diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 1d141c581a..3732b87f8d 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:2fbc005e-051d-4dd7-8f24-b4905f4d23f2",
+ "serialNumber": "urn:uuid:ba7deb33-60bc-4e5d-aa41-b59969aae9d5",
"version": 1,
"metadata": {
- "timestamp": "2024-12-16T00:38:53Z",
+ "timestamp": "2024-12-23T00:36:39Z",
"lifecycles": [
{
"phase": "build"
@@ -89,12 +89,12 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.11.10",
+ "version": "3.11.11",
"description": "Async http client/server framework (asyncio)",
"hashes": [
{
"alg": "SHA-256",
- "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d"
+ "content": "a60804bff28662cbcf340a4d61598891f12eea3a66af48ecfdc975ceec21e3c8"
}
],
"licenses": [
@@ -113,7 +113,7 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiohttp/3.11.10/#files",
+ "url": "https://pypi.org/project/aiohttp/3.11.11/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -150,11 +150,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/aiohttp@3.11.10",
+ "purl": "pkg:pypi/aiohttp@3.11.11",
"properties": [
{
"name": "release_date",
- "value": "2024-12-05T23:51:02Z"
+ "value": "2024-12-18T21:17:26Z"
},
{
"name": "language",
@@ -396,7 +396,7 @@
"type": "library",
"bom-ref": "6-attrs",
"name": "attrs",
- "version": "24.2.0",
+ "version": "24.3.0",
"supplier": {
"name": "Hynek Schlawack",
"contact": [
@@ -405,17 +405,17 @@
}
]
},
- "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.3.0:*:*:*:*:*:*:*",
"description": "Classes Without Boilerplate",
"hashes": [
{
"alg": "SHA-256",
- "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"
+ "content": "ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/attrs/24.2.0/#files",
+ "url": "https://pypi.org/project/attrs/24.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -440,11 +440,11 @@
"type": "other"
}
],
- "purl": "pkg:pypi/attrs@24.2.0",
+ "purl": "pkg:pypi/attrs@24.3.0",
"properties": [
{
"name": "release_date",
- "value": "2024-08-06T14:37:36Z"
+ "value": "2024-12-16T06:59:26Z"
},
{
"name": "language",
@@ -458,89 +458,87 @@
},
{
"type": "library",
- "bom-ref": "7-importlib-metadata",
- "name": "importlib-metadata",
- "version": "8.0.0",
+ "bom-ref": "7-multidict",
+ "name": "multidict",
+ "version": "6.1.0",
"supplier": {
- "name": "Jason R .",
+ "name": "Andrew Svetlov",
"contact": [
{
- "email": "jaraco@jaraco.com"
+ "email": "andrew.svetlov@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*",
- "description": "Read metadata from Python packages",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
"hashes": [
{
"alg": "SHA-256",
- "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f"
+ "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files",
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/multidict/6.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
{
- "url": "https://github.com/python/importlib_metadata",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/importlib-metadata@8.0.0",
- "properties": [
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
{
- "name": "release_date",
- "value": "2024-06-25T18:38:02Z"
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
},
{
- "name": "language",
- "value": "Python"
+ "url": "https://github.com/aio-libs/multidict/actions",
+ "type": "build-system"
},
{
- "name": "python_version",
- "value": "3.12.8"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "8-zipp",
- "name": "zipp",
- "version": "3.21.0",
- "supplier": {
- "name": "Jason R .",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
- "hashes": [
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
{
- "alg": "SHA-256",
- "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"
- }
- ],
- "externalReferences": [
+ "url": "https://codecov.io/github/aio-libs/multidict",
+ "type": "other"
+ },
{
- "url": "https://pypi.org/project/zipp/3.21.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://multidict.aio-libs.org/en/latest/changes/",
+ "type": "log"
},
{
- "url": "https://github.com/jaraco/zipp",
+ "url": "https://multidict.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict",
"type": "vcs"
}
],
- "purl": "pkg:pypi/zipp@3.21.0",
+ "purl": "pkg:pypi/multidict@6.1.0",
"properties": [
{
"name": "release_date",
- "value": "2024-11-10T15:05:19Z"
+ "value": "2024-09-09T23:47:18Z"
},
{
"name": "language",
@@ -554,7 +552,7 @@
},
{
"type": "library",
- "bom-ref": "9-typing-extensions",
+ "bom-ref": "8-typing-extensions",
"name": "typing-extensions",
"version": "4.12.2",
"supplier": {
@@ -623,101 +621,7 @@
},
{
"type": "library",
- "bom-ref": "10-multidict",
- "name": "multidict",
- "version": "6.1.0",
- "supplier": {
- "name": "Andrew Svetlov",
- "contact": [
- {
- "email": "andrew.svetlov@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- },
- {
- "url": "https://matrix.to/#/#aio-libs:matrix.org",
- "type": "other"
- },
- {
- "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/multidict/actions",
- "type": "build-system"
- },
- {
- "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
- "type": "other"
- },
- {
- "url": "https://codecov.io/github/aio-libs/multidict",
- "type": "other"
- },
- {
- "url": "https://multidict.aio-libs.org/en/latest/changes/",
- "type": "log"
- },
- {
- "url": "https://multidict.aio-libs.org",
- "type": "other"
- },
- {
- "url": "https://github.com/aio-libs/multidict/issues",
- "type": "issue-tracker"
- },
- {
- "url": "https://github.com/aio-libs/multidict",
- "type": "vcs"
- }
- ],
- "purl": "pkg:pypi/multidict@6.1.0",
- "properties": [
- {
- "name": "release_date",
- "value": "2024-09-09T23:47:18Z"
- },
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.12.8"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "11-propcache",
+ "bom-ref": "9-propcache",
"name": "propcache",
"version": "0.2.1",
"supplier": {
@@ -811,7 +715,7 @@
},
{
"type": "library",
- "bom-ref": "12-yarl",
+ "bom-ref": "10-yarl",
"name": "yarl",
"version": "1.18.3",
"supplier": {
@@ -905,7 +809,7 @@
},
{
"type": "library",
- "bom-ref": "13-idna",
+ "bom-ref": "11-idna",
"name": "idna",
"version": "3.10",
"supplier": {
@@ -961,7 +865,7 @@
},
{
"type": "library",
- "bom-ref": "14-beautifulsoup4",
+ "bom-ref": "12-beautifulsoup4",
"name": "beautifulsoup4",
"version": "4.12.3",
"supplier": {
@@ -1023,7 +927,7 @@
},
{
"type": "library",
- "bom-ref": "15-soupsieve",
+ "bom-ref": "13-soupsieve",
"name": "soupsieve",
"version": "2.6",
"supplier": {
@@ -1072,7 +976,7 @@
},
{
"type": "library",
- "bom-ref": "16-cvss",
+ "bom-ref": "14-cvss",
"name": "cvss",
"version": "3.3",
"supplier": {
@@ -1146,7 +1050,7 @@
},
{
"type": "library",
- "bom-ref": "17-defusedxml",
+ "bom-ref": "15-defusedxml",
"name": "defusedxml",
"version": "0.7.1",
"supplier": {
@@ -1204,7 +1108,7 @@
},
{
"type": "library",
- "bom-ref": "18-distro",
+ "bom-ref": "16-distro",
"name": "distro",
"version": "1.9.0",
"supplier": {
@@ -1262,7 +1166,7 @@
},
{
"type": "library",
- "bom-ref": "19-filetype",
+ "bom-ref": "17-filetype",
"name": "filetype",
"version": "1.2.0",
"supplier": {
@@ -1320,7 +1224,7 @@
},
{
"type": "library",
- "bom-ref": "20-gsutil",
+ "bom-ref": "18-gsutil",
"name": "gsutil",
"version": "5.33",
"supplier": {
@@ -1378,7 +1282,7 @@
},
{
"type": "library",
- "bom-ref": "21-argcomplete",
+ "bom-ref": "19-argcomplete",
"name": "argcomplete",
"version": "3.5.2",
"supplier": {
@@ -1452,7 +1356,7 @@
},
{
"type": "library",
- "bom-ref": "22-crcmod",
+ "bom-ref": "20-crcmod",
"name": "crcmod",
"version": "1.7",
"supplier": {
@@ -1510,7 +1414,7 @@
},
{
"type": "library",
- "bom-ref": "23-fasteners",
+ "bom-ref": "21-fasteners",
"name": "fasteners",
"version": "0.19",
"supplier": {
@@ -1563,7 +1467,7 @@
},
{
"type": "library",
- "bom-ref": "24-gcs-oauth2-boto-plugin",
+ "bom-ref": "22-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
"version": "3.2",
"supplier": {
@@ -1621,7 +1525,7 @@
},
{
"type": "library",
- "bom-ref": "25-rsa",
+ "bom-ref": "23-rsa",
"name": "rsa",
"version": "4.7.2",
"supplier": {
@@ -1679,7 +1583,7 @@
},
{
"type": "library",
- "bom-ref": "26-pyasn1",
+ "bom-ref": "24-pyasn1",
"name": "pyasn1",
"version": "0.6.1",
"supplier": {
@@ -1753,7 +1657,7 @@
},
{
"type": "library",
- "bom-ref": "27-boto",
+ "bom-ref": "25-boto",
"name": "boto",
"version": "2.49.0",
"supplier": {
@@ -1811,7 +1715,7 @@
},
{
"type": "library",
- "bom-ref": "28-google-reauth",
+ "bom-ref": "26-google-reauth",
"name": "google-reauth",
"version": "0.1.1",
"supplier": {
@@ -1869,7 +1773,7 @@
},
{
"type": "library",
- "bom-ref": "29-pyu2f",
+ "bom-ref": "27-pyu2f",
"name": "pyu2f",
"version": "0.1.5",
"supplier": {
@@ -1927,7 +1831,7 @@
},
{
"type": "library",
- "bom-ref": "30-six",
+ "bom-ref": "28-six",
"name": "six",
"version": "1.17.0",
"supplier": {
@@ -1985,7 +1889,7 @@
},
{
"type": "library",
- "bom-ref": "31-httplib2",
+ "bom-ref": "29-httplib2",
"name": "httplib2",
"version": "0.20.4",
"supplier": {
@@ -2043,7 +1947,7 @@
},
{
"type": "library",
- "bom-ref": "32-pyparsing",
+ "bom-ref": "30-pyparsing",
"name": "pyparsing",
"version": "3.2.0",
"supplier": {
@@ -2092,7 +1996,7 @@
},
{
"type": "library",
- "bom-ref": "33-oauth2client",
+ "bom-ref": "31-oauth2client",
"name": "oauth2client",
"version": "4.1.3",
"supplier": {
@@ -2150,7 +2054,7 @@
},
{
"type": "library",
- "bom-ref": "34-pyasn1-modules",
+ "bom-ref": "32-pyasn1-modules",
"name": "pyasn1-modules",
"version": "0.4.1",
"supplier": {
@@ -2220,7 +2124,7 @@
},
{
"type": "library",
- "bom-ref": "35-pyopenssl",
+ "bom-ref": "33-pyopenssl",
"name": "pyopenssl",
"version": "24.2.1",
"supplier": {
@@ -2282,7 +2186,7 @@
},
{
"type": "library",
- "bom-ref": "36-cryptography",
+ "bom-ref": "34-cryptography",
"name": "cryptography",
"version": "43.0.3",
"supplier": {
@@ -2352,7 +2256,7 @@
},
{
"type": "library",
- "bom-ref": "37-cffi",
+ "bom-ref": "35-cffi",
"name": "cffi",
"version": "1.17.1",
"supplier": {
@@ -2434,7 +2338,7 @@
},
{
"type": "library",
- "bom-ref": "38-pycparser",
+ "bom-ref": "36-pycparser",
"name": "pycparser",
"version": "2.22",
"supplier": {
@@ -2492,7 +2396,7 @@
},
{
"type": "library",
- "bom-ref": "39-retry-decorator",
+ "bom-ref": "37-retry-decorator",
"name": "retry-decorator",
"version": "1.1.1",
"supplier": {
@@ -2550,7 +2454,7 @@
},
{
"type": "library",
- "bom-ref": "40-google-auth",
+ "bom-ref": "38-google-auth",
"name": "google-auth",
"version": "2.17.0",
"supplier": {
@@ -2608,7 +2512,7 @@
},
{
"type": "library",
- "bom-ref": "41-cachetools",
+ "bom-ref": "39-cachetools",
"name": "cachetools",
"version": "5.5.0",
"supplier": {
@@ -2666,7 +2570,7 @@
},
{
"type": "library",
- "bom-ref": "42-google-auth-httplib2",
+ "bom-ref": "40-google-auth-httplib2",
"name": "google-auth-httplib2",
"version": "0.2.0",
"supplier": {
@@ -2724,7 +2628,7 @@
},
{
"type": "library",
- "bom-ref": "43-google-apitools",
+ "bom-ref": "41-google-apitools",
"name": "google-apitools",
"version": "0.5.32",
"supplier": {
@@ -2782,7 +2686,7 @@
},
{
"type": "library",
- "bom-ref": "44-monotonic",
+ "bom-ref": "42-monotonic",
"name": "monotonic",
"version": "1.6",
"supplier": {
@@ -2838,21 +2742,117 @@
}
]
},
+ {
+ "type": "library",
+ "bom-ref": "43-importlib-metadata",
+ "name": "importlib-metadata",
+ "version": "8.0.0",
+ "supplier": {
+ "name": "Jason R .",
+ "contact": [
+ {
+ "email": "jaraco@jaraco.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*",
+ "description": "Read metadata from Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_metadata",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/importlib-metadata@8.0.0",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-25T18:38:02Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "44-zipp",
+ "name": "zipp",
+ "version": "3.21.0",
+ "supplier": {
+ "name": "Jason R .",
+ "contact": [
+ {
+ "email": "jaraco@jaraco.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
+ "description": "Backport of pathlib-compatible object wrapper for zip files",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/jaraco/zipp",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/zipp@3.21.0",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-10T15:05:19Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
{
"type": "library",
"bom-ref": "45-jinja2",
"name": "jinja2",
- "version": "3.1.4",
+ "version": "3.1.5",
"description": "A very fast and expressive template engine.",
"hashes": [
{
"alg": "SHA-256",
- "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
+ "content": "aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jinja2/3.1.4/#files",
+ "url": "https://pypi.org/project/jinja2/3.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -2877,11 +2877,11 @@
"type": "vcs"
}
],
- "purl": "pkg:pypi/jinja2@3.1.4",
+ "purl": "pkg:pypi/jinja2@3.1.5",
"properties": [
{
"name": "release_date",
- "value": "2024-05-05T23:41:59Z"
+ "value": "2024-12-21T18:30:19Z"
},
{
"name": "language",
@@ -3249,7 +3249,7 @@
"type": "library",
"bom-ref": "51-lib4sbom",
"name": "lib4sbom",
- "version": "0.8.0",
+ "version": "0.8.1",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -3258,12 +3258,12 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"hashes": [
{
"alg": "SHA-256",
- "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395"
+ "content": "7fba7451760c49738911b344fef96a3a274baaef6d34ab61e89284c506f0a343"
}
],
"licenses": [
@@ -3282,16 +3282,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.8.0/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.8.0",
+ "purl": "pkg:pypi/lib4sbom@0.8.1",
"properties": [
{
"name": "release_date",
- "value": "2024-12-09T20:13:26Z"
+ "value": "2024-12-18T21:54:27Z"
},
{
"name": "language",
@@ -4232,7 +4232,7 @@
"type": "library",
"bom-ref": "67-urllib3",
"name": "urllib3",
- "version": "2.2.3",
+ "version": "2.3.0",
"supplier": {
"name": "Andrey Petrov",
"contact": [
@@ -4241,17 +4241,11 @@
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.3.0:*:*:*:*:*:*:*",
"description": "HTTP library with thread-safe connection pooling, file post, and more.",
- "hashes": [
- {
- "alg": "SHA-256",
- "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
+ "url": "https://pypi.org/project/urllib3/2.3.0/#files",
"type": "distribution",
"comment": "Download location for component"
},
@@ -4272,11 +4266,11 @@
"type": "issue-tracker"
}
],
- "purl": "pkg:pypi/urllib3@2.2.3",
+ "purl": "pkg:pypi/urllib3@2.3.0",
"properties": [
{
"name": "release_date",
- "value": "2024-09-12T10:52:16Z"
+ "value": "2024-10-09T07:38:02Z"
},
{
"name": "language",
@@ -4526,7 +4520,7 @@
"type": "library",
"bom-ref": "72-elementpath",
"name": "elementpath",
- "version": "4.6.0",
+ "version": "4.7.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -4535,12 +4529,12 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.7.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"hashes": [
{
"alg": "SHA-256",
- "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17"
+ "content": "607804a1b4250ac448c1e2bfaec4ee1c980b0a07cfdb0d9057b57102038ed480"
}
],
"licenses": [
@@ -4559,16 +4553,16 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/elementpath/4.6.0/#files",
+ "url": "https://pypi.org/project/elementpath/4.7.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.6.0",
+ "purl": "pkg:pypi/elementpath@4.7.0",
"properties": [
{
"name": "release_date",
- "value": "2024-10-27T21:52:58Z"
+ "value": "2024-12-20T13:58:04Z"
},
{
"name": "language",
@@ -4650,13 +4644,13 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "14-beautifulsoup4",
- "16-cvss",
- "17-defusedxml",
- "18-distro",
- "19-filetype",
- "20-gsutil",
- "7-importlib-metadata",
+ "12-beautifulsoup4",
+ "14-cvss",
+ "15-defusedxml",
+ "16-distro",
+ "17-filetype",
+ "18-gsutil",
+ "43-importlib-metadata",
"45-jinja2",
"47-jsonschema",
"51-lib4sbom",
@@ -4673,7 +4667,7 @@
"67-urllib3",
"71-xmlschema",
"73-zstandard",
- "8-zipp"
+ "44-zipp"
]
},
{
@@ -4683,9 +4677,9 @@
"4-aiosignal",
"6-attrs",
"5-frozenlist",
- "10-multidict",
- "11-propcache",
- "12-yarl"
+ "7-multidict",
+ "9-propcache",
+ "10-yarl"
]
},
{
@@ -4695,152 +4689,139 @@
]
},
{
- "ref": "6-attrs",
- "dependsOn": [
- "7-importlib-metadata"
- ]
- },
- {
- "ref": "7-importlib-metadata",
- "dependsOn": [
- "8-zipp",
- "9-typing-extensions"
- ]
- },
- {
- "ref": "10-multidict",
+ "ref": "7-multidict",
"dependsOn": [
- "9-typing-extensions"
+ "8-typing-extensions"
]
},
{
- "ref": "12-yarl",
+ "ref": "10-yarl",
"dependsOn": [
- "13-idna",
- "10-multidict",
- "11-propcache"
+ "11-idna",
+ "7-multidict",
+ "9-propcache"
]
},
{
- "ref": "14-beautifulsoup4",
+ "ref": "12-beautifulsoup4",
"dependsOn": [
- "15-soupsieve"
+ "13-soupsieve"
]
},
{
- "ref": "20-gsutil",
+ "ref": "18-gsutil",
"dependsOn": [
- "21-argcomplete",
- "22-crcmod",
- "23-fasteners",
- "24-gcs-oauth2-boto-plugin",
- "43-google-apitools",
- "31-httplib2",
- "28-google-reauth",
- "44-monotonic",
- "35-pyopenssl",
- "39-retry-decorator",
- "30-six",
- "40-google-auth",
- "42-google-auth-httplib2"
+ "19-argcomplete",
+ "20-crcmod",
+ "21-fasteners",
+ "22-gcs-oauth2-boto-plugin",
+ "41-google-apitools",
+ "29-httplib2",
+ "26-google-reauth",
+ "42-monotonic",
+ "33-pyopenssl",
+ "37-retry-decorator",
+ "28-six",
+ "38-google-auth",
+ "40-google-auth-httplib2"
]
},
{
- "ref": "24-gcs-oauth2-boto-plugin",
+ "ref": "22-gcs-oauth2-boto-plugin",
"dependsOn": [
- "25-rsa",
- "27-boto",
- "28-google-reauth",
- "31-httplib2",
- "33-oauth2client",
- "35-pyopenssl",
- "39-retry-decorator",
- "30-six",
- "40-google-auth",
- "42-google-auth-httplib2"
+ "23-rsa",
+ "25-boto",
+ "26-google-reauth",
+ "29-httplib2",
+ "31-oauth2client",
+ "33-pyopenssl",
+ "37-retry-decorator",
+ "28-six",
+ "38-google-auth",
+ "40-google-auth-httplib2"
]
},
{
- "ref": "25-rsa",
+ "ref": "23-rsa",
"dependsOn": [
- "26-pyasn1"
+ "24-pyasn1"
]
},
{
- "ref": "28-google-reauth",
+ "ref": "26-google-reauth",
"dependsOn": [
- "29-pyu2f"
+ "27-pyu2f"
]
},
{
- "ref": "29-pyu2f",
+ "ref": "27-pyu2f",
"dependsOn": [
- "30-six"
+ "28-six"
]
},
{
- "ref": "31-httplib2",
+ "ref": "29-httplib2",
"dependsOn": [
- "32-pyparsing"
+ "30-pyparsing"
]
},
{
- "ref": "33-oauth2client",
+ "ref": "31-oauth2client",
"dependsOn": [
- "31-httplib2",
- "26-pyasn1",
- "34-pyasn1-modules",
- "25-rsa",
- "30-six"
+ "29-httplib2",
+ "24-pyasn1",
+ "32-pyasn1-modules",
+ "23-rsa",
+ "28-six"
]
},
{
- "ref": "34-pyasn1-modules",
+ "ref": "32-pyasn1-modules",
"dependsOn": [
- "26-pyasn1"
+ "24-pyasn1"
]
},
{
- "ref": "35-pyopenssl",
+ "ref": "33-pyopenssl",
"dependsOn": [
- "36-cryptography"
+ "34-cryptography"
]
},
{
- "ref": "36-cryptography",
+ "ref": "34-cryptography",
"dependsOn": [
- "37-cffi"
+ "35-cffi"
]
},
{
- "ref": "37-cffi",
+ "ref": "35-cffi",
"dependsOn": [
- "38-pycparser"
+ "36-pycparser"
]
},
{
- "ref": "40-google-auth",
+ "ref": "38-google-auth",
"dependsOn": [
- "41-cachetools",
- "34-pyasn1-modules",
- "30-six",
- "25-rsa"
+ "39-cachetools",
+ "32-pyasn1-modules",
+ "28-six",
+ "23-rsa"
]
},
{
- "ref": "42-google-auth-httplib2",
+ "ref": "40-google-auth-httplib2",
"dependsOn": [
- "40-google-auth",
- "31-httplib2"
+ "38-google-auth",
+ "29-httplib2"
]
},
{
- "ref": "43-google-apitools",
+ "ref": "41-google-apitools",
"dependsOn": [
- "31-httplib2",
- "23-fasteners",
- "33-oauth2client",
- "30-six"
+ "29-httplib2",
+ "21-fasteners",
+ "31-oauth2client",
+ "28-six"
]
},
{
@@ -4876,7 +4857,7 @@
"dependsOn": [
"52-pyyaml",
"53-semantic-version",
- "17-defusedxml"
+ "15-defusedxml"
]
},
{
@@ -4899,7 +4880,7 @@
"dependsOn": [
"58-markdown-it-py",
"60-pygments",
- "9-typing-extensions"
+ "8-typing-extensions"
]
},
{
@@ -4919,7 +4900,7 @@
"ref": "65-requests",
"dependsOn": [
"66-charset-normalizer",
- "13-idna",
+ "11-idna",
"67-urllib3",
"68-certifi"
]
@@ -4933,7 +4914,7 @@
{
"ref": "73-zstandard",
"dependsOn": [
- "37-cffi"
+ "35-cffi"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index a5c39654ae..5295ab4e27 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c6831ef6-a03c-48eb-a9a4-f1950eb624d9
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-60dfe3c5-3476-48bd-b46c-8ac18237082c
LicenseListVersion: 3.25
Creator: Tool: sbom4python-0.12.1
-Created: 2024-12-16T00:38:46Z
+Created: 2024-12-23T00:36:31Z
CreatorComment: This document has been automatically generated.
#####
@@ -23,24 +23,24 @@ PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
ReleaseDate: 2024-09-17T18:57:44Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
PackageName: aiohttp
SPDXID: SPDXRef-2-aiohttp
-PackageVersion: 3.11.10
+PackageVersion: 3.11.11
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.11/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
-PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d
+PackageChecksum: SHA256: a60804bff28662cbcf340a4d61598891f12eea3a66af48ecfdc975ceec21e3c8
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ReleaseDate: 2024-12-05T23:51:02Z
+ReleaseDate: 2024-12-18T21:17:26Z
ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
@@ -49,7 +49,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
ExternalRef: OTHER other https://docs.aiohttp.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.11.11
#####
PackageName: aiohappyeyeballs
@@ -70,7 +70,7 @@ ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/is
ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
@@ -94,7 +94,7 @@ ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
ExternalRef: OTHER other https://docs.aiosignal.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.2
#####
PackageName: frozenlist
@@ -121,69 +121,61 @@ ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGE
ExternalRef: OTHER other https://frozenlist.aio-libs.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
PackageName: attrs
SPDXID: SPDXRef-6-attrs
-PackageVersion: 24.2.0
+PackageVersion: 24.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
-PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
+PackageDownloadLocation: https://pypi.org/project/attrs/24.3.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2
+PackageChecksum: SHA256: ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
-ReleaseDate: 2024-08-06T14:37:36Z
+ReleaseDate: 2024-12-16T06:59:26Z
ExternalRef: OTHER documentation https://www.attrs.org/
ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
ExternalRef: OTHER other https://github.com/sponsors/hynek
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@24.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.3.0:*:*:*:*:*:*:*
#####
-PackageName: importlib-metadata
-SPDXID: SPDXRef-7-importlib-metadata
-PackageVersion: 8.0.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files
-FilesAnalyzed: false
-PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Read metadata from Python packages
-ReleaseDate: 2024-06-25T18:38:02Z
-ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*
-#####
-
-PackageName: zipp
-SPDXID: SPDXRef-8-zipp
-PackageVersion: 3.21.0
+PackageName: multidict
+SPDXID: SPDXRef-7-multidict
+PackageVersion: 6.1.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
+PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
+PackageHomePage: https://github.com/aio-libs/multidict
+PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ReleaseDate: 2024-11-10T15:05:19Z
-ExternalRef: OTHER vcs https://github.com/jaraco/zipp
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
+PackageSummary: multidict implementation
+ReleaseDate: 2024-09-09T23:47:18Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
+ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://multidict.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.1.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
#####
PackageName: typing-extensions
-SPDXID: SPDXRef-9-typing-extensions
+SPDXID: SPDXRef-8-typing-extensions
PackageVersion: 4.12.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
@@ -201,40 +193,12 @@ ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHA
ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
ExternalRef: OTHER other https://github.com/python/typing/discussions
ExternalRef: OTHER vcs https://github.com/python/typing_extensions
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.12.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
#####
-PackageName: multidict
-SPDXID: SPDXRef-10-multidict
-PackageVersion: 6.1.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/aio-libs/multidict
-PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: multidict implementation
-ReleaseDate: 2024-09-09T23:47:18Z
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
-ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
-ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
-ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
-ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
-ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
-ExternalRef: OTHER other https://multidict.aio-libs.org
-ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
-ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
-#####
-
PackageName: propcache
-SPDXID: SPDXRef-11-propcache
+SPDXID: SPDXRef-9-propcache
PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
@@ -256,12 +220,12 @@ ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
ExternalRef: OTHER other https://propcache.readthedocs.io
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
-SPDXID: SPDXRef-12-yarl
+SPDXID: SPDXRef-10-yarl
PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
@@ -283,12 +247,12 @@ ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
ExternalRef: OTHER other https://yarl.aio-libs.org
ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.18.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-13-idna
+SPDXID: SPDXRef-11-idna
PackageVersion: 3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
@@ -303,12 +267,12 @@ ReleaseDate: 2024-09-15T18:07:37Z
ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
ExternalRef: OTHER vcs https://github.com/kjd/idna
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
#####
PackageName: beautifulsoup4
-SPDXID: SPDXRef-14-beautifulsoup4
+SPDXID: SPDXRef-12-beautifulsoup4
PackageVersion: 4.12.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
@@ -323,12 +287,12 @@ PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
ReleaseDate: 2024-01-17T16:53:12Z
ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
-SPDXID: SPDXRef-15-soupsieve
+SPDXID: SPDXRef-13-soupsieve
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
@@ -341,12 +305,12 @@ PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
ReleaseDate: 2024-08-13T13:39:10Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-16-cvss
+SPDXID: SPDXRef-14-cvss
PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
@@ -364,12 +328,12 @@ ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
-SPDXID: SPDXRef-17-defusedxml
+SPDXID: SPDXRef-15-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
@@ -383,12 +347,12 @@ PackageLicenseComments: defusedxml declares PSFL which is not currently a
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
ReleaseDate: 2021-03-08T10:59:24Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
PackageName: distro
-SPDXID: SPDXRef-18-distro
+SPDXID: SPDXRef-16-distro
PackageVersion: 1.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
@@ -402,12 +366,12 @@ PackageLicenseComments: distro declares Apache License, Version 2.0 which
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
ReleaseDate: 2023-12-24T09:54:30Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
PackageName: filetype
-SPDXID: SPDXRef-19-filetype
+SPDXID: SPDXRef-17-filetype
PackageVersion: 1.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
@@ -420,12 +384,12 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
ReleaseDate: 2022-11-02T17:34:01Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-20-gsutil
+SPDXID: SPDXRef-18-gsutil
PackageVersion: 5.33
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
@@ -439,12 +403,12 @@ PackageLicenseComments: gsutil declares Apache 2.0 which is not currently
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
ReleaseDate: 2024-12-11T09:40:59Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.33
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-21-argcomplete
+SPDXID: SPDXRef-19-argcomplete
PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
@@ -462,12 +426,12 @@ ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.5.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-22-crcmod
+SPDXID: SPDXRef-20-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
@@ -480,12 +444,12 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
ReleaseDate: 2010-06-27T14:35:29Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-23-fasteners
+SPDXID: SPDXRef-21-fasteners
PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
@@ -498,12 +462,12 @@ PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
ReleaseDate: 2023-09-19T17:11:18Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-24-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-22-gcs-oauth2-boto-plugin
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
@@ -517,12 +481,12 @@ PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which i
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
ReleaseDate: 2024-05-02T14:37:31Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
PackageName: rsa
-SPDXID: SPDXRef-25-rsa
+SPDXID: SPDXRef-23-rsa
PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
@@ -536,12 +500,12 @@ PackageLicenseComments: rsa declares ASL 2 which is not currently a valid
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python RSA implementation
ReleaseDate: 2021-02-24T10:55:03Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
PackageName: pyasn1
-SPDXID: SPDXRef-26-pyasn1
+SPDXID: SPDXRef-24-pyasn1
PackageVersion: 0.6.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
@@ -558,12 +522,12 @@ ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.6.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
#####
PackageName: boto
-SPDXID: SPDXRef-27-boto
+SPDXID: SPDXRef-25-boto
PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
@@ -576,12 +540,12 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Amazon Web Services Library
ReleaseDate: 2018-07-11T20:58:55Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
PackageName: google-reauth
-SPDXID: SPDXRef-28-google-reauth
+SPDXID: SPDXRef-26-google-reauth
PackageVersion: 0.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google (googleapis-publisher@google.com)
@@ -595,12 +559,12 @@ PackageLicenseComments: google-reauth declares Apache 2.0 which is not cur
PackageCopyrightText: NOASSERTION
PackageSummary: Google Reauth Library
ReleaseDate: 2020-12-01T17:35:45Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
PackageName: pyu2f
-SPDXID: SPDXRef-29-pyu2f
+SPDXID: SPDXRef-27-pyu2f
PackageVersion: 0.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
@@ -614,12 +578,12 @@ PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a
PackageCopyrightText: NOASSERTION
PackageSummary: U2F host library for interacting with a U2F device over USB.
ReleaseDate: 2020-10-30T20:03:07Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-30-six
+SPDXID: SPDXRef-28-six
PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
@@ -632,12 +596,12 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
ReleaseDate: 2024-12-04T17:35:26Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.17.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
PackageName: httplib2
-SPDXID: SPDXRef-31-httplib2
+SPDXID: SPDXRef-29-httplib2
PackageVersion: 0.20.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
@@ -650,12 +614,12 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
ReleaseDate: 2022-02-03T00:00:29Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
PackageName: pyparsing
-SPDXID: SPDXRef-32-pyparsing
+SPDXID: SPDXRef-30-pyparsing
PackageVersion: 3.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
@@ -668,12 +632,12 @@ PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
ReleaseDate: 2024-10-13T10:01:13Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*
#####
PackageName: oauth2client
-SPDXID: SPDXRef-33-oauth2client
+SPDXID: SPDXRef-31-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
@@ -687,12 +651,12 @@ PackageLicenseComments: oauth2client declares Apache 2.0 which is not curr
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
ReleaseDate: 2018-09-07T21:38:16Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
PackageName: pyasn1-modules
-SPDXID: SPDXRef-34-pyasn1-modules
+SPDXID: SPDXRef-32-pyasn1-modules
PackageVersion: 0.4.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
@@ -709,12 +673,12 @@ ReleaseDate: 2024-09-10T22:42:08Z
ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
#####
PackageName: pyopenssl
-SPDXID: SPDXRef-35-pyopenssl
+SPDXID: SPDXRef-33-pyopenssl
PackageVersion: 24.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
@@ -729,12 +693,12 @@ PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
ReleaseDate: 2024-07-20T17:26:29Z
ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@24.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
-SPDXID: SPDXRef-36-cryptography
+SPDXID: SPDXRef-34-cryptography
PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
@@ -751,12 +715,12 @@ ExternalRef: OTHER documentation https://cryptography.io/
ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@43.0.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
-SPDXID: SPDXRef-37-cffi
+SPDXID: SPDXRef-35-cffi
PackageVersion: 1.17.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
@@ -775,12 +739,12 @@ ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
PackageName: pycparser
-SPDXID: SPDXRef-38-pycparser
+SPDXID: SPDXRef-36-pycparser
PackageVersion: 2.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
@@ -793,12 +757,12 @@ PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
ReleaseDate: 2024-03-30T13:22:20Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.22
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
PackageName: retry-decorator
-SPDXID: SPDXRef-39-retry-decorator
+SPDXID: SPDXRef-37-retry-decorator
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
@@ -811,12 +775,12 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
ReleaseDate: 2020-03-10T23:56:29Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
PackageName: google-auth
-SPDXID: SPDXRef-40-google-auth
+SPDXID: SPDXRef-38-google-auth
PackageVersion: 2.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
@@ -830,12 +794,12 @@ PackageLicenseComments: google-auth declares Apache 2.0 which is not curre
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
ReleaseDate: 2023-03-28T19:51:30Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.17.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
#####
PackageName: cachetools
-SPDXID: SPDXRef-41-cachetools
+SPDXID: SPDXRef-39-cachetools
PackageVersion: 5.5.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
@@ -848,12 +812,12 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Extensible memoizing collections and decorators
ReleaseDate: 2024-08-18T20:28:43Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.5.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
#####
PackageName: google-auth-httplib2
-SPDXID: SPDXRef-42-google-auth-httplib2
+SPDXID: SPDXRef-40-google-auth-httplib2
PackageVersion: 0.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
@@ -867,12 +831,12 @@ PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library: httplib2 transport
ReleaseDate: 2023-12-12T17:40:13Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
#####
PackageName: google-apitools
-SPDXID: SPDXRef-43-google-apitools
+SPDXID: SPDXRef-41-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
@@ -886,12 +850,12 @@ PackageLicenseComments: google-apitools declares Apache 2.0 which is not c
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
ReleaseDate: 2021-05-05T22:12:58Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-44-monotonic
+SPDXID: SPDXRef-42-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
@@ -905,29 +869,65 @@ PackageLicenseComments: monotonic declares Apache which is not currently a
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
ReleaseDate: 2021-04-09T21:58:05Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
+PackageName: importlib-metadata
+SPDXID: SPDXRef-43-importlib-metadata
+PackageVersion: 8.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read metadata from Python packages
+ReleaseDate: 2024-06-25T18:38:02Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@8.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zipp
+SPDXID: SPDXRef-44-zipp
+PackageVersion: 3.21.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backport of pathlib-compatible object wrapper for zip files
+ReleaseDate: 2024-11-10T15:05:19Z
+ExternalRef: OTHER vcs https://github.com/jaraco/zipp
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
+#####
+
PackageName: jinja2
SPDXID: SPDXRef-45-jinja2
-PackageVersion: 3.1.4
+PackageVersion: 3.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files
+PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.5/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
+PackageChecksum: SHA256: aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
-ReleaseDate: 2024-05-05T23:41:59Z
+ReleaseDate: 2024-12-21T18:30:19Z
ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
ExternalRef: OTHER chat https://discord.gg/pallets
ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
ExternalRef: OTHER other https://palletsprojects.com/donate
ExternalRef: OTHER vcs https://github.com/pallets/jinja/
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.5
#####
PackageName: markupsafe
@@ -977,7 +977,7 @@ ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
ExternalRef: OTHER chat https://discord.gg/pallets
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@3.0.2
#####
PackageName: jsonschema
@@ -1000,7 +1000,7 @@ ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
@@ -1023,7 +1023,7 @@ ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema
ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*
#####
@@ -1047,7 +1047,7 @@ ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.35.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
@@ -1071,26 +1071,26 @@ ExternalRef: OTHER other https://github.com/sponsors/Julian
ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
ExternalRef: OTHER vcs https://github.com/crate-py/rpds
ExternalRef: OTHER other https://github.com/orium/rpds
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.22.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-51-lib4sbom
-PackageVersion: 0.8.0
+PackageVersion: 0.8.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
-PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395
+PackageChecksum: SHA256: 7fba7451760c49738911b344fef96a3a274baaef6d34ab61e89284c506f0a343
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ReleaseDate: 2024-12-09T20:13:26Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-18T21:54:27Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.1:*:*:*:*:*:*:*
#####
PackageName: pyyaml
@@ -1112,7 +1112,7 @@ ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
@@ -1131,7 +1131,7 @@ PackageLicenseComments: semantic-version declares BSD which is not current
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
ReleaseDate: 2022-05-26T13:35:21Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
@@ -1149,7 +1149,7 @@ PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
ReleaseDate: 2024-08-29T20:36:52Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4vex@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
#####
@@ -1167,7 +1167,7 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CSAF generator and analyser
ReleaseDate: 2024-06-12T20:10:06Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/csaf-tool@0.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
#####
@@ -1185,7 +1185,7 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
ReleaseDate: 2024-10-22T05:51:23Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
@@ -1204,7 +1204,7 @@ PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
ReleaseDate: 2024-11-01T16:43:55Z
ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
@@ -1223,7 +1223,7 @@ PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
ReleaseDate: 2023-06-03T06:41:11Z
ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
@@ -1241,7 +1241,7 @@ PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
ReleaseDate: 2022-08-14T12:40:09Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
@@ -1263,7 +1263,7 @@ ExternalRef: OTHER documentation https://pygments.org/docs
ExternalRef: OTHER vcs https://github.com/pygments/pygments
ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
@@ -1285,7 +1285,7 @@ ReleaseDate: 2024-09-20T16:43:47Z
ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
#####
@@ -1304,7 +1304,7 @@ PackageSummary: Core utilities for Python packages
ReleaseDate: 2024-11-08T09:47:44Z
ExternalRef: OTHER documentation https://packaging.pypa.io/
ExternalRef: OTHER vcs https://github.com/pypa/packaging
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
@@ -1325,7 +1325,7 @@ ReleaseDate: 2024-09-12T15:36:24Z
ExternalRef: OTHER documentation https://plotly.com/python/
ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
#####
@@ -1344,7 +1344,7 @@ PackageLicenseComments: tenacity declares Apache 2.0 which is not currentl
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
ReleaseDate: 2024-07-29T12:12:25Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@9.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
#####
@@ -1364,7 +1364,7 @@ PackageSummary: Python HTTP for Humans.
ReleaseDate: 2024-05-29T15:37:47Z
ExternalRef: OTHER documentation https://requests.readthedocs.io
ExternalRef: OTHER vcs https://github.com/psf/requests
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
#####
@@ -1384,29 +1384,28 @@ PackageSummary: The Real First Universal Charset Detector. Open, modern an
ReleaseDate: 2024-10-09T07:38:02Z
ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
#####
PackageName: urllib3
SPDXID: SPDXRef-67-urllib3
-PackageVersion: 2.2.3
+PackageVersion: 2.3.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
-PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
+PackageDownloadLocation: https://pypi.org/project/urllib3/2.3.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
-ReleaseDate: 2024-09-12T10:52:16Z
+ReleaseDate: 2024-10-09T07:38:02Z
ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
ExternalRef: OTHER documentation https://urllib3.readthedocs.io
ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.3.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.3.0:*:*:*:*:*:*:*
#####
PackageName: certifi
@@ -1424,7 +1423,7 @@ PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
ReleaseDate: 2024-12-14T13:52:36Z
ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2024.12.14
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
#####
@@ -1442,7 +1441,7 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
ReleaseDate: 2024-07-24T21:57:45Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
@@ -1462,7 +1461,7 @@ ReleaseDate: 2024-11-20T18:16:10Z
ExternalRef: OTHER vcs https://github.com/pypa/setuptools
ExternalRef: OTHER documentation https://setuptools.pypa.io/
ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
@@ -1480,26 +1479,26 @@ PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
ReleaseDate: 2024-10-31T09:47:12Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.4.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-72-elementpath
-PackageVersion: 4.6.0
+PackageVersion: 4.7.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.7.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
-PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17
+PackageChecksum: SHA256: 607804a1b4250ac448c1e2bfaec4ee1c980b0a07cfdb0d9057b57102038ed480
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ReleaseDate: 2024-10-27T21:52:58Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-20T13:58:04Z
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.7.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.7.0:*:*:*:*:*:*:*
#####
PackageName: zstandard
@@ -1517,17 +1516,19 @@ PackageLicenseComments: zstandard declares BSD which is not currently a va
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
ReleaseDate: 2024-07-15T00:13:27Z
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-filetype
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-12-beautifulsoup4
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-cvss
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-defusedxml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-distro
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-filetype
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-gsutil
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-43-importlib-metadata
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-zipp
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jinja2
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jsonschema
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4sbom
@@ -1541,70 +1542,67 @@ Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-requests
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-rpmfile
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-setuptools
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zstandard
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp
-Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions
-Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-10-multidict
-Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-11-propcache
-Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-13-idna
-Relationship: SPDXRef-14-beautifulsoup4 DEPENDS_ON SPDXRef-15-soupsieve
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-propcache
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-yarl
+Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna
+Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-7-multidict
+Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-9-propcache
+Relationship: SPDXRef-12-beautifulsoup4 DEPENDS_ON SPDXRef-13-soupsieve
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-19-argcomplete
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-20-crcmod
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-21-fasteners
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-22-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-26-google-reauth
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-28-six
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-29-httplib2
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-33-pyopenssl
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-37-retry-decorator
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-38-google-auth
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-40-google-auth-httplib2
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-41-google-apitools
+Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-42-monotonic
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-21-argcomplete
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-22-crcmod
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-23-fasteners
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-24-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-28-google-reauth
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-31-httplib2
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-35-pyopenssl
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-39-retry-decorator
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-40-google-auth
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-42-google-auth-httplib2
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-43-google-apitools
-Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-44-monotonic
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-rsa
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-boto
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-google-reauth
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-httplib2
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-oauth2client
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth
-Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-42-google-auth-httplib2
-Relationship: SPDXRef-25-rsa DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-28-google-reauth DEPENDS_ON SPDXRef-29-pyu2f
-Relationship: SPDXRef-29-pyu2f DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-31-httplib2 DEPENDS_ON SPDXRef-32-pyparsing
-Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-25-rsa
-Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-31-httplib2
-Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-34-pyasn1-modules
-Relationship: SPDXRef-34-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-35-pyopenssl DEPENDS_ON SPDXRef-36-cryptography
-Relationship: SPDXRef-36-cryptography DEPENDS_ON SPDXRef-37-cffi
-Relationship: SPDXRef-37-cffi DEPENDS_ON SPDXRef-38-pycparser
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-propcache
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-rsa
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-boto
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-google-reauth
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-httplib2
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-oauth2client
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-pyopenssl
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-retry-decorator
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-38-google-auth
+Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth-httplib2
+Relationship: SPDXRef-23-rsa DEPENDS_ON SPDXRef-24-pyasn1
+Relationship: SPDXRef-26-google-reauth DEPENDS_ON SPDXRef-27-pyu2f
+Relationship: SPDXRef-27-pyu2f DEPENDS_ON SPDXRef-28-six
+Relationship: SPDXRef-29-httplib2 DEPENDS_ON SPDXRef-30-pyparsing
+Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-23-rsa
+Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-24-pyasn1
+Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-28-six
+Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-29-httplib2
+Relationship: SPDXRef-31-oauth2client DEPENDS_ON SPDXRef-32-pyasn1-modules
+Relationship: SPDXRef-32-pyasn1-modules DEPENDS_ON SPDXRef-24-pyasn1
+Relationship: SPDXRef-33-pyopenssl DEPENDS_ON SPDXRef-34-cryptography
+Relationship: SPDXRef-34-cryptography DEPENDS_ON SPDXRef-35-cffi
+Relationship: SPDXRef-35-cffi DEPENDS_ON SPDXRef-36-pycparser
+Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-23-rsa
+Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-28-six
+Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-32-pyasn1-modules
+Relationship: SPDXRef-38-google-auth DEPENDS_ON SPDXRef-39-cachetools
Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-25-rsa
-Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-34-pyasn1-modules
-Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-41-cachetools
-Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-31-httplib2
-Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-40-google-auth
-Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-23-fasteners
-Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-30-six
-Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-31-httplib2
-Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-33-oauth2client
+Relationship: SPDXRef-40-google-auth-httplib2 DEPENDS_ON SPDXRef-29-httplib2
+Relationship: SPDXRef-40-google-auth-httplib2 DEPENDS_ON SPDXRef-38-google-auth
+Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-21-fasteners
+Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-28-six
+Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-29-httplib2
+Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-31-oauth2client
Relationship: SPDXRef-45-jinja2 DEPENDS_ON SPDXRef-46-markupsafe
Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-48-jsonschema-specifications
Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-49-referencing
@@ -1613,7 +1611,7 @@ Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-6-attrs
Relationship: SPDXRef-48-jsonschema-specifications DEPENDS_ON SPDXRef-49-referencing
Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-50-rpds-py
Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-17-defusedxml
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-15-defusedxml
Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-52-pyyaml
Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-53-semantic-version
Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-51-lib4sbom
@@ -1623,17 +1621,15 @@ Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python
Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich
Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py
Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments
-Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-8-typing-extensions
Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl
-Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata
Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging
Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity
-Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-13-idna
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-11-idna
Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-66-charset-normalizer
Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-67-urllib3
Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-68-certifi
-Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp
-Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-7-multidict DEPENDS_ON SPDXRef-8-typing-extensions
Relationship: SPDXRef-71-xmlschema DEPENDS_ON SPDXRef-72-elementpath
-Relationship: SPDXRef-73-zstandard DEPENDS_ON SPDXRef-37-cffi
+Relationship: SPDXRef-73-zstandard DEPENDS_ON SPDXRef-35-cffi
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool