From ce0d2c361ff99ba1571009705aaf2d1bd8d3f328 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:43:12 +0000 Subject: [PATCH] chore: update SBOM for Python 3.8 (#4627) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 2872 ++++++++++++++++++++++------------ sbom/cve-bin-tool-py3.8.spdx | 1137 +++++++++----- 2 files changed, 2599 insertions(+), 1410 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index eca4e9591a..e6a506694b 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:195f1fda-4d35-404c-96c8-fec25e970985", + "serialNumber": "urn:uuid:f9224672-5e3f-460a-8fd4-51f97229adfe", "version": 1, "metadata": { - "timestamp": "2024-12-09T00:43:24Z", + "timestamp": "2024-12-16T00:39:25Z", "lifecycles": [ { "phase": "build" @@ -15,7 +15,7 @@ "components": [ { "name": "sbom4python", - "version": "0.11.3", + "version": "0.12.1", "type": "application" } ] @@ -42,6 +42,12 @@ }, "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", + "hashes": [ + { + "alg": "SHA-256", + "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d" + } + ], "licenses": [ { "license": { @@ -65,6 +71,10 @@ ], "purl": "pkg:pypi/cve-bin-tool@3.4", "properties": [ + { + "name": "release_date", + "value": "2024-09-17T18:57:44Z" + }, { "name": "language", "value": "Python" @@ -81,6 +91,12 @@ "name": "aiohttp", "version": "3.10.11", "description": "Async http client/server framework (asyncio)", + "hashes": [ + { + "alg": "SHA-256", + "content": "5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e" + } + ], "licenses": [ { "license": { @@ -100,10 +116,46 @@ "url": "https://pypi.org/project/aiohttp/3.10.11/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiohttp", + "type": "other" + }, + { + "url": "https://docs.aiohttp.org/en/stable/changes.html", + "type": "log" + }, + { + "url": "https://docs.aiohttp.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiohttp/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohttp", + "type": "vcs" } ], "purl": "pkg:pypi/aiohttp@3.10.11", "properties": [ + { + "name": "release_date", + "value": "2024-11-13T16:36:38Z" + }, { "name": "language", "value": "Python" @@ -129,6 +181,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-256", + "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8" + } + ], "licenses": [ { "license": { @@ -148,10 +206,30 @@ "url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://aiohappyeyeballs.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/aio-libs/aiohappyeyeballs", + "type": "vcs" } ], "purl": "pkg:pypi/aiohappyeyeballs@2.4.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-30T18:43:39Z" + }, { "name": "language", "value": "Python" @@ -159,10 +237,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-30T18:43:39.000Z" } ] }, @@ -174,8 +248,8 @@ "description": "aiosignal: a list of registered asynchronous callbacks", "hashes": [ { - "alg": "SHA-1", - "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3" + "alg": "SHA-256", + "content": "f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17" } ], "licenses": [ @@ -197,10 +271,38 @@ "url": "https://pypi.org/project/aiosignal/1.3.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/aiosignal", + "type": "other" + }, + { + "url": "https://docs.aiosignal.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/aiosignal/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/aiosignal", + "type": "vcs" } ], "purl": "pkg:pypi/aiosignal@1.3.1", "properties": [ + { + "name": "release_date", + "value": "2022-11-08T16:03:57Z" + }, { "name": "language", "value": "Python" @@ -208,10 +310,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2022-11-08T16:03:57.000Z" } ] }, @@ -221,6 +319,12 @@ "name": "frozenlist", "version": "1.5.0", "description": "A list-like structure which implements collections.abc.MutableSequence", + "hashes": [ + { + "alg": "SHA-256", + "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a" + } + ], "licenses": [ { "license": { @@ -240,10 +344,50 @@ "url": "https://pypi.org/project/frozenlist/1.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/frozenlist", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog", + "type": "log" + }, + { + "url": "https://frozenlist.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/frozenlist/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/frozenlist", + "type": "vcs" } ], "purl": "pkg:pypi/frozenlist@1.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-23T09:46:20Z" + }, { "name": "language", "value": "Python" @@ -251,51 +395,63 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-23T09:46:20.000Z" } ] }, { "type": "library", - "bom-ref": "6-async-timeout", - "name": "async-timeout", - "version": "5.0.1", + "bom-ref": "6-attrs", + "name": "attrs", + "version": "24.2.0", "supplier": { - "name": "Andrew Svetlov", + "name": "Hynek Schlawack", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "hs@ox.cx" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", - "description": "Timeout context manager for asyncio programs", - "licenses": [ + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", + "description": "Classes Without Boilerplate", + "hashes": [ { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/async-timeout", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/async-timeout/5.0.1/#files", + "url": "https://pypi.org/project/attrs/24.2.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.attrs.org/", + "type": "documentation" + }, + { + "url": "https://www.attrs.org/en/stable/changelog.html", + "type": "log" + }, + { + "url": "https://github.com/python-attrs/attrs", + "type": "vcs" + }, + { + "url": "https://github.com/sponsors/hynek", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi", + "type": "other" } ], - "purl": "pkg:pypi/async-timeout@5.0.1", + "purl": "pkg:pypi/attrs@24.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T14:37:36Z" + }, { "name": "language", "value": "Python" @@ -303,43 +459,47 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-06T16:41:37.000Z" } ] }, { "type": "library", - "bom-ref": "7-attrs", - "name": "attrs", - "version": "24.2.0", + "bom-ref": "7-importlib-metadata", + "name": "importlib-metadata", + "version": "8.5.0", "supplier": { - "name": "Hynek Schlawack", + "name": "Jason R .", "contact": [ { - "email": "hs@ox.cx" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", - "description": "Classes Without Boilerplate", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", + "description": "Read metadata from Python packages", "hashes": [ { - "alg": "SHA-1", - "content": "6771a04893780166e4b7826b63599f43ac30d00a" + "alg": "SHA-256", + "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b" } ], "externalReferences": [ { - "url": "https://pypi.org/project/attrs/24.2.0/#files", + "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_metadata", + "type": "vcs" } ], - "purl": "pkg:pypi/attrs@24.2.0", + "purl": "pkg:pypi/importlib-metadata@8.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-09-11T14:56:07Z" + }, { "name": "language", "value": "Python" @@ -347,57 +507,47 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-06T14:37:36.000Z" } ] }, { "type": "library", - "bom-ref": "8-multidict", - "name": "multidict", - "version": "6.1.0", + "bom-ref": "8-zipp", + "name": "zipp", + "version": "3.20.2", "supplier": { - "name": "Andrew Svetlov", + "name": "Jason R .", "contact": [ { - "email": "andrew.svetlov@gmail.com" + "email": "jaraco@jaraco.com" } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", - "description": "multidict implementation", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "description": "Backport of pathlib-compatible object wrapper for zip files", "hashes": [ { - "alg": "SHA-1", - "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350" } ], "externalReferences": [ { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/multidict/6.1.0/#files", + "url": "https://pypi.org/project/zipp/3.20.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/jaraco/zipp", + "type": "vcs" } ], - "purl": "pkg:pypi/multidict@6.1.0", + "purl": "pkg:pypi/zipp@3.20.2", "properties": [ + { + "name": "release_date", + "value": "2024-09-13T13:44:14Z" + }, { "name": "language", "value": "Python" @@ -405,10 +555,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-09T23:47:18.000Z" } ] }, @@ -429,19 +575,48 @@ "description": "Backported and Experimental Type Hints for Python 3.8+", "hashes": [ { - "alg": "SHA-1", - "content": "e1250ff869e7ee5ad05170d8a4b65469f13801c3" + "alg": "SHA-256", + "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d" } ], "externalReferences": [ + { + "url": "https://github.com/python/typing_extensions", + "type": "website", + "comment": "Home page for project" + }, { "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/typing_extensions/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md", + "type": "log" + }, + { + "url": "https://typing-extensions.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python/typing/discussions", + "type": "other" + }, + { + "url": "https://github.com/python/typing_extensions", + "type": "vcs" } ], "purl": "pkg:pypi/typing-extensions@4.12.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-07T18:52:13Z" + }, { "name": "language", "value": "Python" @@ -449,18 +624,14 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-06-07T18:52:13.000Z" } ] }, { "type": "library", - "bom-ref": "10-yarl", - "name": "yarl", - "version": "1.15.2", + "bom-ref": "10-multidict", + "name": "multidict", + "version": "6.1.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -469,12 +640,12 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", - "description": "Yet another URL library", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", + "description": "multidict implementation", "hashes": [ { - "alg": "SHA-1", - "content": "33294bf084d2dde1ac1e8133b0125e1f142a8274" + "alg": "SHA-256", + "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60" } ], "licenses": [ @@ -488,18 +659,58 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl", + "url": "https://github.com/aio-libs/multidict", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.2/#files", + "url": "https://pypi.org/project/multidict/6.1.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/actions", + "type": "build-system" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/multidict", + "type": "other" + }, + { + "url": "https://multidict.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://multidict.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/multidict", + "type": "vcs" } ], - "purl": "pkg:pypi/yarl@1.15.2", + "purl": "pkg:pypi/multidict@6.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-09-09T23:47:18Z" + }, { "name": "language", "value": "Python" @@ -512,28 +723,88 @@ }, { "type": "library", - "bom-ref": "11-idna", - "name": "idna", - "version": "3.10", + "bom-ref": "11-yarl", + "name": "yarl", + "version": "1.15.2", "supplier": { - "name": "Kim Davies", + "name": "Andrew Svetlov", "contact": [ { - "email": "kim+pypi@gumleaf.org" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", - "description": "Internationalized Domain Names in Applications (IDNA)", - "externalReferences": [ - { - "url": "https://pypi.org/project/idna/3.10/#files", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.15.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/yarl", + "type": "other" + }, + { + "url": "https://yarl.aio-libs.org/en/latest/changes/", + "type": "log" + }, + { + "url": "https://yarl.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/yarl/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/yarl", + "type": "vcs" } ], - "purl": "pkg:pypi/idna@3.10", + "purl": "pkg:pypi/yarl@1.15.2", "properties": [ + { + "name": "release_date", + "value": "2024-10-13T18:44:32Z" + }, { "name": "language", "value": "Python" @@ -541,16 +812,68 @@ { "name": "python_version", "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "12-idna", + "name": "idna", + "version": "3.10", + "supplier": { + "name": "Kim Davies", + "contact": [ + { + "email": "kim+pypi@gumleaf.org" + } + ] + }, + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-256", + "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3" + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/idna/3.10/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst", + "type": "log" + }, + { + "url": "https://github.com/kjd/idna/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kjd/idna", + "type": "vcs" + } + ], + "purl": "pkg:pypi/idna@3.10", + "properties": [ + { + "name": "release_date", + "value": "2024-09-15T18:07:37Z" + }, + { + "name": "language", + "value": "Python" }, { - "name": "package_release_date", - "value": "2024-09-15T18:07:37.000Z" + "name": "python_version", + "value": "3.8.18" } ] }, { "type": "library", - "bom-ref": "12-propcache", + "bom-ref": "13-propcache", "name": "propcache", "version": "0.2.0", "supplier": { @@ -565,8 +888,8 @@ "description": "Accelerated property cache", "hashes": [ { - "alg": "SHA-1", - "content": "f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda" + "alg": "SHA-256", + "content": "c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58" } ], "licenses": [ @@ -588,10 +911,50 @@ "url": "https://pypi.org/project/propcache/0.2.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, + { + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/actions?query=branch:master", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, + { + "url": "https://codecov.io/github/aio-libs/propcache", + "type": "other" + }, + { + "url": "https://propcache.readthedocs.io/en/latest/changes/", + "type": "log" + }, + { + "url": "https://propcache.readthedocs.io", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/propcache/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/propcache", + "type": "vcs" } ], "purl": "pkg:pypi/propcache@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-07T12:54:02Z" + }, { "name": "language", "value": "Python" @@ -599,16 +962,90 @@ { "name": "python_version", "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "14-async-timeout", + "name": "async-timeout", + "version": "5.0.1", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:*", + "description": "Timeout context manager for asyncio programs", + "hashes": [ + { + "alg": "SHA-256", + "content": "39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/async-timeout", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/async-timeout/5.0.1/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://gitter.im/aio-libs/Lobby", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/async-timeout/actions", + "type": "build-system" + }, + { + "url": "https://codecov.io/github/aio-libs/async-timeout", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/async-timeout/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/async-timeout", + "type": "vcs" + } + ], + "purl": "pkg:pypi/async-timeout@5.0.1", + "properties": [ + { + "name": "release_date", + "value": "2024-11-06T16:41:37Z" + }, + { + "name": "language", + "value": "Python" }, { - "name": "package_release_date", - "value": "2024-10-07T12:54:02.000Z" + "name": "python_version", + "value": "3.8.18" } ] }, { "type": "library", - "bom-ref": "13-beautifulsoup4", + "bom-ref": "15-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -621,11 +1058,17 @@ }, "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*", "description": "Screen-scraping library", + "hashes": [ + { + "alg": "SHA-256", + "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -640,10 +1083,18 @@ "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/", + "type": "other" } ], "purl": "pkg:pypi/beautifulsoup4@4.12.3", "properties": [ + { + "name": "release_date", + "value": "2024-01-17T16:53:12Z" + }, { "name": "language", "value": "Python" @@ -651,16 +1102,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-01-17T16:53:12.000Z" } ] }, { "type": "library", - "bom-ref": "14-soupsieve", + "bom-ref": "16-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -675,8 +1122,8 @@ "description": "A modern CSS selector implementation for Beautiful Soup.", "hashes": [ { - "alg": "SHA-1", - "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990" + "alg": "SHA-256", + "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9" } ], "externalReferences": [ @@ -693,6 +1140,10 @@ ], "purl": "pkg:pypi/soupsieve@2.6", "properties": [ + { + "name": "release_date", + "value": "2024-08-13T13:39:10Z" + }, { "name": "language", "value": "Python" @@ -705,7 +1156,7 @@ }, { "type": "library", - "bom-ref": "15-cvss", + "bom-ref": "17-cvss", "name": "cvss", "version": "3.3", "supplier": { @@ -720,8 +1171,8 @@ "description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3", "hashes": [ { - "alg": "SHA-1", - "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261" + "alg": "SHA-256", + "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1" } ], "licenses": [ @@ -743,10 +1194,30 @@ "url": "https://pypi.org/project/cvss/3.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/releases", + "type": "other" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "vcs" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/RedHatProductSecurity/cvss/actions", + "type": "build-system" } ], "purl": "pkg:pypi/cvss@3.3", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T10:05:52Z" + }, { "name": "language", "value": "Python" @@ -754,16 +1225,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-01T10:05:52.000Z" } ] }, { "type": "library", - "bom-ref": "16-defusedxml", + "bom-ref": "18-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -778,8 +1245,8 @@ "description": "XML bomb protection for Python stdlib modules", "hashes": [ { - "alg": "SHA-1", - "content": "ebff1b493751e2f0775314bdd4188d64f07ea184" + "alg": "SHA-256", + "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61" } ], "licenses": [ @@ -798,13 +1265,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/defusedxml/0.7.1/#files", + "url": "https://pypi.python.org/pypi/defusedxml", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/defusedxml@0.7.1", "properties": [ + { + "name": "release_date", + "value": "2021-03-08T10:59:24Z" + }, { "name": "language", "value": "Python" @@ -812,16 +1283,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-03-08T10:59:24.000Z" } ] }, { "type": "library", - "bom-ref": "17-distro", + "bom-ref": "19-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -834,6 +1301,12 @@ }, "cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*", "description": "Distro - an OS platform information API", + "hashes": [ + { + "alg": "SHA-256", + "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2" + } + ], "licenses": [ { "license": { @@ -857,6 +1330,10 @@ ], "purl": "pkg:pypi/distro@1.9.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-24T09:54:30Z" + }, { "name": "language", "value": "Python" @@ -864,16 +1341,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-12-24T09:54:30.000Z" } ] }, { "type": "library", - "bom-ref": "18-filetype", + "bom-ref": "20-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -888,15 +1361,15 @@ "description": "Infer file type and MIME type of any file/buffer. No external dependencies.", "hashes": [ { - "alg": "SHA-1", - "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585" + "alg": "SHA-256", + "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -908,13 +1381,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/filetype/1.2.0/#files", + "url": "https://github.com/h2non/filetype.py/tarball/master", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/filetype@1.2.0", "properties": [ + { + "name": "release_date", + "value": "2022-11-02T17:34:01Z" + }, { "name": "language", "value": "Python" @@ -922,18 +1399,14 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2022-11-02T17:34:01.000Z" } ] }, { "type": "library", - "bom-ref": "19-gsutil", + "bom-ref": "21-gsutil", "name": "gsutil", - "version": "5.32", + "version": "5.33", "supplier": { "name": "Google Inc .", "contact": [ @@ -942,8 +1415,14 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", + "hashes": [ + { + "alg": "SHA-256", + "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856" + } + ], "licenses": [ { "license": { @@ -960,13 +1439,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.32/#files", + "url": "https://cloud.google.com/storage/docs/gsutil_install", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.32", + "purl": "pkg:pypi/gsutil@5.33", "properties": [ + { + "name": "release_date", + "value": "2024-12-11T09:40:59Z" + }, { "name": "language", "value": "Python" @@ -974,16 +1457,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-12-04T14:56:46.000Z" } ] }, { "type": "library", - "bom-ref": "20-argcomplete", + "bom-ref": "22-argcomplete", "name": "argcomplete", "version": "3.5.2", "supplier": { @@ -998,8 +1477,8 @@ "description": "Bash tab completion for argparse", "hashes": [ { - "alg": "SHA-1", - "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc" + "alg": "SHA-256", + "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472" } ], "licenses": [ @@ -1021,10 +1500,30 @@ "url": "https://pypi.org/project/argcomplete/3.5.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://kislyuk.github.io/argcomplete", + "type": "documentation" + }, + { + "url": "https://github.com/kislyuk/argcomplete", + "type": "vcs" + }, + { + "url": "https://github.com/kislyuk/argcomplete/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst", + "type": "log" } ], "purl": "pkg:pypi/argcomplete@3.5.2", "properties": [ + { + "name": "release_date", + "value": "2024-12-06T18:24:27Z" + }, { "name": "language", "value": "Python" @@ -1032,16 +1531,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-12-06T18:24:27.000Z" } ] }, { "type": "library", - "bom-ref": "21-crcmod", + "bom-ref": "23-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -1054,11 +1549,17 @@ }, "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*", "description": "CRC Generator", + "hashes": [ + { + "alg": "SHA-256", + "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1070,13 +1571,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/crcmod/1.7/#files", + "url": "http://sourceforge.net/projects/crcmod", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/crcmod@1.7", "properties": [ + { + "name": "release_date", + "value": "2010-06-27T14:35:29Z" + }, { "name": "language", "value": "Python" @@ -1089,7 +1594,7 @@ }, { "type": "library", - "bom-ref": "22-fasteners", + "bom-ref": "24-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -1099,8 +1604,8 @@ "description": "A python package that provides useful locks", "hashes": [ { - "alg": "SHA-1", - "content": "06c3f06cab4e135b8d921932019a231c180eb9f4" + "alg": "SHA-256", + "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237" } ], "licenses": [ @@ -1126,6 +1631,10 @@ ], "purl": "pkg:pypi/fasteners@0.19", "properties": [ + { + "name": "release_date", + "value": "2023-09-19T17:11:18Z" + }, { "name": "language", "value": "Python" @@ -1138,7 +1647,7 @@ }, { "type": "library", - "bom-ref": "23-gcs-oauth2-boto-plugin", + "bom-ref": "25-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -1153,8 +1662,8 @@ "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "hashes": [ { - "alg": "SHA-1", - "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb" + "alg": "SHA-256", + "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843" } ], "licenses": [ @@ -1173,13 +1682,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files", + "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin", "type": "distribution", "comment": "Download location for component" } ], "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2", "properties": [ + { + "name": "release_date", + "value": "2024-05-02T14:37:31Z" + }, { "name": "language", "value": "Python" @@ -1187,57 +1700,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-02T14:37:31.000Z" } ] }, { "type": "library", - "bom-ref": "24-boto", - "name": "boto", - "version": "2.49.0", + "bom-ref": "26-rsa", + "name": "rsa", + "version": "4.7.2", "supplier": { - "name": "Mitch Garnaat", + "name": "Sybren A . Stuvel", "contact": [ { - "email": "mitch@garnaat.com" + "email": "sybren@stuvel.eu" } ] }, - "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", - "description": "Amazon Web Services Library", + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", "hashes": [ { - "alg": "SHA-1", - "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3" + "alg": "SHA-256", + "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2" } ], "licenses": [ { "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/boto/boto/", + "url": "https://stuvel.eu/rsa", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/boto/2.49.0/#files", + "url": "https://pypi.org/project/rsa/4.7.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/boto@2.49.0", + "purl": "pkg:pypi/rsa@4.7.2", "properties": [ + { + "name": "release_date", + "value": "2021-02-24T10:55:03Z" + }, { "name": "language", "value": "Python" @@ -1245,105 +1758,73 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2018-07-11T20:58:55.000Z" } ] }, { "type": "library", - "bom-ref": "25-google-auth", - "name": "google-auth", - "version": "2.17.0", + "bom-ref": "27-pyasn1", + "name": "pyasn1", + "version": "0.6.1", "supplier": { - "name": "Google Cloud Platform", + "name": "Ilya Etingof", "contact": [ { - "email": "googleapis-packages@google.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", + "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", "hashes": [ { - "alg": "SHA-1", - "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243" + "alg": "SHA-256", + "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-2-Clause", + "url": "https://opensource.org/licenses/BSD-2-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/googleapis/google-auth-library-python", + "url": "https://github.com/pyasn1/pyasn1", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth/2.17.0/#files", + "url": "https://pypi.org/project/pyasn1/0.6.1/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth@2.17.0", - "properties": [ - { - "name": "language", - "value": "Python" }, { - "name": "python_version", - "value": "3.8.18" - } - ] - }, - { - "type": "library", - "bom-ref": "26-cachetools", - "name": "cachetools", - "version": "5.5.0", - "supplier": { - "name": "Thomas Kemmer", - "contact": [ - { - "email": "tkemmer@computer.org" - } - ] - }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", - "description": "Extensible memoizing collections and decorators", - "licenses": [ + "url": "https://pyasn1.readthedocs.io", + "type": "documentation" + }, { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ + "url": "https://github.com/pyasn1/pyasn1", + "type": "vcs" + }, { - "url": "https://github.com/tkem/cachetools/", - "type": "website", - "comment": "Home page for project" + "url": "https://github.com/pyasn1/pyasn1/issues", + "type": "issue-tracker" }, { - "url": "https://pypi.org/project/cachetools/5.5.0/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html", + "type": "log" } ], - "purl": "pkg:pypi/cachetools@5.5.0", + "purl": "pkg:pypi/pyasn1@0.6.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:41:42Z" + }, { "name": "language", "value": "Python" @@ -1351,51 +1832,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-18T20:28:43.000Z" } ] }, { "type": "library", - "bom-ref": "27-pyasn1-modules", - "name": "pyasn1-modules", - "version": "0.4.1", + "bom-ref": "28-boto", + "name": "boto", + "version": "2.49.0", "supplier": { - "name": "Ilya Etingof", + "name": "Mitch Garnaat", "contact": [ { - "email": "etingof@gmail.com" + "email": "mitch@garnaat.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", - "description": "A collection of ASN.1-based protocols modules", + "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", + "description": "Amazon Web Services Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8" + } + ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1-modules", + "url": "https://github.com/boto/boto/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", + "url": "https://pypi.org/project/boto/2.49.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.1", + "purl": "pkg:pypi/boto@2.49.0", "properties": [ + { + "name": "release_date", + "value": "2018-07-11T20:58:55Z" + }, { "name": "language", "value": "Python" @@ -1403,51 +1890,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:42:08.000Z" } ] }, { "type": "library", - "bom-ref": "28-pyasn1", - "name": "pyasn1", - "version": "0.6.1", + "bom-ref": "29-google-reauth", + "name": "google-reauth", + "version": "0.1.1", "supplier": { - "name": "Ilya Etingof", + "name": "Google", "contact": [ { - "email": "etingof@gmail.com" + "email": "googleapis-publisher@google.com" } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", - "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", + "hashes": [ + { + "alg": "SHA-256", + "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368" + } + ], "licenses": [ { "license": { - "id": "BSD-2-Clause", - "url": "https://opensource.org/licenses/BSD-2-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/pyasn1/pyasn1", + "url": "https://github.com/Google/google-reauth-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyasn1/0.6.1/#files", + "url": "https://pypi.org/project/google-reauth/0.1.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.1", + "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-12-01T17:35:45Z" + }, { "name": "language", "value": "Python" @@ -1455,32 +1948,28 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-10T22:41:42.000Z" } ] }, { "type": "library", - "bom-ref": "29-rsa", - "name": "rsa", - "version": "4.7.2", + "bom-ref": "30-pyu2f", + "name": "pyu2f", + "version": "0.1.5", "supplier": { - "name": "Sybren A . Stuvel", + "name": "Google Inc .", "contact": [ { - "email": "sybren@stuvel.eu" + "email": "pyu2f-team@google.com" } ] }, - "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", - "description": "Pure-Python RSA implementation", + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", "hashes": [ { - "alg": "SHA-1", - "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa" + "alg": "SHA-256", + "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b" } ], "licenses": [ @@ -1494,18 +1983,22 @@ ], "externalReferences": [ { - "url": "https://stuvel.eu/rsa", + "url": "https://github.com/google/pyu2f/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rsa/4.7.2/#files", + "url": "https://pypi.org/project/pyu2f/0.1.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rsa@4.7.2", + "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ + { + "name": "release_date", + "value": "2020-10-30T20:03:07Z" + }, { "name": "language", "value": "Python" @@ -1513,16 +2006,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-02-24T10:55:03.000Z" } ] }, { "type": "library", - "bom-ref": "30-six", + "bom-ref": "31-six", "name": "six", "version": "1.17.0", "supplier": { @@ -1535,11 +2024,17 @@ }, "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*", "description": "Python 2 and 3 compatibility utilities", + "hashes": [ + { + "alg": "SHA-256", + "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1559,63 +2054,9 @@ "purl": "pkg:pypi/six@1.17.0", "properties": [ { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-12-04T17:35:26.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "31-google-auth-httplib2", - "name": "google-auth-httplib2", - "version": "0.2.0", - "supplier": { - "name": "Google Cloud Platform", - "contact": [ - { - "email": "googleapis-packages@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", - "description": "Google Authentication Library: httplib2 transport", - "hashes": [ - { - "alg": "SHA-1", - "content": "932ac88800dd6de004c1bd59867831ccf033f031" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ - { - "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", - "type": "website", - "comment": "Home page for project" + "name": "release_date", + "value": "2024-12-04T17:35:26Z" }, - { - "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/google-auth-httplib2@0.2.0", - "properties": [ { "name": "language", "value": "Python" @@ -1623,10 +2064,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-12-12T17:40:13.000Z" } ] }, @@ -1647,15 +2084,15 @@ "description": "A comprehensive HTTP client library.", "hashes": [ { - "alg": "SHA-1", - "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4" + "alg": "SHA-256", + "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -1674,6 +2111,10 @@ ], "purl": "pkg:pypi/httplib2@0.20.4", "properties": [ + { + "name": "release_date", + "value": "2022-02-03T00:00:29Z" + }, { "name": "language", "value": "Python" @@ -1699,6 +2140,12 @@ }, "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*", "description": "pyparsing module - Classes and methods to define and execute parsing grammars", + "hashes": [ + { + "alg": "SHA-256", + "content": "a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c" + } + ], "externalReferences": [ { "url": "https://github.com/pyparsing/pyparsing/", @@ -1713,6 +2160,10 @@ ], "purl": "pkg:pypi/pyparsing@3.1.4", "properties": [ + { + "name": "release_date", + "value": "2024-08-25T15:00:45Z" + }, { "name": "language", "value": "Python" @@ -1725,23 +2176,23 @@ }, { "type": "library", - "bom-ref": "34-google-reauth", - "name": "google-reauth", - "version": "0.1.1", + "bom-ref": "34-oauth2client", + "name": "oauth2client", + "version": "4.1.3", "supplier": { - "name": "Google", + "name": "Google Inc .", "contact": [ { - "email": "googleapis-publisher@google.com" + "email": "jonwayne+oauth2client@google.com" } ] }, - "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", - "description": "Google Reauth Library", + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "hashes": [ { - "alg": "SHA-1", - "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b" + "alg": "SHA-256", + "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac" } ], "licenses": [ @@ -1755,18 +2206,22 @@ ], "externalReferences": [ { - "url": "https://github.com/Google/google-reauth-python", + "url": "http://github.com/google/oauth2client/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-reauth/0.1.1/#files", + "url": "https://pypi.org/project/oauth2client/4.1.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-reauth@0.1.1", + "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ + { + "name": "release_date", + "value": "2018-09-07T21:38:16Z" + }, { "name": "language", "value": "Python" @@ -1774,115 +2229,69 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2020-12-01T17:35:45.000Z" } ] }, { "type": "library", - "bom-ref": "35-pyu2f", - "name": "pyu2f", - "version": "0.1.5", + "bom-ref": "35-pyasn1-modules", + "name": "pyasn1-modules", + "version": "0.4.1", "supplier": { - "name": "Google Inc .", + "name": "Ilya Etingof", "contact": [ { - "email": "pyu2f-team@google.com" + "email": "etingof@gmail.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", - "description": "U2F host library for interacting with a U2F device over USB.", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules", "hashes": [ { - "alg": "SHA-1", - "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe" + "alg": "SHA-256", + "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/google/pyu2f/", + "url": "https://github.com/pyasn1/pyasn1-modules", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyu2f/0.1.5/#files", + "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", "type": "distribution", "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/pyu2f@0.1.5", - "properties": [ - { - "name": "language", - "value": "Python" }, { - "name": "python_version", - "value": "3.8.18" + "url": "https://github.com/pyasn1/pyasn1-modules", + "type": "vcs" }, { - "name": "package_release_date", - "value": "2020-10-30T20:03:07.000Z" - } - ] - }, - { - "type": "library", - "bom-ref": "36-oauth2client", - "name": "oauth2client", - "version": "4.1.3", - "supplier": { - "name": "Google Inc .", - "contact": [ - { - "email": "jonwayne+oauth2client@google.com" - } - ] - }, - "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", - "description": "OAuth 2.0 client library", - "hashes": [ - { - "alg": "SHA-1", - "content": "50d20532a748f18e53f7d24ccbe6647132c979a9" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ - { - "url": "http://github.com/google/oauth2client/", - "type": "website", - "comment": "Home page for project" + "url": "https://github.com/pyasn1/pyasn1-modules/issues", + "type": "issue-tracker" }, { - "url": "https://pypi.org/project/oauth2client/4.1.3/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt", + "type": "log" } ], - "purl": "pkg:pypi/oauth2client@4.1.3", + "purl": "pkg:pypi/pyasn1-modules@0.4.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-10T22:42:08Z" + }, { "name": "language", "value": "Python" @@ -1890,16 +2299,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2018-09-07T21:38:16.000Z" } ] }, { "type": "library", - "bom-ref": "37-pyopenssl", + "bom-ref": "36-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1912,6 +2317,12 @@ }, "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", + "hashes": [ + { + "alg": "SHA-256", + "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d" + } + ], "licenses": [ { "license": { @@ -1931,10 +2342,18 @@ "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pyca/pyopenssl", + "type": "vcs" } ], "purl": "pkg:pypi/pyopenssl@24.2.1", "properties": [ + { + "name": "release_date", + "value": "2024-07-20T17:26:29Z" + }, { "name": "language", "value": "Python" @@ -1947,7 +2366,7 @@ }, { "type": "library", - "bom-ref": "38-cryptography", + "bom-ref": "37-cryptography", "name": "cryptography", "version": "43.0.3", "supplier": { @@ -1960,6 +2379,12 @@ }, "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e" + } + ], "licenses": [ { "expression": "Apache-2.0 OR BSD-3-Clause" @@ -1975,10 +2400,30 @@ "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://cryptography.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pyca/cryptography/", + "type": "vcs" + }, + { + "url": "https://github.com/pyca/cryptography/issues", + "type": "issue-tracker" + }, + { + "url": "https://cryptography.io/en/latest/changelog/", + "type": "log" } ], "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-18T15:57:36Z" + }, { "name": "language", "value": "Python" @@ -1991,7 +2436,7 @@ }, { "type": "library", - "bom-ref": "39-cffi", + "bom-ref": "38-cffi", "name": "cffi", "version": "1.17.1", "supplier": { @@ -2006,15 +2451,15 @@ "description": "Foreign Function Interface for Python calling C code.", "hashes": [ { - "alg": "SHA-1", - "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51" + "alg": "SHA-256", + "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2029,10 +2474,38 @@ "url": "https://pypi.org/project/cffi/1.17.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "http://cffi.readthedocs.org/", + "type": "documentation" + }, + { + "url": "https://github.com/python-cffi/cffi", + "type": "vcs" + }, + { + "url": "https://github.com/python-cffi/cffi/issues", + "type": "issue-tracker" + }, + { + "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html", + "type": "log" + }, + { + "url": "https://github.com/python-cffi/cffi/releases", + "type": "other" + }, + { + "url": "https://groups.google.com/forum/#!forum/python-cffi", + "type": "other" } ], "purl": "pkg:pypi/cffi@1.17.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-04T20:43:30Z" + }, { "name": "language", "value": "Python" @@ -2040,16 +2513,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-04T20:43:30.000Z" } ] }, { "type": "library", - "bom-ref": "40-pycparser", + "bom-ref": "39-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -2064,8 +2533,8 @@ "description": "C parser in Python", "hashes": [ { - "alg": "SHA-1", - "content": "129d32ef805d715d90a3b2035b13168c17ca63d2" + "alg": "SHA-256", + "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc" } ], "licenses": [ @@ -2091,6 +2560,10 @@ ], "purl": "pkg:pypi/pycparser@2.22", "properties": [ + { + "name": "release_date", + "value": "2024-03-30T13:22:20Z" + }, { "name": "language", "value": "Python" @@ -2098,16 +2571,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-03-30T13:22:20.000Z" } ] }, { "type": "library", - "bom-ref": "41-retry-decorator", + "bom-ref": "40-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -2122,15 +2591,15 @@ "description": "Retry Decorator", "hashes": [ { - "alg": "SHA-1", - "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349" + "alg": "SHA-256", + "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2149,6 +2618,10 @@ ], "purl": "pkg:pypi/retry-decorator@1.1.1", "properties": [ + { + "name": "release_date", + "value": "2020-03-10T23:56:29Z" + }, { "name": "language", "value": "Python" @@ -2156,32 +2629,28 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2020-03-10T23:56:29.000Z" } ] }, { "type": "library", - "bom-ref": "42-google-apitools", - "name": "google-apitools", - "version": "0.5.32", + "bom-ref": "41-google-auth", + "name": "google-auth", + "version": "2.17.0", "supplier": { - "name": "Craig Citro", + "name": "Google Cloud Platform", "contact": [ { - "email": "craigcitro@google.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*", - "description": "client libraries for humans", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "hashes": [ { - "alg": "SHA-1", - "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1" + "alg": "SHA-256", + "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94" } ], "licenses": [ @@ -2195,18 +2664,22 @@ ], "externalReferences": [ { - "url": "http://github.com/google/apitools", + "url": "https://github.com/googleapis/google-auth-library-python", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-apitools/0.5.32/#files", + "url": "https://pypi.org/project/google-auth/2.17.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-apitools@0.5.32", + "purl": "pkg:pypi/google-auth@2.17.0", "properties": [ + { + "name": "release_date", + "value": "2023-03-28T19:51:30Z" + }, { "name": "language", "value": "Python" @@ -2214,57 +2687,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-05-05T22:12:58.000Z" } ] }, { "type": "library", - "bom-ref": "43-monotonic", - "name": "monotonic", - "version": "1.6", + "bom-ref": "42-cachetools", + "name": "cachetools", + "version": "5.5.0", "supplier": { - "name": "Ori Livneh", + "name": "Thomas Kemmer", "contact": [ { - "email": "ori@wikimedia.org" + "email": "tkemmer@computer.org" } ] }, - "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*", - "description": "An implementation of time.monotonic() for Python 2 & < 3.3", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", "hashes": [ { - "alg": "SHA-1", - "content": "80681f6604e136e513550342f977edb98f5fc5ad" + "alg": "SHA-256", + "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/atdt/monotonic", + "url": "https://github.com/tkem/cachetools/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/monotonic/1.6/#files", + "url": "https://pypi.org/project/cachetools/5.5.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/monotonic@1.6", + "purl": "pkg:pypi/cachetools@5.5.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-18T20:28:43Z" + }, { "name": "language", "value": "Python" @@ -2272,43 +2745,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-04-09T21:58:05.000Z" } ] }, { "type": "library", - "bom-ref": "44-importlib-metadata", - "name": "importlib-metadata", - "version": "8.5.0", + "bom-ref": "43-google-auth-httplib2", + "name": "google-auth-httplib2", + "version": "0.2.0", "supplier": { - "name": "Jason R .", + "name": "Google Cloud Platform", "contact": [ { - "email": "jaraco@jaraco.com" + "email": "googleapis-packages@google.com" } ] }, - "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", - "description": "Read metadata from Python packages", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library: httplib2 transport", "hashes": [ { - "alg": "SHA-1", - "content": "b34810b1e0665580a91ea19b6317a1890ecd42c1" + "alg": "SHA-256", + "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", + "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-metadata@8.5.0", + "purl": "pkg:pypi/google-auth-httplib2@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2023-12-12T17:40:13Z" + }, { "name": "language", "value": "Python" @@ -2316,37 +2803,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-11T14:56:07.000Z" } ] }, { "type": "library", - "bom-ref": "45-zipp", - "name": "zipp", - "version": "3.20.2", + "bom-ref": "44-google-apitools", + "name": "google-apitools", + "version": "0.5.32", "supplier": { - "name": "Jason R .", + "name": "Craig Citro", "contact": [ { - "email": "jaraco@jaraco.com" + "email": "craigcitro@google.com" } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", - "description": "Backport of pathlib-compatible object wrapper for zip files", + "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*", + "description": "client libraries for humans", + "hashes": [ + { + "alg": "SHA-256", + "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2/#files", + "url": "http://github.com/google/apitools", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-apitools/0.5.32/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/google-apitools@0.5.32", "properties": [ + { + "name": "release_date", + "value": "2021-05-05T22:12:58Z" + }, { "name": "language", "value": "Python" @@ -2359,34 +2866,52 @@ }, { "type": "library", - "bom-ref": "46-importlib-resources", - "name": "importlib-resources", - "version": "6.4.5", + "bom-ref": "45-monotonic", + "name": "monotonic", + "version": "1.6", "supplier": { - "name": "Barry Warsaw", + "name": "Ori Livneh", "contact": [ { - "email": "barry@python.org" + "email": "ori@wikimedia.org" } ] }, - "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*", - "description": "Read resources from Python packages", + "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*", + "description": "An implementation of time.monotonic() for Python 2 & < 3.3", "hashes": [ { - "alg": "SHA-1", - "content": "284148b005b57031a354402c446473f53cab2c49" + "alg": "SHA-256", + "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/importlib-resources/6.4.5/#files", + "url": "https://github.com/atdt/monotonic", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/monotonic/1.6/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-resources@6.4.5", + "purl": "pkg:pypi/monotonic@1.6", "properties": [ + { + "name": "release_date", + "value": "2021-04-09T21:58:05Z" + }, { "name": "language", "value": "Python" @@ -2394,23 +2919,19 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-09T17:03:13.000Z" } ] }, { "type": "library", - "bom-ref": "47-jinja2", + "bom-ref": "46-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "hashes": [ { - "alg": "SHA-1", - "content": "dd4a8b5466d8790540c181590b14db4d4d889d57" + "alg": "SHA-256", + "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d" } ], "externalReferences": [ @@ -2418,10 +2939,34 @@ "url": "https://pypi.org/project/jinja2/3.1.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jinja.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" + }, + { + "url": "https://jinja.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://github.com/pallets/jinja/", + "type": "vcs" } ], "purl": "pkg:pypi/jinja2@3.1.4", "properties": [ + { + "name": "release_date", + "value": "2024-05-05T23:41:59Z" + }, { "name": "language", "value": "Python" @@ -2429,23 +2974,19 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-05T23:41:59.000Z" } ] }, { "type": "library", - "bom-ref": "48-markupsafe", + "bom-ref": "47-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", "hashes": [ { - "alg": "SHA-1", - "content": "fbba4acd0312826cec9cfe18371c7df07962cb65" + "alg": "SHA-256", + "content": "a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc" } ], "licenses": [ @@ -2467,10 +3008,38 @@ "url": "https://pypi.org/project/markupsafe/2.1.5/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://palletsprojects.com/donate", + "type": "other" + }, + { + "url": "https://markupsafe.palletsprojects.com/", + "type": "documentation" + }, + { + "url": "https://markupsafe.palletsprojects.com/changes/", + "type": "log" + }, + { + "url": "https://github.com/pallets/markupsafe/", + "type": "vcs" + }, + { + "url": "https://github.com/pallets/markupsafe/issues/", + "type": "issue-tracker" + }, + { + "url": "https://discord.gg/pallets", + "type": "chat" } ], "purl": "pkg:pypi/markupsafe@2.1.5", "properties": [ + { + "name": "release_date", + "value": "2024-02-02T16:30:04Z" + }, { "name": "language", "value": "Python" @@ -2483,42 +3052,124 @@ }, { "type": "library", - "bom-ref": "49-jsonschema", + "bom-ref": "48-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { "name": "Julian Berman", "contact": [ { - "email": "Julian+jsonschema@GrayVines.com" + "email": "Julian+jsonschema@GrayVines.com" + } + ] + }, + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", + "description": "An implementation of JSON Schema validation for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566" + } + ], + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/license/mit/", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/jsonschema/4.23.0/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://python-jsonschema.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "vcs" + } + ], + "purl": "pkg:pypi/jsonschema@4.23.0", + "properties": [ + { + "name": "release_date", + "value": "2024-07-08T18:40:00Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "49-importlib-resources", + "name": "importlib-resources", + "version": "6.4.5", + "supplier": { + "name": "Barry Warsaw", + "contact": [ + { + "email": "barry@python.org" } ] }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", - "description": "An implementation of JSON Schema validation for Python", - "licenses": [ + "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*", + "description": "Read resources from Python packages", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717" } ], "externalReferences": [ { - "url": "https://github.com/python-jsonschema/jsonschema", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/jsonschema/4.23.0/#files", + "url": "https://pypi.org/project/importlib-resources/6.4.5/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_resources", + "type": "vcs" } ], - "purl": "pkg:pypi/jsonschema@4.23.0", + "purl": "pkg:pypi/importlib-resources@6.4.5", "properties": [ + { + "name": "release_date", + "value": "2024-09-09T17:03:13Z" + }, { "name": "language", "value": "Python" @@ -2526,10 +3177,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-07-08T18:40:00.000Z" } ] }, @@ -2550,15 +3197,15 @@ "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { - "alg": "SHA-1", - "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76" + "alg": "SHA-256", + "content": "87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2573,10 +3220,34 @@ "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://jsonschema-specifications.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/python-jsonschema/jsonschema-specifications", + "type": "vcs" } ], "purl": "pkg:pypi/jsonschema-specifications@2023.12.1", "properties": [ + { + "name": "release_date", + "value": "2023-12-25T15:16:51Z" + }, { "name": "language", "value": "Python" @@ -2604,8 +3275,8 @@ "description": "JSON Referencing + Python", "hashes": [ { - "alg": "SHA-1", - "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845" + "alg": "SHA-256", + "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de" } ], "externalReferences": [ @@ -2618,10 +3289,38 @@ "url": "https://pypi.org/project/referencing/0.35.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://referencing.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/python-jsonschema/referencing/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://referencing.readthedocs.io/en/stable/changes/", + "type": "log" + }, + { + "url": "https://github.com/python-jsonschema/referencing", + "type": "vcs" } ], "purl": "pkg:pypi/referencing@0.35.1", "properties": [ + { + "name": "release_date", + "value": "2024-05-01T20:26:02Z" + }, { "name": "language", "value": "Python" @@ -2629,10 +3328,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-01T20:26:02.000Z" } ] }, @@ -2653,15 +3348,15 @@ "description": "Python bindings to Rust's persistent data structures (rpds)", "hashes": [ { - "alg": "SHA-1", - "content": "1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9" + "alg": "SHA-256", + "content": "a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2676,10 +3371,34 @@ "url": "https://pypi.org/project/rpds-py/0.20.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rpds.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/crate-py/rpds/issues/", + "type": "issue-tracker" + }, + { + "url": "https://github.com/sponsors/Julian", + "type": "other" + }, + { + "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link", + "type": "other" + }, + { + "url": "https://github.com/crate-py/rpds", + "type": "vcs" } ], "purl": "pkg:pypi/rpds-py@0.20.1", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T14:26:20Z" + }, { "name": "language", "value": "Python" @@ -2719,6 +3438,10 @@ ], "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T14:26:20Z" + }, { "name": "language", "value": "Python" @@ -2726,10 +3449,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2021-07-21T08:19:03.000Z" } ] }, @@ -2737,7 +3456,7 @@ "type": "library", "bom-ref": "54-lib4sbom", "name": "lib4sbom", - "version": "0.7.5", + "version": "0.8.0", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2746,8 +3465,14 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", + "hashes": [ + { + "alg": "SHA-256", + "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395" + } + ], "licenses": [ { "license": { @@ -2764,13 +3489,17 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.7.5/#files", + "url": "https://pypi.org/project/lib4sbom/0.8.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.5", + "purl": "pkg:pypi/lib4sbom@0.8.0", "properties": [ + { + "name": "release_date", + "value": "2024-12-09T20:13:26Z" + }, { "name": "language", "value": "Python" @@ -2778,10 +3507,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-18T21:36:24.000Z" } ] }, @@ -2800,11 +3525,17 @@ }, "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2816,13 +3547,37 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyyaml/6.0.2/#files", + "url": "https://pypi.org/project/PyYAML/", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/yaml/pyyaml/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/yaml/pyyaml/actions", + "type": "build-system" + }, + { + "url": "https://pyyaml.org/wiki/PyYAMLDocumentation", + "type": "documentation" + }, + { + "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core", + "type": "mailing-list" + }, + { + "url": "https://github.com/yaml/pyyaml", + "type": "vcs" } ], "purl": "pkg:pypi/pyyaml@6.0.2", "properties": [ + { + "name": "release_date", + "value": "2024-08-06T20:31:40Z" + }, { "name": "language", "value": "Python" @@ -2830,10 +3585,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-06T20:31:40.000Z" } ] }, @@ -2854,8 +3605,8 @@ "description": "A library implementing the 'SemVer' scheme.", "hashes": [ { - "alg": "SHA-1", - "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a" + "alg": "SHA-256", + "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177" } ], "licenses": [ @@ -2881,6 +3632,10 @@ ], "purl": "pkg:pypi/semantic-version@2.10.0", "properties": [ + { + "name": "release_date", + "value": "2022-05-26T13:35:21Z" + }, { "name": "language", "value": "Python" @@ -2888,10 +3643,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2022-05-26T13:35:21.000Z" } ] }, @@ -2912,8 +3663,8 @@ "description": "VEX generator and consumer library", "hashes": [ { - "alg": "SHA-1", - "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2" + "alg": "SHA-256", + "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce" } ], "licenses": [ @@ -2939,6 +3690,10 @@ ], "purl": "pkg:pypi/lib4vex@0.2.0", "properties": [ + { + "name": "release_date", + "value": "2024-08-29T20:36:52Z" + }, { "name": "language", "value": "Python" @@ -2946,10 +3701,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-29T20:36:52.000Z" } ] }, @@ -2970,15 +3721,15 @@ "description": "CSAF generator and analyser", "hashes": [ { - "alg": "SHA-1", - "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4" + "alg": "SHA-256", + "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -2997,6 +3748,10 @@ ], "purl": "pkg:pypi/csaf-tool@0.3.2", "properties": [ + { + "name": "release_date", + "value": "2024-06-12T20:10:06Z" + }, { "name": "language", "value": "Python" @@ -3004,10 +3759,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-06-12T20:10:06.000Z" } ] }, @@ -3023,15 +3774,15 @@ "description": "A purl aka. Package URL parser and builder", "hashes": [ { - "alg": "SHA-1", - "content": "9155d4173e4c1f29a345de86c280ab783c837882" + "alg": "SHA-256", + "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3050,6 +3801,10 @@ ], "purl": "pkg:pypi/packageurl-python@0.16.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-22T05:51:23Z" + }, { "name": "language", "value": "Python" @@ -3057,10 +3812,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-22T05:51:23.000Z" } ] }, @@ -3081,15 +3832,15 @@ "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "hashes": [ { - "alg": "SHA-1", - "content": "43d3b04725ab9731727fb1126e35980c62f32377" + "alg": "SHA-256", + "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3104,10 +3855,18 @@ "url": "https://pypi.org/project/rich/13.9.4/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://rich.readthedocs.io/en/latest/", + "type": "documentation" } ], "purl": "pkg:pypi/rich@13.9.4", "properties": [ + { + "name": "release_date", + "value": "2024-11-01T16:43:55Z" + }, { "name": "language", "value": "Python" @@ -3115,10 +3874,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-01T16:43:55.000Z" } ] }, @@ -3139,8 +3894,8 @@ "description": "Python port of markdown-it. Markdown parsing, done right!", "hashes": [ { - "alg": "SHA-1", - "content": "bee6d1953be75717a3f2f6a917da6f464bed421d" + "alg": "SHA-256", + "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1" } ], "externalReferences": [ @@ -3153,10 +3908,18 @@ "url": "https://pypi.org/project/markdown-it-py/3.0.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://markdown-it-py.readthedocs.io", + "type": "documentation" } ], "purl": "pkg:pypi/markdown-it-py@3.0.0", "properties": [ + { + "name": "release_date", + "value": "2023-06-03T06:41:11Z" + }, { "name": "language", "value": "Python" @@ -3164,10 +3927,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-06-03T06:41:11.000Z" } ] }, @@ -3188,8 +3947,8 @@ "description": "Markdown URL utilities", "hashes": [ { - "alg": "SHA-1", - "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e" + "alg": "SHA-256", + "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8" } ], "externalReferences": [ @@ -3206,6 +3965,10 @@ ], "purl": "pkg:pypi/mdurl@0.1.2", "properties": [ + { + "name": "release_date", + "value": "2022-08-14T12:40:09Z" + }, { "name": "language", "value": "Python" @@ -3213,10 +3976,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2022-08-14T12:40:09.000Z" } ] }, @@ -3237,8 +3996,8 @@ "description": "Pygments is a syntax highlighting package written in Python.", "hashes": [ { - "alg": "SHA-1", - "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb" + "alg": "SHA-256", + "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a" } ], "licenses": [ @@ -3260,10 +4019,30 @@ "url": "https://pypi.org/project/pygments/2.18.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://pygments.org/docs", + "type": "documentation" + }, + { + "url": "https://github.com/pygments/pygments", + "type": "vcs" + }, + { + "url": "https://github.com/pygments/pygments/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/pygments/pygments/blob/master/CHANGES", + "type": "log" } ], "purl": "pkg:pypi/pygments@2.18.0", "properties": [ + { + "name": "release_date", + "value": "2024-05-04T13:41:57Z" + }, { "name": "language", "value": "Python" @@ -3271,43 +4050,69 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-04T13:41:57.000Z" } ] }, { "type": "library", - "bom-ref": "64-packaging", - "name": "packaging", - "version": "24.2", + "bom-ref": "64-python-gnupg", + "name": "python-gnupg", + "version": "0.5.3", "supplier": { - "name": "Donald Stufft", + "name": "Vinay Sajip", "contact": [ { - "email": "donald@stufft.io" + "email": "vinay_sajip@yahoo.co.uk" } ] }, - "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", - "description": "Core utilities for Python packages", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", + "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "hashes": [ { - "alg": "SHA-1", - "content": "d8e3b31b734926ebbcaff654279f6855a73e052f" + "alg": "SHA-256", + "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause", + "url": "https://opensource.org/licenses/BSD-3-Clause", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.2/#files", + "url": "https://github.com/vsajip/python-gnupg", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://gnupg.readthedocs.io/", + "type": "documentation" + }, + { + "url": "https://github.com/vsajip/python-gnupg", + "type": "vcs" + }, + { + "url": "https://github.com/vsajip/python-gnupg/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/packaging@24.2", + "purl": "pkg:pypi/python-gnupg@0.5.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-20T16:43:47Z" + }, { "name": "language", "value": "Python" @@ -3315,51 +4120,51 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-11-08T09:47:44.000Z" } ] }, { "type": "library", - "bom-ref": "65-plotly", - "name": "plotly", - "version": "5.24.1", + "bom-ref": "65-packaging", + "name": "packaging", + "version": "24.2", "supplier": { - "name": "Chris P", + "name": "Donald Stufft", "contact": [ { - "email": "chris@plot.ly" + "email": "donald@stufft.io" } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", - "description": "An open-source, interactive data visualization library for Python", - "licenses": [ + "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*", + "description": "Core utilities for Python packages", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759" } ], "externalReferences": [ { - "url": "https://plotly.com/python/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/plotly/5.24.1/#files", + "url": "https://pypi.org/project/packaging/24.2/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://packaging.pypa.io/", + "type": "documentation" + }, + { + "url": "https://github.com/pypa/packaging", + "type": "vcs" } ], - "purl": "pkg:pypi/plotly@5.24.1", + "purl": "pkg:pypi/packaging@24.2", "properties": [ + { + "name": "release_date", + "value": "2024-11-08T09:47:44Z" + }, { "name": "language", "value": "Python" @@ -3367,57 +4172,69 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-12T15:36:24.000Z" } ] }, { "type": "library", - "bom-ref": "66-tenacity", - "name": "tenacity", - "version": "9.0.0", + "bom-ref": "66-plotly", + "name": "plotly", + "version": "5.24.1", "supplier": { - "name": "Julien Danjou", + "name": "Chris P", "contact": [ { - "email": "julien@danjou.info" + "email": "chris@plot.ly" } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", - "description": "Retry code until it succeeds", + "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", + "description": "An open-source, interactive data visualization library for Python", "hashes": [ { - "alg": "SHA-1", - "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb" + "alg": "SHA-256", + "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089" } ], "licenses": [ { "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/jd/tenacity", + "url": "https://plotly.com/python/", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/tenacity/9.0.0/#files", + "url": "https://pypi.org/project/plotly/5.24.1/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://plotly.com/python/", + "type": "documentation" + }, + { + "url": "https://github.com/plotly/plotly.py", + "type": "vcs" + }, + { + "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md", + "type": "log" } ], - "purl": "pkg:pypi/tenacity@9.0.0", + "purl": "pkg:pypi/plotly@5.24.1", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T15:36:24Z" + }, { "name": "language", "value": "Python" @@ -3425,57 +4242,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-07-29T12:12:25.000Z" } ] }, { - "type": "library", - "bom-ref": "67-python-gnupg", - "name": "python-gnupg", - "version": "0.5.3", + "type": "library", + "bom-ref": "67-tenacity", + "name": "tenacity", + "version": "9.0.0", "supplier": { - "name": "Vinay Sajip", + "name": "Julien Danjou", "contact": [ { - "email": "vinay_sajip@yahoo.co.uk" + "email": "julien@danjou.info" } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", - "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", + "description": "Retry code until it succeeds", "hashes": [ { - "alg": "SHA-1", - "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c" + "alg": "SHA-256", + "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539" } ], "licenses": [ { "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/vsajip/python-gnupg", + "url": "https://github.com/jd/tenacity", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", + "url": "https://pypi.org/project/tenacity/9.0.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.3", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-29T12:12:25Z" + }, { "name": "language", "value": "Python" @@ -3483,10 +4300,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-20T16:43:47.000Z" } ] }, @@ -3507,8 +4320,8 @@ "description": "Python HTTP for Humans.", "hashes": [ { - "alg": "SHA-1", - "content": "0e322af87745eff34caffe4df68456ebc20d9068" + "alg": "SHA-256", + "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6" } ], "licenses": [ @@ -3530,10 +4343,22 @@ "url": "https://pypi.org/project/requests/2.32.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://requests.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/psf/requests", + "type": "vcs" } ], "purl": "pkg:pypi/requests@2.32.3", "properties": [ + { + "name": "release_date", + "value": "2024-05-29T15:37:47Z" + }, { "name": "language", "value": "Python" @@ -3541,51 +4366,65 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-05-29T15:37:47.000Z" } ] }, { "type": "library", - "bom-ref": "69-certifi", - "name": "certifi", - "version": "2024.8.30", + "bom-ref": "69-charset-normalizer", + "name": "charset-normalizer", + "version": "3.4.0", "supplier": { - "name": "Kenneth Reitz", + "name": "Ahmed TAHRI", "contact": [ { - "email": "me@kennethreitz.com" + "email": "tahri.ahmed@proton.me" } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*", - "description": "Python package for providing Mozilla's CA Bundle.", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", + "hashes": [ + { + "alg": "SHA-256", + "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6" + } + ], "licenses": [ { "license": { - "id": "MPL-2.0", - "url": "https://www.mozilla.org/MPL/2.0/", + "id": "MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/certifi/python-certifi", + "url": "https://github.com/Ousret/charset_normalizer", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2024.8.30/#files", + "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/Ousret/charset_normalizer/issues", + "type": "issue-tracker" + }, + { + "url": "https://charset-normalizer.readthedocs.io/en/latest", + "type": "documentation" } ], - "purl": "pkg:pypi/certifi@2024.8.30", + "purl": "pkg:pypi/charset-normalizer@3.4.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-09T07:38:02Z" + }, { "name": "language", "value": "Python" @@ -3593,51 +4432,59 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-08-30T01:55:02.000Z" } ] }, { "type": "library", - "bom-ref": "70-charset-normalizer", - "name": "charset-normalizer", - "version": "3.4.0", + "bom-ref": "70-urllib3", + "name": "urllib3", + "version": "2.2.3", "supplier": { - "name": "Ahmed TAHRI", + "name": "Andrey Petrov", "contact": [ { - "email": "tahri.ahmed@proton.me" + "email": "andrey.petrov@shazow.net" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", - "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "licenses": [ + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "hashes": [ { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "alg": "SHA-256", + "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac" } ], "externalReferences": [ { - "url": "https://github.com/Ousret/charset_normalizer", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", + "url": "https://pypi.org/project/urllib3/2.2.3/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst", + "type": "log" + }, + { + "url": "https://urllib3.readthedocs.io", + "type": "documentation" + }, + { + "url": "https://github.com/urllib3/urllib3", + "type": "vcs" + }, + { + "url": "https://github.com/urllib3/urllib3/issues", + "type": "issue-tracker" } ], - "purl": "pkg:pypi/charset-normalizer@3.4.0", + "purl": "pkg:pypi/urllib3@2.2.3", "properties": [ + { + "name": "release_date", + "value": "2024-09-12T10:52:16Z" + }, { "name": "language", "value": "Python" @@ -3645,43 +4492,61 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-09T07:38:02.000Z" } ] }, { "type": "library", - "bom-ref": "71-urllib3", - "name": "urllib3", - "version": "2.2.3", + "bom-ref": "71-certifi", + "name": "certifi", + "version": "2024.12.14", "supplier": { - "name": "Andrey Petrov", + "name": "Kenneth Reitz", "contact": [ { - "email": "andrey.petrov@shazow.net" + "email": "me@kennethreitz.com" } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", "hashes": [ { - "alg": "SHA-1", - "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df" + "alg": "SHA-256", + "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56" + } + ], + "licenses": [ + { + "license": { + "id": "MPL-2.0", + "url": "https://www.mozilla.org/MPL/2.0/", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.3/#files", + "url": "https://github.com/certifi/python-certifi", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/certifi/2024.12.14/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/certifi/python-certifi", + "type": "vcs" } ], - "purl": "pkg:pypi/urllib3@2.2.3", + "purl": "pkg:pypi/certifi@2024.12.14", "properties": [ + { + "name": "release_date", + "value": "2024-12-14T13:52:36Z" + }, { "name": "language", "value": "Python" @@ -3689,10 +4554,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-09-12T10:52:16.000Z" } ] }, @@ -3713,15 +4574,15 @@ "description": "Read rpm archive files", "hashes": [ { - "alg": "SHA-1", - "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5" + "alg": "SHA-256", + "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } @@ -3740,6 +4601,10 @@ ], "purl": "pkg:pypi/rpmfile@2.1.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-24T21:57:45Z" + }, { "name": "language", "value": "Python" @@ -3747,10 +4612,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-07-24T21:57:45.000Z" } ] }, @@ -3769,15 +4630,37 @@ }, "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "hashes": [ + { + "alg": "SHA-256", + "content": "f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/setuptools/75.3.0/#files", "type": "distribution", "comment": "Download location for component" + }, + { + "url": "https://github.com/pypa/setuptools", + "type": "vcs" + }, + { + "url": "https://setuptools.pypa.io/", + "type": "documentation" + }, + { + "url": "https://setuptools.pypa.io/en/stable/history.html", + "type": "log" } ], "purl": "pkg:pypi/setuptools@75.3.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-29T10:23:24Z" + }, { "name": "language", "value": "Python" @@ -3790,48 +4673,52 @@ }, { "type": "library", - "bom-ref": "74-toml", - "name": "toml", - "version": "0.10.2", + "bom-ref": "74-xmlschema", + "name": "xmlschema", + "version": "3.4.3", "supplier": { - "name": "William Pearson", + "name": "Davide Brunato", "contact": [ { - "email": "uiri@xqz.ca" + "email": "brunato@sissa.it" } ] }, - "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*", - "description": "Python Library for Tom's Obvious, Minimal Language", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", + "description": "An XML Schema validator and decoder", "hashes": [ { - "alg": "SHA-1", - "content": "3f637dba5f68db63d4b30967fedda51c82459471" + "alg": "SHA-256", + "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3" } ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/uiri/toml", + "url": "https://github.com/sissaschool/xmlschema", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/toml/0.10.2/#files", + "url": "https://pypi.org/project/xmlschema/3.4.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/toml@0.10.2", + "purl": "pkg:pypi/xmlschema@3.4.3", "properties": [ + { + "name": "release_date", + "value": "2024-10-31T09:47:12Z" + }, { "name": "language", "value": "Python" @@ -3839,18 +4726,14 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2020-11-01T01:40:20.000Z" } ] }, { "type": "library", - "bom-ref": "75-xmlschema", - "name": "xmlschema", - "version": "3.4.3", + "bom-ref": "75-elementpath", + "name": "elementpath", + "version": "4.6.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3859,31 +4742,41 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*", - "description": "An XML Schema validator and decoder", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", + "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "hashes": [ + { + "alg": "SHA-256", + "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/sissaschool/xmlschema", + "url": "https://github.com/sissaschool/elementpath", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/3.4.3/#files", + "url": "https://pypi.org/project/elementpath/4.6.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.3", + "purl": "pkg:pypi/elementpath@4.6.0", "properties": [ + { + "name": "release_date", + "value": "2024-10-27T21:52:58Z" + }, { "name": "language", "value": "Python" @@ -3891,51 +4784,57 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-31T09:47:12.000Z" } ] }, { "type": "library", - "bom-ref": "76-elementpath", - "name": "elementpath", - "version": "4.6.0", + "bom-ref": "76-toml", + "name": "toml", + "version": "0.10.2", "supplier": { - "name": "Davide Brunato", + "name": "William Pearson", "contact": [ { - "email": "brunato@sissa.it" + "email": "uiri@xqz.ca" } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", - "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", + "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*", + "description": "Python Library for Tom's Obvious, Minimal Language", + "hashes": [ + { + "alg": "SHA-256", + "content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b" + } + ], "licenses": [ { "license": { "id": "MIT", - "url": "https://opensource.org/licenses/MIT", + "url": "https://opensource.org/license/mit/", "acknowledgement": "concluded" } } ], "externalReferences": [ { - "url": "https://github.com/sissaschool/elementpath", + "url": "https://github.com/uiri/toml", "type": "website", "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.6.0/#files", + "url": "https://pypi.org/project/toml/0.10.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.6.0", + "purl": "pkg:pypi/toml@0.10.2", "properties": [ + { + "name": "release_date", + "value": "2020-11-01T01:40:20Z" + }, { "name": "language", "value": "Python" @@ -3943,10 +4842,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-10-27T21:52:58.000Z" } ] }, @@ -3965,6 +4860,12 @@ }, "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*", "description": "Zstandard bindings for Python", + "hashes": [ + { + "alg": "SHA-256", + "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9" + } + ], "licenses": [ { "license": { @@ -3988,6 +4889,10 @@ ], "purl": "pkg:pypi/zstandard@0.23.0", "properties": [ + { + "name": "release_date", + "value": "2024-07-15T00:13:27Z" + }, { "name": "language", "value": "Python" @@ -3995,10 +4900,6 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2024-07-15T00:13:27.000Z" } ] } @@ -4014,31 +4915,31 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "13-beautifulsoup4", - "15-cvss", - "16-defusedxml", - "17-distro", - "18-filetype", - "19-gsutil", - "44-importlib-metadata", - "46-importlib-resources", - "47-jinja2", - "49-jsonschema", + "15-beautifulsoup4", + "17-cvss", + "18-defusedxml", + "19-distro", + "20-filetype", + "21-gsutil", + "46-jinja2", + "48-jsonschema", "54-lib4sbom", "57-lib4vex", + "64-python-gnupg", "59-packageurl-python", - "64-packaging", - "65-plotly", - "67-python-gnupg", + "65-packaging", + "66-plotly", "55-pyyaml", "68-requests", "60-rich", "72-rpmfile", "73-setuptools", - "74-toml", - "71-urllib3", - "75-xmlschema", - "45-zipp", + "70-urllib3", + "74-xmlschema", + "8-zipp", + "7-importlib-metadata", + "76-toml", + "49-importlib-resources", "77-zstandard" ] }, @@ -4047,11 +4948,11 @@ "dependsOn": [ "3-aiohappyeyeballs", "4-aiosignal", - "6-async-timeout", - "7-attrs", + "6-attrs", "5-frozenlist", - "8-multidict", - "10-yarl" + "10-multidict", + "11-yarl", + "14-async-timeout" ] }, { @@ -4061,197 +4962,204 @@ ] }, { - "ref": "8-multidict", + "ref": "6-attrs", "dependsOn": [ - "9-typing-extensions" + "7-importlib-metadata" ] }, { - "ref": "10-yarl", + "ref": "7-importlib-metadata", "dependsOn": [ - "11-idna", - "8-multidict", - "12-propcache" + "8-zipp", + "9-typing-extensions" ] }, { - "ref": "13-beautifulsoup4", + "ref": "10-multidict", "dependsOn": [ - "14-soupsieve" + "9-typing-extensions" ] }, { - "ref": "19-gsutil", + "ref": "11-yarl", "dependsOn": [ - "20-argcomplete", - "21-crcmod", - "22-fasteners", - "23-gcs-oauth2-boto-plugin", - "42-google-apitools", - "25-google-auth", - "31-google-auth-httplib2", - "34-google-reauth", - "32-httplib2", - "43-monotonic", - "37-pyopenssl", - "41-retry-decorator", - "30-six" + "12-idna", + "10-multidict", + "13-propcache" ] }, { - "ref": "23-gcs-oauth2-boto-plugin", + "ref": "15-beautifulsoup4", "dependsOn": [ - "24-boto", - "25-google-auth", - "31-google-auth-httplib2", - "34-google-reauth", - "32-httplib2", - "36-oauth2client", - "37-pyopenssl", - "41-retry-decorator", - "29-rsa", - "30-six" + "16-soupsieve" ] }, { - "ref": "25-google-auth", + "ref": "21-gsutil", "dependsOn": [ - "26-cachetools", - "27-pyasn1-modules", - "29-rsa", - "30-six" + "22-argcomplete", + "23-crcmod", + "24-fasteners", + "25-gcs-oauth2-boto-plugin", + "44-google-apitools", + "32-httplib2", + "29-google-reauth", + "45-monotonic", + "36-pyopenssl", + "40-retry-decorator", + "31-six", + "41-google-auth", + "43-google-auth-httplib2" ] }, { - "ref": "27-pyasn1-modules", + "ref": "25-gcs-oauth2-boto-plugin", "dependsOn": [ - "28-pyasn1" + "26-rsa", + "28-boto", + "29-google-reauth", + "32-httplib2", + "34-oauth2client", + "36-pyopenssl", + "40-retry-decorator", + "31-six", + "41-google-auth", + "43-google-auth-httplib2" ] }, { - "ref": "29-rsa", + "ref": "26-rsa", "dependsOn": [ - "28-pyasn1" + "27-pyasn1" ] }, { - "ref": "31-google-auth-httplib2", + "ref": "29-google-reauth", "dependsOn": [ - "25-google-auth", - "32-httplib2" + "30-pyu2f" ] }, { - "ref": "32-httplib2", + "ref": "30-pyu2f", "dependsOn": [ - "33-pyparsing" + "31-six" ] }, { - "ref": "34-google-reauth", + "ref": "32-httplib2", "dependsOn": [ - "35-pyu2f" + "33-pyparsing" ] }, { - "ref": "35-pyu2f", + "ref": "34-oauth2client", "dependsOn": [ - "30-six" + "32-httplib2", + "27-pyasn1", + "35-pyasn1-modules", + "26-rsa", + "31-six" ] }, { - "ref": "36-oauth2client", + "ref": "35-pyasn1-modules", "dependsOn": [ - "32-httplib2", - "28-pyasn1", - "27-pyasn1-modules", - "29-rsa", - "30-six" + "27-pyasn1" ] }, { - "ref": "37-pyopenssl", + "ref": "36-pyopenssl", "dependsOn": [ - "38-cryptography" + "37-cryptography" ] }, { - "ref": "38-cryptography", + "ref": "37-cryptography", "dependsOn": [ - "39-cffi" + "38-cffi" ] }, { - "ref": "39-cffi", + "ref": "38-cffi", "dependsOn": [ - "40-pycparser" + "39-pycparser" ] }, { - "ref": "42-google-apitools", + "ref": "41-google-auth", "dependsOn": [ - "22-fasteners", - "32-httplib2", - "36-oauth2client", - "30-six" + "42-cachetools", + "35-pyasn1-modules", + "31-six", + "26-rsa" ] }, { - "ref": "44-importlib-metadata", + "ref": "43-google-auth-httplib2", "dependsOn": [ - "45-zipp" + "41-google-auth", + "32-httplib2" ] }, { - "ref": "46-importlib-resources", + "ref": "44-google-apitools", "dependsOn": [ - "45-zipp" + "32-httplib2", + "24-fasteners", + "34-oauth2client", + "31-six" ] }, { - "ref": "47-jinja2", + "ref": "46-jinja2", "dependsOn": [ - "48-markupsafe" + "47-markupsafe" ] }, { - "ref": "49-jsonschema", + "ref": "48-jsonschema", "dependsOn": [ - "7-attrs", - "46-importlib-resources", + "6-attrs", + "49-importlib-resources", "50-jsonschema-specifications", "53-pkgutil-resolve-name", "51-referencing", "52-rpds-py" ] }, + { + "ref": "49-importlib-resources", + "dependsOn": [ + "8-zipp" + ] + }, { "ref": "50-jsonschema-specifications", "dependsOn": [ - "46-importlib-resources", + "49-importlib-resources", "51-referencing" ] }, { "ref": "51-referencing", "dependsOn": [ - "7-attrs", + "6-attrs", "52-rpds-py" ] }, { "ref": "54-lib4sbom", "dependsOn": [ - "16-defusedxml", "55-pyyaml", - "56-semantic-version" + "56-semantic-version", + "18-defusedxml" ] }, { "ref": "57-lib4vex", "dependsOn": [ - "58-csaf-tool", "54-lib4sbom", + "58-csaf-tool", "59-packageurl-python" ] }, @@ -4277,25 +5185,31 @@ ] }, { - "ref": "65-plotly", + "ref": "66-plotly", "dependsOn": [ - "64-packaging", - "66-tenacity" + "67-tenacity", + "65-packaging" ] }, { "ref": "68-requests", "dependsOn": [ - "69-certifi", - "70-charset-normalizer", - "11-idna", - "71-urllib3" + "69-charset-normalizer", + "12-idna", + "70-urllib3", + "71-certifi" + ] + }, + { + "ref": "74-xmlschema", + "dependsOn": [ + "75-elementpath" ] }, { - "ref": "75-xmlschema", + "ref": "77-zstandard", "dependsOn": [ - "76-elementpath" + "38-cffi" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index a0894598d1..c16f44a4b3 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8bef91b4-39b2-4f5c-a343-81fddf71bbda -LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.11.3 -Created: 2024-12-09T00:42:14Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4e74e1a-9904-46ec-beab-1e3d7d1af7ba +LicenseListVersion: 3.25 +Creator: Tool: sbom4python-0.12.1 +Created: 2024-12-16T00:39:17Z CreatorComment: This document has been automatically generated. ##### @@ -17,10 +17,12 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/intel/cve-bin-tool +PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool +ReleaseDate: 2024-09-17T18:57:44Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:* ##### @@ -33,11 +35,21 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.11/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp +PackageChecksum: SHA256: 5077b1a5f40ffa3ba1f40d537d3bec4383988ee51fbba6b74aa8fb1bc466599e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) +ReleaseDate: 2024-11-13T16:36:38Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp +ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html +ExternalRef: OTHER other https://docs.aiohttp.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11 ##### @@ -49,10 +61,16 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs +PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8 PackageLicenseDeclared: PSF-2.0 PackageLicenseConcluded: PSF-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Happy Eyeballs for asyncio +ReleaseDate: 2024-11-30T18:43:39Z +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues +ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io +ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### @@ -65,12 +83,19 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiosignal -PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3 +PackageChecksum: SHA256: f8376fb07dd1e86a584e4fcdec80b36b7f81aac666ebc724e2c090300dd83b17 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: aiosignal: a list of registered asynchronous callbacks +ReleaseDate: 2022-11-08T16:03:57Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal +ExternalRef: OTHER other https://docs.aiosignal.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### @@ -82,63 +107,81 @@ PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/frozenlist +PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence +ReleaseDate: 2024-10-23T09:46:20Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist +ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog +ExternalRef: OTHER other https://frozenlist.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### -PackageName: async-timeout -SPDXID: SPDXRef-6-async-timeout -PackageVersion: 5.0.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/async-timeout -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* -##### - PackageName: attrs -SPDXID: SPDXRef-7-attrs +SPDXID: SPDXRef-6-attrs PackageVersion: 24.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false -PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a +PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate +ReleaseDate: 2024-08-06T14:37:36Z +ExternalRef: OTHER documentation https://www.attrs.org/ +ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html +ExternalRef: OTHER vcs https://github.com/python-attrs/attrs +ExternalRef: OTHER other https://github.com/sponsors/hynek +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:* ##### -PackageName: multidict -SPDXID: SPDXRef-8-multidict -PackageVersion: 6.1.0 +PackageName: importlib-metadata +SPDXID: SPDXRef-7-importlib-metadata +PackageVersion: 8.5.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/multidict -PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68 +PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION -PackageSummary: multidict implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +PackageSummary: Read metadata from Python packages +ReleaseDate: 2024-09-11T14:56:07Z +ExternalRef: OTHER vcs https://github.com/python/importlib_metadata +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* +##### + +PackageName: zipp +SPDXID: SPDXRef-8-zipp +PackageVersion: 3.20.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +FilesAnalyzed: false +PackageChecksum: SHA256: a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backport of pathlib-compatible object wrapper for zip files +ReleaseDate: 2024-09-13T13:44:14Z +ExternalRef: OTHER vcs https://github.com/jaraco/zipp +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* ##### PackageName: typing-extensions @@ -148,390 +191,477 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: e1250ff869e7ee5ad05170d8a4b65469f13801c3 +PackageHomePage: https://github.com/python/typing_extensions +PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backported and Experimental Type Hints for Python 3.8+ +ReleaseDate: 2024-06-07T18:52:13Z +ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues +ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md +ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ +ExternalRef: OTHER other https://github.com/python/typing/discussions +ExternalRef: OTHER vcs https://github.com/python/typing_extensions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### +PackageName: multidict +SPDXID: SPDXRef-10-multidict +PackageVersion: 6.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: multidict implementation +ReleaseDate: 2024-09-09T23:47:18Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict +ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://multidict.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/multidict +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +##### + PackageName: yarl -SPDXID: SPDXRef-10-yarl +SPDXID: SPDXRef-11-yarl PackageVersion: 1.15.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl -PackageChecksum: SHA1: 33294bf084d2dde1ac1e8133b0125e1f142a8274 +PackageChecksum: SHA256: e4ee8b8639070ff246ad3649294336b06db37a94bdea0d09ea491603e0be73b8 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library +ReleaseDate: 2024-10-13T18:44:32Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl +ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://yarl.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/yarl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-11-idna +SPDXID: SPDXRef-12-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files FilesAnalyzed: false +PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) +ReleaseDate: 2024-09-15T18:07:37Z +ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst +ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues +ExternalRef: OTHER vcs https://github.com/kjd/idna ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: propcache -SPDXID: SPDXRef-12-propcache +SPDXID: SPDXRef-13-propcache PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/propcache -PackageChecksum: SHA1: f157b0a7b0b3a3c755764b9f03f4d90c43ee5cda +PackageChecksum: SHA256: c5869b8fd70b81835a6f187c5fdbe67917a04d7e52b6e7cc4e5fe39d55c39d58 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Accelerated property cache +ReleaseDate: 2024-10-07T12:54:02Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache +ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/ +ExternalRef: OTHER other https://propcache.readthedocs.io +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/propcache ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* ##### +PackageName: async-timeout +SPDXID: SPDXRef-14-async-timeout +PackageVersion: 5.0.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/async-timeout/5.0.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/async-timeout +PackageChecksum: SHA256: 39e3809566ff85354557ec2398b55e096c8364bacac9405a7a1fa429e77fe76c +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Timeout context manager for asyncio programs +ReleaseDate: 2024-11-06T16:41:37Z +ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby +ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/actions +ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* +##### + PackageName: beautifulsoup4 -SPDXID: SPDXRef-13-beautifulsoup4 +SPDXID: SPDXRef-15-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files FilesAnalyzed: false PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ +PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Screen-scraping library +ReleaseDate: 2024-01-17T16:53:12Z +ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:* ##### PackageName: soupsieve -SPDXID: SPDXRef-14-soupsieve +SPDXID: SPDXRef-16-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/facelessuser/soupsieve -PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990 +PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. +ReleaseDate: 2024-08-13T13:39:10Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-15-cvss +SPDXID: SPDXRef-17-cvss PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/RedHatProductSecurity/cvss -PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261 +PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3 +ReleaseDate: 2024-11-01T10:05:52Z +ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases +ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss +ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues +ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml -SPDXID: SPDXRef-16-defusedxml +SPDXID: SPDXRef-18-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) -PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files +PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml FilesAnalyzed: false PackageHomePage: https://github.com/tiran/defusedxml -PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184 +PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: XML bomb protection for Python stdlib modules +ReleaseDate: 2021-03-08T10:59:24Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro -SPDXID: SPDXRef-17-distro +SPDXID: SPDXRef-19-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-distro/distro +PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Distro - an OS platform information API +ReleaseDate: 2023-12-24T09:54:30Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-18-filetype +SPDXID: SPDXRef-20-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) -PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files +PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master FilesAnalyzed: false PackageHomePage: https://github.com/h2non/filetype.py -PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585 +PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies. +ReleaseDate: 2022-11-02T17:34:01Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:* ##### PackageName: gsutil -SPDXID: SPDXRef-19-gsutil -PackageVersion: 5.32 +SPDXID: SPDXRef-21-gsutil +PackageVersion: 5.33 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.32/#files +PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil +PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.32 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.32:*:*:*:*:*:*:* +ReleaseDate: 2024-12-11T09:40:59Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-20-argcomplete +SPDXID: SPDXRef-22-argcomplete PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete -PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc +PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse +ReleaseDate: 2024-12-06T18:24:27Z +ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete +ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete +ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues +ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-21-crcmod +SPDXID: SPDXRef-23-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) -PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files +PackageDownloadLocation: http://sourceforge.net/projects/crcmod FilesAnalyzed: false PackageHomePage: http://crcmod.sourceforge.net/ +PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CRC Generator +ReleaseDate: 2010-06-27T14:35:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-22-fasteners +SPDXID: SPDXRef-24-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files FilesAnalyzed: false PackageHomePage: https://github.com/harlowja/fasteners -PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4 +PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks +ReleaseDate: 2023-09-19T17:11:18Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files +PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin FilesAnalyzed: false PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary -PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb +PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. +ReleaseDate: 2024-05-02T14:37:31Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### -PackageName: boto -SPDXID: SPDXRef-24-boto -PackageVersion: 2.49.0 +PackageName: rsa +SPDXID: SPDXRef-26-rsa +PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) -PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files FilesAnalyzed: false -PackageHomePage: https://github.com/boto/boto/ -PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageHomePage: https://stuvel.eu/rsa +PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Amazon Web Services Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* +PackageSummary: Pure-Python RSA implementation +ReleaseDate: 2021-02-24T10:55:03Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### -PackageName: google-auth -SPDXID: SPDXRef-25-google-auth -PackageVersion: 2.17.0 +PackageName: pyasn1 +SPDXID: SPDXRef-27-pyasn1 +PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files FilesAnalyzed: false -PackageHomePage: https://github.com/googleapis/google-auth-library-python -PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageHomePage: https://github.com/pyasn1/pyasn1 +PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034 +PackageLicenseDeclared: BSD-2-Clause +PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) +ReleaseDate: 2024-09-10T22:41:42Z +ExternalRef: OTHER documentation https://pyasn1.readthedocs.io +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1 +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues +ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* ##### -PackageName: cachetools -SPDXID: SPDXRef-26-cachetools -PackageVersion: 5.5.0 +PackageName: boto +SPDXID: SPDXRef-28-boto +PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files FilesAnalyzed: false -PackageHomePage: https://github.com/tkem/cachetools/ +PackageHomePage: https://github.com/boto/boto/ +PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION -PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +PackageSummary: Amazon Web Services Library +ReleaseDate: 2018-07-11T20:58:55Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### -PackageName: pyasn1-modules -SPDXID: SPDXRef-27-pyasn1-modules -PackageVersion: 0.4.1 +PackageName: google-reauth +SPDXID: SPDXRef-29-google-reauth +PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageHomePage: https://github.com/Google/google-reauth-python +PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368 PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* -##### - -PackageName: pyasn1 -SPDXID: SPDXRef-28-pyasn1 -PackageVersion: 0.6.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1 -PackageLicenseDeclared: BSD-2-Clause -PackageLicenseConcluded: BSD-2-Clause +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* +PackageSummary: Google Reauth Library +ReleaseDate: 2020-12-01T17:35:45Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### -PackageName: rsa -SPDXID: SPDXRef-29-rsa -PackageVersion: 4.7.2 +PackageName: pyu2f +SPDXID: SPDXRef-30-pyu2f +PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files FilesAnalyzed: false -PackageHomePage: https://stuvel.eu/rsa -PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa +PackageHomePage: https://github.com/google/pyu2f/ +PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Pure-Python RSA implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* +PackageSummary: U2F host library for interacting with a U2F device over USB. +ReleaseDate: 2020-10-30T20:03:07Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-30-six +SPDXID: SPDXRef-31-six PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/benjaminp/six +PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities +ReleaseDate: 2024-12-04T17:35:26Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### -PackageName: google-auth-httplib2 -SPDXID: SPDXRef-31-google-auth-httplib2 -PackageVersion: 0.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 -PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Authentication Library: httplib2 transport -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* -##### - PackageName: httplib2 SPDXID: SPDXRef-32-httplib2 PackageVersion: 0.20.4 @@ -540,11 +670,12 @@ PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/httplib2/httplib2 -PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4 +PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A comprehensive HTTP client library. +ReleaseDate: 2022-02-03T00:00:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### @@ -557,282 +688,339 @@ PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ +PackageChecksum: SHA256: a6a7ee4235a3f944aa1fa2249307708f893fe5717dc603503c6c7969c070fb7c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars +ReleaseDate: 2024-08-25T15:00:45Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:* ##### -PackageName: google-reauth -SPDXID: SPDXRef-34-google-reauth -PackageVersion: 0.1.1 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/Google/google-reauth-python -PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: Google Reauth Library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* -##### - -PackageName: pyu2f -SPDXID: SPDXRef-35-pyu2f -PackageVersion: 0.1.5 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/google/pyu2f/ -PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: U2F host library for interacting with a U2F device over USB. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* -##### - PackageName: oauth2client -SPDXID: SPDXRef-36-oauth2client +SPDXID: SPDXRef-34-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/oauth2client/ -PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 +PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: OAuth 2.0 client library +ReleaseDate: 2018-09-07T21:38:16Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### +PackageName: pyasn1-modules +SPDXID: SPDXRef-35-pyasn1-modules +PackageVersion: 0.4.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/pyasn1/pyasn1-modules +PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules +ReleaseDate: 2024-09-10T22:42:08Z +ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules +ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues +ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* +##### + PackageName: pyopenssl -SPDXID: SPDXRef-37-pyopenssl +SPDXID: SPDXRef-36-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false PackageHomePage: https://pyopenssl.org/ +PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library +ReleaseDate: 2024-07-20T17:26:29Z +ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography -SPDXID: SPDXRef-38-cryptography +SPDXID: SPDXRef-37-cryptography PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography +PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. +ReleaseDate: 2024-10-18T15:57:36Z +ExternalRef: OTHER documentation https://cryptography.io/ +ExternalRef: OTHER vcs https://github.com/pyca/cryptography/ +ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues +ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-39-cffi +SPDXID: SPDXRef-38-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false PackageHomePage: http://cffi.readthedocs.org -PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51 +PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Foreign Function Interface for Python calling C code. +ReleaseDate: 2024-09-04T20:43:30Z +ExternalRef: OTHER documentation http://cffi.readthedocs.org/ +ExternalRef: OTHER vcs https://github.com/python-cffi/cffi +ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues +ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html +ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases +ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:* ##### PackageName: pycparser -SPDXID: SPDXRef-40-pycparser +SPDXID: SPDXRef-39-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files FilesAnalyzed: false PackageHomePage: https://github.com/eliben/pycparser -PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 +PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: C parser in Python +ReleaseDate: 2024-03-30T13:22:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-41-retry-decorator +SPDXID: SPDXRef-40-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/pnpnpn/retry-decorator -PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 +PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Retry Decorator +ReleaseDate: 2020-03-10T23:56:29Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### +PackageName: google-auth +SPDXID: SPDXRef-41-google-auth +PackageVersion: 2.17.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/googleapis/google-auth-library-python +PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library +ReleaseDate: 2023-03-28T19:51:30Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* +##### + +PackageName: cachetools +SPDXID: SPDXRef-42-cachetools +PackageVersion: 5.5.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/tkem/cachetools/ +PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators +ReleaseDate: 2024-08-18T20:28:43Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* +##### + +PackageName: google-auth-httplib2 +SPDXID: SPDXRef-43-google-auth-httplib2 +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 +PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library: httplib2 transport +ReleaseDate: 2023-12-12T17:40:13Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* +##### + PackageName: google-apitools -SPDXID: SPDXRef-42-google-apitools +SPDXID: SPDXRef-44-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files FilesAnalyzed: false PackageHomePage: http://github.com/google/apitools -PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1 +PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: client libraries for humans +ReleaseDate: 2021-05-05T22:12:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-43-monotonic +SPDXID: SPDXRef-45-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files FilesAnalyzed: false PackageHomePage: https://github.com/atdt/monotonic -PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad +PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 +ReleaseDate: 2021-04-09T21:58:05Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### -PackageName: importlib-metadata -SPDXID: SPDXRef-44-importlib-metadata -PackageVersion: 8.5.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files -FilesAnalyzed: false -PackageChecksum: SHA1: b34810b1e0665580a91ea19b6317a1890ecd42c1 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Read metadata from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* -##### - -PackageName: zipp -SPDXID: SPDXRef-45-zipp -PackageVersion: 3.20.2 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* -##### - -PackageName: importlib-resources -SPDXID: SPDXRef-46-importlib-resources -PackageVersion: 6.4.5 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Barry Warsaw (barry@python.org) -PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files -FilesAnalyzed: false -PackageChecksum: SHA1: 284148b005b57031a354402c446473f53cab2c49 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Read resources from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:* -##### - PackageName: jinja2 -SPDXID: SPDXRef-47-jinja2 +SPDXID: SPDXRef-46-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files FilesAnalyzed: false -PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57 +PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. +ReleaseDate: 2024-05-05T23:41:59Z +ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/ +ExternalRef: OTHER chat https://discord.gg/pallets +ExternalRef: OTHER documentation https://jinja.palletsprojects.com/ +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER vcs https://github.com/pallets/jinja/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-48-markupsafe +SPDXID: SPDXRef-47-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5/#files FilesAnalyzed: false PackageHomePage: https://palletsprojects.com/p/markupsafe/ -PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 +PackageChecksum: SHA256: a17a92de5231666cfbe003f0e4b9b3a7ae3afb1ec2845aadc2bacc93ff85febc PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. +ReleaseDate: 2024-02-02T16:30:04Z +ExternalRef: OTHER other https://palletsprojects.com/donate +ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/ +ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/ +ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/ +ExternalRef: OTHER issue-tracker https://github.com/pallets/markupsafe/issues/ +ExternalRef: OTHER chat https://discord.gg/pallets ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-49-jsonschema +SPDXID: SPDXRef-48-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema +PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python +ReleaseDate: 2024-07-08T18:40:00Z +ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:* ##### +PackageName: importlib-resources +SPDXID: SPDXRef-49-importlib-resources +PackageVersion: 6.4.5 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Barry Warsaw (barry@python.org) +PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5/#files +FilesAnalyzed: false +PackageChecksum: SHA256: ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Read resources from Python packages +ReleaseDate: 2024-09-09T17:03:13Z +ExternalRef: OTHER vcs https://github.com/python/importlib_resources +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:* +##### + PackageName: jsonschema-specifications SPDXID: SPDXRef-50-jsonschema-specifications PackageVersion: 2023.12.1 @@ -841,11 +1029,17 @@ PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVin PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications -PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76 +PackageChecksum: SHA256: 87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ReleaseDate: 2023-12-25T15:16:51Z +ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:* ##### @@ -858,11 +1052,18 @@ PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/referencing -PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845 +PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python +ReleaseDate: 2024-05-01T20:26:02Z +ExternalRef: OTHER documentation https://referencing.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/ +ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### @@ -875,11 +1076,17 @@ PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/crate-py/rpds -PackageChecksum: SHA1: 1b5852dca46ad6ebc8ccb65e0610cc2c5d390cd9 +PackageChecksum: SHA256: a649dfd735fff086e8a9d0503a9f0c7d01b7912a333c7ae77e1515c08c146dad PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ReleaseDate: 2024-10-31T14:26:20Z +ExternalRef: OTHER documentation https://rpds.readthedocs.io/ +ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ +ExternalRef: OTHER other https://github.com/sponsors/Julian +ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link +ExternalRef: OTHER vcs https://github.com/crate-py/rpds ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* ##### @@ -896,24 +1103,27 @@ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Resolve a name to an object. +ReleaseDate: 2024-10-31T14:26:20Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:* ##### PackageName: lib4sbom SPDXID: SPDXRef-54-lib4sbom -PackageVersion: 0.7.5 +PackageVersion: 0.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom +PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:* +ReleaseDate: 2024-12-09T20:13:26Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -921,13 +1131,20 @@ SPDXID: SPDXRef-55-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files +PackageDownloadLocation: https://pypi.org/project/PyYAML/ FilesAnalyzed: false PackageHomePage: https://pyyaml.org/ +PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python +ReleaseDate: 2024-08-06T20:31:40Z +ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues +ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions +ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation +ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core +ExternalRef: OTHER vcs https://github.com/yaml/pyyaml ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:* ##### @@ -940,12 +1157,13 @@ PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.o PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/rbarrois/python-semanticversion -PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a +PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A library implementing the 'SemVer' scheme. +ReleaseDate: 2022-05-26T13:35:21Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### @@ -958,11 +1176,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4vex -PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2 +PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library +ReleaseDate: 2024-08-29T20:36:52Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### @@ -975,11 +1194,12 @@ PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/csaf -PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4 +PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CSAF generator and analyser +ReleaseDate: 2024-06-12T20:10:06Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* ##### @@ -992,11 +1212,12 @@ PackageSupplier: Person: the purl authors PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/package-url/packageurl-python -PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882 +PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder +ReleaseDate: 2024-10-22T05:51:23Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### @@ -1009,11 +1230,13 @@ PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich -PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377 +PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ReleaseDate: 2024-11-01T16:43:55Z +ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### @@ -1026,11 +1249,13 @@ PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/markdown-it-py -PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d +PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ReleaseDate: 2023-06-03T06:41:11Z +ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* ##### @@ -1043,11 +1268,12 @@ PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/executablebooks/mdurl -PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e +PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Markdown URL utilities +ReleaseDate: 2022-08-14T12:40:09Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### @@ -1060,83 +1286,101 @@ PackageSupplier: Person: Georg Brandl (georg@python.org) PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files FilesAnalyzed: false PackageHomePage: https://pygments.org -PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb +PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. +ReleaseDate: 2024-05-04T13:41:57Z +ExternalRef: OTHER documentation https://pygments.org/docs +ExternalRef: OTHER vcs https://github.com/pygments/pygments +ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues +ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### +PackageName: python-gnupg +SPDXID: SPDXRef-64-python-gnupg +PackageVersion: 0.5.3 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/vsajip/python-gnupg +PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: BSD-3-Clause +PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. +PackageCopyrightText: NOASSERTION +PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) +ReleaseDate: 2024-09-20T16:43:47Z +ExternalRef: OTHER documentation https://gnupg.readthedocs.io/ +ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg +ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* +##### + PackageName: packaging -SPDXID: SPDXRef-64-packaging +SPDXID: SPDXRef-65-packaging PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files FilesAnalyzed: false -PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f +PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Core utilities for Python packages +ReleaseDate: 2024-11-08T09:47:44Z +ExternalRef: OTHER documentation https://packaging.pypa.io/ +ExternalRef: OTHER vcs https://github.com/pypa/packaging ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-65-plotly +SPDXID: SPDXRef-66-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files FilesAnalyzed: false PackageHomePage: https://plotly.com/python/ +PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python +ReleaseDate: 2024-09-12T15:36:24Z +ExternalRef: OTHER documentation https://plotly.com/python/ +ExternalRef: OTHER vcs https://github.com/plotly/plotly.py +ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-66-tenacity +SPDXID: SPDXRef-67-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/jd/tenacity -PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb +PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds +ReleaseDate: 2024-07-29T12:12:25Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### -PackageName: python-gnupg -SPDXID: SPDXRef-67-python-gnupg -PackageVersion: 0.5.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/vsajip/python-gnupg -PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* -##### - PackageName: requests SPDXID: SPDXRef-68-requests PackageVersion: 2.32.3 @@ -1145,63 +1389,78 @@ PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files FilesAnalyzed: false PackageHomePage: https://requests.readthedocs.io -PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068 +PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python HTTP for Humans. +ReleaseDate: 2024-05-29T15:37:47Z +ExternalRef: OTHER documentation https://requests.readthedocs.io +ExternalRef: OTHER vcs https://github.com/psf/requests ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:* ##### -PackageName: certifi -SPDXID: SPDXRef-69-certifi -PackageVersion: 2024.8.30 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/certifi/python-certifi -PackageLicenseDeclared: MPL-2.0 -PackageLicenseConcluded: MPL-2.0 -PackageCopyrightText: NOASSERTION -PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:* -##### - PackageName: charset-normalizer -SPDXID: SPDXRef-70-charset-normalizer +SPDXID: SPDXRef-69-charset-normalizer PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Ousret/charset_normalizer +PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ReleaseDate: 2024-10-09T07:38:02Z +ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues +ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-71-urllib3 +SPDXID: SPDXRef-70-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false -PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df +PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ReleaseDate: 2024-09-12T10:52:16Z +ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst +ExternalRef: OTHER documentation https://urllib3.readthedocs.io +ExternalRef: OTHER vcs https://github.com/urllib3/urllib3 +ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:* ##### +PackageName: certifi +SPDXID: SPDXRef-71-certifi +PackageVersion: 2024.12.14 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) +PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/certifi/python-certifi +PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56 +PackageLicenseDeclared: MPL-2.0 +PackageLicenseConcluded: MPL-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Python package for providing Mozilla's CA Bundle. +ReleaseDate: 2024-12-14T13:52:36Z +ExternalRef: OTHER vcs https://github.com/certifi/python-certifi +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:* +##### + PackageName: rpmfile SPDXID: SPDXRef-72-rpmfile PackageVersion: 2.1.0 @@ -1210,11 +1469,12 @@ PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/srossross/rpmfile -PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5 +PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Read rpm archive files +ReleaseDate: 2024-07-24T21:57:45Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### @@ -1226,63 +1486,73 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) PackageDownloadLocation: https://pypi.org/project/setuptools/75.3.0/#files FilesAnalyzed: false +PackageChecksum: SHA256: f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ReleaseDate: 2024-10-29T10:23:24Z +ExternalRef: OTHER vcs https://github.com/pypa/setuptools +ExternalRef: OTHER documentation https://setuptools.pypa.io/ +ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* ##### -PackageName: toml -SPDXID: SPDXRef-74-toml -PackageVersion: 0.10.2 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: William Pearson (uiri@xqz.ca) -PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/uiri/toml -PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Python Library for Tom's Obvious, Minimal Language -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* -##### - PackageName: xmlschema -SPDXID: SPDXRef-75-xmlschema +SPDXID: SPDXRef-74-xmlschema PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema +PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder +ReleaseDate: 2024-10-31T09:47:12Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-76-elementpath +SPDXID: SPDXRef-75-elementpath PackageVersion: 4.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath +PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml +ReleaseDate: 2024-10-27T21:52:58Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* ##### +PackageName: toml +SPDXID: SPDXRef-76-toml +PackageVersion: 0.10.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: William Pearson (uiri@xqz.ca) +PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/uiri/toml +PackageChecksum: SHA256: 806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Python Library for Tom's Obvious, Minimal Language +ReleaseDate: 2020-11-01T01:40:20Z +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* +##### + PackageName: zstandard SPDXID: SPDXRef-77-zstandard PackageVersion: 0.23.0 @@ -1291,114 +1561,116 @@ PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/indygreg/python-zstandard +PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python +ReleaseDate: 2024-07-15T00:13:27Z ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-importlib-metadata -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-zipp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-importlib-resources -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-importlib-resources Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4sbom Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-pyyaml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-lib4vex Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-packageurl-python Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-plotly -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-plotly Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-urllib3 Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-rpmfile Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-toml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-76-toml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-77-zstandard -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache -Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2 -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools -Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-multidict +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna +Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-13-propcache +Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-14-async-timeout Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2 -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl -Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth -Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2 +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools +Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2 +Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f +Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing -Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f -Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1 -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography -Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi -Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules +Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography +Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi +Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client -Relationship: SPDXRef-44-importlib-metadata DEPENDS_ON SPDXRef-45-zipp -Relationship: SPDXRef-46-importlib-resources DEPENDS_ON SPDXRef-45-zipp -Relationship: SPDXRef-47-jinja2 DEPENDS_ON SPDXRef-48-markupsafe -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-46-importlib-resources -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-51-referencing -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-52-rpds-py -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name -Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-46-importlib-resources +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules +Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools +Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-importlib-resources +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-51-referencing +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-52-rpds-py +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name +Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-49-importlib-resources DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-49-importlib-resources Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-51-referencing Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-52-rpds-py -Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml +Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-55-pyyaml Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-56-semantic-version Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-54-lib4sbom @@ -1406,16 +1678,19 @@ Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-58-csaf-tool Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-59-packageurl-python Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-59-packageurl-python Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-60-rich +Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-61-markdown-it-py Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-63-pygments Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-9-typing-extensions Relationship: SPDXRef-61-markdown-it-py DEPENDS_ON SPDXRef-62-mdurl -Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-64-packaging -Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-66-tenacity -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-certifi -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-charset-normalizer -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-urllib3 -Relationship: SPDXRef-75-xmlschema DEPENDS_ON SPDXRef-76-elementpath -Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-65-packaging +Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-67-tenacity +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-12-idna +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-charset-normalizer +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-urllib3 +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-certifi +Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp +Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-74-xmlschema DEPENDS_ON SPDXRef-75-elementpath +Relationship: SPDXRef-77-zstandard DEPENDS_ON SPDXRef-38-cffi Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool