
+ "email": "uiri@xqz.ca"
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
- "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*",
+ "description": "Python Library for Tom's Obvious, Minimal Language",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/sissaschool/elementpath",
+ "url": "https://github.com/uiri/toml",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.6.0/#files",
+ "url": "https://pypi.org/project/toml/0.10.2/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.6.0",
+ "purl": "pkg:pypi/toml@0.10.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-11-01T01:40:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3943,10 +4842,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-27T21:52:58.000Z"
}
]
},
@@ -3965,6 +4860,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -3988,6 +4889,10 @@
],
"purl": "pkg:pypi/zstandard@0.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-15T00:13:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3995,10 +4900,6 @@
{
"name": "python_version",
"value": "3.8.18"
- },
- {
- "name": "package_release_date",
- "value": "2024-07-15T00:13:27.000Z"
}
]
}
@@ -4014,31 +4915,31 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "13-beautifulsoup4",
- "15-cvss",
- "16-defusedxml",
- "17-distro",
- "18-filetype",
- "19-gsutil",
- "44-importlib-metadata",
- "46-importlib-resources",
- "47-jinja2",
- "49-jsonschema",
+ "15-beautifulsoup4",
+ "17-cvss",
+ "18-defusedxml",
+ "19-distro",
+ "20-filetype",
+ "21-gsutil",
+ "46-jinja2",
+ "48-jsonschema",
"54-lib4sbom",
"57-lib4vex",
+ "64-python-gnupg",
"59-packageurl-python",
- "64-packaging",
- "65-plotly",
- "67-python-gnupg",
+ "65-packaging",
+ "66-plotly",
"55-pyyaml",
"68-requests",
"60-rich",
"72-rpmfile",
"73-setuptools",
- "74-toml",
- "71-urllib3",
- "75-xmlschema",
- "45-zipp",
+ "70-urllib3",
+ "74-xmlschema",
+ "8-zipp",
+ "7-importlib-metadata",
+ "76-toml",
+ "49-importlib-resources",
"77-zstandard"
]
},
@@ -4047,11 +4948,11 @@
"dependsOn": [
"3-aiohappyeyeballs",
"4-aiosignal",
- "6-async-timeout",
- "7-attrs",
+ "6-attrs",
"5-frozenlist",
- "8-multidict",
- "10-yarl"
+ "10-multidict",
+ "11-yarl",
+ "14-async-timeout"
]
},
{
@@ -4061,197 +4962,204 @@
]
},
{
- "ref": "8-multidict",
+ "ref": "6-attrs",
"dependsOn": [
- "9-typing-extensions"
+ "7-importlib-metadata"
]
},
{
- "ref": "10-yarl",
+ "ref": "7-importlib-metadata",
"dependsOn": [
- "11-idna",
- "8-multidict",
- "12-propcache"
+ "8-zipp",
+ "9-typing-extensions"
]
},
{
- "ref": "13-beautifulsoup4",
+ "ref": "10-multidict",
"dependsOn": [
- "14-soupsieve"
+ "9-typing-extensions"
]
},
{
- "ref": "19-gsutil",
+ "ref": "11-yarl",
"dependsOn": [
- "20-argcomplete",
- "21-crcmod",
- "22-fasteners",
- "23-gcs-oauth2-boto-plugin",
- "42-google-apitools",
- "25-google-auth",
- "31-google-auth-httplib2",
- "34-google-reauth",
- "32-httplib2",
- "43-monotonic",
- "37-pyopenssl",
- "41-retry-decorator",
- "30-six"
+ "12-idna",
+ "10-multidict",
+ "13-propcache"
]
},
{
- "ref": "23-gcs-oauth2-boto-plugin",
+ "ref": "15-beautifulsoup4",
"dependsOn": [
- "24-boto",
- "25-google-auth",
- "31-google-auth-httplib2",
- "34-google-reauth",
- "32-httplib2",
- "36-oauth2client",
- "37-pyopenssl",
- "41-retry-decorator",
- "29-rsa",
- "30-six"
+ "16-soupsieve"
]
},
{
- "ref": "25-google-auth",
+ "ref": "21-gsutil",
"dependsOn": [
- "26-cachetools",
- "27-pyasn1-modules",
- "29-rsa",
- "30-six"
+ "22-argcomplete",
+ "23-crcmod",
+ "24-fasteners",
+ "25-gcs-oauth2-boto-plugin",
+ "44-google-apitools",
+ "32-httplib2",
+ "29-google-reauth",
+ "45-monotonic",
+ "36-pyopenssl",
+ "40-retry-decorator",
+ "31-six",
+ "41-google-auth",
+ "43-google-auth-httplib2"
]
},
{
- "ref": "27-pyasn1-modules",
+ "ref": "25-gcs-oauth2-boto-plugin",
"dependsOn": [
- "28-pyasn1"
+ "26-rsa",
+ "28-boto",
+ "29-google-reauth",
+ "32-httplib2",
+ "34-oauth2client",
+ "36-pyopenssl",
+ "40-retry-decorator",
+ "31-six",
+ "41-google-auth",
+ "43-google-auth-httplib2"
]
},
{
- "ref": "29-rsa",
+ "ref": "26-rsa",
"dependsOn": [
- "28-pyasn1"
+ "27-pyasn1"
]
},
{
- "ref": "31-google-auth-httplib2",
+ "ref": "29-google-reauth",
"dependsOn": [
- "25-google-auth",
- "32-httplib2"
+ "30-pyu2f"
]
},
{
- "ref": "32-httplib2",
+ "ref": "30-pyu2f",
"dependsOn": [
- "33-pyparsing"
+ "31-six"
]
},
{
- "ref": "34-google-reauth",
+ "ref": "32-httplib2",
"dependsOn": [
- "35-pyu2f"
+ "33-pyparsing"
]
},
{
- "ref": "35-pyu2f",
+ "ref": "34-oauth2client",
"dependsOn": [
- "30-six"
+ "32-httplib2",
+ "27-pyasn1",
+ "35-pyasn1-modules",
+ "26-rsa",
+ "31-six"
]
},
{
- "ref": "36-oauth2client",
+ "ref": "35-pyasn1-modules",
"dependsOn": [
- "32-httplib2",
- "28-pyasn1",
- "27-pyasn1-modules",
- "29-rsa",
- "30-six"
+ "27-pyasn1"
]
},
{
- "ref": "37-pyopenssl",
+ "ref": "36-pyopenssl",
"dependsOn": [
- "38-cryptography"
+ "37-cryptography"
]
},
{
- "ref": "38-cryptography",
+ "ref": "37-cryptography",
"dependsOn": [
- "39-cffi"
+ "38-cffi"
]
},
{
- "ref": "39-cffi",
+ "ref": "38-cffi",
"dependsOn": [
- "40-pycparser"
+ "39-pycparser"
]
},
{
- "ref": "42-google-apitools",
+ "ref": "41-google-auth",
"dependsOn": [
- "22-fasteners",
- "32-httplib2",
- "36-oauth2client",
- "30-six"
+ "42-cachetools",
+ "35-pyasn1-modules",
+ "31-six",
+ "26-rsa"
]
},
{
- "ref": "44-importlib-metadata",
+ "ref": "43-google-auth-httplib2",
"dependsOn": [
- "45-zipp"
+ "41-google-auth",
+ "32-httplib2"
]
},
{
- "ref": "46-importlib-resources",
+ "ref": "44-google-apitools",
"dependsOn": [
- "45-zipp"
+ "32-httplib2",
+ "24-fasteners",
+ "34-oauth2client",
+ "31-six"
]
},
{
- "ref": "47-jinja2",
+ "ref": "46-jinja2",
"dependsOn": [
- "48-markupsafe"
+ "47-markupsafe"
]
},
{
- "ref": "49-jsonschema",
+ "ref": "48-jsonschema",
"dependsOn": [
- "7-attrs",
- "46-importlib-resources",
+ "6-attrs",
+ "49-importlib-resources",
"50-jsonschema-specifications",
"53-pkgutil-resolve-name",
"51-referencing",
"52-rpds-py"
]
},
+ {
+ "ref": "49-importlib-resources",
+ "dependsOn": [
+ "8-zipp"
+ ]
+ },
{
"ref": "50-jsonschema-specifications",
"dependsOn": [
- "46-importlib-resources",
+ "49-importlib-resources",
"51-referencing"
]
},
{
"ref": "51-referencing",
"dependsOn": [
- "7-attrs",
+ "6-attrs",
"52-rpds-py"
]
},
{
"ref": "54-lib4sbom",
"dependsOn": [
- "16-defusedxml",
"55-pyyaml",
- "56-semantic-version"
+ "56-semantic-version",
+ "18-defusedxml"
]
},
{
"ref": "57-lib4vex",
"dependsOn": [
- "58-csaf-tool",
"54-lib4sbom",
+ "58-csaf-tool",
"59-packageurl-python"
]
},
@@ -4277,25 +5185,31 @@
]
},
{
- "ref": "65-plotly",
+ "ref": "66-plotly",
"dependsOn": [
- "64-packaging",
- "66-tenacity"
+ "67-tenacity",
+ "65-packaging"
]
},
{
"ref": "68-requests",
"dependsOn": [
- "69-certifi",
- "70-charset-normalizer",
- "11-idna",
- "71-urllib3"
+ "69-charset-normalizer",
+ "12-idna",
+ "70-urllib3",
+ "71-certifi"
+ ]
+ },
+ {
+ "ref": "74-xmlschema",
+ "dependsOn": [
+ "75-elementpath"
]
},
{
- "ref": "75-xmlschema",
+ "ref": "77-zstandard",
"dependsOn": [
- "76-elementpath"
+ "38-cffi"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx
index a0894598d1..c16f44a4b3 100644
--- a/sbom/cve-bin-tool-py3.8.spdx
+++ b/sbom/cve-bin-tool-py3.8.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8bef91b4-39b2-4f5c-a343-81fddf71bbda
-LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.3
-Created: 2024-12-09T00:42:14Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4e74e1a-9904-46ec-beab-1e3d7d1af7ba
+LicenseListVersion: 3.25
+Creator: Tool: sbom4python-0.12.1
+Created: 2024-12-16T00:39:17Z
CreatorComment: This document has been automatically generated.
#####
@@ -17,10 +17,12 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/intel/cve-bin-tool
+PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
+ReleaseDate: 2024-09-17T18:57:44Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
@@ -33,11 +35,21 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.11/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
+PackageChecksum: SHA256: 5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
+ReleaseDate: 2024-11-13T16:36:38Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp
+ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
+ExternalRef: OTHER other https://docs.aiohttp.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11
#####
@@ -49,10 +61,16 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
+PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues
+ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
@@ -65,12 +83,19 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
+PackageChecksum: SHA256: f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: aiosignal: a list of registered asynchronous callbacks
+ReleaseDate: 2022-11-08T16:03:57Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
+ExternalRef: OTHER other https://docs.aiosignal.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
#####
@@ -82,63 +107,81 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+ReleaseDate: 2024-10-23T09:46:20Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist
+ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog
+ExternalRef: OTHER other https://frozenlist.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
-PackageName: async-timeout
-SPDXID: SPDXRef-6-async-timeout
-PackageVersion: 5.0.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/async-timeout
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*
-#####
-
PackageName: attrs
-SPDXID: SPDXRef-7-attrs
+SPDXID: SPDXRef-6-attrs
PackageVersion: 24.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
+PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
+ReleaseDate: 2024-08-06T14:37:36Z
+ExternalRef: OTHER documentation https://www.attrs.org/
+ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
+ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
+ExternalRef: OTHER other https://github.com/sponsors/hynek
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
#####
-PackageName: multidict
-SPDXID: SPDXRef-8-multidict
-PackageVersion: 6.1.0
+PackageName: importlib-metadata
+SPDXID: SPDXRef-7-importlib-metadata
+PackageVersion: 8.5.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/multidict
-PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
+PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
-PackageSummary: multidict implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
+PackageSummary: Read metadata from Python packages
+ReleaseDate: 2024-09-11T14:56:07Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zipp
+SPDXID: SPDXRef-8-zipp
+PackageVersion: 3.20.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backport of pathlib-compatible object wrapper for zip files
+ReleaseDate: 2024-09-13T13:44:14Z
+ExternalRef: OTHER vcs https://github.com/jaraco/zipp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
#####
PackageName: typing-extensions
@@ -148,390 +191,477 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3
+PackageHomePage: https://github.com/python/typing_extensions
+PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ReleaseDate: 2024-06-07T18:52:13Z
+ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues
+ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
+ExternalRef: OTHER other https://github.com/python/typing/discussions
+ExternalRef: OTHER vcs https://github.com/python/typing_extensions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
#####
+PackageName: multidict
+SPDXID: SPDXRef-10-multidict
+PackageVersion: 6.1.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: multidict implementation
+ReleaseDate: 2024-09-09T23:47:18Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
+ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://multidict.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
+#####
+
PackageName: yarl
-SPDXID: SPDXRef-10-yarl
+SPDXID: SPDXRef-11-yarl
PackageVersion: 1.15.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
-PackageChecksum: SHA1: 33294bf084d2dde1ac1e8133b0125e1f142a8274
+PackageChecksum: SHA256: e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
+ReleaseDate: 2024-10-13T18:44:32Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl
+ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://yarl.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-11-idna
+SPDXID: SPDXRef-12-idna
PackageVersion: 3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
+ReleaseDate: 2024-09-15T18:07:37Z
+ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
+ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
+ExternalRef: OTHER vcs https://github.com/kjd/idna
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
#####
PackageName: propcache
-SPDXID: SPDXRef-12-propcache
+SPDXID: SPDXRef-13-propcache
PackageVersion: 0.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
-PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda
+PackageChecksum: SHA256: c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
+ReleaseDate: 2024-10-07T12:54:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache
+ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
+ExternalRef: OTHER other https://propcache.readthedocs.io
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*
#####
+PackageName: async-timeout
+SPDXID: SPDXRef-14-async-timeout
+PackageVersion: 5.0.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/aio-libs/async-timeout
+PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Timeout context manager for asyncio programs
+ReleaseDate: 2024-11-06T16:41:37Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*
+#####
+
PackageName: beautifulsoup4
-SPDXID: SPDXRef-13-beautifulsoup4
+SPDXID: SPDXRef-15-beautifulsoup4
PackageVersion: 4.12.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
+PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
+ReleaseDate: 2024-01-17T16:53:12Z
+ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
-SPDXID: SPDXRef-14-soupsieve
+SPDXID: SPDXRef-16-soupsieve
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
-PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
+PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ReleaseDate: 2024-08-13T13:39:10Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-15-cvss
+SPDXID: SPDXRef-17-cvss
PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
-PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261
+PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
+ReleaseDate: 2024-11-01T10:05:52Z
+ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
+ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
+ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
+ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
-SPDXID: SPDXRef-16-defusedxml
+SPDXID: SPDXRef-18-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files
+PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml
FilesAnalyzed: false
PackageHomePage: https://github.com/tiran/defusedxml
-PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
+PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
+ReleaseDate: 2021-03-08T10:59:24Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
PackageName: distro
-SPDXID: SPDXRef-17-distro
+SPDXID: SPDXRef-19-distro
PackageVersion: 1.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-distro/distro
+PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
+ReleaseDate: 2023-12-24T09:54:30Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
PackageName: filetype
-SPDXID: SPDXRef-18-filetype
+SPDXID: SPDXRef-20-filetype
PackageVersion: 1.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
-PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files
+PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master
FilesAnalyzed: false
PackageHomePage: https://github.com/h2non/filetype.py
-PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
+PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
+ReleaseDate: 2022-11-02T17:34:01Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-19-gsutil
-PackageVersion: 5.32
+SPDXID: SPDXRef-21-gsutil
+PackageVersion: 5.33
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files
+PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
+PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-11T09:40:59Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-20-argcomplete
+SPDXID: SPDXRef-22-argcomplete
PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc
+PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
+ReleaseDate: 2024-12-06T18:24:27Z
+ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
+ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
+ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
+ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-21-crcmod
+SPDXID: SPDXRef-23-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files
+PackageDownloadLocation: http://sourceforge.net/projects/crcmod
FilesAnalyzed: false
PackageHomePage: http://crcmod.sourceforge.net/
+PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
+ReleaseDate: 2010-06-27T14:35:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-22-fasteners
+SPDXID: SPDXRef-24-fasteners
PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/harlowja/fasteners
-PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
+PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
+ReleaseDate: 2023-09-19T17:11:18Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files
+PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin
FilesAnalyzed: false
PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb
+PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+ReleaseDate: 2024-05-02T14:37:31Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
-PackageName: boto
-SPDXID: SPDXRef-24-boto
-PackageVersion: 2.49.0
+PackageName: rsa
+SPDXID: SPDXRef-26-rsa
+PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
+PackageHomePage: https://stuvel.eu/rsa
+PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
+PackageSummary: Pure-Python RSA implementation
+ReleaseDate: 2021-02-24T10:55:03Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
-PackageName: google-auth
-SPDXID: SPDXRef-25-google-auth
-PackageVersion: 2.17.0
+PackageName: pyasn1
+SPDXID: SPDXRef-27-pyasn1
+PackageVersion: 0.6.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ReleaseDate: 2024-09-10T22:41:42Z
+ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
+ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
#####
-PackageName: cachetools
-SPDXID: SPDXRef-26-cachetools
-PackageVersion: 5.5.0
+PackageName: boto
+SPDXID: SPDXRef-28-boto
+PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
+PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
+PackageHomePage: https://github.com/boto/boto/
+PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+PackageSummary: Amazon Web Services Library
+ReleaseDate: 2018-07-11T20:58:55Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-27-pyasn1-modules
-PackageVersion: 0.4.1
+PackageName: google-reauth
+SPDXID: SPDXRef-29-google-reauth
+PackageVersion: 0.1.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageHomePage: https://github.com/Google/google-reauth-python
+PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1
-SPDXID: SPDXRef-28-pyasn1
-PackageVersion: 0.6.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
+PackageSummary: Google Reauth Library
+ReleaseDate: 2020-12-01T17:35:45Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
-PackageName: rsa
-SPDXID: SPDXRef-29-rsa
-PackageVersion: 4.7.2
+PackageName: pyu2f
+SPDXID: SPDXRef-30-pyu2f
+PackageVersion: 0.1.5
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
+PackageHomePage: https://github.com/google/pyu2f/
+PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ReleaseDate: 2020-10-30T20:03:07Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-30-six
+SPDXID: SPDXRef-31-six
PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/benjaminp/six
+PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
+ReleaseDate: 2024-12-04T17:35:26Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
-PackageName: google-auth-httplib2
-SPDXID: SPDXRef-31-google-auth-httplib2
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library: httplib2 transport
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
-#####
-
PackageName: httplib2
SPDXID: SPDXRef-32-httplib2
PackageVersion: 0.20.4
@@ -540,11 +670,12 @@ PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/httplib2/httplib2
-PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
+PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
+ReleaseDate: 2022-02-03T00:00:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
@@ -557,282 +688,339 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+ReleaseDate: 2024-08-25T15:00:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*
#####
-PackageName: google-reauth
-SPDXID: SPDXRef-34-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-35-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
PackageName: oauth2client
-SPDXID: SPDXRef-36-oauth2client
+SPDXID: SPDXRef-34-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/oauth2client/
-PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
+PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
+ReleaseDate: 2018-09-07T21:38:16Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-35-pyasn1-modules
+PackageVersion: 0.4.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ReleaseDate: 2024-09-10T22:42:08Z
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
+ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+#####
+
PackageName: pyopenssl
-SPDXID: SPDXRef-37-pyopenssl
+SPDXID: SPDXRef-36-pyopenssl
PackageVersion: 24.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
+PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
+ReleaseDate: 2024-07-20T17:26:29Z
+ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
-SPDXID: SPDXRef-38-cryptography
+SPDXID: SPDXRef-37-cryptography
PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
+PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
+ReleaseDate: 2024-10-18T15:57:36Z
+ExternalRef: OTHER documentation https://cryptography.io/
+ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
+ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
+ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
-SPDXID: SPDXRef-39-cffi
+SPDXID: SPDXRef-38-cffi
PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
-PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
+PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
+ReleaseDate: 2024-09-04T20:43:30Z
+ExternalRef: OTHER documentation http://cffi.readthedocs.org/
+ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
+ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
+ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
+ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
PackageName: pycparser
-SPDXID: SPDXRef-40-pycparser
+SPDXID: SPDXRef-39-pycparser
PackageVersion: 2.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
+PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
+ReleaseDate: 2024-03-30T13:22:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
PackageName: retry-decorator
-SPDXID: SPDXRef-41-retry-decorator
+SPDXID: SPDXRef-40-retry-decorator
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
+PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
+ReleaseDate: 2020-03-10T23:56:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
+PackageName: google-auth
+SPDXID: SPDXRef-41-google-auth
+PackageVersion: 2.17.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/googleapis/google-auth-library-python
+PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library
+ReleaseDate: 2023-03-28T19:51:30Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cachetools
+SPDXID: SPDXRef-42-cachetools
+PackageVersion: 5.5.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/tkem/cachetools/
+PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ReleaseDate: 2024-08-18T20:28:43Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-auth-httplib2
+SPDXID: SPDXRef-43-google-auth-httplib2
+PackageVersion: 0.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
+PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library: httplib2 transport
+ReleaseDate: 2023-12-12T17:40:13Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+#####
+
PackageName: google-apitools
-SPDXID: SPDXRef-42-google-apitools
+SPDXID: SPDXRef-44-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
+PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
+ReleaseDate: 2021-05-05T22:12:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-43-monotonic
+SPDXID: SPDXRef-45-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/atdt/monotonic
-PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
+PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+ReleaseDate: 2021-04-09T21:58:05Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
-PackageName: importlib-metadata
-SPDXID: SPDXRef-44-importlib-metadata
-PackageVersion: 8.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files
-FilesAnalyzed: false
-PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read metadata from Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: zipp
-SPDXID: SPDXRef-45-zipp
-PackageVersion: 3.20.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*
-#####
-
-PackageName: importlib-resources
-SPDXID: SPDXRef-46-importlib-resources
-PackageVersion: 6.4.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Barry Warsaw (barry@python.org)
-PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files
-FilesAnalyzed: false
-PackageChecksum: SHA1: 284148b005b57031a354402c446473f53cab2c49
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read resources from Python packages
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*
-#####
-
PackageName: jinja2
-SPDXID: SPDXRef-47-jinja2
+SPDXID: SPDXRef-46-jinja2
PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57
+PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
+ReleaseDate: 2024-05-05T23:41:59Z
+ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
+ExternalRef: OTHER chat https://discord.gg/pallets
+ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER vcs https://github.com/pallets/jinja/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
#####
PackageName: markupsafe
-SPDXID: SPDXRef-48-markupsafe
+SPDXID: SPDXRef-47-markupsafe
PackageVersion: 2.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5/#files
FilesAnalyzed: false
PackageHomePage: https://palletsprojects.com/p/markupsafe/
-PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65
+PackageChecksum: SHA256: a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
+ReleaseDate: 2024-02-02T16:30:04Z
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
+ExternalRef: OTHER issue-tracker https://github.com/pallets/markupsafe/issues/
+ExternalRef: OTHER chat https://discord.gg/pallets
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5
#####
PackageName: jsonschema
-SPDXID: SPDXRef-49-jsonschema
+SPDXID: SPDXRef-48-jsonschema
PackageVersion: 4.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema
+PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
+ReleaseDate: 2024-07-08T18:40:00Z
+ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
+PackageName: importlib-resources
+SPDXID: SPDXRef-49-importlib-resources
+PackageVersion: 6.4.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Barry Warsaw (barry@python.org)
+PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read resources from Python packages
+ReleaseDate: 2024-09-09T17:03:13Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_resources
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*
+#####
+
PackageName: jsonschema-specifications
SPDXID: SPDXRef-50-jsonschema-specifications
PackageVersion: 2023.12.1
@@ -841,11 +1029,17 @@ PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVin
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76
+PackageChecksum: SHA256: 87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
+ReleaseDate: 2023-12-25T15:16:51Z
+ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*
#####
@@ -858,11 +1052,18 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
+PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
+ReleaseDate: 2024-05-01T20:26:02Z
+ExternalRef: OTHER documentation https://referencing.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
@@ -875,11 +1076,17 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
-PackageChecksum: SHA1: 1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9
+PackageChecksum: SHA256: a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
+ReleaseDate: 2024-10-31T14:26:20Z
+ExternalRef: OTHER documentation https://rpds.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:*
#####
@@ -896,24 +1103,27 @@ PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Resolve a name to an object.
+ReleaseDate: 2024-10-31T14:26:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-54-lib4sbom
-PackageVersion: 0.7.5
+PackageVersion: 0.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
+PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-09T20:13:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -921,13 +1131,20 @@ SPDXID: SPDXRef-55-pyyaml
PackageVersion: 6.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/PyYAML/
FilesAnalyzed: false
PackageHomePage: https://pyyaml.org/
+PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
+ReleaseDate: 2024-08-06T20:31:40Z
+ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
+ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
+ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
+ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
+ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
@@ -940,12 +1157,13 @@ PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.o
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
+PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
+ReleaseDate: 2022-05-26T13:35:21Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
@@ -958,11 +1176,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
+PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
+ReleaseDate: 2024-08-29T20:36:52Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
#####
@@ -975,11 +1194,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4
+PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CSAF generator and analyser
+ReleaseDate: 2024-06-12T20:10:06Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
#####
@@ -992,11 +1212,12 @@ PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882
+PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
+ReleaseDate: 2024-10-22T05:51:23Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
@@ -1009,11 +1230,13 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
+PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ReleaseDate: 2024-11-01T16:43:55Z
+ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
@@ -1026,11 +1249,13 @@ PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/markdown-it-py
-PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
+PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ReleaseDate: 2023-06-03T06:41:11Z
+ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
@@ -1043,11 +1268,12 @@ PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/mdurl
-PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
+PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
+ReleaseDate: 2022-08-14T12:40:09Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
@@ -1060,83 +1286,101 @@ PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
+PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
+ReleaseDate: 2024-05-04T13:41:57Z
+ExternalRef: OTHER documentation https://pygments.org/docs
+ExternalRef: OTHER vcs https://github.com/pygments/pygments
+ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
+ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
+PackageName: python-gnupg
+SPDXID: SPDXRef-64-python-gnupg
+PackageVersion: 0.5.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/vsajip/python-gnupg
+PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ReleaseDate: 2024-09-20T16:43:47Z
+ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
+ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-64-packaging
+SPDXID: SPDXRef-65-packaging
PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f
+PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
+ReleaseDate: 2024-11-08T09:47:44Z
+ExternalRef: OTHER documentation https://packaging.pypa.io/
+ExternalRef: OTHER vcs https://github.com/pypa/packaging
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-65-plotly
+SPDXID: SPDXRef-66-plotly
PackageVersion: 5.24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
+PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
+ReleaseDate: 2024-09-12T15:36:24Z
+ExternalRef: OTHER documentation https://plotly.com/python/
+ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
+ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-66-tenacity
+SPDXID: SPDXRef-67-tenacity
PackageVersion: 9.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/jd/tenacity
-PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb
+PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
+ReleaseDate: 2024-07-29T12:12:25Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
#####
-PackageName: python-gnupg
-SPDXID: SPDXRef-67-python-gnupg
-PackageVersion: 0.5.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
-#####
-
PackageName: requests
SPDXID: SPDXRef-68-requests
PackageVersion: 2.32.3
@@ -1145,63 +1389,78 @@ PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068
+PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
+ReleaseDate: 2024-05-29T15:37:47Z
+ExternalRef: OTHER documentation https://requests.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/psf/requests
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
#####
-PackageName: certifi
-SPDXID: SPDXRef-69-certifi
-PackageVersion: 2024.8.30
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*
-#####
-
PackageName: charset-normalizer
-SPDXID: SPDXRef-70-charset-normalizer
+SPDXID: SPDXRef-69-charset-normalizer
PackageVersion: 3.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Ousret/charset_normalizer
+PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ReleaseDate: 2024-10-09T07:38:02Z
+ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-71-urllib3
+SPDXID: SPDXRef-70-urllib3
PackageVersion: 2.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df
+PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ReleaseDate: 2024-09-12T10:52:16Z
+ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
+ExternalRef: OTHER documentation https://urllib3.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
+ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
#####
+PackageName: certifi
+SPDXID: SPDXRef-71-certifi
+PackageVersion: 2024.12.14
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/certifi/python-certifi
+PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56
+PackageLicenseDeclared: MPL-2.0
+PackageLicenseConcluded: MPL-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python package for providing Mozilla's CA Bundle.
+ReleaseDate: 2024-12-14T13:52:36Z
+ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
+#####
+
PackageName: rpmfile
SPDXID: SPDXRef-72-rpmfile
PackageVersion: 2.1.0
@@ -1210,11 +1469,12 @@ PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/srossross/rpmfile
-PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5
+PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
+ReleaseDate: 2024-07-24T21:57:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
@@ -1226,63 +1486,73 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
+ReleaseDate: 2024-10-29T10:23:24Z
+ExternalRef: OTHER vcs https://github.com/pypa/setuptools
+ExternalRef: OTHER documentation https://setuptools.pypa.io/
+ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*
#####
-PackageName: toml
-SPDXID: SPDXRef-74-toml
-PackageVersion: 0.10.2
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: William Pearson (uiri@xqz.ca)
-PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/uiri/toml
-PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python Library for Tom's Obvious, Minimal Language
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
-#####
-
PackageName: xmlschema
-SPDXID: SPDXRef-75-xmlschema
+SPDXID: SPDXRef-74-xmlschema
PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
+PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
+ReleaseDate: 2024-10-31T09:47:12Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-76-elementpath
+SPDXID: SPDXRef-75-elementpath
PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ReleaseDate: 2024-10-27T21:52:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
+PackageName: toml
+SPDXID: SPDXRef-76-toml
+PackageVersion: 0.10.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: William Pearson (uiri@xqz.ca)
+PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/uiri/toml
+PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python Library for Tom's Obvious, Minimal Language
+ReleaseDate: 2020-11-01T01:40:20Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*
+#####
+
PackageName: zstandard
SPDXID: SPDXRef-77-zstandard
PackageVersion: 0.23.0
@@ -1291,114 +1561,116 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
+ReleaseDate: 2024-07-15T00:13:27Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-importlib-metadata
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-zipp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-importlib-resources
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jinja2
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-jsonschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-importlib-resources
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4sbom
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-pyyaml
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-lib4vex
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-packageurl-python
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-plotly
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-python-gnupg
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-python-gnupg
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-packaging
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-plotly
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-requests
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-urllib3
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-urllib3
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-rpmfile
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-setuptools
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-toml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-xmlschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-xmlschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-76-toml
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-77-zstandard
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache
-Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict
-Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools
-Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna
+Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-13-propcache
+Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-14-async-timeout
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl
-Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth
-Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools
+Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2
+Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f
+Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six
Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing
-Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f
-Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography
-Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi
-Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules
+Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1
+Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography
+Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi
+Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser
Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2
-Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client
-Relationship: SPDXRef-44-importlib-metadata DEPENDS_ON SPDXRef-45-zipp
-Relationship: SPDXRef-46-importlib-resources DEPENDS_ON SPDXRef-45-zipp
-Relationship: SPDXRef-47-jinja2 DEPENDS_ON SPDXRef-48-markupsafe
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-46-importlib-resources
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-51-referencing
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-52-rpds-py
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name
-Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-46-importlib-resources
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules
+Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools
+Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2
+Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client
+Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-importlib-resources
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-51-referencing
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-52-rpds-py
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name
+Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-49-importlib-resources DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-49-importlib-resources
Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-51-referencing
Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-52-rpds-py
-Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-7-attrs
-Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml
+Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml
Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-55-pyyaml
Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-56-semantic-version
Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-54-lib4sbom
@@ -1406,16 +1678,19 @@ Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-58-csaf-tool
Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-59-packageurl-python
Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-59-packageurl-python
Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-60-rich
+Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata
Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-61-markdown-it-py
Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-63-pygments
Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-9-typing-extensions
Relationship: SPDXRef-61-markdown-it-py DEPENDS_ON SPDXRef-62-mdurl
-Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-64-packaging
-Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-66-tenacity
-Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-11-idna
-Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-certifi
-Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-charset-normalizer
-Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-urllib3
-Relationship: SPDXRef-75-xmlschema DEPENDS_ON SPDXRef-76-elementpath
-Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-65-packaging
+Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-67-tenacity
+Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-12-idna
+Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-charset-normalizer
+Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-urllib3
+Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-certifi
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-74-xmlschema DEPENDS_ON SPDXRef-75-elementpath
+Relationship: SPDXRef-77-zstandard DEPENDS_ON SPDXRef-38-cffi
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool