From 3668e446c1a506916ed47247239b8b858b680551 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 23 Dec 2024 00:36:40 +0000 Subject: [PATCH] chore: update SBOM for Python 3.8 --- sbom/cve-bin-tool-py3.8.json | 764 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.8.spdx | 663 +++++++++++++++--------------- 2 files changed, 710 insertions(+), 717 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index e6a506694b..74569d7233 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:f9224672-5e3f-460a-8fd4-51f97229adfe", + "serialNumber": "urn:uuid:972fe4d1-dcd3-4c2c-946e-793d08eda43c", "version": 1, "metadata": { - "timestamp": "2024-12-16T00:39:25Z", + "timestamp": "2024-12-23T00:36:39Z", "lifecycles": [ { "phase": "build" @@ -402,7 +402,7 @@ "type": "library", "bom-ref": "6-attrs", "name": "attrs", - "version": "24.2.0", + "version": "24.3.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -411,17 +411,17 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.3.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", "hashes": [ { "alg": "SHA-256", - "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2" + "content": "ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308" } ], "externalReferences": [ { - "url": "https://pypi.org/project/attrs/24.2.0/#files", + "url": "https://pypi.org/project/attrs/24.3.0/#files", "type": "distribution", "comment": "Download location for component" }, @@ -446,11 +446,11 @@ "type": "other" } ], - "purl": "pkg:pypi/attrs@24.2.0", + "purl": "pkg:pypi/attrs@24.3.0", "properties": [ { "name": "release_date", - "value": "2024-08-06T14:37:36Z" + "value": "2024-12-16T06:59:26Z" }, { "name": "language", @@ -464,89 +464,87 @@ }, { "type": "library", - "bom-ref": "7-importlib-metadata", - "name": "importlib-metadata", - "version": "8.5.0", + "bom-ref": "7-multidict", + "name": "multidict", + "version": "6.1.0", "supplier": { - "name": "Jason R .", + "name": "Andrew Svetlov", "contact": [ { - "email": "jaraco@jaraco.com" + "email": "andrew.svetlov@gmail.com" } ] }, - "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", - "description": "Read metadata from Python packages", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", + "description": "multidict implementation", "hashes": [ { "alg": "SHA-256", - "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b" + "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60" + } + ], + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } } ], "externalReferences": [ { - "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", + "url": "https://github.com/aio-libs/multidict", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/multidict/6.1.0/#files", "type": "distribution", "comment": "Download location for component" }, { - "url": "https://github.com/python/importlib_metadata", - "type": "vcs" - } - ], - "purl": "pkg:pypi/importlib-metadata@8.5.0", - "properties": [ + "url": "https://matrix.to/#/#aio-libs:matrix.org", + "type": "other" + }, { - "name": "release_date", - "value": "2024-09-11T14:56:07Z" + "url": "https://matrix.to/#/#aio-libs-space:matrix.org", + "type": "other" }, { - "name": "language", - "value": "Python" + "url": "https://github.com/aio-libs/multidict/actions", + "type": "build-system" }, { - "name": "python_version", - "value": "3.8.18" - } - ] - }, - { - "type": "library", - "bom-ref": "8-zipp", - "name": "zipp", - "version": "3.20.2", - "supplier": { - "name": "Jason R .", - "contact": [ - { - "email": "jaraco@jaraco.com" - } - ] - }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", - "description": "Backport of pathlib-compatible object wrapper for zip files", - "hashes": [ + "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", + "type": "other" + }, { - "alg": "SHA-256", - "content": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350" - } - ], - "externalReferences": [ + "url": "https://codecov.io/github/aio-libs/multidict", + "type": "other" + }, { - "url": "https://pypi.org/project/zipp/3.20.2/#files", - "type": "distribution", - "comment": "Download location for component" + "url": "https://multidict.aio-libs.org/en/latest/changes/", + "type": "log" }, { - "url": "https://github.com/jaraco/zipp", + "url": "https://multidict.aio-libs.org", + "type": "other" + }, + { + "url": "https://github.com/aio-libs/multidict/issues", + "type": "issue-tracker" + }, + { + "url": "https://github.com/aio-libs/multidict", "type": "vcs" } ], - "purl": "pkg:pypi/zipp@3.20.2", + "purl": "pkg:pypi/multidict@6.1.0", "properties": [ { "name": "release_date", - "value": "2024-09-13T13:44:14Z" + "value": "2024-09-09T23:47:18Z" }, { "name": "language", @@ -560,7 +558,7 @@ }, { "type": "library", - "bom-ref": "9-typing-extensions", + "bom-ref": "8-typing-extensions", "name": "typing-extensions", "version": "4.12.2", "supplier": { @@ -629,101 +627,7 @@ }, { "type": "library", - "bom-ref": "10-multidict", - "name": "multidict", - "version": "6.1.0", - "supplier": { - "name": "Andrew Svetlov", - "contact": [ - { - "email": "andrew.svetlov@gmail.com" - } - ] - }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", - "description": "multidict implementation", - "hashes": [ - { - "alg": "SHA-256", - "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60" - } - ], - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "url": "https://www.apache.org/licenses/LICENSE-2.0", - "acknowledgement": "concluded" - } - } - ], - "externalReferences": [ - { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/multidict/6.1.0/#files", - "type": "distribution", - "comment": "Download location for component" - }, - { - "url": "https://matrix.to/#/#aio-libs:matrix.org", - "type": "other" - }, - { - "url": "https://matrix.to/#/#aio-libs-space:matrix.org", - "type": "other" - }, - { - "url": "https://github.com/aio-libs/multidict/actions", - "type": "build-system" - }, - { - "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md", - "type": "other" - }, - { - "url": "https://codecov.io/github/aio-libs/multidict", - "type": "other" - }, - { - "url": "https://multidict.aio-libs.org/en/latest/changes/", - "type": "log" - }, - { - "url": "https://multidict.aio-libs.org", - "type": "other" - }, - { - "url": "https://github.com/aio-libs/multidict/issues", - "type": "issue-tracker" - }, - { - "url": "https://github.com/aio-libs/multidict", - "type": "vcs" - } - ], - "purl": "pkg:pypi/multidict@6.1.0", - "properties": [ - { - "name": "release_date", - "value": "2024-09-09T23:47:18Z" - }, - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.8.18" - } - ] - }, - { - "type": "library", - "bom-ref": "11-yarl", + "bom-ref": "9-yarl", "name": "yarl", "version": "1.15.2", "supplier": { @@ -817,7 +721,7 @@ }, { "type": "library", - "bom-ref": "12-idna", + "bom-ref": "10-idna", "name": "idna", "version": "3.10", "supplier": { @@ -873,7 +777,7 @@ }, { "type": "library", - "bom-ref": "13-propcache", + "bom-ref": "11-propcache", "name": "propcache", "version": "0.2.0", "supplier": { @@ -967,7 +871,7 @@ }, { "type": "library", - "bom-ref": "14-async-timeout", + "bom-ref": "12-async-timeout", "name": "async-timeout", "version": "5.0.1", "supplier": { @@ -1045,7 +949,7 @@ }, { "type": "library", - "bom-ref": "15-beautifulsoup4", + "bom-ref": "13-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -1107,7 +1011,7 @@ }, { "type": "library", - "bom-ref": "16-soupsieve", + "bom-ref": "14-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -1156,7 +1060,7 @@ }, { "type": "library", - "bom-ref": "17-cvss", + "bom-ref": "15-cvss", "name": "cvss", "version": "3.3", "supplier": { @@ -1230,7 +1134,7 @@ }, { "type": "library", - "bom-ref": "18-defusedxml", + "bom-ref": "16-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -1288,7 +1192,7 @@ }, { "type": "library", - "bom-ref": "19-distro", + "bom-ref": "17-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -1346,7 +1250,7 @@ }, { "type": "library", - "bom-ref": "20-filetype", + "bom-ref": "18-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -1404,7 +1308,7 @@ }, { "type": "library", - "bom-ref": "21-gsutil", + "bom-ref": "19-gsutil", "name": "gsutil", "version": "5.33", "supplier": { @@ -1462,7 +1366,7 @@ }, { "type": "library", - "bom-ref": "22-argcomplete", + "bom-ref": "20-argcomplete", "name": "argcomplete", "version": "3.5.2", "supplier": { @@ -1536,7 +1440,7 @@ }, { "type": "library", - "bom-ref": "23-crcmod", + "bom-ref": "21-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -1594,7 +1498,7 @@ }, { "type": "library", - "bom-ref": "24-fasteners", + "bom-ref": "22-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -1647,7 +1551,7 @@ }, { "type": "library", - "bom-ref": "25-gcs-oauth2-boto-plugin", + "bom-ref": "23-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -1705,7 +1609,7 @@ }, { "type": "library", - "bom-ref": "26-rsa", + "bom-ref": "24-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1763,7 +1667,7 @@ }, { "type": "library", - "bom-ref": "27-pyasn1", + "bom-ref": "25-pyasn1", "name": "pyasn1", "version": "0.6.1", "supplier": { @@ -1837,7 +1741,7 @@ }, { "type": "library", - "bom-ref": "28-boto", + "bom-ref": "26-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -1895,7 +1799,7 @@ }, { "type": "library", - "bom-ref": "29-google-reauth", + "bom-ref": "27-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1953,7 +1857,7 @@ }, { "type": "library", - "bom-ref": "30-pyu2f", + "bom-ref": "28-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -2011,7 +1915,7 @@ }, { "type": "library", - "bom-ref": "31-six", + "bom-ref": "29-six", "name": "six", "version": "1.17.0", "supplier": { @@ -2069,7 +1973,7 @@ }, { "type": "library", - "bom-ref": "32-httplib2", + "bom-ref": "30-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -2127,7 +2031,7 @@ }, { "type": "library", - "bom-ref": "33-pyparsing", + "bom-ref": "31-pyparsing", "name": "pyparsing", "version": "3.1.4", "supplier": { @@ -2176,7 +2080,7 @@ }, { "type": "library", - "bom-ref": "34-oauth2client", + "bom-ref": "32-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -2234,7 +2138,7 @@ }, { "type": "library", - "bom-ref": "35-pyasn1-modules", + "bom-ref": "33-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.1", "supplier": { @@ -2304,7 +2208,7 @@ }, { "type": "library", - "bom-ref": "36-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -2366,7 +2270,7 @@ }, { "type": "library", - "bom-ref": "37-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", "version": "43.0.3", "supplier": { @@ -2436,7 +2340,7 @@ }, { "type": "library", - "bom-ref": "38-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.17.1", "supplier": { @@ -2518,7 +2422,7 @@ }, { "type": "library", - "bom-ref": "39-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -2576,7 +2480,7 @@ }, { "type": "library", - "bom-ref": "40-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -2634,7 +2538,7 @@ }, { "type": "library", - "bom-ref": "41-google-auth", + "bom-ref": "39-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -2692,7 +2596,7 @@ }, { "type": "library", - "bom-ref": "42-cachetools", + "bom-ref": "40-cachetools", "name": "cachetools", "version": "5.5.0", "supplier": { @@ -2750,7 +2654,7 @@ }, { "type": "library", - "bom-ref": "43-google-auth-httplib2", + "bom-ref": "41-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -2808,7 +2712,7 @@ }, { "type": "library", - "bom-ref": "44-google-apitools", + "bom-ref": "42-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -2866,7 +2770,7 @@ }, { "type": "library", - "bom-ref": "45-monotonic", + "bom-ref": "43-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -2924,19 +2828,19 @@ }, { "type": "library", - "bom-ref": "46-jinja2", + "bom-ref": "44-jinja2", "name": "jinja2", - "version": "3.1.4", + "version": "3.1.5", "description": "A very fast and expressive template engine.", "hashes": [ { "alg": "SHA-256", - "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d" + "content": "aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb" } ], "externalReferences": [ { - "url": "https://pypi.org/project/jinja2/3.1.4/#files", + "url": "https://pypi.org/project/jinja2/3.1.5/#files", "type": "distribution", "comment": "Download location for component" }, @@ -2961,11 +2865,11 @@ "type": "vcs" } ], - "purl": "pkg:pypi/jinja2@3.1.4", + "purl": "pkg:pypi/jinja2@3.1.5", "properties": [ { "name": "release_date", - "value": "2024-05-05T23:41:59Z" + "value": "2024-12-21T18:30:19Z" }, { "name": "language", @@ -2979,7 +2883,7 @@ }, { "type": "library", - "bom-ref": "47-markupsafe", + "bom-ref": "45-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -3052,7 +2956,7 @@ }, { "type": "library", - "bom-ref": "48-jsonschema", + "bom-ref": "46-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -3134,7 +3038,7 @@ }, { "type": "library", - "bom-ref": "49-importlib-resources", + "bom-ref": "47-importlib-resources", "name": "importlib-resources", "version": "6.4.5", "supplier": { @@ -3182,7 +3086,55 @@ }, { "type": "library", - "bom-ref": "50-jsonschema-specifications", + "bom-ref": "48-zipp", + "name": "zipp", + "version": "3.20.2", + "supplier": { + "name": "Jason R .", + "contact": [ + { + "email": "jaraco@jaraco.com" + } + ] + }, + "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", + "description": "Backport of pathlib-compatible object wrapper for zip files", + "hashes": [ + { + "alg": "SHA-256", + "content": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350" + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/zipp/3.20.2/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://github.com/jaraco/zipp", + "type": "vcs" + } + ], + "purl": "pkg:pypi/zipp@3.20.2", + "properties": [ + { + "name": "release_date", + "value": "2024-09-13T13:44:14Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "49-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -3260,7 +3212,7 @@ }, { "type": "library", - "bom-ref": "51-referencing", + "bom-ref": "50-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -3333,7 +3285,7 @@ }, { "type": "library", - "bom-ref": "52-rpds-py", + "bom-ref": "51-rpds-py", "name": "rpds-py", "version": "0.20.1", "supplier": { @@ -3411,7 +3363,7 @@ }, { "type": "library", - "bom-ref": "53-pkgutil-resolve-name", + "bom-ref": "52-pkgutil-resolve-name", "name": "pkgutil-resolve-name", "version": "1.3.10", "supplier": { @@ -3454,9 +3406,9 @@ }, { "type": "library", - "bom-ref": "54-lib4sbom", + "bom-ref": "53-lib4sbom", "name": "lib4sbom", - "version": "0.8.0", + "version": "0.8.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -3465,12 +3417,12 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "hashes": [ { "alg": "SHA-256", - "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395" + "content": "7fba7451760c49738911b344fef96a3a274baaef6d34ab61e89284c506f0a343" } ], "licenses": [ @@ -3489,16 +3441,16 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/lib4sbom/0.8.0/#files", + "url": "https://pypi.org/project/lib4sbom/0.8.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.8.0", + "purl": "pkg:pypi/lib4sbom@0.8.1", "properties": [ { "name": "release_date", - "value": "2024-12-09T20:13:26Z" + "value": "2024-12-18T21:54:27Z" }, { "name": "language", @@ -3512,7 +3464,7 @@ }, { "type": "library", - "bom-ref": "55-pyyaml", + "bom-ref": "54-pyyaml", "name": "pyyaml", "version": "6.0.2", "supplier": { @@ -3590,7 +3542,7 @@ }, { "type": "library", - "bom-ref": "56-semantic-version", + "bom-ref": "55-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -3648,7 +3600,7 @@ }, { "type": "library", - "bom-ref": "57-lib4vex", + "bom-ref": "56-lib4vex", "name": "lib4vex", "version": "0.2.0", "supplier": { @@ -3706,7 +3658,7 @@ }, { "type": "library", - "bom-ref": "58-csaf-tool", + "bom-ref": "57-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -3764,7 +3716,7 @@ }, { "type": "library", - "bom-ref": "59-packageurl-python", + "bom-ref": "58-packageurl-python", "name": "packageurl-python", "version": "0.16.0", "supplier": { @@ -3817,7 +3769,7 @@ }, { "type": "library", - "bom-ref": "60-rich", + "bom-ref": "59-rich", "name": "rich", "version": "13.9.4", "supplier": { @@ -3879,7 +3831,7 @@ }, { "type": "library", - "bom-ref": "61-markdown-it-py", + "bom-ref": "60-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -3932,7 +3884,7 @@ }, { "type": "library", - "bom-ref": "62-mdurl", + "bom-ref": "61-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -3981,7 +3933,7 @@ }, { "type": "library", - "bom-ref": "63-pygments", + "bom-ref": "62-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -4055,7 +4007,7 @@ }, { "type": "library", - "bom-ref": "64-python-gnupg", + "bom-ref": "63-python-gnupg", "name": "python-gnupg", "version": "0.5.3", "supplier": { @@ -4125,7 +4077,7 @@ }, { "type": "library", - "bom-ref": "65-packaging", + "bom-ref": "64-packaging", "name": "packaging", "version": "24.2", "supplier": { @@ -4177,7 +4129,7 @@ }, { "type": "library", - "bom-ref": "66-plotly", + "bom-ref": "65-plotly", "name": "plotly", "version": "5.24.1", "supplier": { @@ -4247,7 +4199,7 @@ }, { "type": "library", - "bom-ref": "67-tenacity", + "bom-ref": "66-tenacity", "name": "tenacity", "version": "9.0.0", "supplier": { @@ -4305,7 +4257,7 @@ }, { "type": "library", - "bom-ref": "68-requests", + "bom-ref": "67-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -4371,7 +4323,7 @@ }, { "type": "library", - "bom-ref": "69-charset-normalizer", + "bom-ref": "68-charset-normalizer", "name": "charset-normalizer", "version": "3.4.0", "supplier": { @@ -4437,7 +4389,7 @@ }, { "type": "library", - "bom-ref": "70-urllib3", + "bom-ref": "69-urllib3", "name": "urllib3", "version": "2.2.3", "supplier": { @@ -4497,7 +4449,7 @@ }, { "type": "library", - "bom-ref": "71-certifi", + "bom-ref": "70-certifi", "name": "certifi", "version": "2024.12.14", "supplier": { @@ -4559,7 +4511,7 @@ }, { "type": "library", - "bom-ref": "72-rpmfile", + "bom-ref": "71-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -4617,7 +4569,7 @@ }, { "type": "library", - "bom-ref": "73-setuptools", + "bom-ref": "72-setuptools", "name": "setuptools", "version": "75.3.0", "supplier": { @@ -4673,7 +4625,7 @@ }, { "type": "library", - "bom-ref": "74-xmlschema", + "bom-ref": "73-xmlschema", "name": "xmlschema", "version": "3.4.3", "supplier": { @@ -4731,9 +4683,9 @@ }, { "type": "library", - "bom-ref": "75-elementpath", + "bom-ref": "74-elementpath", "name": "elementpath", - "version": "4.6.0", + "version": "4.7.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -4742,12 +4694,12 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.7.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "hashes": [ { "alg": "SHA-256", - "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17" + "content": "607804a1b4250ac448c1e2bfaec4ee1c980b0a07cfdb0d9057b57102038ed480" } ], "licenses": [ @@ -4766,16 +4718,64 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.6.0/#files", + "url": "https://pypi.org/project/elementpath/4.7.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.6.0", + "purl": "pkg:pypi/elementpath@4.7.0", "properties": [ { "name": "release_date", - "value": "2024-10-27T21:52:58Z" + "value": "2024-12-20T13:58:04Z" + }, + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "75-importlib-metadata", + "name": "importlib-metadata", + "version": "8.5.0", + "supplier": { + "name": "Jason R .", + "contact": [ + { + "email": "jaraco@jaraco.com" + } + ] + }, + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", + "description": "Read metadata from Python packages", + "hashes": [ + { + "alg": "SHA-256", + "content": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b" + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/importlib-metadata/8.5.0/#files", + "type": "distribution", + "comment": "Download location for component" + }, + { + "url": "https://github.com/python/importlib_metadata", + "type": "vcs" + } + ], + "purl": "pkg:pypi/importlib-metadata@8.5.0", + "properties": [ + { + "name": "release_date", + "value": "2024-09-11T14:56:07Z" }, { "name": "language", @@ -4915,31 +4915,31 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "15-beautifulsoup4", - "17-cvss", - "18-defusedxml", - "19-distro", - "20-filetype", - "21-gsutil", - "46-jinja2", - "48-jsonschema", - "54-lib4sbom", - "57-lib4vex", - "64-python-gnupg", - "59-packageurl-python", - "65-packaging", - "66-plotly", - "55-pyyaml", - "68-requests", - "60-rich", - "72-rpmfile", - "73-setuptools", - "70-urllib3", - "74-xmlschema", - "8-zipp", - "7-importlib-metadata", + "13-beautifulsoup4", + "15-cvss", + "16-defusedxml", + "17-distro", + "18-filetype", + "19-gsutil", + "44-jinja2", + "46-jsonschema", + "53-lib4sbom", + "56-lib4vex", + "63-python-gnupg", + "58-packageurl-python", + "64-packaging", + "65-plotly", + "54-pyyaml", + "67-requests", + "59-rich", + "71-rpmfile", + "72-setuptools", + "69-urllib3", + "73-xmlschema", + "48-zipp", + "75-importlib-metadata", "76-toml", - "49-importlib-resources", + "47-importlib-resources", "77-zstandard" ] }, @@ -4950,9 +4950,9 @@ "4-aiosignal", "6-attrs", "5-frozenlist", - "10-multidict", - "11-yarl", - "14-async-timeout" + "7-multidict", + "9-yarl", + "12-async-timeout" ] }, { @@ -4962,254 +4962,248 @@ ] }, { - "ref": "6-attrs", - "dependsOn": [ - "7-importlib-metadata" - ] - }, - { - "ref": "7-importlib-metadata", + "ref": "7-multidict", "dependsOn": [ - "8-zipp", - "9-typing-extensions" + "8-typing-extensions" ] }, { - "ref": "10-multidict", + "ref": "9-yarl", "dependsOn": [ - "9-typing-extensions" + "10-idna", + "7-multidict", + "11-propcache" ] }, { - "ref": "11-yarl", + "ref": "13-beautifulsoup4", "dependsOn": [ - "12-idna", - "10-multidict", - "13-propcache" + "14-soupsieve" ] }, { - "ref": "15-beautifulsoup4", + "ref": "19-gsutil", "dependsOn": [ - "16-soupsieve" + "20-argcomplete", + "21-crcmod", + "22-fasteners", + "23-gcs-oauth2-boto-plugin", + "42-google-apitools", + "30-httplib2", + "27-google-reauth", + "43-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "29-six", + "39-google-auth", + "41-google-auth-httplib2" ] }, { - "ref": "21-gsutil", + "ref": "23-gcs-oauth2-boto-plugin", "dependsOn": [ - "22-argcomplete", - "23-crcmod", - "24-fasteners", - "25-gcs-oauth2-boto-plugin", - "44-google-apitools", - "32-httplib2", - "29-google-reauth", - "45-monotonic", - "36-pyopenssl", - "40-retry-decorator", - "31-six", - "41-google-auth", - "43-google-auth-httplib2" + "24-rsa", + "26-boto", + "27-google-reauth", + "30-httplib2", + "32-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "29-six", + "39-google-auth", + "41-google-auth-httplib2" ] }, { - "ref": "25-gcs-oauth2-boto-plugin", + "ref": "24-rsa", "dependsOn": [ - "26-rsa", - "28-boto", - "29-google-reauth", - "32-httplib2", - "34-oauth2client", - "36-pyopenssl", - "40-retry-decorator", - "31-six", - "41-google-auth", - "43-google-auth-httplib2" + "25-pyasn1" ] }, { - "ref": "26-rsa", + "ref": "27-google-reauth", "dependsOn": [ - "27-pyasn1" + "28-pyu2f" ] }, { - "ref": "29-google-reauth", + "ref": "28-pyu2f", "dependsOn": [ - "30-pyu2f" + "29-six" ] }, { - "ref": "30-pyu2f", + "ref": "30-httplib2", "dependsOn": [ - "31-six" + "31-pyparsing" ] }, { - "ref": "32-httplib2", + "ref": "32-oauth2client", "dependsOn": [ - "33-pyparsing" + "30-httplib2", + "25-pyasn1", + "33-pyasn1-modules", + "24-rsa", + "29-six" ] }, { - "ref": "34-oauth2client", + "ref": "33-pyasn1-modules", "dependsOn": [ - "32-httplib2", - "27-pyasn1", - "35-pyasn1-modules", - "26-rsa", - "31-six" + "25-pyasn1" ] }, { - "ref": "35-pyasn1-modules", + "ref": "34-pyopenssl", "dependsOn": [ - "27-pyasn1" + "35-cryptography" ] }, { - "ref": "36-pyopenssl", + "ref": "35-cryptography", "dependsOn": [ - "37-cryptography" + "36-cffi" ] }, { - "ref": "37-cryptography", + "ref": "36-cffi", "dependsOn": [ - "38-cffi" + "37-pycparser" ] }, { - "ref": "38-cffi", + "ref": "39-google-auth", "dependsOn": [ - "39-pycparser" + "40-cachetools", + "33-pyasn1-modules", + "29-six", + "24-rsa" ] }, { - "ref": "41-google-auth", + "ref": "41-google-auth-httplib2", "dependsOn": [ - "42-cachetools", - "35-pyasn1-modules", - "31-six", - "26-rsa" + "39-google-auth", + "30-httplib2" ] }, { - "ref": "43-google-auth-httplib2", + "ref": "42-google-apitools", "dependsOn": [ - "41-google-auth", - "32-httplib2" + "30-httplib2", + "22-fasteners", + "32-oauth2client", + "29-six" ] }, { - "ref": "44-google-apitools", + "ref": "44-jinja2", "dependsOn": [ - "32-httplib2", - "24-fasteners", - "34-oauth2client", - "31-six" + "45-markupsafe" ] }, { - "ref": "46-jinja2", + "ref": "46-jsonschema", "dependsOn": [ - "47-markupsafe" + "6-attrs", + "47-importlib-resources", + "49-jsonschema-specifications", + "52-pkgutil-resolve-name", + "50-referencing", + "51-rpds-py" ] }, { - "ref": "48-jsonschema", + "ref": "47-importlib-resources", "dependsOn": [ - "6-attrs", - "49-importlib-resources", - "50-jsonschema-specifications", - "53-pkgutil-resolve-name", - "51-referencing", - "52-rpds-py" + "48-zipp" ] }, { - "ref": "49-importlib-resources", + "ref": "49-jsonschema-specifications", "dependsOn": [ - "8-zipp" + "47-importlib-resources", + "50-referencing" ] }, { - "ref": "50-jsonschema-specifications", + "ref": "50-referencing", "dependsOn": [ - "49-importlib-resources", - "51-referencing" + "6-attrs", + "51-rpds-py" ] }, { - "ref": "51-referencing", + "ref": "53-lib4sbom", "dependsOn": [ - "6-attrs", - "52-rpds-py" + "54-pyyaml", + "55-semantic-version", + "16-defusedxml" ] }, { - "ref": "54-lib4sbom", + "ref": "56-lib4vex", "dependsOn": [ - "55-pyyaml", - "56-semantic-version", - "18-defusedxml" + "53-lib4sbom", + "57-csaf-tool", + "58-packageurl-python" ] }, { - "ref": "57-lib4vex", + "ref": "57-csaf-tool", "dependsOn": [ - "54-lib4sbom", - "58-csaf-tool", - "59-packageurl-python" + "58-packageurl-python", + "59-rich" ] }, { - "ref": "58-csaf-tool", + "ref": "59-rich", "dependsOn": [ - "59-packageurl-python", - "60-rich" + "60-markdown-it-py", + "62-pygments", + "8-typing-extensions" ] }, { - "ref": "60-rich", + "ref": "60-markdown-it-py", "dependsOn": [ - "61-markdown-it-py", - "63-pygments", - "9-typing-extensions" + "61-mdurl" ] }, { - "ref": "61-markdown-it-py", + "ref": "65-plotly", "dependsOn": [ - "62-mdurl" + "66-tenacity", + "64-packaging" ] }, { - "ref": "66-plotly", + "ref": "67-requests", "dependsOn": [ - "67-tenacity", - "65-packaging" + "68-charset-normalizer", + "10-idna", + "69-urllib3", + "70-certifi" ] }, { - "ref": "68-requests", + "ref": "73-xmlschema", "dependsOn": [ - "69-charset-normalizer", - "12-idna", - "70-urllib3", - "71-certifi" + "74-elementpath" ] }, { - "ref": "74-xmlschema", + "ref": "75-importlib-metadata", "dependsOn": [ - "75-elementpath" + "48-zipp", + "8-typing-extensions" ] }, { "ref": "77-zstandard", "dependsOn": [ - "38-cffi" + "36-cffi" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index c16f44a4b3..2ed9756802 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4e74e1a-9904-46ec-beab-1e3d7d1af7ba +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-baac9a1e-e29c-436b-b0a9-7a43d31a386a LicenseListVersion: 3.25 Creator: Tool: sbom4python-0.12.1 -Created: 2024-12-16T00:39:17Z +Created: 2024-12-23T00:36:31Z CreatorComment: This document has been automatically generated. ##### @@ -23,7 +23,7 @@ PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool ReleaseDate: 2024-09-17T18:57:44Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:* ##### @@ -50,7 +50,7 @@ ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html ExternalRef: OTHER other https://docs.aiohttp.org ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.11 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.10.11 ##### PackageName: aiohappyeyeballs @@ -71,7 +71,7 @@ ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/is ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:* ##### @@ -96,7 +96,7 @@ ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal ExternalRef: OTHER other https://docs.aiosignal.org ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist @@ -123,69 +123,61 @@ ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGE ExternalRef: OTHER other https://frozenlist.aio-libs.org ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.5.0 ##### PackageName: attrs SPDXID: SPDXRef-6-attrs -PackageVersion: 24.2.0 +PackageVersion: 24.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files +PackageDownloadLocation: https://pypi.org/project/attrs/24.3.0/#files FilesAnalyzed: false -PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2 +PackageChecksum: SHA256: ac96cd038792094f438ad1f6ff80837353805ac950cd2aa0e0625ef19850c308 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ReleaseDate: 2024-08-06T14:37:36Z +ReleaseDate: 2024-12-16T06:59:26Z ExternalRef: OTHER documentation https://www.attrs.org/ ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html ExternalRef: OTHER vcs https://github.com/python-attrs/attrs ExternalRef: OTHER other https://github.com/sponsors/hynek ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@24.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.3.0:*:*:*:*:*:*:* ##### -PackageName: importlib-metadata -SPDXID: SPDXRef-7-importlib-metadata -PackageVersion: 8.5.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files -FilesAnalyzed: false -PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Read metadata from Python packages -ReleaseDate: 2024-09-11T14:56:07Z -ExternalRef: OTHER vcs https://github.com/python/importlib_metadata -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* -##### - -PackageName: zipp -SPDXID: SPDXRef-8-zipp -PackageVersion: 3.20.2 +PackageName: multidict +SPDXID: SPDXRef-7-multidict +PackageVersion: 6.1.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false -PackageChecksum: SHA256: a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 +PackageHomePage: https://github.com/aio-libs/multidict +PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60 PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION +PackageLicenseConcluded: Apache-2.0 +PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ReleaseDate: 2024-09-13T13:44:14Z -ExternalRef: OTHER vcs https://github.com/jaraco/zipp -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +PackageSummary: multidict implementation +ReleaseDate: 2024-09-09T23:47:18Z +ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org +ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org +ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions +ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md +ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict +ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ +ExternalRef: OTHER other https://multidict.aio-libs.org +ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues +ExternalRef: OTHER vcs https://github.com/aio-libs/multidict +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* ##### PackageName: typing-extensions -SPDXID: SPDXRef-9-typing-extensions +SPDXID: SPDXRef-8-typing-extensions PackageVersion: 4.12.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) @@ -203,40 +195,12 @@ ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHA ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/ ExternalRef: OTHER other https://github.com/python/typing/discussions ExternalRef: OTHER vcs https://github.com/python/typing_extensions -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/typing-extensions@4.12.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### -PackageName: multidict -SPDXID: SPDXRef-10-multidict -PackageVersion: 6.1.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files -FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/multidict -PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60 -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. -PackageCopyrightText: NOASSERTION -PackageSummary: multidict implementation -ReleaseDate: 2024-09-09T23:47:18Z -ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org -ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org -ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions -ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md -ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict -ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/ -ExternalRef: OTHER other https://multidict.aio-libs.org -ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues -ExternalRef: OTHER vcs https://github.com/aio-libs/multidict -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* -##### - PackageName: yarl -SPDXID: SPDXRef-11-yarl +SPDXID: SPDXRef-9-yarl PackageVersion: 1.15.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -258,12 +222,12 @@ ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/ ExternalRef: OTHER other https://yarl.aio-libs.org ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues ExternalRef: OTHER vcs https://github.com/aio-libs/yarl -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.15.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-12-idna +SPDXID: SPDXRef-10-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -278,12 +242,12 @@ ReleaseDate: 2024-09-15T18:07:37Z ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues ExternalRef: OTHER vcs https://github.com/kjd/idna -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: propcache -SPDXID: SPDXRef-13-propcache +SPDXID: SPDXRef-11-propcache PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -305,12 +269,12 @@ ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/ ExternalRef: OTHER other https://propcache.readthedocs.io ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues ExternalRef: OTHER vcs https://github.com/aio-libs/propcache -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/propcache@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* ##### PackageName: async-timeout -SPDXID: SPDXRef-14-async-timeout +SPDXID: SPDXRef-12-async-timeout PackageVersion: 5.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -329,12 +293,12 @@ ExternalRef: OTHER build-system https://github.com/aio-libs/async-timeout/action ExternalRef: OTHER other https://codecov.io/github/aio-libs/async-timeout ExternalRef: OTHER issue-tracker https://github.com/aio-libs/async-timeout/issues ExternalRef: OTHER vcs https://github.com/aio-libs/async-timeout -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/async-timeout@5.0.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@5.0.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:5.0.1:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-15-beautifulsoup4 +SPDXID: SPDXRef-13-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -349,12 +313,12 @@ PackageCopyrightText: NOASSERTION PackageSummary: Screen-scraping library ReleaseDate: 2024-01-17T16:53:12Z ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/ -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:* ##### PackageName: soupsieve -SPDXID: SPDXRef-16-soupsieve +SPDXID: SPDXRef-14-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) @@ -367,12 +331,12 @@ PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. ReleaseDate: 2024-08-13T13:39:10Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-17-cvss +SPDXID: SPDXRef-15-cvss PackageVersion: 3.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -390,12 +354,12 @@ ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@3.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:* ##### PackageName: defusedxml -SPDXID: SPDXRef-18-defusedxml +SPDXID: SPDXRef-16-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -409,12 +373,12 @@ PackageLicenseComments: defusedxml declares PSFL which is not currently a PackageCopyrightText: NOASSERTION PackageSummary: XML bomb protection for Python stdlib modules ReleaseDate: 2021-03-08T10:59:24Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro -SPDXID: SPDXRef-19-distro +SPDXID: SPDXRef-17-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -428,12 +392,12 @@ PackageLicenseComments: distro declares Apache License, Version 2.0 which PackageCopyrightText: NOASSERTION PackageSummary: Distro - an OS platform information API ReleaseDate: 2023-12-24T09:54:30Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.9.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-20-filetype +SPDXID: SPDXRef-18-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -446,12 +410,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies. ReleaseDate: 2022-11-02T17:34:01Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/filetype@1.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:* ##### PackageName: gsutil -SPDXID: SPDXRef-21-gsutil +SPDXID: SPDXRef-19-gsutil PackageVersion: 5.33 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) @@ -465,12 +429,12 @@ PackageLicenseComments: gsutil declares Apache 2.0 which is not currently PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. ReleaseDate: 2024-12-11T09:40:59Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.33 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-22-argcomplete +SPDXID: SPDXRef-20-argcomplete PackageVersion: 3.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) @@ -488,12 +452,12 @@ ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.5.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-23-crcmod +SPDXID: SPDXRef-21-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -506,12 +470,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CRC Generator ReleaseDate: 2010-06-27T14:35:29Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-24-fasteners +SPDXID: SPDXRef-22-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -524,12 +488,12 @@ PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks ReleaseDate: 2023-09-19T17:11:18Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-25-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -543,12 +507,12 @@ PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which i PackageCopyrightText: NOASSERTION PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. ReleaseDate: 2024-05-02T14:37:31Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:* ##### PackageName: rsa -SPDXID: SPDXRef-26-rsa +SPDXID: SPDXRef-24-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -562,12 +526,12 @@ PackageLicenseComments: rsa declares ASL 2 which is not currently a valid PackageCopyrightText: NOASSERTION PackageSummary: Pure-Python RSA implementation ReleaseDate: 2021-02-24T10:55:03Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: pyasn1 -SPDXID: SPDXRef-27-pyasn1 +SPDXID: SPDXRef-25-pyasn1 PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -584,12 +548,12 @@ ExternalRef: OTHER documentation https://pyasn1.readthedocs.io ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1 ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.6.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* ##### PackageName: boto -SPDXID: SPDXRef-28-boto +SPDXID: SPDXRef-26-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -602,12 +566,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Amazon Web Services Library ReleaseDate: 2018-07-11T20:58:55Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-29-google-reauth +SPDXID: SPDXRef-27-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -621,12 +585,12 @@ PackageLicenseComments: google-reauth declares Apache 2.0 which is not cur PackageCopyrightText: NOASSERTION PackageSummary: Google Reauth Library ReleaseDate: 2020-12-01T17:35:45Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-30-pyu2f +SPDXID: SPDXRef-28-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -640,12 +604,12 @@ PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a PackageCopyrightText: NOASSERTION PackageSummary: U2F host library for interacting with a U2F device over USB. ReleaseDate: 2020-10-30T20:03:07Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-31-six +SPDXID: SPDXRef-29-six PackageVersion: 1.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -658,12 +622,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python 2 and 3 compatibility utilities ReleaseDate: 2024-12-04T17:35:26Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.17.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:* ##### PackageName: httplib2 -SPDXID: SPDXRef-32-httplib2 +SPDXID: SPDXRef-30-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -676,12 +640,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A comprehensive HTTP client library. ReleaseDate: 2022-02-03T00:00:29Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-33-pyparsing +SPDXID: SPDXRef-31-pyparsing PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -694,12 +658,12 @@ PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars ReleaseDate: 2024-08-25T15:00:45Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-34-oauth2client +SPDXID: SPDXRef-32-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -713,12 +677,12 @@ PackageLicenseComments: oauth2client declares Apache 2.0 which is not curr PackageCopyrightText: NOASSERTION PackageSummary: OAuth 2.0 client library ReleaseDate: 2018-09-07T21:38:16Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-35-pyasn1-modules +SPDXID: SPDXRef-33-pyasn1-modules PackageVersion: 0.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -735,12 +699,12 @@ ReleaseDate: 2024-09-10T22:42:08Z ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-36-pyopenssl +SPDXID: SPDXRef-34-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -755,12 +719,12 @@ PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library ReleaseDate: 2024-07-20T17:26:29Z ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@24.2.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:* ##### PackageName: cryptography -SPDXID: SPDXRef-37-cryptography +SPDXID: SPDXRef-35-cryptography PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -777,12 +741,12 @@ ExternalRef: OTHER documentation https://cryptography.io/ ExternalRef: OTHER vcs https://github.com/pyca/cryptography/ ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/ -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@43.0.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-38-cffi +SPDXID: SPDXRef-36-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -801,12 +765,12 @@ ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.17.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:* ##### PackageName: pycparser -SPDXID: SPDXRef-39-pycparser +SPDXID: SPDXRef-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -819,12 +783,12 @@ PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: C parser in Python ReleaseDate: 2024-03-30T13:22:20Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.22 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-40-retry-decorator +SPDXID: SPDXRef-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -837,12 +801,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Retry Decorator ReleaseDate: 2020-03-10T23:56:29Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### PackageName: google-auth -SPDXID: SPDXRef-41-google-auth +SPDXID: SPDXRef-39-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -856,12 +820,12 @@ PackageLicenseComments: google-auth declares Apache 2.0 which is not curre PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library ReleaseDate: 2023-03-28T19:51:30Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.17.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:* ##### PackageName: cachetools -SPDXID: SPDXRef-42-cachetools +SPDXID: SPDXRef-40-cachetools PackageVersion: 5.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -874,12 +838,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Extensible memoizing collections and decorators ReleaseDate: 2024-08-18T20:28:43Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.5.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-43-google-auth-httplib2 +SPDXID: SPDXRef-41-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -893,12 +857,12 @@ PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library: httplib2 transport ReleaseDate: 2023-12-12T17:40:13Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-44-google-apitools +SPDXID: SPDXRef-42-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -912,12 +876,12 @@ PackageLicenseComments: google-apitools declares Apache 2.0 which is not c PackageCopyrightText: NOASSERTION PackageSummary: client libraries for humans ReleaseDate: 2021-05-05T22:12:58Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-45-monotonic +SPDXID: SPDXRef-43-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -931,33 +895,33 @@ PackageLicenseComments: monotonic declares Apache which is not currently a PackageCopyrightText: NOASSERTION PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 ReleaseDate: 2021-04-09T21:58:05Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-46-jinja2 -PackageVersion: 3.1.4 +SPDXID: SPDXRef-44-jinja2 +PackageVersion: 3.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files +PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.5/#files FilesAnalyzed: false -PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d +PackageChecksum: SHA256: aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A very fast and expressive template engine. -ReleaseDate: 2024-05-05T23:41:59Z +ReleaseDate: 2024-12-21T18:30:19Z ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/ ExternalRef: OTHER chat https://discord.gg/pallets ExternalRef: OTHER documentation https://jinja.palletsprojects.com/ ExternalRef: OTHER other https://palletsprojects.com/donate ExternalRef: OTHER vcs https://github.com/pallets/jinja/ -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.5 ##### PackageName: markupsafe -SPDXID: SPDXRef-47-markupsafe +SPDXID: SPDXRef-45-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -976,11 +940,11 @@ ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/ ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/ ExternalRef: OTHER issue-tracker https://github.com/pallets/markupsafe/issues/ ExternalRef: OTHER chat https://discord.gg/pallets -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-48-jsonschema +SPDXID: SPDXRef-46-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) @@ -999,12 +963,12 @@ ExternalRef: OTHER other https://github.com/sponsors/Julian ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:* ##### PackageName: importlib-resources -SPDXID: SPDXRef-49-importlib-resources +SPDXID: SPDXRef-47-importlib-resources PackageVersion: 6.4.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) @@ -1017,12 +981,30 @@ PackageCopyrightText: NOASSERTION PackageSummary: Read resources from Python packages ReleaseDate: 2024-09-09T17:03:13Z ExternalRef: OTHER vcs https://github.com/python/importlib_resources -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.4.5 ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:* ##### +PackageName: zipp +SPDXID: SPDXRef-48-zipp +PackageVersion: 3.20.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files +FilesAnalyzed: false +PackageChecksum: SHA256: a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backport of pathlib-compatible object wrapper for zip files +ReleaseDate: 2024-09-13T13:44:14Z +ExternalRef: OTHER vcs https://github.com/jaraco/zipp +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.20.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* +##### + PackageName: jsonschema-specifications -SPDXID: SPDXRef-50-jsonschema-specifications +SPDXID: SPDXRef-49-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com) @@ -1040,12 +1022,12 @@ ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema ExternalRef: OTHER other https://github.com/sponsors/Julian ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:* ##### PackageName: referencing -SPDXID: SPDXRef-51-referencing +SPDXID: SPDXRef-50-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) @@ -1064,12 +1046,12 @@ ExternalRef: OTHER other https://github.com/sponsors/Julian ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/ ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.35.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-52-rpds-py +SPDXID: SPDXRef-51-rpds-py PackageVersion: 0.20.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) @@ -1087,12 +1069,12 @@ ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/ ExternalRef: OTHER other https://github.com/sponsors/Julian ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link ExternalRef: OTHER vcs https://github.com/crate-py/rpds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.20.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.20.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.1:*:*:*:*:*:*:* ##### PackageName: pkgutil-resolve-name -SPDXID: SPDXRef-53-pkgutil-resolve-name +SPDXID: SPDXRef-52-pkgutil-resolve-name PackageVersion: 1.3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -1104,30 +1086,30 @@ PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Resolve a name to an object. ReleaseDate: 2024-10-31T14:26:20Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-54-lib4sbom -PackageVersion: 0.8.0 +SPDXID: SPDXRef-53-lib4sbom +PackageVersion: 0.8.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/anthonyharrison/lib4sbom -PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395 +PackageChecksum: SHA256: 7fba7451760c49738911b344fef96a3a274baaef6d34ab61e89284c506f0a343 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ReleaseDate: 2024-12-09T20:13:26Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:* +ReleaseDate: 2024-12-18T21:54:27Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.8.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.1:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-55-pyyaml +SPDXID: SPDXRef-54-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -1145,12 +1127,12 @@ ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core ExternalRef: OTHER vcs https://github.com/yaml/pyyaml -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:* ##### PackageName: semantic-version -SPDXID: SPDXRef-56-semantic-version +SPDXID: SPDXRef-55-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -1164,12 +1146,12 @@ PackageLicenseComments: semantic-version declares BSD which is not current PackageCopyrightText: NOASSERTION PackageSummary: A library implementing the 'SemVer' scheme. ReleaseDate: 2022-05-26T13:35:21Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/semantic-version@2.10.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:* ##### PackageName: lib4vex -SPDXID: SPDXRef-57-lib4vex +SPDXID: SPDXRef-56-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -1182,12 +1164,12 @@ PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library ReleaseDate: 2024-08-29T20:36:52Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4vex@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-58-csaf-tool +SPDXID: SPDXRef-57-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -1200,12 +1182,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: CSAF generator and analyser ReleaseDate: 2024-06-12T20:10:06Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/csaf-tool@0.3.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-59-packageurl-python +SPDXID: SPDXRef-58-packageurl-python PackageVersion: 0.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -1218,12 +1200,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: A purl aka. Package URL parser and builder ReleaseDate: 2024-10-22T05:51:23Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packageurl-python@0.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:* ##### PackageName: rich -SPDXID: SPDXRef-60-rich +SPDXID: SPDXRef-59-rich PackageVersion: 13.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -1237,12 +1219,12 @@ PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal ReleaseDate: 2024-11-01T16:43:55Z ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/ -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.9.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-61-markdown-it-py +SPDXID: SPDXRef-60-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -1256,12 +1238,12 @@ PackageCopyrightText: NOASSERTION PackageSummary: Python port of markdown-it. Markdown parsing, done right! ReleaseDate: 2023-06-03T06:41:11Z ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@3.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* ##### PackageName: mdurl -SPDXID: SPDXRef-62-mdurl +SPDXID: SPDXRef-61-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -1274,12 +1256,12 @@ PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Markdown URL utilities ReleaseDate: 2022-08-14T12:40:09Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### PackageName: pygments -SPDXID: SPDXRef-63-pygments +SPDXID: SPDXRef-62-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -1296,12 +1278,12 @@ ExternalRef: OTHER documentation https://pygments.org/docs ExternalRef: OTHER vcs https://github.com/pygments/pygments ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.18.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-64-python-gnupg +SPDXID: SPDXRef-63-python-gnupg PackageVersion: 0.5.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -1318,12 +1300,12 @@ ReleaseDate: 2024-09-20T16:43:47Z ExternalRef: OTHER documentation https://gnupg.readthedocs.io/ ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-65-packaging +SPDXID: SPDXRef-64-packaging PackageVersion: 24.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -1337,12 +1319,12 @@ PackageSummary: Core utilities for Python packages ReleaseDate: 2024-11-08T09:47:44Z ExternalRef: OTHER documentation https://packaging.pypa.io/ ExternalRef: OTHER vcs https://github.com/pypa/packaging -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@24.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-66-plotly +SPDXID: SPDXRef-65-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -1358,12 +1340,12 @@ ReleaseDate: 2024-09-12T15:36:24Z ExternalRef: OTHER documentation https://plotly.com/python/ ExternalRef: OTHER vcs https://github.com/plotly/plotly.py ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.24.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-67-tenacity +SPDXID: SPDXRef-66-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) @@ -1377,12 +1359,12 @@ PackageLicenseComments: tenacity declares Apache 2.0 which is not currentl PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds ReleaseDate: 2024-07-29T12:12:25Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@9.0.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-68-requests +SPDXID: SPDXRef-67-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -1397,12 +1379,12 @@ PackageSummary: Python HTTP for Humans. ReleaseDate: 2024-05-29T15:37:47Z ExternalRef: OTHER documentation https://requests.readthedocs.io ExternalRef: OTHER vcs https://github.com/psf/requests -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.32.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-69-charset-normalizer +SPDXID: SPDXRef-68-charset-normalizer PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) @@ -1417,12 +1399,12 @@ PackageSummary: The Real First Universal Charset Detector. Open, modern an ReleaseDate: 2024-10-09T07:38:02Z ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.4.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-70-urllib3 +SPDXID: SPDXRef-69-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1438,12 +1420,12 @@ ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst ExternalRef: OTHER documentation https://urllib3.readthedocs.io ExternalRef: OTHER vcs https://github.com/urllib3/urllib3 ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.2.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:* ##### PackageName: certifi -SPDXID: SPDXRef-71-certifi +SPDXID: SPDXRef-70-certifi PackageVersion: 2024.12.14 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -1457,12 +1439,12 @@ PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. ReleaseDate: 2024-12-14T13:52:36Z ExternalRef: OTHER vcs https://github.com/certifi/python-certifi -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2024.12.14 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-72-rpmfile +SPDXID: SPDXRef-71-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1475,12 +1457,12 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Read rpm archive files ReleaseDate: 2024-07-24T21:57:45Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### PackageName: setuptools -SPDXID: SPDXRef-73-setuptools +SPDXID: SPDXRef-72-setuptools PackageVersion: 75.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) @@ -1495,12 +1477,12 @@ ReleaseDate: 2024-10-29T10:23:24Z ExternalRef: OTHER vcs https://github.com/pypa/setuptools ExternalRef: OTHER documentation https://setuptools.pypa.io/ ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.3.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/setuptools@75.3.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.3.0:*:*:*:*:*:*:* ##### PackageName: xmlschema -SPDXID: SPDXRef-74-xmlschema +SPDXID: SPDXRef-73-xmlschema PackageVersion: 3.4.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1513,26 +1495,44 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder ReleaseDate: 2024-10-31T09:47:12Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@3.4.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-75-elementpath -PackageVersion: 4.6.0 +SPDXID: SPDXRef-74-elementpath +PackageVersion: 4.7.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files +PackageDownloadLocation: https://pypi.org/project/elementpath/4.7.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath -PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17 +PackageChecksum: SHA256: 607804a1b4250ac448c1e2bfaec4ee1c980b0a07cfdb0d9057b57102038ed480 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ReleaseDate: 2024-10-27T21:52:58Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:* +ReleaseDate: 2024-12-20T13:58:04Z +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.7.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.7.0:*:*:*:*:*:*:* +##### + +PackageName: importlib-metadata +SPDXID: SPDXRef-75-importlib-metadata +PackageVersion: 8.5.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0/#files +FilesAnalyzed: false +PackageChecksum: SHA256: 45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Read metadata from Python packages +ReleaseDate: 2024-09-11T14:56:07Z +ExternalRef: OTHER vcs https://github.com/python/importlib_metadata +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@8.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1549,7 +1549,7 @@ PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python Library for Tom's Obvious, Minimal Language ReleaseDate: 2020-11-01T01:40:20Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/toml@0.10.2 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/toml@0.10.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* ##### @@ -1568,129 +1568,128 @@ PackageLicenseComments: zstandard declares BSD which is not currently a va PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python ReleaseDate: 2024-07-15T00:13:27Z -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-distro +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-21-gsutil -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-importlib-resources -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4sbom -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-pyyaml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-lib4vex -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-packageurl-python -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-python-gnupg -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-plotly -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-urllib3 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-rpmfile -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-importlib-resources +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-zipp +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-lib4sbom +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-pyyaml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-lib4vex +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-rich +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-requests +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-rpmfile +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-setuptools +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-importlib-metadata Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-76-toml Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-77-zstandard -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp -Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-10-multidict -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-12-idna -Relationship: SPDXRef-11-yarl DEPENDS_ON SPDXRef-13-propcache -Relationship: SPDXRef-15-beautifulsoup4 DEPENDS_ON SPDXRef-16-soupsieve -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-yarl -Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-14-async-timeout +Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-27-google-reauth +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-pyopenssl +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-38-retry-decorator +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-39-google-auth +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-google-auth-httplib2 +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-async-timeout Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-22-argcomplete -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-23-crcmod -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-24-fasteners -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-25-gcs-oauth2-boto-plugin -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-29-google-reauth -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-31-six -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-36-pyopenssl -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-40-retry-decorator -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-41-google-auth -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-43-google-auth-httplib2 -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-44-google-apitools -Relationship: SPDXRef-21-gsutil DEPENDS_ON SPDXRef-45-monotonic -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-boto -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-reauth -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-six -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth -Relationship: SPDXRef-25-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-43-google-auth-httplib2 -Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-27-pyasn1 -Relationship: SPDXRef-29-google-reauth DEPENDS_ON SPDXRef-30-pyu2f -Relationship: SPDXRef-30-pyu2f DEPENDS_ON SPDXRef-31-six -Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-rsa -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-pyasn1 -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-31-six -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-35-pyasn1-modules -Relationship: SPDXRef-35-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1 -Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography -Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi -Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-rsa +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-boto +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-google-reauth +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-oauth2client +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-pyopenssl +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-38-retry-decorator +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-google-auth +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-google-auth-httplib2 +Relationship: SPDXRef-24-rsa DEPENDS_ON SPDXRef-25-pyasn1 +Relationship: SPDXRef-27-google-reauth DEPENDS_ON SPDXRef-28-pyu2f +Relationship: SPDXRef-28-pyu2f DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-30-httplib2 DEPENDS_ON SPDXRef-31-pyparsing +Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-24-rsa +Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-25-pyasn1 +Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-32-oauth2client DEPENDS_ON SPDXRef-33-pyasn1-modules +Relationship: SPDXRef-33-pyasn1-modules DEPENDS_ON SPDXRef-25-pyasn1 +Relationship: SPDXRef-34-pyopenssl DEPENDS_ON SPDXRef-35-cryptography +Relationship: SPDXRef-35-cryptography DEPENDS_ON SPDXRef-36-cffi +Relationship: SPDXRef-36-cffi DEPENDS_ON SPDXRef-37-pycparser +Relationship: SPDXRef-39-google-auth DEPENDS_ON SPDXRef-24-rsa +Relationship: SPDXRef-39-google-auth DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-39-google-auth DEPENDS_ON SPDXRef-33-pyasn1-modules +Relationship: SPDXRef-39-google-auth DEPENDS_ON SPDXRef-40-cachetools Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-26-rsa -Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-31-six -Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-35-pyasn1-modules -Relationship: SPDXRef-41-google-auth DEPENDS_ON SPDXRef-42-cachetools -Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-43-google-auth-httplib2 DEPENDS_ON SPDXRef-41-google-auth -Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-24-fasteners -Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-31-six -Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-32-httplib2 -Relationship: SPDXRef-44-google-apitools DEPENDS_ON SPDXRef-34-oauth2client -Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-importlib-resources -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-51-referencing -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-52-rpds-py -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-49-importlib-resources DEPENDS_ON SPDXRef-8-zipp -Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-49-importlib-resources -Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-51-referencing -Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-52-rpds-py -Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-18-defusedxml -Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-55-pyyaml -Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-56-semantic-version -Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-54-lib4sbom -Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-58-csaf-tool -Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-59-packageurl-python -Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-59-packageurl-python -Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-60-rich -Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata -Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-61-markdown-it-py -Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-63-pygments -Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-9-typing-extensions -Relationship: SPDXRef-61-markdown-it-py DEPENDS_ON SPDXRef-62-mdurl -Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-65-packaging -Relationship: SPDXRef-66-plotly DEPENDS_ON SPDXRef-67-tenacity -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-12-idna -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-charset-normalizer -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-urllib3 -Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-certifi -Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp -Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions -Relationship: SPDXRef-74-xmlschema DEPENDS_ON SPDXRef-75-elementpath -Relationship: SPDXRef-77-zstandard DEPENDS_ON SPDXRef-38-cffi +Relationship: SPDXRef-41-google-auth-httplib2 DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-41-google-auth-httplib2 DEPENDS_ON SPDXRef-39-google-auth +Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners +Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-oauth2client +Relationship: SPDXRef-44-jinja2 DEPENDS_ON SPDXRef-45-markupsafe +Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-47-importlib-resources +Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications +Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-50-referencing +Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-51-rpds-py +Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-52-pkgutil-resolve-name +Relationship: SPDXRef-46-jsonschema DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-47-importlib-resources DEPENDS_ON SPDXRef-48-zipp +Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-47-importlib-resources +Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-50-referencing +Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-51-rpds-py +Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml +Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-54-pyyaml +Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-55-semantic-version +Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-53-lib4sbom +Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-57-csaf-tool +Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-58-packageurl-python +Relationship: SPDXRef-57-csaf-tool DEPENDS_ON SPDXRef-58-packageurl-python +Relationship: SPDXRef-57-csaf-tool DEPENDS_ON SPDXRef-59-rich +Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-60-markdown-it-py +Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-62-pygments +Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-8-typing-extensions +Relationship: SPDXRef-60-markdown-it-py DEPENDS_ON SPDXRef-61-mdurl +Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-64-packaging +Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-66-tenacity +Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-10-idna +Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-68-charset-normalizer +Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-69-urllib3 +Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-70-certifi +Relationship: SPDXRef-7-multidict DEPENDS_ON SPDXRef-8-typing-extensions +Relationship: SPDXRef-73-xmlschema DEPENDS_ON SPDXRef-74-elementpath +Relationship: SPDXRef-75-importlib-metadata DEPENDS_ON SPDXRef-48-zipp +Relationship: SPDXRef-75-importlib-metadata DEPENDS_ON SPDXRef-8-typing-extensions +Relationship: SPDXRef-77-zstandard DEPENDS_ON SPDXRef-36-cffi +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-11-propcache +Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool