From 0a58af9624ed1d6a37c2d54bd4c043ccad288429 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 18 Dec 2023 01:23:00 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 1059 +++++++++++++++++++++------------ sbom/cve-bin-tool-py3.10.spdx | 575 +++++++++--------- 2 files changed, 972 insertions(+), 662 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index 179b74f34f..7926d00ed7 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -1,17 +1,20 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.4", - "serialNumber": "urn:uuid2d1fb677-cf32-4abd-a3eb-622b5bcc965b", + "specVersion": "1.5", + "serialNumber": "urn:uuid:3ce64c4b-0bd2-4f35-8932-95b4327a2764", "version": 1, "metadata": { - "timestamp": "2023-07-10T00:40:56Z", - "tools": [ - { - "name": "sbom4python", - "version": "0.9.2" - } - ], + "timestamp": "2023-12-18T01:22:58Z", + "tools": { + "components": [ + { + "name": "sbom4python", + "version": "0.10.1", + "type": "application" + } + ] + }, "component": { "type": "application", "bom-ref": "CDXRef-DOCUMENT", @@ -49,13 +52,19 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.2.2.dev0" + "purl": "pkg:pypi/cve-bin-tool@3.2.2.dev0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.8.4", + "version": "3.9.1", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -67,13 +76,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.8.4", + "url": "https://pypi.org/project/aiohttp/3.9.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.8.4", + "purl": "pkg:pypi/aiohttp@3.9.1", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression." @@ -102,6 +115,10 @@ ], "purl": "pkg:pypi/aiosignal@1.3.1", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -112,7 +129,7 @@ "type": "library", "bom-ref": "4-frozenlist", "name": "frozenlist", - "version": "1.3.3", + "version": "1.4.1", "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { @@ -124,13 +141,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/frozenlist/1.3.3", + "url": "https://pypi.org/project/frozenlist/1.4.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/frozenlist@1.3.3", + "purl": "pkg:pypi/frozenlist@1.4.1", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression." @@ -141,7 +162,7 @@ "type": "library", "bom-ref": "5-async-timeout", "name": "async-timeout", - "version": "4.0.2", + "version": "4.0.3", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -150,7 +171,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", "licenses": [ { @@ -162,13 +183,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/async-timeout/4.0.2", + "url": "https://pypi.org/project/async-timeout/4.0.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/async-timeout@4.0.2", + "purl": "pkg:pypi/async-timeout@4.0.3", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression." @@ -197,43 +222,17 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.1.0" - }, - { - "type": "library", - "bom-ref": "7-charset-normalizer", - "name": "charset-normalizer", - "version": "3.2.0", - "supplier": { - "name": "Ahmed TAHRI", - "contact": [ - { - "email": "ahmed.tahri@cloudnursery.dev" - } - ] - }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:*", - "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ + "purl": "pkg:pypi/attrs@23.1.0", + "properties": [ { - "url": "https://pypi.org/project/charset-normalizer/3.2.0", - "type": "distribution", - "comment": "Download location for component" + "name": "language", + "value": "Python" } - ], - "purl": "pkg:pypi/charset-normalizer@3.2.0" + ] }, { "type": "library", - "bom-ref": "8-multidict", + "bom-ref": "7-multidict", "name": "multidict", "version": "6.0.4", "supplier": { @@ -263,6 +262,10 @@ ], "purl": "pkg:pypi/multidict@6.0.4", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression." @@ -271,9 +274,9 @@ }, { "type": "library", - "bom-ref": "9-yarl", + "bom-ref": "8-yarl", "name": "yarl", - "version": "1.9.2", + "version": "1.9.4", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -282,7 +285,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -294,40 +297,52 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/yarl/1.9.2", + "url": "https://pypi.org/project/yarl/1.9.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.9.2" + "purl": "pkg:pypi/yarl@1.9.4", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "10-idna", + "bom-ref": "9-idna", "name": "idna", - "version": "3.4", + "version": "3.6", "supplier": { "name": "Kim Davies", "contact": [ { - "email": "kim@cynosure.com.au" + "email": "kim+pypi@gumleaf.org" } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.4", + "url": "https://pypi.org/project/idna/3.6", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.4" + "purl": "pkg:pypi/idna@3.6", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "11-beautifulsoup4", + "bom-ref": "10-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.2", "supplier": { @@ -347,13 +362,19 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/beautifulsoup4@4.12.2" + "purl": "pkg:pypi/beautifulsoup4@4.12.2", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "12-soupsieve", + "bom-ref": "11-soupsieve", "name": "soupsieve", - "version": "2.4.1", + "version": "2.5", "supplier": { "name": "Isaac Muse", "contact": [ @@ -362,20 +383,26 @@ } ] }, - "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", "externalReferences": [ { - "url": "https://pypi.org/project/soupsieve/2.4.1", + "url": "https://pypi.org/project/soupsieve/2.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/soupsieve@2.4.1" + "purl": "pkg:pypi/soupsieve@2.5", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "13-cvss", + "bom-ref": "12-cvss", "name": "cvss", "version": "2.6", "supplier": { @@ -405,6 +432,10 @@ ], "purl": "pkg:pypi/cvss@2.6", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression." @@ -413,7 +444,7 @@ }, { "type": "library", - "bom-ref": "14-defusedxml", + "bom-ref": "13-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -443,6 +474,10 @@ ], "purl": "pkg:pypi/defusedxml@0.7.1", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression." @@ -451,7 +486,7 @@ }, { "type": "library", - "bom-ref": "15-distro", + "bom-ref": "14-distro", "name": "distro", "version": "1.8.0", "supplier": { @@ -481,6 +516,10 @@ ], "purl": "pkg:pypi/distro@1.8.0", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression." @@ -489,18 +528,18 @@ }, { "type": "library", - "bom-ref": "16-gsutil", + "bom-ref": "15-gsutil", "name": "gsutil", - "version": "5.25", + "version": "5.27", "supplier": { - "name": "Google Inc.", + "name": "Google Inc .", "contact": [ { "email": "buganizer-system+187143@google.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -512,13 +551,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.25", + "url": "https://pypi.org/project/gsutil/5.27", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.25", + "purl": "pkg:pypi/gsutil@5.27", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -527,9 +570,9 @@ }, { "type": "library", - "bom-ref": "17-argcomplete", + "bom-ref": "16-argcomplete", "name": "argcomplete", - "version": "3.1.1", + "version": "3.2.1", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -538,7 +581,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.1:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", "licenses": [ { @@ -550,13 +593,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.1.1", + "url": "https://pypi.org/project/argcomplete/3.2.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.1.1", + "purl": "pkg:pypi/argcomplete@3.2.1", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression." @@ -565,7 +612,7 @@ }, { "type": "library", - "bom-ref": "18-crcmod", + "bom-ref": "17-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -593,17 +640,23 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/crcmod@1.7" + "purl": "pkg:pypi/crcmod@1.7", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "19-fasteners", + "bom-ref": "18-fasteners", "name": "fasteners", - "version": "0.18", + "version": "0.19", "supplier": { "name": "Joshua Harlow" }, - "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*", "description": "A python package that provides useful locks", "licenses": [ { @@ -615,26 +668,26 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/fasteners/0.18", + "url": "https://pypi.org/project/fasteners/0.19", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/fasteners@0.18", + "purl": "pkg:pypi/fasteners@0.19", "properties": [ { - "name": "License Comments", - "value": "fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression." + "name": "language", + "value": "Python" } ] }, { "type": "library", - "bom-ref": "20-gcs-oauth2-boto-plugin", + "bom-ref": "19-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.0", "supplier": { - "name": "Google Inc.", + "name": "Google Inc .", "contact": [ { "email": "gs-team@google.com" @@ -660,6 +713,10 @@ ], "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -668,7 +725,7 @@ }, { "type": "library", - "bom-ref": "21-boto", + "bom-ref": "20-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -696,11 +753,17 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/boto@2.49.0" + "purl": "pkg:pypi/boto@2.49.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "22-google-reauth", + "bom-ref": "21-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -730,6 +793,10 @@ ], "purl": "pkg:pypi/google-reauth@0.1.1", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -738,11 +805,11 @@ }, { "type": "library", - "bom-ref": "23-pyu2f", + "bom-ref": "22-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { - "name": "Google Inc.", + "name": "Google Inc .", "contact": [ { "email": "pyu2f-team@google.com" @@ -768,6 +835,10 @@ ], "purl": "pkg:pypi/pyu2f@0.1.5", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -776,7 +847,7 @@ }, { "type": "library", - "bom-ref": "24-six", + "bom-ref": "23-six", "name": "six", "version": "1.16.0", "supplier": { @@ -804,11 +875,17 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/six@1.16.0" + "purl": "pkg:pypi/six@1.16.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "25-httplib2", + "bom-ref": "24-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -836,13 +913,19 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/httplib2@0.20.4" + "purl": "pkg:pypi/httplib2@0.20.4", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "26-pyparsing", + "bom-ref": "25-pyparsing", "name": "pyparsing", - "version": "3.1.0", + "version": "3.1.1", "supplier": { "name": "Paul McGuire", "contact": [ @@ -851,24 +934,30 @@ } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*", "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.0", + "url": "https://pypi.org/project/pyparsing/3.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.0" + "purl": "pkg:pypi/pyparsing@3.1.1", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "27-oauth2client", + "bom-ref": "26-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { - "name": "Google Inc.", + "name": "Google Inc .", "contact": [ { "email": "jonwayne+oauth2client@google.com" @@ -894,6 +983,10 @@ ], "purl": "pkg:pypi/oauth2client@4.1.3", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -902,9 +995,9 @@ }, { "type": "library", - "bom-ref": "28-pyasn1", + "bom-ref": "27-pyasn1", "name": "pyasn1", - "version": "0.5.0", + "version": "0.5.1", "supplier": { "name": "Ilya Etingof", "contact": [ @@ -913,7 +1006,7 @@ } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:*", "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", "licenses": [ { @@ -925,16 +1018,22 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1/0.5.0", + "url": "https://pypi.org/project/pyasn1/0.5.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.5.0" + "purl": "pkg:pypi/pyasn1@0.5.1", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "29-pyasn1-modules", + "bom-ref": "28-pyasn1-modules", "name": "pyasn1-modules", "version": "0.3.0", "supplier": { @@ -964,6 +1063,10 @@ ], "purl": "pkg:pypi/pyasn1-modules@0.3.0", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression." @@ -972,11 +1075,11 @@ }, { "type": "library", - "bom-ref": "30-rsa", + "bom-ref": "29-rsa", "name": "rsa", "version": "4.7.2", "supplier": { - "name": "Sybren A. Stuvel", + "name": "Sybren A . Stuvel", "contact": [ { "email": "sybren@stuvel.eu" @@ -1002,6 +1105,10 @@ ], "purl": "pkg:pypi/rsa@4.7.2", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression." @@ -1010,9 +1117,9 @@ }, { "type": "library", - "bom-ref": "31-pyopenssl", + "bom-ref": "30-pyopenssl", "name": "pyopenssl", - "version": "23.2.0", + "version": "23.3.0", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1021,7 +1128,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1033,13 +1140,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyOpenSSL/23.2.0", + "url": "https://pypi.org/project/pyOpenSSL/23.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@23.2.0", + "purl": "pkg:pypi/pyopenssl@23.3.0", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression." @@ -1048,9 +1159,9 @@ }, { "type": "library", - "bom-ref": "32-cryptography", + "bom-ref": "31-cryptography", "name": "cryptography", - "version": "41.0.1", + "version": "41.0.7", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1059,29 +1170,33 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { - "license": { - "expression": "Apache-2.0 OR BSD-3-Clause" - } + "expression": "Apache-2.0 OR BSD-3-Clause" } ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/41.0.1", + "url": "https://pypi.org/project/cryptography/41.0.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@41.0.1" + "purl": "pkg:pypi/cryptography@41.0.7", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "33-cffi", + "bom-ref": "32-cffi", "name": "cffi", - "version": "1.15.1", + "version": "1.16.0", "supplier": { "name": "Armin Maciej Fijalkowski", "contact": [ @@ -1090,7 +1205,7 @@ } ] }, - "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*", "description": "Foreign Function Interface for Python calling C code.", "licenses": [ { @@ -1102,16 +1217,22 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cffi/1.15.1", + "url": "https://pypi.org/project/cffi/1.16.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cffi@1.15.1" + "purl": "pkg:pypi/cffi@1.16.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "34-pycparser", + "bom-ref": "33-pycparser", "name": "pycparser", "version": "2.21", "supplier": { @@ -1141,6 +1262,10 @@ ], "purl": "pkg:pypi/pycparser@2.21", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "pycparser declares BSD which is not currently a valid SPDX License identifier or expression." @@ -1149,7 +1274,7 @@ }, { "type": "library", - "bom-ref": "35-retry-decorator", + "bom-ref": "34-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1177,11 +1302,17 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/retry-decorator@1.1.1" + "purl": "pkg:pypi/retry-decorator@1.1.1", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "36-google-apitools", + "bom-ref": "35-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1211,6 +1342,10 @@ ], "purl": "pkg:pypi/google-apitools@0.5.32", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -1219,9 +1354,9 @@ }, { "type": "library", - "bom-ref": "37-google-auth", + "bom-ref": "36-google-auth", "name": "google-auth", - "version": "2.21.0", + "version": "2.25.2", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1230,7 +1365,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1242,13 +1377,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-auth/2.21.0", + "url": "https://pypi.org/project/google-auth/2.25.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.21.0", + "purl": "pkg:pypi/google-auth@2.25.2", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -1257,9 +1396,9 @@ }, { "type": "library", - "bom-ref": "38-cachetools", + "bom-ref": "37-cachetools", "name": "cachetools", - "version": "5.3.1", + "version": "5.3.2", "supplier": { "name": "Thomas Kemmer", "contact": [ @@ -1268,7 +1407,7 @@ } ] }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:*", "description": "Extensible memoizing collections and decorators", "licenses": [ { @@ -1280,48 +1419,22 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cachetools/5.3.1", + "url": "https://pypi.org/project/cachetools/5.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cachetools@5.3.1" - }, - { - "type": "library", - "bom-ref": "39-urllib3", - "name": "urllib3", - "version": "1.26.16", - "supplier": { - "name": "Andrey Petrov", - "contact": [ - { - "email": "andrey.petrov@shazow.net" - } - ] - }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ + "purl": "pkg:pypi/cachetools@5.3.2", + "properties": [ { - "url": "https://pypi.org/project/urllib3/1.26.16", - "type": "distribution", - "comment": "Download location for component" + "name": "language", + "value": "Python" } - ], - "purl": "pkg:pypi/urllib3@1.26.16" + ] }, { "type": "library", - "bom-ref": "40-monotonic", + "bom-ref": "38-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1351,6 +1464,10 @@ ], "purl": "pkg:pypi/monotonic@1.6", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "monotonic declares Apache which is not currently a valid SPDX License identifier or expression." @@ -1359,7 +1476,7 @@ }, { "type": "library", - "bom-ref": "41-jinja2", + "bom-ref": "39-jinja2", "name": "jinja2", "version": "3.1.2", "supplier": { @@ -1387,11 +1504,17 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/jinja2@3.1.2" + "purl": "pkg:pypi/jinja2@3.1.2", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "42-markupsafe", + "bom-ref": "40-markupsafe", "name": "markupsafe", "version": "2.1.3", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1410,17 +1533,23 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@2.1.3" + "purl": "pkg:pypi/markupsafe@2.1.3", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "43-jsonschema", + "bom-ref": "41-jsonschema", "name": "jsonschema", - "version": "4.18.0", + "version": "4.20.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1432,22 +1561,28 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.18.0", + "url": "https://pypi.org/project/jsonschema/4.20.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.18.0" + "purl": "pkg:pypi/jsonschema@4.20.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "44-jsonschema-specifications", + "bom-ref": "42-jsonschema-specifications", "name": "jsonschema-specifications", - "version": "2023.6.1", + "version": "2023.11.2", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:*", "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "licenses": [ { @@ -1459,22 +1594,28 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema-specifications/2023.6.1", + "url": "https://pypi.org/project/jsonschema-specifications/2023.11.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema-specifications@2023.6.1" + "purl": "pkg:pypi/jsonschema-specifications@2023.11.2", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "45-referencing", + "bom-ref": "43-referencing", "name": "referencing", - "version": "0.29.1", + "version": "0.32.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "licenses": [ { @@ -1486,22 +1627,28 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.29.1", + "url": "https://pypi.org/project/referencing/0.32.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.29.1" + "purl": "pkg:pypi/referencing@0.32.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "46-rpds-py", + "bom-ref": "44-rpds-py", "name": "rpds-py", - "version": "0.8.10", + "version": "0.15.2", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -1513,18 +1660,24 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.8.10", + "url": "https://pypi.org/project/rpds-py/0.15.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.8.10" + "purl": "pkg:pypi/rpds-py@0.15.2", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "47-lib4sbom", + "bom-ref": "45-lib4sbom", "name": "lib4sbom", - "version": "0.3.1", + "version": "0.5.4", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -1533,7 +1686,7 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "licenses": [ { @@ -1545,18 +1698,24 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.3.1", + "url": "https://pypi.org/project/lib4sbom/0.5.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.3.1" + "purl": "pkg:pypi/lib4sbom@0.5.4", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "48-pyyaml", + "bom-ref": "46-pyyaml", "name": "pyyaml", - "version": "6.0", + "version": "6.0.1", "supplier": { "name": "Kirill Simonov", "contact": [ @@ -1565,7 +1724,7 @@ } ] }, - "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", "licenses": [ { @@ -1577,16 +1736,22 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0", + "url": "https://pypi.org/project/PyYAML/6.0.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyyaml@6.0" + "purl": "pkg:pypi/pyyaml@6.0.1", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "49-semantic-version", + "bom-ref": "47-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -1616,6 +1781,10 @@ ], "purl": "pkg:pypi/semantic-version@2.10.0", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "semantic-version declares BSD which is not currently a valid SPDX License identifier or expression." @@ -1624,7 +1793,7 @@ }, { "type": "library", - "bom-ref": "50-packaging", + "bom-ref": "48-packaging", "name": "packaging", "version": "21.3", "supplier": { @@ -1639,9 +1808,7 @@ "description": "Core utilities for Python packages", "licenses": [ { - "license": { - "expression": "BSD-2-Clause OR Apache-2.0" - } + "expression": "BSD-2-Clause OR Apache-2.0" } ], "externalReferences": [ @@ -1653,6 +1820,10 @@ ], "purl": "pkg:pypi/packaging@21.3", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "packaging declares BSD-2-Clause or Apache-2.0 which is not currently a valid SPDX License identifier or expression." @@ -1661,9 +1832,9 @@ }, { "type": "library", - "bom-ref": "51-plotly", + "bom-ref": "49-plotly", "name": "plotly", - "version": "5.15.0", + "version": "5.18.0", "supplier": { "name": "Chris P", "contact": [ @@ -1672,7 +1843,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -1684,18 +1855,24 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.15.0", + "url": "https://pypi.org/project/plotly/5.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.15.0" + "purl": "pkg:pypi/plotly@5.18.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", - "bom-ref": "52-tenacity", + "bom-ref": "50-tenacity", "name": "tenacity", - "version": "8.2.2", + "version": "8.2.3", "supplier": { "name": "Julien Danjou", "contact": [ @@ -1704,7 +1881,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -1716,13 +1893,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.2.2", + "url": "https://pypi.org/project/tenacity/8.2.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.2.2", + "purl": "pkg:pypi/tenacity@8.2.3", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -1731,9 +1912,9 @@ }, { "type": "library", - "bom-ref": "53-python-gnupg", + "bom-ref": "51-python-gnupg", "name": "python-gnupg", - "version": "0.5.0", + "version": "0.5.2", "supplier": { "name": "Vinay Sajip", "contact": [ @@ -1742,7 +1923,7 @@ } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "licenses": [ { @@ -1754,13 +1935,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/python-gnupg/0.5.0", + "url": "https://pypi.org/project/python-gnupg/0.5.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.0", + "purl": "pkg:pypi/python-gnupg@0.5.2", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression." @@ -1769,7 +1954,7 @@ }, { "type": "library", - "bom-ref": "54-requests", + "bom-ref": "52-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -1799,6 +1984,10 @@ ], "purl": "pkg:pypi/requests@2.31.0", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression." @@ -1807,9 +1996,9 @@ }, { "type": "library", - "bom-ref": "55-certifi", + "bom-ref": "53-certifi", "name": "certifi", - "version": "2023.5.7", + "version": "2023.11.17", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -1818,7 +2007,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.11.17:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { @@ -1830,18 +2019,92 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/certifi/2023.5.7", + "url": "https://pypi.org/project/certifi/2023.11.17", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/certifi@2023.5.7" + "purl": "pkg:pypi/certifi@2023.11.17", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] + }, + { + "type": "library", + "bom-ref": "54-charset-normalizer", + "name": "charset-normalizer", + "version": "3.3.2", + "supplier": { + "name": "Ahmed TAHRI", + "contact": [ + { + "email": "ahmed.tahri@cloudnursery.dev" + } + ] + }, + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/charset-normalizer/3.3.2", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/charset-normalizer@3.3.2", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] + }, + { + "type": "library", + "bom-ref": "55-urllib3", + "name": "urllib3", + "version": "2.1.0", + "supplier": { + "name": "Andrey Petrov", + "contact": [ + { + "email": "andrey.petrov@shazow.net" + } + ] + }, + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.1.0:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "externalReferences": [ + { + "url": "https://pypi.org/project/urllib3/2.1.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/urllib3@2.1.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", "bom-ref": "56-rich", "name": "rich", - "version": "13.4.2", + "version": "13.7.0", "supplier": { "name": "Will McGugan", "contact": [ @@ -1850,7 +2113,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.0:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -1862,12 +2125,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.4.2", + "url": "https://pypi.org/project/rich/13.7.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.4.2" + "purl": "pkg:pypi/rich@13.7.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", @@ -1891,7 +2160,13 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/markdown-it-py@3.0.0" + "purl": "pkg:pypi/markdown-it-py@3.0.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", @@ -1915,13 +2190,19 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/mdurl@0.1.2" + "purl": "pkg:pypi/mdurl@0.1.2", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", "bom-ref": "59-pygments", "name": "pygments", - "version": "2.15.1", + "version": "2.17.2", "supplier": { "name": "Georg Brandl", "contact": [ @@ -1930,7 +2211,7 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", "licenses": [ { @@ -1942,18 +2223,24 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.15.1", + "url": "https://pypi.org/project/Pygments/2.17.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.15.1" + "purl": "pkg:pypi/pygments@2.17.2", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", "bom-ref": "60-rpmfile", "name": "rpmfile", - "version": "1.1.1", + "version": "2.0.0", "supplier": { "name": "Sean Ross", "contact": [ @@ -1962,7 +2249,7 @@ } ] }, - "cpe": "cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*", "description": "Read rpm archive files", "licenses": [ { @@ -1974,12 +2261,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpmfile/1.1.1", + "url": "https://pypi.org/project/rpmfile/2.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpmfile@1.1.1" + "purl": "pkg:pypi/rpmfile@2.0.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", @@ -2011,13 +2304,19 @@ "comment": "Download location for component" } ], - "purl": "pkg:pypi/toml@0.10.2" + "purl": "pkg:pypi/toml@0.10.2", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", "bom-ref": "62-xmlschema", "name": "xmlschema", - "version": "2.3.1", + "version": "2.5.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2026,7 +2325,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2038,18 +2337,24 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/2.3.1", + "url": "https://pypi.org/project/xmlschema/2.5.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@2.3.1" + "purl": "pkg:pypi/xmlschema@2.5.0", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", "bom-ref": "63-elementpath", "name": "elementpath", - "version": "4.1.4", + "version": "4.1.5", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2058,7 +2363,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -2070,18 +2375,24 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/elementpath/4.1.4", + "url": "https://pypi.org/project/elementpath/4.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.1.4" + "purl": "pkg:pypi/elementpath@4.1.5", + "properties": [ + { + "name": "language", + "value": "Python" + } + ] }, { "type": "library", "bom-ref": "64-zstandard", "name": "zstandard", - "version": "0.21.0", + "version": "0.22.0", "supplier": { "name": "Gregory Szorc", "contact": [ @@ -2090,7 +2401,7 @@ } ] }, - "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:*", "description": "Zstandard bindings for Python", "licenses": [ { @@ -2102,13 +2413,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/zstandard/0.21.0", + "url": "https://pypi.org/project/zstandard/0.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zstandard@0.21.0", + "purl": "pkg:pypi/zstandard@0.22.0", "properties": [ + { + "name": "language", + "value": "Python" + }, { "name": "License Comments", "value": "zstandard declares BSD which is not currently a valid SPDX License identifier or expression." @@ -2127,23 +2442,23 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "11-beautifulsoup4", - "13-cvss", - "14-defusedxml", - "15-distro", - "16-gsutil", - "41-jinja2", - "43-jsonschema", - "47-lib4sbom", - "50-packaging", - "51-plotly", - "53-python-gnupg", - "48-pyyaml", - "54-requests", + "10-beautifulsoup4", + "12-cvss", + "13-defusedxml", + "14-distro", + "15-gsutil", + "39-jinja2", + "41-jsonschema", + "45-lib4sbom", + "48-packaging", + "49-plotly", + "51-python-gnupg", + "46-pyyaml", + "52-requests", "56-rich", "60-rpmfile", "61-toml", - "39-urllib3", + "55-urllib3", "62-xmlschema", "64-zstandard" ] @@ -2154,10 +2469,9 @@ "3-aiosignal", "5-async-timeout", "6-attrs", - "7-charset-normalizer", "4-frozenlist", - "8-multidict", - "9-yarl" + "7-multidict", + "8-yarl" ] }, { @@ -2167,180 +2481,179 @@ ] }, { - "ref": "9-yarl", + "ref": "8-yarl", "dependsOn": [ - "10-idna", - "8-multidict" + "9-idna", + "7-multidict" ] }, { - "ref": "11-beautifulsoup4", + "ref": "10-beautifulsoup4", "dependsOn": [ - "12-soupsieve" + "11-soupsieve" ] }, { - "ref": "16-gsutil", + "ref": "15-gsutil", "dependsOn": [ - "17-argcomplete", - "18-crcmod", - "19-fasteners", - "20-gcs-oauth2-boto-plugin", - "36-google-apitools", - "37-google-auth", - "22-google-reauth", - "25-httplib2", - "40-monotonic", - "31-pyopenssl", - "35-retry-decorator", - "24-six" - ] - }, - { - "ref": "20-gcs-oauth2-boto-plugin", + "16-argcomplete", + "17-crcmod", + "18-fasteners", + "19-gcs-oauth2-boto-plugin", + "35-google-apitools", + "36-google-auth", + "21-google-reauth", + "24-httplib2", + "38-monotonic", + "30-pyopenssl", + "34-retry-decorator", + "23-six" + ] + }, + { + "ref": "19-gcs-oauth2-boto-plugin", "dependsOn": [ - "21-boto", - "22-google-reauth", - "25-httplib2", - "27-oauth2client", - "31-pyopenssl", - "35-retry-decorator", - "30-rsa", - "24-six" + "20-boto", + "21-google-reauth", + "24-httplib2", + "26-oauth2client", + "30-pyopenssl", + "34-retry-decorator", + "29-rsa", + "23-six" ] }, { - "ref": "22-google-reauth", + "ref": "21-google-reauth", "dependsOn": [ - "23-pyu2f" + "22-pyu2f" ] }, { - "ref": "23-pyu2f", + "ref": "22-pyu2f", "dependsOn": [ - "24-six" + "23-six" ] }, { - "ref": "25-httplib2", + "ref": "24-httplib2", "dependsOn": [ - "26-pyparsing" + "25-pyparsing" ] }, { - "ref": "27-oauth2client", + "ref": "26-oauth2client", "dependsOn": [ - "25-httplib2", - "28-pyasn1", - "29-pyasn1-modules", - "30-rsa", - "24-six" + "24-httplib2", + "27-pyasn1", + "28-pyasn1-modules", + "29-rsa", + "23-six" ] }, { - "ref": "29-pyasn1-modules", + "ref": "28-pyasn1-modules", "dependsOn": [ - "28-pyasn1" + "27-pyasn1" ] }, { - "ref": "30-rsa", + "ref": "29-rsa", "dependsOn": [ - "28-pyasn1" + "27-pyasn1" ] }, { - "ref": "31-pyopenssl", + "ref": "30-pyopenssl", "dependsOn": [ - "32-cryptography" + "31-cryptography" ] }, { - "ref": "32-cryptography", + "ref": "31-cryptography", "dependsOn": [ - "33-cffi" + "32-cffi" ] }, { - "ref": "33-cffi", + "ref": "32-cffi", "dependsOn": [ - "34-pycparser" + "33-pycparser" ] }, { - "ref": "36-google-apitools", + "ref": "35-google-apitools", "dependsOn": [ - "19-fasteners", - "25-httplib2", - "27-oauth2client", - "24-six" + "18-fasteners", + "24-httplib2", + "26-oauth2client", + "23-six" ] }, { - "ref": "37-google-auth", + "ref": "36-google-auth", "dependsOn": [ - "38-cachetools", - "29-pyasn1-modules", - "30-rsa", - "24-six", - "39-urllib3" + "37-cachetools", + "28-pyasn1-modules", + "29-rsa" ] }, { - "ref": "41-jinja2", + "ref": "39-jinja2", "dependsOn": [ - "42-markupsafe" + "40-markupsafe" ] }, { - "ref": "43-jsonschema", + "ref": "41-jsonschema", "dependsOn": [ "6-attrs", - "44-jsonschema-specifications", - "45-referencing", - "46-rpds-py" + "42-jsonschema-specifications", + "43-referencing", + "44-rpds-py" ] }, { - "ref": "44-jsonschema-specifications", + "ref": "42-jsonschema-specifications", "dependsOn": [ - "45-referencing" + "43-referencing" ] }, { - "ref": "45-referencing", + "ref": "43-referencing", "dependsOn": [ "6-attrs", - "46-rpds-py" + "44-rpds-py" ] }, { - "ref": "47-lib4sbom", + "ref": "45-lib4sbom", "dependsOn": [ - "48-pyyaml", - "49-semantic-version" + "13-defusedxml", + "46-pyyaml", + "47-semantic-version" ] }, { - "ref": "50-packaging", + "ref": "48-packaging", "dependsOn": [ - "26-pyparsing" + "25-pyparsing" ] }, { - "ref": "51-plotly", + "ref": "49-plotly", "dependsOn": [ - "50-packaging", - "52-tenacity" + "48-packaging", + "50-tenacity" ] }, { - "ref": "54-requests", + "ref": "52-requests", "dependsOn": [ - "55-certifi", - "7-charset-normalizer", - "10-idna", - "39-urllib3" + "53-certifi", + "54-charset-normalizer", + "9-idna", + "55-urllib3" ] }, { diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index cf98d162b3..5edf5e9fb4 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8cf27c00-ca66-457e-9fd5-d1ed47312a40 -LicenseListVersion: 3.20 -Creator: Tool: sbom4python-0.9.2 -Created: 2023-07-10T00:39:41Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8bf265b0-014d-43ce-b27a-c8b7fbbfacd4 +LicenseListVersion: 3.22 +Creator: Tool: sbom4python-0.10.1 +Created: 2023-12-18T01:21:58Z CreatorComment: This document has been automatically generated. ##### @@ -26,17 +26,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.8.4 +PackageVersion: 3.9.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.9.1 ##### PackageName: aiosignal @@ -55,33 +55,33 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1 PackageName: frozenlist SPDXID: SPDXRef-Package-4-frozenlist -PackageVersion: 1.3.3 +PackageVersion: 1.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3 +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.1 ##### PackageName: async-timeout SPDXID: SPDXRef-Package-5-async-timeout -PackageVersion: 4.0.2 +PackageVersion: 4.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2 +PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* ##### PackageName: attrs @@ -99,23 +99,8 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@23.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:*:*:* ##### -PackageName: charset-normalizer -SPDXID: SPDXRef-Package-7-charset-normalizer -PackageVersion: 3.2.0 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) -PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.2.0 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:* -##### - PackageName: multidict -SPDXID: SPDXRef-Package-8-multidict +SPDXID: SPDXRef-Package-7-multidict PackageVersion: 6.0.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -131,37 +116,37 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-Package-9-yarl -PackageVersion: 1.9.2 +SPDXID: SPDXRef-Package-8-yarl +PackageVersion: 1.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2 +PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-Package-10-idna -PackageVersion: 3.4 +SPDXID: SPDXRef-Package-9-idna +PackageVersion: 3.6 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Kim Davies (kim@cynosure.com.au) -PackageDownloadLocation: https://pypi.org/project/idna/3.4 +PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) +PackageDownloadLocation: https://pypi.org/project/idna/3.6 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.6 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.6:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-11-beautifulsoup4 +SPDXID: SPDXRef-Package-10-beautifulsoup4 PackageVersion: 4.12.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -176,22 +161,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-12-soupsieve -PackageVersion: 2.4.1 +SPDXID: SPDXRef-Package-11-soupsieve +PackageVersion: 2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) -PackageDownloadLocation: https://pypi.org/project/soupsieve/2.4.1 +PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-13-cvss +SPDXID: SPDXRef-Package-12-cvss PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -207,7 +192,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-14-defusedxml +SPDXID: SPDXRef-Package-13-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -223,7 +208,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-15-distro +SPDXID: SPDXRef-Package-14-distro PackageVersion: 1.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -239,39 +224,39 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* ##### PackageName: gsutil -SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.25 +SPDXID: SPDXRef-Package-15-gsutil +PackageVersion: 5.27 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.25 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.27 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.27 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-17-argcomplete -PackageVersion: 3.1.1 +SPDXID: SPDXRef-Package-16-argcomplete +PackageVersion: 3.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.1 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.2.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.2.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.2.1:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-18-crcmod +SPDXID: SPDXRef-Package-17-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -286,23 +271,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-19-fasteners -PackageVersion: 0.18 +SPDXID: SPDXRef-Package-18-fasteners +PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow -PackageDownloadLocation: https://pypi.org/project/fasteners/0.18 +PackageDownloadLocation: https://pypi.org/project/fasteners/0.19 FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION +PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-Package-19-gcs-oauth2-boto-plugin PackageVersion: 3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -318,7 +302,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0 ##### PackageName: boto -SPDXID: SPDXRef-Package-21-boto +SPDXID: SPDXRef-Package-20-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -333,7 +317,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-22-google-reauth +SPDXID: SPDXRef-Package-21-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -349,7 +333,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-23-pyu2f +SPDXID: SPDXRef-Package-22-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -365,7 +349,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-24-six +SPDXID: SPDXRef-Package-23-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -380,7 +364,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-25-httplib2 +SPDXID: SPDXRef-Package-24-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -395,22 +379,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-26-pyparsing -PackageVersion: 3.1.0 +SPDXID: SPDXRef-Package-25-pyparsing +PackageVersion: 3.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0 +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-27-oauth2client +SPDXID: SPDXRef-Package-26-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -426,22 +410,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-28-pyasn1 -PackageVersion: 0.5.0 +SPDXID: SPDXRef-Package-27-pyasn1 +PackageVersion: 0.5.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.1 FilesAnalyzed: false PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.5.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.5.1:*:*:*:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-29-pyasn1-modules +SPDXID: SPDXRef-Package-28-pyasn1-modules PackageVersion: 0.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -457,7 +441,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.3.0:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-Package-30-rsa +SPDXID: SPDXRef-Package-29-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -473,53 +457,53 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-31-pyopenssl -PackageVersion: 23.2.0 +SPDXID: SPDXRef-Package-30-pyopenssl +PackageVersion: 23.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.2.0 +PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.3.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.3.0:*:*:*:*:*:*:* ##### PackageName: cryptography -SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 41.0.1 +SPDXID: SPDXRef-Package-31-cryptography +PackageVersion: 41.0.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1 +PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.7 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.7:*:*:*:*:*:*:* ##### PackageName: cffi -SPDXID: SPDXRef-Package-33-cffi -PackageVersion: 1.15.1 +SPDXID: SPDXRef-Package-32-cffi +PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) -PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1 +PackageDownloadLocation: https://pypi.org/project/cffi/1.16.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Foreign Function Interface for Python calling C code. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.15.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-34-pycparser +SPDXID: SPDXRef-Package-33-pycparser PackageVersion: 2.21 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -535,7 +519,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-35-retry-decorator +SPDXID: SPDXRef-Package-34-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -550,7 +534,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-36-google-apitools +SPDXID: SPDXRef-Package-35-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -566,53 +550,38 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: google-auth -SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.21.0 +SPDXID: SPDXRef-Package-36-google-auth +PackageVersion: 2.25.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.21.0 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.25.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.25.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.25.2:*:*:*:*:*:*:* ##### PackageName: cachetools -SPDXID: SPDXRef-Package-38-cachetools -PackageVersion: 5.3.1 +SPDXID: SPDXRef-Package-37-cachetools +PackageVersion: 5.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1 +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:* -##### - -PackageName: urllib3 -SPDXID: SPDXRef-Package-39-urllib3 -PackageVersion: 1.26.16 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.16 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.2:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-40-monotonic +SPDXID: SPDXRef-Package-38-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -628,7 +597,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-41-jinja2 +SPDXID: SPDXRef-Package-39-jinja2 PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) @@ -643,7 +612,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*: ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-42-markupsafe +SPDXID: SPDXRef-Package-40-markupsafe PackageVersion: 2.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -657,97 +626,97 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-43-jsonschema -PackageVersion: 4.18.0 +SPDXID: SPDXRef-Package-41-jsonschema +PackageVersion: 4.20.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.0 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.20.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.20.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.20.0:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-44-jsonschema-specifications -PackageVersion: 2023.6.1 +SPDXID: SPDXRef-Package-42-jsonschema-specifications +PackageVersion: 2023.11.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.6.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.11.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.6.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.11.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.11.2:*:*:*:*:*:*:* ##### PackageName: referencing -SPDXID: SPDXRef-Package-45-referencing -PackageVersion: 0.29.1 +SPDXID: SPDXRef-Package-43-referencing +PackageVersion: 0.32.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.29.1 +PackageDownloadLocation: https://pypi.org/project/referencing/0.32.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.29.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.32.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.32.0:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-46-rpds-py -PackageVersion: 0.8.10 +SPDXID: SPDXRef-Package-44-rpds-py +PackageVersion: 0.15.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.8.10 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.15.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.8.10 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.15.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.15.2:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-47-lib4sbom -PackageVersion: 0.3.1 +SPDXID: SPDXRef-Package-45-lib4sbom +PackageVersion: 0.5.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.5.4 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.5.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.5.4:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-48-pyyaml -PackageVersion: 6.0 +SPDXID: SPDXRef-Package-46-pyyaml +PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0 +PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:* ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-49-semantic-version +SPDXID: SPDXRef-Package-47-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -763,7 +732,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packaging -SPDXID: SPDXRef-Package-50-packaging +SPDXID: SPDXRef-Package-48-packaging PackageVersion: 21.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) @@ -779,54 +748,54 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut ##### PackageName: plotly -SPDXID: SPDXRef-Package-51-plotly -PackageVersion: 5.15.0 +SPDXID: SPDXRef-Package-49-plotly +PackageVersion: 5.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.18.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.15.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.18.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-52-tenacity -PackageVersion: 8.2.2 +SPDXID: SPDXRef-Package-50-tenacity +PackageVersion: 8.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-53-python-gnupg -PackageVersion: 0.5.0 +SPDXID: SPDXRef-Package-51-python-gnupg +PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.0 +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-54-requests +SPDXID: SPDXRef-Package-52-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -842,33 +811,63 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-55-certifi -PackageVersion: 2023.5.7 +SPDXID: SPDXRef-Package-53-certifi +PackageVersion: 2023.11.17 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7 +PackageDownloadLocation: https://pypi.org/project/certifi/2023.11.17 FilesAnalyzed: false PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.11.17 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.11.17:*:*:*:*:*:*:* +##### + +PackageName: charset-normalizer +SPDXID: SPDXRef-Package-54-charset-normalizer +PackageVersion: 3.3.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:* +##### + +PackageName: urllib3 +SPDXID: SPDXRef-Package-55-urllib3 +PackageVersion: 2.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) +PackageDownloadLocation: https://pypi.org/project/urllib3/2.1.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.1.0:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-Package-56-rich -PackageVersion: 13.4.2 +PackageVersion: 13.7.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.4.2 +PackageDownloadLocation: https://pypi.org/project/rich/13.7.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.7.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.0:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -903,32 +902,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: PackageName: pygments SPDXID: SPDXRef-Package-59-pygments -PackageVersion: 2.15.1 +PackageVersion: 2.17.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2 FilesAnalyzed: false PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.17.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:* ##### PackageName: rpmfile SPDXID: SPDXRef-Package-60-rpmfile -PackageVersion: 1.1.1 +PackageVersion: 2.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1 +PackageDownloadLocation: https://pypi.org/project/rpmfile/2.0.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Read rpm archive files -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@2.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -948,142 +947,140 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-Package-62-xmlschema -PackageVersion: 2.3.1 +PackageVersion: 2.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/2.5.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:* ##### PackageName: elementpath SPDXID: SPDXRef-Package-63-elementpath -PackageVersion: 4.1.4 +PackageVersion: 4.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.5 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:* ##### PackageName: zstandard SPDXID: SPDXRef-Package-64-zstandard -PackageVersion: 0.21.0 +PackageVersion: 0.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) -PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0 +PackageDownloadLocation: https://pypi.org/project/zstandard/0.22.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Zstandard bindings for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.22.0:*:*:*:*:*:*:* ##### Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-10-beautifulsoup4 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-cvss +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distro +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-urllib3 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-rich Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rpmfile Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-toml Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-xmlschema Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-zstandard -Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic +Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-16-argcomplete +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-17-crcmod +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-18-fasteners +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-19-gcs-oauth2-boto-plugin +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-reauth +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-23-six +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-24-httplib2 +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-pyopenssl +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-34-retry-decorator +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-35-google-apitools +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-36-google-auth +Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-monotonic +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-20-boto +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-reauth +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-six +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-httplib2 +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-oauth2client +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-rsa +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-pyopenssl +Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-retry-decorator Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-charset-normalizer -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-multidict -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-9-yarl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-retry-decorator -Relationship: SPDXRef-Package-22-google-reauth DEPENDS_ON SPDXRef-Package-23-pyu2f -Relationship: SPDXRef-Package-23-pyu2f DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-25-httplib2 DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-29-pyasn1-modules DEPENDS_ON SPDXRef-Package-28-pyasn1 +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl +Relationship: SPDXRef-Package-21-google-reauth DEPENDS_ON SPDXRef-Package-22-pyu2f +Relationship: SPDXRef-Package-22-pyu2f DEPENDS_ON SPDXRef-Package-23-six +Relationship: SPDXRef-Package-24-httplib2 DEPENDS_ON SPDXRef-Package-25-pyparsing +Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-23-six +Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-24-httplib2 +Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-27-pyasn1 +Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1-modules +Relationship: SPDXRef-Package-26-oauth2client DEPENDS_ON SPDXRef-Package-29-rsa +Relationship: SPDXRef-Package-28-pyasn1-modules DEPENDS_ON SPDXRef-Package-27-pyasn1 +Relationship: SPDXRef-Package-29-rsa DEPENDS_ON SPDXRef-Package-27-pyasn1 Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-rsa DEPENDS_ON SPDXRef-Package-28-pyasn1 -Relationship: SPDXRef-Package-31-pyopenssl DEPENDS_ON SPDXRef-Package-32-cryptography -Relationship: SPDXRef-Package-32-cryptography DEPENDS_ON SPDXRef-Package-33-cffi -Relationship: SPDXRef-Package-33-cffi DEPENDS_ON SPDXRef-Package-34-pycparser -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2 -Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-24-six -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing -Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py -Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml -Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version -Relationship: SPDXRef-Package-50-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-50-packaging -Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-52-tenacity -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-55-certifi -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer +Relationship: SPDXRef-Package-30-pyopenssl DEPENDS_ON SPDXRef-Package-31-cryptography +Relationship: SPDXRef-Package-31-cryptography DEPENDS_ON SPDXRef-Package-32-cffi +Relationship: SPDXRef-Package-32-cffi DEPENDS_ON SPDXRef-Package-33-pycparser +Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners +Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-23-six +Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-24-httplib2 +Relationship: SPDXRef-Package-35-google-apitools DEPENDS_ON SPDXRef-Package-26-oauth2client +Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-28-pyasn1-modules +Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-29-rsa +Relationship: SPDXRef-Package-36-google-auth DEPENDS_ON SPDXRef-Package-37-cachetools +Relationship: SPDXRef-Package-39-jinja2 DEPENDS_ON SPDXRef-Package-40-markupsafe +Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-42-jsonschema-specifications +Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-43-referencing +Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-44-rpds-py +Relationship: SPDXRef-Package-41-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-42-jsonschema-specifications DEPENDS_ON SPDXRef-Package-43-referencing +Relationship: SPDXRef-Package-43-referencing DEPENDS_ON SPDXRef-Package-44-rpds-py +Relationship: SPDXRef-Package-43-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-46-pyyaml +Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-47-semantic-version +Relationship: SPDXRef-Package-48-packaging DEPENDS_ON SPDXRef-Package-25-pyparsing +Relationship: SPDXRef-Package-49-plotly DEPENDS_ON SPDXRef-Package-48-packaging +Relationship: SPDXRef-Package-49-plotly DEPENDS_ON SPDXRef-Package-50-tenacity +Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-53-certifi +Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-54-charset-normalizer +Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-55-urllib3 +Relationship: SPDXRef-Package-52-requests DEPENDS_ON SPDXRef-Package-9-idna Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-57-markdown-it-py Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-59-pygments Relationship: SPDXRef-Package-57-markdown-it-py DEPENDS_ON SPDXRef-Package-58-mdurl Relationship: SPDXRef-Package-62-xmlschema DEPENDS_ON SPDXRef-Package-63-elementpath -Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict +Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict +Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna