diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json
index 10554f9235..1d141c581a 100644
--- a/sbom/cve-bin-tool-py3.12.json
+++ b/sbom/cve-bin-tool-py3.12.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:d683370e-a755-4d53-bb8c-717dc6173956",
+ "serialNumber": "urn:uuid:2fbc005e-051d-4dd7-8f24-b4905f4d23f2",
"version": 1,
"metadata": {
- "timestamp": "2024-12-09T00:40:28Z",
+ "timestamp": "2024-12-16T00:38:53Z",
"lifecycles": [
{
"phase": "build"
@@ -15,7 +15,7 @@
"components": [
{
"name": "sbom4python",
- "version": "0.11.3",
+ "version": "0.12.1",
"type": "application"
}
]
@@ -42,6 +42,12 @@
},
"cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*",
"description": "CVE Binary Checker Tool",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -65,6 +71,10 @@
],
"purl": "pkg:pypi/cve-bin-tool@3.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-17T18:57:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -81,6 +91,12 @@
"name": "aiohttp",
"version": "3.11.10",
"description": "Async http client/server framework (asyncio)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d"
+ }
+ ],
"licenses": [
{
"license": {
@@ -100,10 +116,46 @@
"url": "https://pypi.org/project/aiohttp/3.11.10/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiohttp",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiohttp.org/en/stable/changes.html",
+ "type": "log"
+ },
+ {
+ "url": "https://docs.aiohttp.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohttp",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/aiohttp@3.11.10",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-05T23:51:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -111,10 +163,6 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-12-05T23:51:02.000Z"
}
]
},
@@ -133,6 +181,12 @@
},
"cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*",
"description": "Happy Eyeballs for asyncio",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8"
+ }
+ ],
"licenses": [
{
"license": {
@@ -152,10 +206,30 @@
"url": "https://pypi.org/project/aiohappyeyeballs/2.4.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md",
+ "type": "log"
+ },
+ {
+ "url": "https://aiohappyeyeballs.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiohappyeyeballs",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/aiohappyeyeballs@2.4.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
@@ -163,10 +237,6 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-30T18:43:39.000Z"
}
]
},
@@ -174,14 +244,8 @@
"type": "library",
"bom-ref": "4-aiosignal",
"name": "aiosignal",
- "version": "1.3.1",
+ "version": "1.3.2",
"description": "aiosignal: a list of registered asynchronous callbacks",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "2b8907dc15f976d3747a16bd65f1681ae54249a3"
- }
- ],
"licenses": [
{
"license": {
@@ -198,13 +262,41 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/aiosignal/1.3.1/#files",
+ "url": "https://pypi.org/project/aiosignal/1.3.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gitter.im/aio-libs/Lobby",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/aiosignal",
+ "type": "other"
+ },
+ {
+ "url": "https://docs.aiosignal.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/aiosignal",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/aiosignal@1.3.1",
+ "purl": "pkg:pypi/aiosignal@1.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-30T18:43:39Z"
+ },
{
"name": "language",
"value": "Python"
@@ -212,10 +304,6 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-08T16:03:57.000Z"
}
]
},
@@ -225,6 +313,12 @@
"name": "frozenlist",
"version": "1.5.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a"
+ }
+ ],
"licenses": [
{
"license": {
@@ -244,10 +338,50 @@
"url": "https://pypi.org/project/frozenlist/1.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/frozenlist",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog",
+ "type": "log"
+ },
+ {
+ "url": "https://frozenlist.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/frozenlist",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/frozenlist@1.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-23T09:46:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -255,10 +389,6 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-23T09:46:20.000Z"
}
]
},
@@ -279,8 +409,8 @@
"description": "Classes Without Boilerplate",
"hashes": [
{
- "alg": "SHA-1",
- "content": "6771a04893780166e4b7826b63599f43ac30d00a"
+ "alg": "SHA-256",
+ "content": "81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2"
}
],
"externalReferences": [
@@ -288,10 +418,34 @@
"url": "https://pypi.org/project/attrs/24.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://www.attrs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://www.attrs.org/en/stable/changelog.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-attrs/attrs",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/sponsors/hynek",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi",
+ "type": "other"
}
],
"purl": "pkg:pypi/attrs@24.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T14:37:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -299,57 +453,47 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-06T14:37:36.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "7-multidict",
- "name": "multidict",
- "version": "6.1.0",
+ "bom-ref": "7-importlib-metadata",
+ "name": "importlib-metadata",
+ "version": "8.0.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
- "description": "multidict implementation",
+ "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*",
+ "description": "Read metadata from Python packages",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4140e63780dc6dd600a1837cb9b4c5198c3dcd68"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/multidict",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/multidict/6.1.0/#files",
+ "url": "https://pypi.org/project/importlib-metadata/8.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/python/importlib_metadata",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/multidict@6.1.0",
+ "purl": "pkg:pypi/importlib-metadata@8.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-25T18:38:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -357,51 +501,47 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-09T23:47:18.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "8-propcache",
- "name": "propcache",
- "version": "0.2.1",
+ "bom-ref": "8-zipp",
+ "name": "zipp",
+ "version": "3.21.0",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Jason R .",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "jaraco@jaraco.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
- "description": "Accelerated property cache",
- "licenses": [
+ "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
+ "description": "Backport of pathlib-compatible object wrapper for zip files",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/propcache",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/propcache/0.2.1/#files",
+ "url": "https://pypi.org/project/zipp/3.21.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/jaraco/zipp",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/propcache@0.2.1",
+ "purl": "pkg:pypi/zipp@3.21.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-10T15:05:19Z"
+ },
{
"name": "language",
"value": "Python"
@@ -414,80 +554,63 @@
},
{
"type": "library",
- "bom-ref": "9-yarl",
- "name": "yarl",
- "version": "1.18.3",
+ "bom-ref": "9-typing-extensions",
+ "name": "typing-extensions",
+ "version": "4.12.2",
"supplier": {
- "name": "Andrew Svetlov",
+ "name": "Guido van Jukka ukasz Michael",
"contact": [
{
- "email": "andrew.svetlov@gmail.com"
+ "email": "levkivskyi@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
- "description": "Yet another URL library",
- "licenses": [
+ "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*",
+ "description": "Backported and Experimental Type Hints for Python 3.8+",
+ "hashes": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d"
}
],
"externalReferences": [
{
- "url": "https://github.com/aio-libs/yarl",
+ "url": "https://github.com/python/typing_extensions",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/yarl/1.18.3/#files",
+ "url": "https://pypi.org/project/typing-extensions/4.12.2/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/yarl@1.18.3",
- "properties": [
+ },
{
- "name": "language",
- "value": "Python"
+ "url": "https://github.com/python/typing_extensions/issues",
+ "type": "issue-tracker"
},
{
- "name": "python_version",
- "value": "3.12.8"
+ "url": "https://github.com/python/typing_extensions/blob/main/CHANGELOG.md",
+ "type": "log"
},
{
- "name": "package_release_date",
- "value": "2024-12-01T20:32:32.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "10-idna",
- "name": "idna",
- "version": "3.10",
- "supplier": {
- "name": "Kim Davies",
- "contact": [
- {
- "email": "kim+pypi@gumleaf.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
- "description": "Internationalized Domain Names in Applications (IDNA)",
- "externalReferences": [
+ "url": "https://typing-extensions.readthedocs.io/",
+ "type": "documentation"
+ },
{
- "url": "https://pypi.org/project/idna/3.10/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://github.com/python/typing/discussions",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python/typing_extensions",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/idna@3.10",
+ "purl": "pkg:pypi/typing-extensions@4.12.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-07T18:52:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -495,68 +618,412 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-15T18:07:37.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "11-beautifulsoup4",
- "name": "beautifulsoup4",
- "version": "4.12.3",
+ "bom-ref": "10-multidict",
+ "name": "multidict",
+ "version": "6.1.0",
"supplier": {
- "name": "Leonard Richardson",
+ "name": "Andrew Svetlov",
"contact": [
{
- "email": "leonardr@segfault.org"
+ "email": "andrew.svetlov@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
- "description": "Screen-scraping library",
+ "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*",
+ "description": "multidict implementation",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
+ "url": "https://github.com/aio-libs/multidict",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
+ "url": "https://pypi.org/project/multidict/6.1.0/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/beautifulsoup4@4.12.3",
- "properties": [
+ },
{
- "name": "language",
- "value": "Python"
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
},
{
- "name": "python_version",
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/multidict",
+ "type": "other"
+ },
+ {
+ "url": "https://multidict.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://multidict.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/multidict",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/multidict@6.1.0",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-09T23:47:18Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "11-propcache",
+ "name": "propcache",
+ "version": "0.2.1",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*",
+ "description": "Accelerated property cache",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/propcache",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/propcache/0.2.1/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/propcache",
+ "type": "other"
+ },
+ {
+ "url": "https://propcache.readthedocs.io/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://propcache.readthedocs.io",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/propcache",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/propcache@0.2.1",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T18:27:02Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "12-yarl",
+ "name": "yarl",
+ "version": "1.18.3",
+ "supplier": {
+ "name": "Andrew Svetlov",
+ "contact": [
+ {
+ "email": "andrew.svetlov@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*",
+ "description": "Yet another URL library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/yarl/1.18.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://matrix.to/#/#aio-libs-space:matrix.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/actions?query=branch:master",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md",
+ "type": "other"
+ },
+ {
+ "url": "https://codecov.io/github/aio-libs/yarl",
+ "type": "other"
+ },
+ {
+ "url": "https://yarl.aio-libs.org/en/latest/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://yarl.aio-libs.org",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/aio-libs/yarl",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/yarl@1.18.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-01T20:32:32Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
"value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "13-idna",
+ "name": "idna",
+ "version": "3.10",
+ "supplier": {
+ "name": "Kim Davies",
+ "contact": [
+ {
+ "email": "kim+pypi@gumleaf.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*",
+ "description": "Internationalized Domain Names in Applications (IDNA)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3"
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/idna/3.10/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/kjd/idna/blob/master/HISTORY.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/kjd/idna/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kjd/idna",
+ "type": "vcs"
+ }
+ ],
+ "purl": "pkg:pypi/idna@3.10",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-15T18:07:37Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "14-beautifulsoup4",
+ "name": "beautifulsoup4",
+ "version": "4.12.3",
+ "supplier": {
+ "name": "Leonard Richardson",
+ "contact": [
+ {
+ "email": "leonardr@segfault.org"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*",
+ "description": "Screen-scraping library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/",
+ "type": "website",
+ "comment": "Home page for project"
},
{
- "name": "package_release_date",
- "value": "2024-01-17T16:53:12.000Z"
+ "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://www.crummy.com/software/BeautifulSoup/bs4/download/",
+ "type": "other"
+ }
+ ],
+ "purl": "pkg:pypi/beautifulsoup4@4.12.3",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-01-17T16:53:12Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
}
]
},
{
"type": "library",
- "bom-ref": "12-soupsieve",
+ "bom-ref": "15-soupsieve",
"name": "soupsieve",
"version": "2.6",
"supplier": {
@@ -571,8 +1038,8 @@
"description": "A modern CSS selector implementation for Beautiful Soup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f974ea7e2e70cc940e1bda98b815f5a68eb43990"
+ "alg": "SHA-256",
+ "content": "e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9"
}
],
"externalReferences": [
@@ -589,6 +1056,10 @@
],
"purl": "pkg:pypi/soupsieve@2.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-13T13:39:10Z"
+ },
{
"name": "language",
"value": "Python"
@@ -601,7 +1072,7 @@
},
{
"type": "library",
- "bom-ref": "13-cvss",
+ "bom-ref": "16-cvss",
"name": "cvss",
"version": "3.3",
"supplier": {
@@ -616,8 +1087,8 @@
"description": "CVSS2/3/4 library with interactive calculator for Python 2 and Python 3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1bfc39fc932e1c9859bc59d625cee7e53e021261"
+ "alg": "SHA-256",
+ "content": "cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1"
}
],
"licenses": [
@@ -639,10 +1110,30 @@
"url": "https://pypi.org/project/cvss/3.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/RedHatProductSecurity/cvss/actions",
+ "type": "build-system"
}
],
"purl": "pkg:pypi/cvss@3.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T10:05:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -650,16 +1141,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-01T10:05:52.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "14-defusedxml",
+ "bom-ref": "17-defusedxml",
"name": "defusedxml",
"version": "0.7.1",
"supplier": {
@@ -674,8 +1161,8 @@
"description": "XML bomb protection for Python stdlib modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ebff1b493751e2f0775314bdd4188d64f07ea184"
+ "alg": "SHA-256",
+ "content": "a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61"
}
],
"licenses": [
@@ -694,13 +1181,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/defusedxml/0.7.1/#files",
+ "url": "https://pypi.python.org/pypi/defusedxml",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/defusedxml@0.7.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-03-08T10:59:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -708,16 +1199,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2021-03-08T10:59:24.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "15-distro",
+ "bom-ref": "18-distro",
"name": "distro",
"version": "1.9.0",
"supplier": {
@@ -730,6 +1217,12 @@
},
"cpe": "cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*",
"description": "Distro - an OS platform information API",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
+ }
+ ],
"licenses": [
{
"license": {
@@ -753,6 +1246,10 @@
],
"purl": "pkg:pypi/distro@1.9.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-24T09:54:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -760,16 +1257,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-24T09:54:30.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "16-filetype",
+ "bom-ref": "19-filetype",
"name": "filetype",
"version": "1.2.0",
"supplier": {
@@ -784,15 +1277,15 @@
"description": "Infer file type and MIME type of any file/buffer. No external dependencies.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4e247fe2184c692e3b05fb5aafbe3d83cffc7585"
+ "alg": "SHA-256",
+ "content": "7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -804,13 +1297,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/filetype/1.2.0/#files",
+ "url": "https://github.com/h2non/filetype.py/tarball/master",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/filetype@1.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-11-02T17:34:01Z"
+ },
{
"name": "language",
"value": "Python"
@@ -818,18 +1315,14 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2022-11-02T17:34:01.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "17-gsutil",
+ "bom-ref": "20-gsutil",
"name": "gsutil",
- "version": "5.31",
+ "version": "5.33",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -838,8 +1331,14 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856"
+ }
+ ],
"licenses": [
{
"license": {
@@ -856,13 +1355,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gsutil/5.31/#files",
+ "url": "https://cloud.google.com/storage/docs/gsutil_install",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.31",
+ "purl": "pkg:pypi/gsutil@5.33",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-11T09:40:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -875,7 +1378,7 @@
},
{
"type": "library",
- "bom-ref": "18-argcomplete",
+ "bom-ref": "21-argcomplete",
"name": "argcomplete",
"version": "3.5.2",
"supplier": {
@@ -890,8 +1393,8 @@
"description": "Bash tab completion for argparse",
"hashes": [
{
- "alg": "SHA-1",
- "content": "fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc"
+ "alg": "SHA-256",
+ "content": "036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472"
}
],
"licenses": [
@@ -913,10 +1416,30 @@
"url": "https://pypi.org/project/argcomplete/3.5.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://kislyuk.github.io/argcomplete",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst",
+ "type": "log"
}
],
"purl": "pkg:pypi/argcomplete@3.5.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-06T18:24:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -924,16 +1447,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-12-06T18:24:27.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "19-crcmod",
+ "bom-ref": "22-crcmod",
"name": "crcmod",
"version": "1.7",
"supplier": {
@@ -946,11 +1465,17 @@
},
"cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*",
"description": "CRC Generator",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -962,13 +1487,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/crcmod/1.7/#files",
+ "url": "http://sourceforge.net/projects/crcmod",
"type": "distribution",
"comment": "Download location for component"
}
],
"purl": "pkg:pypi/crcmod@1.7",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2010-06-27T14:35:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -981,7 +1510,7 @@
},
{
"type": "library",
- "bom-ref": "20-fasteners",
+ "bom-ref": "23-fasteners",
"name": "fasteners",
"version": "0.19",
"supplier": {
@@ -991,8 +1520,8 @@
"description": "A python package that provides useful locks",
"hashes": [
{
- "alg": "SHA-1",
- "content": "06c3f06cab4e135b8d921932019a231c180eb9f4"
+ "alg": "SHA-256",
+ "content": "758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237"
}
],
"licenses": [
@@ -1018,6 +1547,10 @@
],
"purl": "pkg:pypi/fasteners@0.19",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-09-19T17:11:18Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1030,7 +1563,7 @@
},
{
"type": "library",
- "bom-ref": "21-gcs-oauth2-boto-plugin",
+ "bom-ref": "24-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
"version": "3.2",
"supplier": {
@@ -1045,8 +1578,8 @@
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "7dfa0149811e5617fe1428f692a18ab8b8c31ddb"
+ "alg": "SHA-256",
+ "content": "a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843"
}
],
"licenses": [
@@ -1065,13 +1598,149 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-02T14:37:31Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "25-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
+ "supplier": {
+ "name": "Sybren A . Stuvel",
+ "contact": [
+ {
+ "email": "sybren@stuvel.eu"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://stuvel.eu/rsa",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/rsa/4.7.2/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/rsa@4.7.2",
+ "properties": [
+ {
+ "name": "release_date",
+ "value": "2021-02-24T10:55:03Z"
+ },
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.12.8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "26-pyasn1",
+ "name": "pyasn1",
+ "version": "0.6.1",
+ "supplier": {
+ "name": "Ilya Etingof",
+ "contact": [
+ {
+ "email": "etingof@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "acknowledgement": "concluded"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
+ "type": "distribution",
+ "comment": "Download location for component"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyasn1/pyasn1/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://pyasn1.readthedocs.io/en/latest/changelog.html",
+ "type": "log"
}
],
- "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
+ "purl": "pkg:pypi/pyasn1@0.6.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:41:42Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1079,16 +1748,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-02T14:37:31.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "22-boto",
+ "bom-ref": "27-boto",
"name": "boto",
"version": "2.49.0",
"supplier": {
@@ -1103,15 +1768,15 @@
"description": "Amazon Web Services Library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "8fac1878734c5ac085b781f619c70ea4b6e913c3"
+ "alg": "SHA-256",
+ "content": "147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -1130,6 +1795,10 @@
],
"purl": "pkg:pypi/boto@2.49.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-07-11T20:58:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1137,32 +1806,28 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2018-07-11T20:58:55.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "23-google-auth",
- "name": "google-auth",
- "version": "2.17.0",
+ "bom-ref": "28-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Google",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "googleapis-publisher@google.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243"
+ "alg": "SHA-256",
+ "content": "cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368"
}
],
"licenses": [
@@ -1176,18 +1841,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/googleapis/google-auth-library-python",
+ "url": "https://github.com/Google/google-reauth-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth/2.17.0/#files",
+ "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.17.0",
+ "purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-12-01T17:35:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1200,94 +1869,52 @@
},
{
"type": "library",
- "bom-ref": "24-cachetools",
- "name": "cachetools",
- "version": "5.5.0",
+ "bom-ref": "29-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
"supplier": {
- "name": "Thomas Kemmer",
+ "name": "Google Inc .",
"contact": [
{
- "email": "tkemmer@computer.org"
+ "email": "pyu2f-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://github.com/tkem/cachetools/",
- "type": "website",
- "comment": "Home page for project"
- },
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
+ "hashes": [
{
- "url": "https://pypi.org/project/cachetools/5.5.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "alg": "SHA-256",
+ "content": "a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b"
}
],
- "purl": "pkg:pypi/cachetools@5.5.0",
- "properties": [
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-18T20:28:43.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "25-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.1",
- "supplier": {
- "name": "Ilya Etingof",
- "contact": [
- {
- "email": "etingof@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1-modules",
+ "url": "https://github.com/google/pyu2f/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
+ "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.4.1",
+ "purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-10-30T20:03:07Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1295,51 +1922,57 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-10T22:42:08.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "26-pyasn1",
- "name": "pyasn1",
- "version": "0.6.1",
+ "bom-ref": "30-six",
+ "name": "six",
+ "version": "1.17.0",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Benjamin Peterson",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "benjamin@python.org"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
+ "description": "Python 2 and 3 compatibility utilities",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pyasn1/pyasn1",
+ "url": "https://github.com/benjaminp/six",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyasn1/0.6.1/#files",
+ "url": "https://pypi.org/project/six/1.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.6.1",
+ "purl": "pkg:pypi/six@1.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T17:35:26Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1347,57 +1980,57 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-10T22:41:42.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "27-rsa",
- "name": "rsa",
- "version": "4.7.2",
+ "bom-ref": "31-httplib2",
+ "name": "httplib2",
+ "version": "0.20.4",
"supplier": {
- "name": "Sybren A . Stuvel",
+ "name": "Joe Gregorio",
"contact": [
{
- "email": "sybren@stuvel.eu"
+ "email": "joe@bitworking.org"
}
]
},
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
+ "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
+ "description": "A comprehensive HTTP client library.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ "alg": "SHA-256",
+ "content": "8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://stuvel.eu/rsa",
+ "url": "https://github.com/httplib2/httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/rsa/4.7.2/#files",
+ "url": "https://pypi.org/project/httplib2/0.20.4/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2",
+ "purl": "pkg:pypi/httplib2@0.20.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-02-03T00:00:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1405,51 +2038,48 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2021-02-24T10:55:03.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "28-six",
- "name": "six",
- "version": "1.17.0",
+ "bom-ref": "32-pyparsing",
+ "name": "pyparsing",
+ "version": "3.2.0",
"supplier": {
- "name": "Benjamin Peterson",
+ "name": "Paul McGuire",
"contact": [
{
- "email": "benjamin@python.org"
+ "email": "ptmcg.gm+pyparsing@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*",
- "description": "Python 2 and 3 compatibility utilities",
- "licenses": [
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
+ "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84"
}
],
"externalReferences": [
{
- "url": "https://github.com/benjaminp/six",
+ "url": "https://github.com/pyparsing/pyparsing/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/six/1.17.0/#files",
+ "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/six@1.17.0",
+ "purl": "pkg:pypi/pyparsing@3.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-13T10:01:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1457,32 +2087,28 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-12-04T17:35:26.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "29-google-auth-httplib2",
- "name": "google-auth-httplib2",
- "version": "0.2.0",
+ "bom-ref": "33-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
"supplier": {
- "name": "Google Cloud Platform",
+ "name": "Google Inc .",
"contact": [
{
- "email": "googleapis-packages@google.com"
+ "email": "jonwayne+oauth2client@google.com"
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library: httplib2 transport",
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "932ac88800dd6de004c1bd59867831ccf033f031"
+ "alg": "SHA-256",
+ "content": "b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac"
}
],
"licenses": [
@@ -1496,18 +2122,22 @@
],
"externalReferences": [
{
- "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
+ "url": "http://github.com/google/oauth2client/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
+ "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
+ "purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2018-09-07T21:38:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1515,96 +2145,69 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2023-12-12T17:40:13.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "30-httplib2",
- "name": "httplib2",
- "version": "0.20.4",
+ "bom-ref": "34-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.4.1",
"supplier": {
- "name": "Joe Gregorio",
+ "name": "Ilya Etingof",
"contact": [
{
- "email": "joe@bitworking.org"
+ "email": "etingof@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
- "description": "A comprehensive HTTP client library.",
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ "alg": "SHA-256",
+ "content": "c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/httplib2/httplib2",
+ "url": "https://github.com/pyasn1/pyasn1-modules",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/httplib2/0.20.4/#files",
+ "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files",
"type": "distribution",
"comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/httplib2@0.20.4",
- "properties": [
- {
- "name": "language",
- "value": "Python"
},
{
- "name": "python_version",
- "value": "3.12.8"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "31-pyparsing",
- "name": "pyparsing",
- "version": "3.2.0",
- "supplier": {
- "name": "Paul McGuire",
- "contact": [
- {
- "email": "ptmcg.gm+pyparsing@gmail.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
- "externalReferences": [
+ "url": "https://github.com/pyasn1/pyasn1-modules",
+ "type": "vcs"
+ },
{
- "url": "https://github.com/pyparsing/pyparsing/",
- "type": "website",
- "comment": "Home page for project"
+ "url": "https://github.com/pyasn1/pyasn1-modules/issues",
+ "type": "issue-tracker"
},
{
- "url": "https://pypi.org/project/pyparsing/3.2.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
+ "url": "https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt",
+ "type": "log"
}
],
- "purl": "pkg:pypi/pyparsing@3.2.0",
+ "purl": "pkg:pypi/pyasn1-modules@0.4.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-10T22:42:08Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1612,32 +2215,28 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-13T10:01:13.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "32-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
+ "bom-ref": "35-pyopenssl",
+ "name": "pyopenssl",
+ "version": "24.2.1",
"supplier": {
- "name": "Google",
+ "name": "The pyOpenSSL developers",
"contact": [
{
- "email": "googleapis-publisher@google.com"
+ "email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
+ "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*",
+ "description": "Python wrapper module around the OpenSSL library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ "alg": "SHA-256",
+ "content": "967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d"
}
],
"licenses": [
@@ -1651,18 +2250,26 @@
],
"externalReferences": [
{
- "url": "https://github.com/Google/google-reauth-python",
+ "url": "https://pyopenssl.org/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/google-reauth/0.1.1/#files",
+ "url": "https://pypi.org/project/pyopenssl/24.2.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pyca/pyopenssl",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1",
+ "purl": "pkg:pypi/pyopenssl@24.2.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-20T17:26:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1670,57 +2277,69 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2020-12-01T17:35:45.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "33-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
+ "bom-ref": "36-cryptography",
+ "name": "cryptography",
+ "version": "43.0.3",
"supplier": {
- "name": "Google Inc .",
+ "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
"contact": [
{
- "email": "pyu2f-team@google.com"
+ "email": "cryptography-dev@python.org"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
+ "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*",
+ "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ "alg": "SHA-256",
+ "content": "bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e"
}
],
"licenses": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
- "acknowledgement": "concluded"
- }
+ "expression": "Apache-2.0 OR BSD-3-Clause"
}
],
"externalReferences": [
{
- "url": "https://github.com/google/pyu2f/",
+ "url": "https://github.com/pyca/cryptography",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyu2f/0.1.5/#files",
+ "url": "https://pypi.org/project/cryptography/43.0.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://cryptography.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cryptography.io/en/latest/changelog/",
+ "type": "log"
}
],
- "purl": "pkg:pypi/pyu2f@0.1.5",
+ "purl": "pkg:pypi/cryptography@43.0.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:57:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1728,57 +2347,81 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2020-10-30T20:03:07.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "34-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
+ "bom-ref": "37-cffi",
+ "name": "cffi",
+ "version": "1.17.1",
"supplier": {
- "name": "Google Inc .",
+ "name": "Armin Maciej Fijalkowski",
"contact": [
{
- "email": "jonwayne+oauth2client@google.com"
+ "email": "python-cffi@googlegroups.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
+ "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
+ "description": "Foreign Function Interface for Python calling C code.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
+ "alg": "SHA-256",
+ "content": "df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14"
}
],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://github.com/google/oauth2client/",
+ "url": "http://cffi.readthedocs.org",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/oauth2client/4.1.3/#files",
+ "url": "https://pypi.org/project/cffi/1.17.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "http://cffi.readthedocs.org/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://cffi.readthedocs.io/en/latest/whatsnew.html",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-cffi/cffi/releases",
+ "type": "other"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/python-cffi",
+ "type": "other"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3",
+ "purl": "pkg:pypi/cffi@1.17.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-04T20:43:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1786,51 +2429,57 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2018-09-07T21:38:16.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "35-pyopenssl",
- "name": "pyopenssl",
- "version": "24.3.0",
+ "bom-ref": "38-pycparser",
+ "name": "pycparser",
+ "version": "2.22",
"supplier": {
- "name": "The pyOpenSSL developers",
+ "name": "Eli Bendersky",
"contact": [
{
- "email": "cryptography-dev@python.org"
+ "email": "eliben@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*",
- "description": "Python wrapper module around the OpenSSL library",
+ "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
+ "description": "C parser in Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://pyopenssl.org/",
+ "url": "https://github.com/eliben/pycparser",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyopenssl/24.3.0/#files",
+ "url": "https://pypi.org/project/pycparser/2.22/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyopenssl@24.3.0",
+ "purl": "pkg:pypi/pycparser@2.22",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-03-30T13:22:20Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1838,47 +2487,57 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-27T20:43:21.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "36-cryptography",
- "name": "cryptography",
- "version": "44.0.0",
+ "bom-ref": "39-retry-decorator",
+ "name": "retry-decorator",
+ "version": "1.1.1",
"supplier": {
- "name": "The cryptography developers The Python Cryptographic Authority and individual contributors",
+ "name": "Patrick Ng",
"contact": [
{
- "email": "cryptography-dev@python.org"
+ "email": "pn.appdev@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*",
- "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
+ "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
+ "description": "Retry Decorator",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe"
+ }
+ ],
"licenses": [
{
- "expression": "Apache-2.0 OR BSD-3-Clause"
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://github.com/pyca/cryptography",
+ "url": "https://github.com/pnpnpn/retry-decorator",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cryptography/44.0.0/#files",
+ "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@44.0.0",
+ "purl": "pkg:pypi/retry-decorator@1.1.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2020-03-10T23:56:29Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1886,57 +2545,57 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-27T18:05:55.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "37-cffi",
- "name": "cffi",
- "version": "1.17.1",
+ "bom-ref": "40-google-auth",
+ "name": "google-auth",
+ "version": "2.17.0",
"supplier": {
- "name": "Armin Maciej Fijalkowski",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "python-cffi@googlegroups.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*",
- "description": "Foreign Function Interface for Python calling C code.",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "38bd6be6b94a65182f4bffb45c78e230e9290f51"
+ "alg": "SHA-256",
+ "content": "45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "http://cffi.readthedocs.org",
+ "url": "https://github.com/googleapis/google-auth-library-python",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/cffi/1.17.1/#files",
+ "url": "https://pypi.org/project/google-auth/2.17.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cffi@1.17.1",
+ "purl": "pkg:pypi/google-auth@2.17.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-03-28T19:51:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -1944,57 +2603,57 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-04T20:43:30.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "38-pycparser",
- "name": "pycparser",
- "version": "2.22",
+ "bom-ref": "41-cachetools",
+ "name": "cachetools",
+ "version": "5.5.0",
"supplier": {
- "name": "Eli Bendersky",
+ "name": "Thomas Kemmer",
"contact": [
{
- "email": "eliben@gmail.com"
+ "email": "tkemmer@computer.org"
}
]
},
- "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*",
- "description": "C parser in Python",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
"hashes": [
{
- "alg": "SHA-1",
- "content": "129d32ef805d715d90a3b2035b13168c17ca63d2"
+ "alg": "SHA-256",
+ "content": "02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292"
}
],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/eliben/pycparser",
+ "url": "https://github.com/tkem/cachetools/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pycparser/2.22/#files",
+ "url": "https://pypi.org/project/cachetools/5.5.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pycparser@2.22",
+ "purl": "pkg:pypi/cachetools@5.5.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-18T20:28:43Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2002,57 +2661,57 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-03-30T13:22:20.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "39-retry-decorator",
- "name": "retry-decorator",
- "version": "1.1.1",
+ "bom-ref": "42-google-auth-httplib2",
+ "name": "google-auth-httplib2",
+ "version": "0.2.0",
"supplier": {
- "name": "Patrick Ng",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "pn.appdev@gmail.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*",
- "description": "Retry Decorator",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library: httplib2 transport",
"hashes": [
{
- "alg": "SHA-1",
- "content": "f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349"
+ "alg": "SHA-256",
+ "content": "b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/pnpnpn/retry-decorator",
+ "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/retry-decorator/1.1.1/#files",
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/retry-decorator@1.1.1",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-12-12T17:40:13Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2060,16 +2719,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2020-03-10T23:56:29.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "40-google-apitools",
+ "bom-ref": "43-google-apitools",
"name": "google-apitools",
"version": "0.5.32",
"supplier": {
@@ -2084,8 +2739,8 @@
"description": "client libraries for humans",
"hashes": [
{
- "alg": "SHA-1",
- "content": "816fb1ff4425e765c5e4e53b7ca648107ca714d1"
+ "alg": "SHA-256",
+ "content": "b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688"
}
],
"licenses": [
@@ -2111,6 +2766,10 @@
],
"purl": "pkg:pypi/google-apitools@0.5.32",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-05-05T22:12:58Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2118,16 +2777,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2021-05-05T22:12:58.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "41-monotonic",
+ "bom-ref": "44-monotonic",
"name": "monotonic",
"version": "1.6",
"supplier": {
@@ -2142,8 +2797,8 @@
"description": "An implementation of time.monotonic() for Python 2 & < 3.3",
"hashes": [
{
- "alg": "SHA-1",
- "content": "80681f6604e136e513550342f977edb98f5fc5ad"
+ "alg": "SHA-256",
+ "content": "68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c"
}
],
"licenses": [
@@ -2169,6 +2824,10 @@
],
"purl": "pkg:pypi/monotonic@1.6",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2021-04-09T21:58:05Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2176,23 +2835,19 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2021-04-09T21:58:05.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "42-jinja2",
+ "bom-ref": "45-jinja2",
"name": "jinja2",
"version": "3.1.4",
"description": "A very fast and expressive template engine.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "dd4a8b5466d8790540c181590b14db4d4d889d57"
+ "alg": "SHA-256",
+ "content": "bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"
}
],
"externalReferences": [
@@ -2200,10 +2855,34 @@
"url": "https://pypi.org/project/jinja2/3.1.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
+ },
+ {
+ "url": "https://jinja.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/pallets/jinja/",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jinja2@3.1.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-05T23:41:59Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2211,23 +2890,19 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-05T23:41:59.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "43-markupsafe",
+ "bom-ref": "46-markupsafe",
"name": "markupsafe",
"version": "3.0.2",
"description": "Safely add untrusted strings to HTML/XML markup.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "28ace20b140d15c083e1cbc163ee6b7778ba098c"
+ "alg": "SHA-256",
+ "content": "7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8"
}
],
"externalReferences": [
@@ -2235,10 +2910,34 @@
"url": "https://pypi.org/project/markupsafe/3.0.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://palletsprojects.com/donate",
+ "type": "other"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://markupsafe.palletsprojects.com/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/pallets/markupsafe/",
+ "type": "vcs"
+ },
+ {
+ "url": "https://discord.gg/pallets",
+ "type": "chat"
}
],
"purl": "pkg:pypi/markupsafe@3.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-18T15:20:51Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2246,16 +2945,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-18T15:20:51.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "44-jsonschema",
+ "bom-ref": "47-jsonschema",
"name": "jsonschema",
"version": "4.23.0",
"supplier": {
@@ -2268,11 +2963,17 @@
},
"cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2287,10 +2988,38 @@
"url": "https://pypi.org/project/jsonschema/4.23.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://python-jsonschema.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema@4.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-08T18:40:00Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2298,16 +3027,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-07-08T18:40:00.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "45-jsonschema-specifications",
+ "bom-ref": "48-jsonschema-specifications",
"name": "jsonschema-specifications",
"version": "2024.10.1",
"supplier": {
@@ -2322,8 +3047,8 @@
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"hashes": [
{
- "alg": "SHA-1",
- "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549"
+ "alg": "SHA-256",
+ "content": "a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf"
}
],
"externalReferences": [
@@ -2336,10 +3061,34 @@
"url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://jsonschema-specifications.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/jsonschema-specifications",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/jsonschema-specifications@2024.10.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-08T12:29:30Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2347,16 +3096,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-08T12:29:30.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "46-referencing",
+ "bom-ref": "49-referencing",
"name": "referencing",
"version": "0.35.1",
"supplier": {
@@ -2371,8 +3116,8 @@
"description": "JSON Referencing + Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "1863d4a5c18af1edd0f3b49caeb9fedfdaff9845"
+ "alg": "SHA-256",
+ "content": "eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de"
}
],
"externalReferences": [
@@ -2385,10 +3130,38 @@
"url": "https://pypi.org/project/referencing/0.35.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://referencing.readthedocs.io/en/stable/changes/",
+ "type": "log"
+ },
+ {
+ "url": "https://github.com/python-jsonschema/referencing",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/referencing@0.35.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-01T20:26:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2396,16 +3169,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-01T20:26:02.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "47-rpds-py",
+ "bom-ref": "50-rpds-py",
"name": "rpds-py",
"version": "0.22.3",
"supplier": {
@@ -2418,6 +3187,12 @@
},
"cpe": "cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967"
+ }
+ ],
"externalReferences": [
{
"url": "https://github.com/crate-py/rpds",
@@ -2428,10 +3203,38 @@
"url": "https://pypi.org/project/rpds-py/0.22.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rpds.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds/issues/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/sponsors/Julian",
+ "type": "other"
+ },
+ {
+ "url": "https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link",
+ "type": "other"
+ },
+ {
+ "url": "https://github.com/crate-py/rpds",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/orium/rpds",
+ "type": "other"
}
],
"purl": "pkg:pypi/rpds-py@0.22.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-04T15:31:31Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2439,18 +3242,14 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-12-04T15:31:31.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "48-lib4sbom",
+ "bom-ref": "51-lib4sbom",
"name": "lib4sbom",
- "version": "0.7.5",
+ "version": "0.8.0",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -2459,8 +3258,14 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2477,13 +3282,17 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/lib4sbom/0.7.5/#files",
+ "url": "https://pypi.org/project/lib4sbom/0.8.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.7.5",
+ "purl": "pkg:pypi/lib4sbom@0.8.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-09T20:13:26Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2491,16 +3300,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-18T21:36:24.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "49-pyyaml",
+ "bom-ref": "52-pyyaml",
"name": "pyyaml",
"version": "6.0.2",
"supplier": {
@@ -2513,11 +3318,17 @@
},
"cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2529,13 +3340,37 @@
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/pyyaml/6.0.2/#files",
+ "url": "https://pypi.org/project/PyYAML/",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml/actions",
+ "type": "build-system"
+ },
+ {
+ "url": "https://pyyaml.org/wiki/PyYAMLDocumentation",
+ "type": "documentation"
+ },
+ {
+ "url": "http://lists.sourceforge.net/lists/listinfo/yaml-core",
+ "type": "mailing-list"
+ },
+ {
+ "url": "https://github.com/yaml/pyyaml",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/pyyaml@6.0.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-06T20:31:40Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2543,16 +3378,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-06T20:31:40.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "50-semantic-version",
+ "bom-ref": "53-semantic-version",
"name": "semantic-version",
"version": "2.10.0",
"supplier": {
@@ -2567,8 +3398,8 @@
"description": "A library implementing the 'SemVer' scheme.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "e49b5b065b845cd7798c0219e0fa8986c75f6a4a"
+ "alg": "SHA-256",
+ "content": "de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177"
}
],
"licenses": [
@@ -2594,6 +3425,10 @@
],
"purl": "pkg:pypi/semantic-version@2.10.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-05-26T13:35:21Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2601,16 +3436,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2022-05-26T13:35:21.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "51-lib4vex",
+ "bom-ref": "54-lib4vex",
"name": "lib4vex",
"version": "0.2.0",
"supplier": {
@@ -2625,8 +3456,8 @@
"description": "VEX generator and consumer library",
"hashes": [
{
- "alg": "SHA-1",
- "content": "b7815c41b68867451b849d4d8e239cb79cc0acf2"
+ "alg": "SHA-256",
+ "content": "bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce"
}
],
"licenses": [
@@ -2652,6 +3483,10 @@
],
"purl": "pkg:pypi/lib4vex@0.2.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-08-29T20:36:52Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2659,16 +3494,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-29T20:36:52.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "52-csaf-tool",
+ "bom-ref": "55-csaf-tool",
"name": "csaf-tool",
"version": "0.3.2",
"supplier": {
@@ -2683,15 +3514,15 @@
"description": "CSAF generator and analyser",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4decb1ba24c5832955056fe3c2b0213be034c5f4"
+ "alg": "SHA-256",
+ "content": "7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2710,6 +3541,10 @@
],
"purl": "pkg:pypi/csaf-tool@0.3.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-06-12T20:10:06Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2717,16 +3552,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-06-12T20:10:06.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "53-packageurl-python",
+ "bom-ref": "56-packageurl-python",
"name": "packageurl-python",
"version": "0.16.0",
"supplier": {
@@ -2736,15 +3567,15 @@
"description": "A purl aka. Package URL parser and builder",
"hashes": [
{
- "alg": "SHA-1",
- "content": "9155d4173e4c1f29a345de86c280ab783c837882"
+ "alg": "SHA-256",
+ "content": "5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2763,6 +3594,10 @@
],
"purl": "pkg:pypi/packageurl-python@0.16.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-22T05:51:23Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2770,16 +3605,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-22T05:51:23.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "54-rich",
+ "bom-ref": "57-rich",
"name": "rich",
"version": "13.9.4",
"supplier": {
@@ -2794,15 +3625,15 @@
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"hashes": [
{
- "alg": "SHA-1",
- "content": "43d3b04725ab9731727fb1126e35980c62f32377"
+ "alg": "SHA-256",
+ "content": "6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -2817,10 +3648,18 @@
"url": "https://pypi.org/project/rich/13.9.4/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://rich.readthedocs.io/en/latest/",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/rich@13.9.4",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-01T16:43:55Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2828,16 +3667,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-01T16:43:55.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "55-markdown-it-py",
+ "bom-ref": "58-markdown-it-py",
"name": "markdown-it-py",
"version": "3.0.0",
"supplier": {
@@ -2852,8 +3687,8 @@
"description": "Python port of markdown-it. Markdown parsing, done right!",
"hashes": [
{
- "alg": "SHA-1",
- "content": "bee6d1953be75717a3f2f6a917da6f464bed421d"
+ "alg": "SHA-256",
+ "content": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1"
}
],
"externalReferences": [
@@ -2866,10 +3701,18 @@
"url": "https://pypi.org/project/markdown-it-py/3.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://markdown-it-py.readthedocs.io",
+ "type": "documentation"
}
],
"purl": "pkg:pypi/markdown-it-py@3.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2023-06-03T06:41:11Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2877,16 +3720,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2023-06-03T06:41:11.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "56-mdurl",
+ "bom-ref": "59-mdurl",
"name": "mdurl",
"version": "0.1.2",
"supplier": {
@@ -2901,8 +3740,8 @@
"description": "Markdown URL utilities",
"hashes": [
{
- "alg": "SHA-1",
- "content": "596bf1c8752de45fa576a52c315d6d8cc5bb1a4e"
+ "alg": "SHA-256",
+ "content": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8"
}
],
"externalReferences": [
@@ -2919,6 +3758,10 @@
],
"purl": "pkg:pypi/mdurl@0.1.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2022-08-14T12:40:09Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2926,16 +3769,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2022-08-14T12:40:09.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "57-pygments",
+ "bom-ref": "60-pygments",
"name": "pygments",
"version": "2.18.0",
"supplier": {
@@ -2950,8 +3789,8 @@
"description": "Pygments is a syntax highlighting package written in Python.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb"
+ "alg": "SHA-256",
+ "content": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a"
}
],
"licenses": [
@@ -2973,10 +3812,30 @@
"url": "https://pypi.org/project/pygments/2.18.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://pygments.org/docs",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pygments/pygments",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/pygments/pygments/blob/master/CHANGES",
+ "type": "log"
}
],
"purl": "pkg:pypi/pygments@2.18.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-04T13:41:57Z"
+ },
{
"name": "language",
"value": "Python"
@@ -2984,43 +3843,69 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-04T13:41:57.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "58-packaging",
- "name": "packaging",
- "version": "24.2",
+ "bom-ref": "61-python-gnupg",
+ "name": "python-gnupg",
+ "version": "0.5.3",
"supplier": {
- "name": "Donald Stufft",
+ "name": "Vinay Sajip",
"contact": [
{
- "email": "donald@stufft.io"
+ "email": "vinay_sajip@yahoo.co.uk"
}
]
},
- "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
- "description": "Core utilities for Python packages",
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
+ "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
"hashes": [
{
- "alg": "SHA-1",
- "content": "d8e3b31b734926ebbcaff654279f6855a73e052f"
+ "alg": "SHA-256",
+ "content": "2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/packaging/24.2/#files",
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://gnupg.readthedocs.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/vsajip/python-gnupg/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/packaging@24.2",
+ "purl": "pkg:pypi/python-gnupg@0.5.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-20T16:43:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3028,51 +3913,51 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-08T09:47:44.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "59-plotly",
- "name": "plotly",
- "version": "5.24.1",
+ "bom-ref": "62-packaging",
+ "name": "packaging",
+ "version": "24.2",
"supplier": {
- "name": "Chris P",
+ "name": "Donald Stufft",
"contact": [
{
- "email": "chris@plot.ly"
+ "email": "donald@stufft.io"
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
- "description": "An open-source, interactive data visualization library for Python",
- "licenses": [
+ "cpe": "cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*",
+ "description": "Core utilities for Python packages",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759"
}
],
"externalReferences": [
{
- "url": "https://plotly.com/python/",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/plotly/5.24.1/#files",
+ "url": "https://pypi.org/project/packaging/24.2/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://packaging.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/pypa/packaging",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/plotly@5.24.1",
+ "purl": "pkg:pypi/packaging@24.2",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-08T09:47:44Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3080,57 +3965,69 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-12T15:36:24.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "60-tenacity",
- "name": "tenacity",
- "version": "9.0.0",
+ "bom-ref": "63-plotly",
+ "name": "plotly",
+ "version": "5.24.1",
"supplier": {
- "name": "Julien Danjou",
+ "name": "Chris P",
"contact": [
{
- "email": "julien@danjou.info"
+ "email": "chris@plot.ly"
}
]
},
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
- "description": "Retry code until it succeeds",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*",
+ "description": "An open-source, interactive data visualization library for Python",
"hashes": [
{
- "alg": "SHA-1",
- "content": "a662bbb487cd6d34541824589f8e8c7a1f7791bb"
+ "alg": "SHA-256",
+ "content": "f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089"
}
],
"licenses": [
{
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0",
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/jd/tenacity",
+ "url": "https://plotly.com/python/",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/tenacity/9.0.0/#files",
+ "url": "https://pypi.org/project/plotly/5.24.1/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://plotly.com/python/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md",
+ "type": "log"
}
],
- "purl": "pkg:pypi/tenacity@9.0.0",
+ "purl": "pkg:pypi/plotly@5.24.1",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T15:36:24Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3138,57 +4035,57 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-07-29T12:12:25.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "61-python-gnupg",
- "name": "python-gnupg",
- "version": "0.5.3",
+ "bom-ref": "64-tenacity",
+ "name": "tenacity",
+ "version": "9.0.0",
"supplier": {
- "name": "Vinay Sajip",
+ "name": "Julien Danjou",
"contact": [
{
- "email": "vinay_sajip@yahoo.co.uk"
+ "email": "julien@danjou.info"
}
]
},
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*",
- "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*",
+ "description": "Retry code until it succeeds",
"hashes": [
{
- "alg": "SHA-1",
- "content": "498440ce2caefc10a7426a52bc1866c1ce0f923c"
+ "alg": "SHA-256",
+ "content": "93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539"
}
],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause",
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/vsajip/python-gnupg",
+ "url": "https://github.com/jd/tenacity",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/python-gnupg/0.5.3/#files",
+ "url": "https://pypi.org/project/tenacity/9.0.0/#files",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/python-gnupg@0.5.3",
+ "purl": "pkg:pypi/tenacity@9.0.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-29T12:12:25Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3196,16 +4093,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-20T16:43:47.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "62-requests",
+ "bom-ref": "65-requests",
"name": "requests",
"version": "2.32.3",
"supplier": {
@@ -3220,8 +4113,8 @@
"description": "Python HTTP for Humans.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "0e322af87745eff34caffe4df68456ebc20d9068"
+ "alg": "SHA-256",
+ "content": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
}
],
"licenses": [
@@ -3243,10 +4136,22 @@
"url": "https://pypi.org/project/requests/2.32.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://requests.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/psf/requests",
+ "type": "vcs"
}
],
"purl": "pkg:pypi/requests@2.32.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-05-29T15:37:47Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3254,51 +4159,65 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-05-29T15:37:47.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "63-certifi",
- "name": "certifi",
- "version": "2024.8.30",
+ "bom-ref": "66-charset-normalizer",
+ "name": "charset-normalizer",
+ "version": "3.4.0",
"supplier": {
- "name": "Kenneth Reitz",
+ "name": "Ahmed TAHRI",
"contact": [
{
- "email": "me@kennethreitz.com"
+ "email": "tahri.ahmed@proton.me"
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*",
- "description": "Python package for providing Mozilla's CA Bundle.",
+ "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
+ "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "MPL-2.0",
- "url": "https://www.mozilla.org/MPL/2.0/",
+ "id": "MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
],
"externalReferences": [
{
- "url": "https://github.com/certifi/python-certifi",
+ "url": "https://github.com/Ousret/charset_normalizer",
"type": "website",
"comment": "Home page for project"
},
{
- "url": "https://pypi.org/project/certifi/2024.8.30/#files",
+ "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/Ousret/charset_normalizer/issues",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://charset-normalizer.readthedocs.io/en/latest",
+ "type": "documentation"
}
],
- "purl": "pkg:pypi/certifi@2024.8.30",
+ "purl": "pkg:pypi/charset-normalizer@3.4.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-09T07:38:02Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3306,51 +4225,59 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-08-30T01:55:02.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "64-charset-normalizer",
- "name": "charset-normalizer",
- "version": "3.4.0",
+ "bom-ref": "67-urllib3",
+ "name": "urllib3",
+ "version": "2.2.3",
"supplier": {
- "name": "Ahmed TAHRI",
+ "name": "Andrey Petrov",
"contact": [
{
- "email": "tahri.ahmed@proton.me"
+ "email": "andrey.petrov@shazow.net"
}
]
},
- "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*",
- "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.",
- "licenses": [
+ "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
+ "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "hashes": [
{
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
- "acknowledgement": "concluded"
- }
+ "alg": "SHA-256",
+ "content": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac"
}
],
"externalReferences": [
{
- "url": "https://github.com/Ousret/charset_normalizer",
- "type": "website",
- "comment": "Home page for project"
- },
- {
- "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files",
+ "url": "https://pypi.org/project/urllib3/2.2.3/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/blob/main/CHANGES.rst",
+ "type": "log"
+ },
+ {
+ "url": "https://urllib3.readthedocs.io",
+ "type": "documentation"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3",
+ "type": "vcs"
+ },
+ {
+ "url": "https://github.com/urllib3/urllib3/issues",
+ "type": "issue-tracker"
}
],
- "purl": "pkg:pypi/charset-normalizer@3.4.0",
+ "purl": "pkg:pypi/urllib3@2.2.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-09-12T10:52:16Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3358,43 +4285,61 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-09T07:38:02.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "65-urllib3",
- "name": "urllib3",
- "version": "2.2.3",
+ "bom-ref": "68-certifi",
+ "name": "certifi",
+ "version": "2024.12.14",
"supplier": {
- "name": "Andrey Petrov",
+ "name": "Kenneth Reitz",
"contact": [
{
- "email": "andrey.petrov@shazow.net"
+ "email": "me@kennethreitz.com"
}
]
},
- "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*",
- "description": "HTTP library with thread-safe connection pooling, file post, and more.",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*",
+ "description": "Python package for providing Mozilla's CA Bundle.",
"hashes": [
{
- "alg": "SHA-1",
- "content": "2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df"
+ "alg": "SHA-256",
+ "content": "1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0",
+ "url": "https://www.mozilla.org/MPL/2.0/",
+ "acknowledgement": "concluded"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/urllib3/2.2.3/#files",
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "website",
+ "comment": "Home page for project"
+ },
+ {
+ "url": "https://pypi.org/project/certifi/2024.12.14/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/certifi/python-certifi",
+ "type": "vcs"
}
],
- "purl": "pkg:pypi/urllib3@2.2.3",
+ "purl": "pkg:pypi/certifi@2024.12.14",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-12-14T13:52:36Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3402,16 +4347,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-09-12T10:52:16.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "66-rpmfile",
+ "bom-ref": "69-rpmfile",
"name": "rpmfile",
"version": "2.1.0",
"supplier": {
@@ -3426,15 +4367,15 @@
"description": "Read rpm archive files",
"hashes": [
{
- "alg": "SHA-1",
- "content": "4cd4ae2bd191d3489c95dfa540da14585670adb5"
+ "alg": "SHA-256",
+ "content": "9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c"
}
],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3453,6 +4394,10 @@
],
"purl": "pkg:pypi/rpmfile@2.1.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-24T21:57:45Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3460,16 +4405,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-07-24T21:57:45.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "67-setuptools",
+ "bom-ref": "70-setuptools",
"name": "setuptools",
"version": "75.6.0",
"supplier": {
@@ -3482,15 +4423,37 @@
},
"cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*",
"description": "Easily download, build, install, upgrade, and uninstall Python packages",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d"
+ }
+ ],
"externalReferences": [
{
"url": "https://pypi.org/project/setuptools/75.6.0/#files",
"type": "distribution",
"comment": "Download location for component"
+ },
+ {
+ "url": "https://github.com/pypa/setuptools",
+ "type": "vcs"
+ },
+ {
+ "url": "https://setuptools.pypa.io/",
+ "type": "documentation"
+ },
+ {
+ "url": "https://setuptools.pypa.io/en/stable/history.html",
+ "type": "log"
}
],
"purl": "pkg:pypi/setuptools@75.6.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-11-20T18:16:10Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3503,7 +4466,7 @@
},
{
"type": "library",
- "bom-ref": "68-xmlschema",
+ "bom-ref": "71-xmlschema",
"name": "xmlschema",
"version": "3.4.3",
"supplier": {
@@ -3516,11 +4479,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3539,6 +4508,10 @@
],
"purl": "pkg:pypi/xmlschema@3.4.3",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-10-31T09:47:12Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3546,16 +4519,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-10-31T09:47:12.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "69-elementpath",
+ "bom-ref": "72-elementpath",
"name": "elementpath",
"version": "4.6.0",
"supplier": {
@@ -3568,11 +4537,17 @@
},
"cpe": "cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17"
+ }
+ ],
"licenses": [
{
"license": {
"id": "MIT",
- "url": "https://opensource.org/licenses/MIT",
+ "url": "https://opensource.org/license/mit/",
"acknowledgement": "concluded"
}
}
@@ -3592,43 +4567,9 @@
"purl": "pkg:pypi/elementpath@4.6.0",
"properties": [
{
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.12.8"
+ "name": "release_date",
+ "value": "2024-10-27T21:52:58Z"
},
- {
- "name": "package_release_date",
- "value": "2024-10-27T21:52:58.000Z"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "70-zipp",
- "name": "zipp",
- "version": "3.21.0",
- "supplier": {
- "name": "Jason R .",
- "contact": [
- {
- "email": "jaraco@jaraco.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*",
- "description": "Backport of pathlib-compatible object wrapper for zip files",
- "externalReferences": [
- {
- "url": "https://pypi.org/project/zipp/3.21.0/#files",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/zipp@3.21.0",
- "properties": [
{
"name": "language",
"value": "Python"
@@ -3636,16 +4577,12 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-11-10T15:05:19.000Z"
}
]
},
{
"type": "library",
- "bom-ref": "71-zstandard",
+ "bom-ref": "73-zstandard",
"name": "zstandard",
"version": "0.23.0",
"supplier": {
@@ -3658,6 +4595,12 @@
},
"cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*",
"description": "Zstandard bindings for Python",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9"
+ }
+ ],
"licenses": [
{
"license": {
@@ -3681,6 +4624,10 @@
],
"purl": "pkg:pypi/zstandard@0.23.0",
"properties": [
+ {
+ "name": "release_date",
+ "value": "2024-07-15T00:13:27Z"
+ },
{
"name": "language",
"value": "Python"
@@ -3688,10 +4635,6 @@
{
"name": "python_version",
"value": "3.12.8"
- },
- {
- "name": "package_release_date",
- "value": "2024-07-15T00:13:27.000Z"
}
]
}
@@ -3707,29 +4650,30 @@
"ref": "1-cve-bin-tool",
"dependsOn": [
"2-aiohttp",
- "11-beautifulsoup4",
- "13-cvss",
- "14-defusedxml",
- "15-distro",
- "16-filetype",
- "17-gsutil",
- "42-jinja2",
- "44-jsonschema",
- "48-lib4sbom",
- "51-lib4vex",
- "53-packageurl-python",
- "58-packaging",
- "59-plotly",
+ "14-beautifulsoup4",
+ "16-cvss",
+ "17-defusedxml",
+ "18-distro",
+ "19-filetype",
+ "20-gsutil",
+ "7-importlib-metadata",
+ "45-jinja2",
+ "47-jsonschema",
+ "51-lib4sbom",
+ "54-lib4vex",
"61-python-gnupg",
- "49-pyyaml",
- "62-requests",
- "54-rich",
- "66-rpmfile",
- "67-setuptools",
- "65-urllib3",
- "68-xmlschema",
- "70-zipp",
- "71-zstandard"
+ "56-packageurl-python",
+ "62-packaging",
+ "63-plotly",
+ "52-pyyaml",
+ "65-requests",
+ "57-rich",
+ "69-rpmfile",
+ "70-setuptools",
+ "67-urllib3",
+ "71-xmlschema",
+ "73-zstandard",
+ "8-zipp"
]
},
{
@@ -3739,9 +4683,9 @@
"4-aiosignal",
"6-attrs",
"5-frozenlist",
- "7-multidict",
- "8-propcache",
- "9-yarl"
+ "10-multidict",
+ "11-propcache",
+ "12-yarl"
]
},
{
@@ -3751,106 +4695,109 @@
]
},
{
- "ref": "9-yarl",
+ "ref": "6-attrs",
"dependsOn": [
- "10-idna",
- "7-multidict",
- "8-propcache"
+ "7-importlib-metadata"
]
},
{
- "ref": "11-beautifulsoup4",
+ "ref": "7-importlib-metadata",
"dependsOn": [
- "12-soupsieve"
+ "8-zipp",
+ "9-typing-extensions"
]
},
{
- "ref": "17-gsutil",
+ "ref": "10-multidict",
"dependsOn": [
- "18-argcomplete",
- "19-crcmod",
- "20-fasteners",
- "21-gcs-oauth2-boto-plugin",
- "40-google-apitools",
- "23-google-auth",
- "29-google-auth-httplib2",
- "32-google-reauth",
- "30-httplib2",
- "41-monotonic",
- "35-pyopenssl",
- "39-retry-decorator",
- "28-six"
+ "9-typing-extensions"
]
},
{
- "ref": "21-gcs-oauth2-boto-plugin",
+ "ref": "12-yarl",
"dependsOn": [
- "22-boto",
- "23-google-auth",
- "29-google-auth-httplib2",
- "32-google-reauth",
- "30-httplib2",
- "34-oauth2client",
- "35-pyopenssl",
- "39-retry-decorator",
- "27-rsa",
- "28-six"
+ "13-idna",
+ "10-multidict",
+ "11-propcache"
]
},
{
- "ref": "23-google-auth",
+ "ref": "14-beautifulsoup4",
"dependsOn": [
- "24-cachetools",
- "25-pyasn1-modules",
- "27-rsa",
- "28-six"
+ "15-soupsieve"
]
},
{
- "ref": "25-pyasn1-modules",
+ "ref": "20-gsutil",
"dependsOn": [
- "26-pyasn1"
+ "21-argcomplete",
+ "22-crcmod",
+ "23-fasteners",
+ "24-gcs-oauth2-boto-plugin",
+ "43-google-apitools",
+ "31-httplib2",
+ "28-google-reauth",
+ "44-monotonic",
+ "35-pyopenssl",
+ "39-retry-decorator",
+ "30-six",
+ "40-google-auth",
+ "42-google-auth-httplib2"
]
},
{
- "ref": "27-rsa",
+ "ref": "24-gcs-oauth2-boto-plugin",
"dependsOn": [
- "26-pyasn1"
+ "25-rsa",
+ "27-boto",
+ "28-google-reauth",
+ "31-httplib2",
+ "33-oauth2client",
+ "35-pyopenssl",
+ "39-retry-decorator",
+ "30-six",
+ "40-google-auth",
+ "42-google-auth-httplib2"
]
},
{
- "ref": "29-google-auth-httplib2",
+ "ref": "25-rsa",
"dependsOn": [
- "23-google-auth",
- "30-httplib2"
+ "26-pyasn1"
]
},
{
- "ref": "30-httplib2",
+ "ref": "28-google-reauth",
"dependsOn": [
- "31-pyparsing"
+ "29-pyu2f"
]
},
{
- "ref": "32-google-reauth",
+ "ref": "29-pyu2f",
"dependsOn": [
- "33-pyu2f"
+ "30-six"
]
},
{
- "ref": "33-pyu2f",
+ "ref": "31-httplib2",
"dependsOn": [
- "28-six"
+ "32-pyparsing"
]
},
{
- "ref": "34-oauth2client",
+ "ref": "33-oauth2client",
"dependsOn": [
- "30-httplib2",
+ "31-httplib2",
"26-pyasn1",
- "25-pyasn1-modules",
- "27-rsa",
- "28-six"
+ "34-pyasn1-modules",
+ "25-rsa",
+ "30-six"
+ ]
+ },
+ {
+ "ref": "34-pyasn1-modules",
+ "dependsOn": [
+ "26-pyasn1"
]
},
{
@@ -3872,98 +4819,121 @@
]
},
{
- "ref": "40-google-apitools",
+ "ref": "40-google-auth",
+ "dependsOn": [
+ "41-cachetools",
+ "34-pyasn1-modules",
+ "30-six",
+ "25-rsa"
+ ]
+ },
+ {
+ "ref": "42-google-auth-httplib2",
+ "dependsOn": [
+ "40-google-auth",
+ "31-httplib2"
+ ]
+ },
+ {
+ "ref": "43-google-apitools",
"dependsOn": [
- "20-fasteners",
- "30-httplib2",
- "34-oauth2client",
- "28-six"
+ "31-httplib2",
+ "23-fasteners",
+ "33-oauth2client",
+ "30-six"
]
},
{
- "ref": "42-jinja2",
+ "ref": "45-jinja2",
"dependsOn": [
- "43-markupsafe"
+ "46-markupsafe"
]
},
{
- "ref": "44-jsonschema",
+ "ref": "47-jsonschema",
"dependsOn": [
"6-attrs",
- "45-jsonschema-specifications",
- "46-referencing",
- "47-rpds-py"
+ "48-jsonschema-specifications",
+ "49-referencing",
+ "50-rpds-py"
]
},
{
- "ref": "45-jsonschema-specifications",
+ "ref": "48-jsonschema-specifications",
"dependsOn": [
- "46-referencing"
+ "49-referencing"
]
},
{
- "ref": "46-referencing",
+ "ref": "49-referencing",
"dependsOn": [
"6-attrs",
- "47-rpds-py"
+ "50-rpds-py"
+ ]
+ },
+ {
+ "ref": "51-lib4sbom",
+ "dependsOn": [
+ "52-pyyaml",
+ "53-semantic-version",
+ "17-defusedxml"
]
},
{
- "ref": "48-lib4sbom",
+ "ref": "54-lib4vex",
"dependsOn": [
- "14-defusedxml",
- "49-pyyaml",
- "50-semantic-version"
+ "51-lib4sbom",
+ "55-csaf-tool",
+ "56-packageurl-python"
]
},
{
- "ref": "51-lib4vex",
+ "ref": "55-csaf-tool",
"dependsOn": [
- "52-csaf-tool",
- "48-lib4sbom",
- "53-packageurl-python"
+ "56-packageurl-python",
+ "57-rich"
]
},
{
- "ref": "52-csaf-tool",
+ "ref": "57-rich",
"dependsOn": [
- "53-packageurl-python",
- "54-rich"
+ "58-markdown-it-py",
+ "60-pygments",
+ "9-typing-extensions"
]
},
{
- "ref": "54-rich",
+ "ref": "58-markdown-it-py",
"dependsOn": [
- "55-markdown-it-py",
- "57-pygments"
+ "59-mdurl"
]
},
{
- "ref": "55-markdown-it-py",
+ "ref": "63-plotly",
"dependsOn": [
- "56-mdurl"
+ "64-tenacity",
+ "62-packaging"
]
},
{
- "ref": "59-plotly",
+ "ref": "65-requests",
"dependsOn": [
- "58-packaging",
- "60-tenacity"
+ "66-charset-normalizer",
+ "13-idna",
+ "67-urllib3",
+ "68-certifi"
]
},
{
- "ref": "62-requests",
+ "ref": "71-xmlschema",
"dependsOn": [
- "63-certifi",
- "64-charset-normalizer",
- "10-idna",
- "65-urllib3"
+ "72-elementpath"
]
},
{
- "ref": "68-xmlschema",
+ "ref": "73-zstandard",
"dependsOn": [
- "69-elementpath"
+ "37-cffi"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx
index 527de7fa6a..a5c39654ae 100644
--- a/sbom/cve-bin-tool-py3.12.spdx
+++ b/sbom/cve-bin-tool-py3.12.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-cb307ebd-78db-456e-9dbf-34b317e8df15
-LicenseListVersion: 3.22
-Creator: Tool: sbom4python-0.11.3
-Created: 2024-12-09T00:39:39Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c6831ef6-a03c-48eb-a9a4-f1950eb624d9
+LicenseListVersion: 3.25
+Creator: Tool: sbom4python-0.12.1
+Created: 2024-12-16T00:38:46Z
CreatorComment: This document has been automatically generated.
#####
@@ -17,10 +17,12 @@ PackageSupplier: Person: Terri Oda (terri.oda@intel.com)
PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/intel/cve-bin-tool
+PackageChecksum: SHA256: 48c897ea59b84ee3142b3353f0bc5689232a5f464e4106ac9b7f1e5f691f888d
PackageLicenseDeclared: GPL-3.0-or-later
PackageLicenseConcluded: GPL-3.0-or-later
PackageCopyrightText: NOASSERTION
PackageSummary: CVE Binary Checker Tool
+ReleaseDate: 2024-09-17T18:57:44Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:*:*
#####
@@ -33,10 +35,20 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/aiohttp/3.11.10/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohttp
+PackageChecksum: SHA256: cbad88a61fa743c5d283ad501b01c153820734118b65aee2bd7dbb735475ce0d
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
+ReleaseDate: 2024-12-05T23:51:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiohttp/actions?query=workflow%3ACI
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiohttp
+ExternalRef: OTHER log https://docs.aiohttp.org/en/stable/changes.html
+ExternalRef: OTHER other https://docs.aiohttp.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohttp/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohttp
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.11.10
#####
@@ -48,29 +60,41 @@ PackageSupplier: Organization: J. Nick Koston (nick@koston.org)
PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs
+PackageChecksum: SHA256: a980909d50efcd44795c4afeca523296716d50cd756ddca6af8c65b996e27de8
PackageLicenseDeclared: PSF-2.0
PackageLicenseConcluded: PSF-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Happy Eyeballs for asyncio
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiohappyeyeballs/issues
+ExternalRef: OTHER log https://github.com/aio-libs/aiohappyeyeballs/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://aiohappyeyeballs.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiohappyeyeballs
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.4.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.4:*:*:*:*:*:*:*
#####
PackageName: aiosignal
SPDXID: SPDXRef-4-aiosignal
-PackageVersion: 1.3.1
+PackageVersion: 1.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files
+PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/aiosignal
-PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: aiosignal: a list of registered asynchronous callbacks
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1
+ReleaseDate: 2024-11-30T18:43:39Z
+ExternalRef: OTHER other https://gitter.im/aio-libs/Lobby
+ExternalRef: OTHER build-system https://github.com/aio-libs/aiosignal/actions
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/aiosignal
+ExternalRef: OTHER other https://docs.aiosignal.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/aiosignal/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/aiosignal
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.2
#####
PackageName: frozenlist
@@ -81,11 +105,22 @@ PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/frozenlist/1.5.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/frozenlist
+PackageChecksum: SHA256: 5b6a66c18b5b9dd261ca98dffcb826a525334b2f29e7caa54e182255c5f6a65a
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
+ReleaseDate: 2024-10-23T09:46:20Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/frozenlist/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/frozenlist
+ExternalRef: OTHER log https://github.com/aio-libs/frozenlist/blob/master/CHANGES.rst#changelog
+ExternalRef: OTHER other https://frozenlist.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/frozenlist/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/frozenlist
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.5.0
#####
@@ -96,336 +131,413 @@ PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Hynek Schlawack (hs@ox.cx)
PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 6771a04893780166e4b7826b63599f43ac30d00a
+PackageChecksum: SHA256: 81921eb96de3191c8258c199618104dd27ac608d9366f5e35d011eae1867ede2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Classes Without Boilerplate
+ReleaseDate: 2024-08-06T14:37:36Z
+ExternalRef: OTHER documentation https://www.attrs.org/
+ExternalRef: OTHER log https://www.attrs.org/en/stable/changelog.html
+ExternalRef: OTHER vcs https://github.com/python-attrs/attrs
+ExternalRef: OTHER other https://github.com/sponsors/hynek
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:*:*:*
#####
+PackageName: importlib-metadata
+SPDXID: SPDXRef-7-importlib-metadata
+PackageVersion: 8.0.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.0.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: 15584cf2b1bf449d98ff8a6ff1abef57bf20f3ac6454f431736cd3e660921b2f
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Read metadata from Python packages
+ReleaseDate: 2024-06-25T18:38:02Z
+ExternalRef: OTHER vcs https://github.com/python/importlib_metadata
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.0.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.0.0:*:*:*:*:*:*:*
+#####
+
+PackageName: zipp
+SPDXID: SPDXRef-8-zipp
+PackageVersion: 3.21.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
+PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
+FilesAnalyzed: false
+PackageChecksum: SHA256: ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backport of pathlib-compatible object wrapper for zip files
+ReleaseDate: 2024-11-10T15:05:19Z
+ExternalRef: OTHER vcs https://github.com/jaraco/zipp
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
+#####
+
+PackageName: typing-extensions
+SPDXID: SPDXRef-9-typing-extensions
+PackageVersion: 4.12.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/python/typing_extensions
+PackageChecksum: SHA256: 04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
+PackageCopyrightText: NOASSERTION
+PackageSummary: Backported and Experimental Type Hints for Python 3.8+
+ReleaseDate: 2024-06-07T18:52:13Z
+ExternalRef: OTHER issue-tracker https://github.com/python/typing_extensions/issues
+ExternalRef: OTHER log https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
+ExternalRef: OTHER documentation https://typing-extensions.readthedocs.io/
+ExternalRef: OTHER other https://github.com/python/typing/discussions
+ExternalRef: OTHER vcs https://github.com/python/typing_extensions
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*
+#####
+
PackageName: multidict
-SPDXID: SPDXRef-7-multidict
+SPDXID: SPDXRef-10-multidict
PackageVersion: 6.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/multidict
-PackageChecksum: SHA1: 4140e63780dc6dd600a1837cb9b4c5198c3dcd68
+PackageChecksum: SHA256: 3380252550e372e8511d49481bd836264c009adb826b23fefcc5dd3c69692f60
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: multidict implementation
+ReleaseDate: 2024-09-09T23:47:18Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER build-system https://github.com/aio-libs/multidict/actions
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/multidict
+ExternalRef: OTHER log https://multidict.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://multidict.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/multidict/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/multidict
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*
#####
PackageName: propcache
-SPDXID: SPDXRef-8-propcache
+SPDXID: SPDXRef-11-propcache
PackageVersion: 0.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/propcache/0.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/propcache
+PackageChecksum: SHA256: 6b3f39a85d671436ee3d12c017f8fdea38509e4f25b28eb25877293c98c243f6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Accelerated property cache
+ReleaseDate: 2024-12-01T18:27:02Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/propcache/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/propcache
+ExternalRef: OTHER log https://propcache.readthedocs.io/en/latest/changes/
+ExternalRef: OTHER other https://propcache.readthedocs.io
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/propcache/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/propcache
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.1:*:*:*:*:*:*:*
#####
PackageName: yarl
-SPDXID: SPDXRef-9-yarl
+SPDXID: SPDXRef-12-yarl
PackageVersion: 1.18.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com)
PackageDownloadLocation: https://pypi.org/project/yarl/1.18.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/aio-libs/yarl
+PackageChecksum: SHA256: 7df647e8edd71f000a5208fe6ff8c382a1de8edfbccdbbfe649d263de07d8c34
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Yet another URL library
+ReleaseDate: 2024-12-01T20:32:32Z
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs:matrix.org
+ExternalRef: OTHER other https://matrix.to/#/#aio-libs-space:matrix.org
+ExternalRef: OTHER other https://github.com/aio-libs/yarl/actions?query=branch:master
+ExternalRef: OTHER other https://github.com/aio-libs/.github/blob/master/CODE_OF_CONDUCT.md
+ExternalRef: OTHER other https://codecov.io/github/aio-libs/yarl
+ExternalRef: OTHER log https://yarl.aio-libs.org/en/latest/changes/
+ExternalRef: OTHER other https://yarl.aio-libs.org
+ExternalRef: OTHER issue-tracker https://github.com/aio-libs/yarl/issues
+ExternalRef: OTHER vcs https://github.com/aio-libs/yarl
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.18.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.18.3:*:*:*:*:*:*:*
#####
PackageName: idna
-SPDXID: SPDXRef-10-idna
+SPDXID: SPDXRef-13-idna
PackageVersion: 3.10
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org)
PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: 946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Internationalized Domain Names in Applications (IDNA)
+ReleaseDate: 2024-09-15T18:07:37Z
+ExternalRef: OTHER log https://github.com/kjd/idna/blob/master/HISTORY.rst
+ExternalRef: OTHER issue-tracker https://github.com/kjd/idna/issues
+ExternalRef: OTHER vcs https://github.com/kjd/idna
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*
#####
PackageName: beautifulsoup4
-SPDXID: SPDXRef-11-beautifulsoup4
+SPDXID: SPDXRef-14-beautifulsoup4
PackageVersion: 4.12.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org)
PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files
FilesAnalyzed: false
PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/
+PackageChecksum: SHA256: b80878c9f40111313e55da8ba20bdba06d8fa3969fc68304167741bbf9e082ed
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: MIT
PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Screen-scraping library
+ReleaseDate: 2024-01-17T16:53:12Z
+ExternalRef: OTHER other https://www.crummy.com/software/BeautifulSoup/bs4/download/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/beautifulsoup4@4.12.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.3:*:*:*:*:*:*:*
#####
PackageName: soupsieve
-SPDXID: SPDXRef-12-soupsieve
+SPDXID: SPDXRef-15-soupsieve
PackageVersion: 2.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com)
PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/facelessuser/soupsieve
-PackageChecksum: SHA1: f974ea7e2e70cc940e1bda98b815f5a68eb43990
+PackageChecksum: SHA256: e72c4ff06e4fb6e4b5a9f0f55fe6e81514581fca1515028625d0f299c602ccc9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A modern CSS selector implementation for Beautiful Soup.
+ReleaseDate: 2024-08-13T13:39:10Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/soupsieve@2.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:*
#####
PackageName: cvss
-SPDXID: SPDXRef-13-cvss
+SPDXID: SPDXRef-16-cvss
PackageVersion: 3.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com)
PackageDownloadLocation: https://pypi.org/project/cvss/3.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/RedHatProductSecurity/cvss
-PackageChecksum: SHA1: 1bfc39fc932e1c9859bc59d625cee7e53e021261
+PackageChecksum: SHA256: cc7326afc7585cc63d0a6ca74dab27d74aa2bc99f5f3d5d4bc4d94a3c22bc0a1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: LGPL-3.0-or-later
PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: CVSS2/3/4 library with interactive calculator for Python 2 and Python 3
+ReleaseDate: 2024-11-01T10:05:52Z
+ExternalRef: OTHER other https://github.com/RedHatProductSecurity/cvss/releases
+ExternalRef: OTHER vcs https://github.com/RedHatProductSecurity/cvss
+ExternalRef: OTHER issue-tracker https://github.com/RedHatProductSecurity/cvss/issues
+ExternalRef: OTHER build-system https://github.com/RedHatProductSecurity/cvss/actions
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cvss@3.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:3.3:*:*:*:*:*:*:*
#####
PackageName: defusedxml
-SPDXID: SPDXRef-14-defusedxml
+SPDXID: SPDXRef-17-defusedxml
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Christian Heimes (christian@python.org)
-PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files
+PackageDownloadLocation: https://pypi.python.org/pypi/defusedxml
FilesAnalyzed: false
PackageHomePage: https://github.com/tiran/defusedxml
-PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184
+PackageChecksum: SHA256: a352e7e428770286cc899e2542b6cdaedb2b4953ff269a210103ec58f6198a61
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: PSF-2.0
PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: XML bomb protection for Python stdlib modules
+ReleaseDate: 2021-03-08T10:59:24Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/defusedxml@0.7.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*
#####
PackageName: distro
-SPDXID: SPDXRef-15-distro
+SPDXID: SPDXRef-18-distro
PackageVersion: 1.9.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Nir Cohen (nir36g@gmail.com)
PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-distro/distro
+PackageChecksum: SHA256: 7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Distro - an OS platform information API
+ReleaseDate: 2023-12-24T09:54:30Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/distro@1.9.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:*
#####
PackageName: filetype
-SPDXID: SPDXRef-16-filetype
+SPDXID: SPDXRef-19-filetype
PackageVersion: 1.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me)
-PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files
+PackageDownloadLocation: https://github.com/h2non/filetype.py/tarball/master
FilesAnalyzed: false
PackageHomePage: https://github.com/h2non/filetype.py
-PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585
+PackageChecksum: SHA256: 7ce71b6880181241cf7ac8697a2f1eb6a8bd9b429f7ad6d27b8db9ba5f1c2d25
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Infer file type and MIME type of any file/buffer. No external dependencies.
+ReleaseDate: 2022-11-02T17:34:01Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/filetype@1.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:*:*:*
#####
PackageName: gsutil
-SPDXID: SPDXRef-17-gsutil
-PackageVersion: 5.31
+SPDXID: SPDXRef-20-gsutil
+PackageVersion: 5.33
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files
+PackageDownloadLocation: https://cloud.google.com/storage/docs/gsutil_install
FilesAnalyzed: false
PackageHomePage: https://cloud.google.com/storage/docs/gsutil
+PackageChecksum: SHA256: 26f5441e619d6244016da0ab3a11285dcd88cf32aeb571b3e28606a165c07856
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-11T09:40:59Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.33
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.33:*:*:*:*:*:*:*
#####
PackageName: argcomplete
-SPDXID: SPDXRef-18-argcomplete
+SPDXID: SPDXRef-21-argcomplete
PackageVersion: 3.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com)
PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/kislyuk/argcomplete
-PackageChecksum: SHA1: fa88f807ee3f1d1c5b2647ca3c38fd3e0349dbfc
+PackageChecksum: SHA256: 036d020d79048a5d525bc63880d7a4b8d1668566b8a76daf1144c0bbe0f63472
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Bash tab completion for argparse
+ReleaseDate: 2024-12-06T18:24:27Z
+ExternalRef: OTHER documentation https://kislyuk.github.io/argcomplete
+ExternalRef: OTHER vcs https://github.com/kislyuk/argcomplete
+ExternalRef: OTHER issue-tracker https://github.com/kislyuk/argcomplete/issues
+ExternalRef: OTHER log https://github.com/kislyuk/argcomplete/blob/develop/Changes.rst
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.2:*:*:*:*:*:*:*
#####
PackageName: crcmod
-SPDXID: SPDXRef-19-crcmod
+SPDXID: SPDXRef-22-crcmod
PackageVersion: 1.7
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files
+PackageDownloadLocation: http://sourceforge.net/projects/crcmod
FilesAnalyzed: false
PackageHomePage: http://crcmod.sourceforge.net/
+PackageChecksum: SHA256: dc7051a0db5f2bd48665a990d3ec1cc305a466a77358ca4492826f41f283601e
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CRC Generator
+ReleaseDate: 2010-06-27T14:35:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/crcmod@1.7
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*
#####
PackageName: fasteners
-SPDXID: SPDXRef-20-fasteners
+SPDXID: SPDXRef-23-fasteners
PackageVersion: 0.19
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joshua Harlow
PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/harlowja/fasteners
-PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4
+PackageChecksum: SHA256: 758819cb5d94cdedf4e836988b74de396ceacb8e2794d21f82d131fd9ee77237
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: A python package that provides useful locks
+ReleaseDate: 2023-09-19T17:11:18Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/fasteners@0.19
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*
#####
PackageName: gcs-oauth2-boto-plugin
-SPDXID: SPDXRef-21-gcs-oauth2-boto-plugin
+SPDXID: SPDXRef-24-gcs-oauth2-boto-plugin
PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files
+PackageDownloadLocation: https://github.com/GoogleCloudPlatform/gcs-oauth2-boto-plugin
FilesAnalyzed: false
PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary
-PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb
+PackageChecksum: SHA256: a46817f3abed2bc4f6b4b12b0de7c8bf5ff5f1822dc03c45fa1ae6ed7a455843
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
+ReleaseDate: 2024-05-02T14:37:31Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
-PackageName: boto
-SPDXID: SPDXRef-22-boto
-PackageVersion: 2.49.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
-PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/boto/boto/
-PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Amazon Web Services Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
-#####
-
-PackageName: google-auth
-SPDXID: SPDXRef-23-google-auth
-PackageVersion: 2.17.0
+PackageName: rsa
+SPDXID: SPDXRef-25-rsa
+PackageVersion: 4.7.2
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
FilesAnalyzed: false
-PackageHomePage: https://github.com/googleapis/google-auth-library-python
-PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243
+PackageHomePage: https://stuvel.eu/rsa
+PackageChecksum: SHA256: 78f9a9bf4e7be0c5ded4583326e7461e3a3c5aae24073648b4bdfa797d78c9d2
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
-#####
-
-PackageName: cachetools
-SPDXID: SPDXRef-24-cachetools
-PackageVersion: 5.5.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/tkem/cachetools/
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-25-pyasn1-modules
-PackageVersion: 0.4.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/pyasn1/pyasn1-modules
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+PackageSummary: Pure-Python RSA implementation
+ReleaseDate: 2021-02-24T10:55:03Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
PackageName: pyasn1
@@ -436,184 +548,211 @@ PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyasn1/pyasn1
+PackageChecksum: SHA256: 6f580d2bdd84365380830acf45550f2511469f673cb4a5ae3857a3170128b034
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ReleaseDate: 2024-09-10T22:41:42Z
+ExternalRef: OTHER documentation https://pyasn1.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1/issues
+ExternalRef: OTHER log https://pyasn1.readthedocs.io/en/latest/changelog.html
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*
#####
-PackageName: rsa
-SPDXID: SPDXRef-27-rsa
-PackageVersion: 4.7.2
+PackageName: boto
+SPDXID: SPDXRef-27-boto
+PackageVersion: 2.49.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files
+PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com)
+PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files
FilesAnalyzed: false
-PackageHomePage: https://stuvel.eu/rsa
-PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
+PackageHomePage: https://github.com/boto/boto/
+PackageChecksum: SHA256: 147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Amazon Web Services Library
+ReleaseDate: 2018-07-11T20:58:55Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-reauth
+SPDXID: SPDXRef-28-google-reauth
+PackageVersion: 0.1.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/Google/google-reauth-python
+PackageChecksum: SHA256: cb39074488d74c8853074dde47368bbf8f739d4a4338b89aab696c895b6d8368
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+PackageSummary: Google Reauth Library
+ReleaseDate: 2020-12-01T17:35:45Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
+#####
+
+PackageName: pyu2f
+SPDXID: SPDXRef-29-pyu2f
+PackageVersion: 0.1.5
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/google/pyu2f/
+PackageChecksum: SHA256: a3caa3a11842fc7d5746376f37195e6af5f17c0a15737538bb1cebf656fb306b
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ReleaseDate: 2020-10-30T20:03:07Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-28-six
+SPDXID: SPDXRef-30-six
PackageVersion: 1.17.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
PackageDownloadLocation: https://pypi.org/project/six/1.17.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/benjaminp/six
+PackageChecksum: SHA256: 4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python 2 and 3 compatibility utilities
+ReleaseDate: 2024-12-04T17:35:26Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.17.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.17.0:*:*:*:*:*:*:*
#####
-PackageName: google-auth-httplib2
-SPDXID: SPDXRef-29-google-auth-httplib2
-PackageVersion: 0.2.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
-PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library: httplib2 transport
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
-#####
-
PackageName: httplib2
-SPDXID: SPDXRef-30-httplib2
+SPDXID: SPDXRef-31-httplib2
PackageVersion: 0.20.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/httplib2/httplib2
-PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4
+PackageChecksum: SHA256: 8b6a905cb1c79eefd03f8669fd993c36dc341f7c558f056cb5a33b5c2f458543
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A comprehensive HTTP client library.
+ReleaseDate: 2022-02-03T00:00:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/httplib2@0.20.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*
#####
PackageName: pyparsing
-SPDXID: SPDXRef-31-pyparsing
+SPDXID: SPDXRef-32-pyparsing
PackageVersion: 3.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyparsing/pyparsing/
+PackageChecksum: SHA256: 93d9577b88da0bbea8cc8334ee8b918ed014968fd2ec383e868fb8afb1ccef84
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
+ReleaseDate: 2024-10-13T10:01:13Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*
#####
-PackageName: google-reauth
-SPDXID: SPDXRef-32-google-reauth
-PackageVersion: 0.1.1
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/Google/google-reauth-python
-PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
-#####
-
-PackageName: pyu2f
-SPDXID: SPDXRef-33-pyu2f
-PackageVersion: 0.1.5
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/google/pyu2f/
-PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
-#####
-
PackageName: oauth2client
-SPDXID: SPDXRef-34-oauth2client
+SPDXID: SPDXRef-33-oauth2client
PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/oauth2client/
-PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
+PackageChecksum: SHA256: b8a81cc5d60e2d364f0b1b98f958dbd472887acaf1a5b05e21c28c31a2d6d3ac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: OAuth 2.0 client library
+ReleaseDate: 2018-09-07T21:38:16Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-34-pyasn1-modules
+PackageVersion: 0.4.1
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/pyasn1/pyasn1-modules
+PackageChecksum: SHA256: c28e2dbf9c06ad61c71a075c7e0f9fd0f1b0bb2d2ad4377f240d33ac2ab60a7c
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ReleaseDate: 2024-09-10T22:42:08Z
+ExternalRef: OTHER vcs https://github.com/pyasn1/pyasn1-modules
+ExternalRef: OTHER issue-tracker https://github.com/pyasn1/pyasn1-modules/issues
+ExternalRef: OTHER log https://github.com/pyasn1/pyasn1-modules/blob/master/CHANGES.txt
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*
+#####
+
PackageName: pyopenssl
SPDXID: SPDXRef-35-pyopenssl
-PackageVersion: 24.3.0
+PackageVersion: 24.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.3.0/#files
+PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files
FilesAnalyzed: false
PackageHomePage: https://pyopenssl.org/
+PackageChecksum: SHA256: 967d5719b12b243588573f39b0c677637145c7a1ffedcd495a487e58177fbb8d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Python wrapper module around the OpenSSL library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.3.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-07-20T17:26:29Z
+ExternalRef: OTHER vcs https://github.com/pyca/pyopenssl
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.2.1:*:*:*:*:*:*:*
#####
PackageName: cryptography
SPDXID: SPDXRef-36-cryptography
-PackageVersion: 44.0.0
+PackageVersion: 43.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/44.0.0/#files
+PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pyca/cryptography
+PackageChecksum: SHA256: bf7a1932ac4176486eab36a19ed4c0492da5d97123f1406cf15e41b05e787d2e
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@44.0.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:44.0.0:*:*:*:*:*:*:*
+ReleaseDate: 2024-10-18T15:57:36Z
+ExternalRef: OTHER documentation https://cryptography.io/
+ExternalRef: OTHER vcs https://github.com/pyca/cryptography/
+ExternalRef: OTHER issue-tracker https://github.com/pyca/cryptography/issues
+ExternalRef: OTHER log https://cryptography.io/en/latest/changelog/
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -624,11 +763,18 @@ PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroup
PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files
FilesAnalyzed: false
PackageHomePage: http://cffi.readthedocs.org
-PackageChecksum: SHA1: 38bd6be6b94a65182f4bffb45c78e230e9290f51
+PackageChecksum: SHA256: df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Foreign Function Interface for Python calling C code.
+ReleaseDate: 2024-09-04T20:43:30Z
+ExternalRef: OTHER documentation http://cffi.readthedocs.org/
+ExternalRef: OTHER vcs https://github.com/python-cffi/cffi
+ExternalRef: OTHER issue-tracker https://github.com/python-cffi/cffi/issues
+ExternalRef: OTHER log https://cffi.readthedocs.io/en/latest/whatsnew.html
+ExternalRef: OTHER other https://github.com/python-cffi/cffi/releases
+ExternalRef: OTHER other https://groups.google.com/forum/#!forum/python-cffi
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cffi@1.17.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:*:*:*:*:*:*:*
#####
@@ -641,11 +787,12 @@ PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/eliben/pycparser
-PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2
+PackageChecksum: SHA256: c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
PackageLicenseDeclared: BSD-3-Clause
PackageLicenseConcluded: BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: C parser in Python
+ReleaseDate: 2024-03-30T13:22:20Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pycparser@2.22
ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*:*:*
#####
@@ -658,652 +805,835 @@ PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/pnpnpn/retry-decorator
-PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349
+PackageChecksum: SHA256: e1e8ad02e518fe11073f2ea7d80b6b8be19daa27a60a1838aff7c731ddcf2ebe
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Retry Decorator
+ReleaseDate: 2020-03-10T23:56:29Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/retry-decorator@1.1.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*
#####
+PackageName: google-auth
+SPDXID: SPDXRef-40-google-auth
+PackageVersion: 2.17.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/googleapis/google-auth-library-python
+PackageChecksum: SHA256: 45ba9b4b3e49406de3c5451697820694b2f6ce8a6b75bb187852fdae231dab94
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library
+ReleaseDate: 2023-03-28T19:51:30Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
+#####
+
+PackageName: cachetools
+SPDXID: SPDXRef-41-cachetools
+PackageVersion: 5.5.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/tkem/cachetools/
+PackageChecksum: SHA256: 02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ReleaseDate: 2024-08-18T20:28:43Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.5.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:*:*:*:*
+#####
+
+PackageName: google-auth-httplib2
+SPDXID: SPDXRef-42-google-auth-httplib2
+PackageVersion: 0.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2
+PackageChecksum: SHA256: b65a0a2123300dd71281a7bf6e64d65a0759287df52729bdd1ae2e47dc311a3d
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: Google Authentication Library: httplib2 transport
+ReleaseDate: 2023-12-12T17:40:13Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+#####
+
PackageName: google-apitools
-SPDXID: SPDXRef-40-google-apitools
+SPDXID: SPDXRef-43-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files
FilesAnalyzed: false
PackageHomePage: http://github.com/google/apitools
-PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1
+PackageChecksum: SHA256: b78f74116558e0476e19501b5b4b2ac7c93261a69c5449c861ea95cbc853c688
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: client libraries for humans
+ReleaseDate: 2021-05-05T22:12:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
PackageName: monotonic
-SPDXID: SPDXRef-41-monotonic
+SPDXID: SPDXRef-44-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/atdt/monotonic
-PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad
+PackageChecksum: SHA256: 68687e19a14f11f26d140dd5c86f3dba4bf5df58003000ed467e0e2a69bca96c
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3
+ReleaseDate: 2021-04-09T21:58:05Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/monotonic@1.6
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
PackageName: jinja2
-SPDXID: SPDXRef-42-jinja2
+SPDXID: SPDXRef-45-jinja2
PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57
+PackageChecksum: SHA256: bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
+ReleaseDate: 2024-05-05T23:41:59Z
+ExternalRef: OTHER log https://jinja.palletsprojects.com/changes/
+ExternalRef: OTHER chat https://discord.gg/pallets
+ExternalRef: OTHER documentation https://jinja.palletsprojects.com/
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER vcs https://github.com/pallets/jinja/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
#####
PackageName: markupsafe
-SPDXID: SPDXRef-43-markupsafe
+SPDXID: SPDXRef-46-markupsafe
PackageVersion: 3.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 28ace20b140d15c083e1cbc163ee6b7778ba098c
+PackageChecksum: SHA256: 7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
-PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: markupsafe declares Copyright 2010 Pallets
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Safely add untrusted strings to HTML/XML markup.
+ReleaseDate: 2024-10-18T15:20:51Z
+ExternalRef: OTHER other https://palletsprojects.com/donate
+ExternalRef: OTHER documentation https://markupsafe.palletsprojects.com/
+ExternalRef: OTHER log https://markupsafe.palletsprojects.com/changes/
+ExternalRef: OTHER vcs https://github.com/pallets/markupsafe/
+ExternalRef: OTHER chat https://discord.gg/pallets
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2
#####
PackageName: jsonschema
-SPDXID: SPDXRef-44-jsonschema
+SPDXID: SPDXRef-47-jsonschema
PackageVersion: 4.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema
+PackageChecksum: SHA256: fbadb6f8b144a8f8cf9f0b89ba94501d143e50411a1278633f56a7acf7fd5566
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
+ReleaseDate: 2024-07-08T18:40:00Z
+ExternalRef: OTHER documentation https://python-jsonschema.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema?utm_source=pypi-jsonschema&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
-SPDXID: SPDXRef-45-jsonschema-specifications
+SPDXID: SPDXRef-48-jsonschema-specifications
PackageVersion: 2024.10.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications
-PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549
+PackageChecksum: SHA256: a09a0680616357d9a0ecf05c12ad234479f549239d0f5b55f3deea67475da9bf
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
+ReleaseDate: 2024-10-08T12:29:30Z
+ExternalRef: OTHER documentation https://jsonschema-specifications.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/jsonschema-specifications/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-jsonschema-specifications?utm_source=pypi-jsonschema-specifications&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/jsonschema-specifications
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*
#####
PackageName: referencing
-SPDXID: SPDXRef-46-referencing
+SPDXID: SPDXRef-49-referencing
PackageVersion: 0.35.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/python-jsonschema/referencing
-PackageChecksum: SHA1: 1863d4a5c18af1edd0f3b49caeb9fedfdaff9845
+PackageChecksum: SHA256: eda6d3234d62814d1c64e305c1331c9a3a6132da475ab6382eaa997b21ee75de
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
+ReleaseDate: 2024-05-01T20:26:02Z
+ExternalRef: OTHER documentation https://referencing.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/python-jsonschema/referencing/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-referencing?utm_source=pypi-referencing&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER log https://referencing.readthedocs.io/en/stable/changes/
+ExternalRef: OTHER vcs https://github.com/python-jsonschema/referencing
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
-SPDXID: SPDXRef-47-rpds-py
+SPDXID: SPDXRef-50-rpds-py
PackageVersion: 0.22.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com)
PackageDownloadLocation: https://pypi.org/project/rpds-py/0.22.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/crate-py/rpds
+PackageChecksum: SHA256: 6c7b99ca52c2c1752b544e310101b98a659b720b21db00e65edca34483259967
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
+ReleaseDate: 2024-12-04T15:31:31Z
+ExternalRef: OTHER documentation https://rpds.readthedocs.io/
+ExternalRef: OTHER issue-tracker https://github.com/crate-py/rpds/issues/
+ExternalRef: OTHER other https://github.com/sponsors/Julian
+ExternalRef: OTHER other https://tidelift.com/subscription/pkg/pypi-rpds-py?utm_source=pypi-rpds-py&utm_medium=referral&utm_campaign=pypi-link
+ExternalRef: OTHER vcs https://github.com/crate-py/rpds
+ExternalRef: OTHER other https://github.com/orium/rpds
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpds-py@0.22.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.22.3:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
-SPDXID: SPDXRef-48-lib4sbom
-PackageVersion: 0.7.5
+SPDXID: SPDXRef-51-lib4sbom
+PackageVersion: 0.8.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.8.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4sbom
+PackageChecksum: SHA256: 27f98d2c109b4d91636913302cfaa4e8bf47315b6beb6b35a19ff66380c1e395
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*
+ReleaseDate: 2024-12-09T20:13:26Z
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.8.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.8.0:*:*:*:*:*:*:*
#####
PackageName: pyyaml
-SPDXID: SPDXRef-49-pyyaml
+SPDXID: SPDXRef-52-pyyaml
PackageVersion: 6.0.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files
+PackageDownloadLocation: https://pypi.org/project/PyYAML/
FilesAnalyzed: false
PackageHomePage: https://pyyaml.org/
+PackageChecksum: SHA256: 0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
+ReleaseDate: 2024-08-06T20:31:40Z
+ExternalRef: OTHER issue-tracker https://github.com/yaml/pyyaml/issues
+ExternalRef: OTHER build-system https://github.com/yaml/pyyaml/actions
+ExternalRef: OTHER documentation https://pyyaml.org/wiki/PyYAMLDocumentation
+ExternalRef: OTHER mailing-list http://lists.sourceforge.net/lists/listinfo/yaml-core
+ExternalRef: OTHER vcs https://github.com/yaml/pyyaml
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyyaml@6.0.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*:*:*
#####
PackageName: semantic-version
-SPDXID: SPDXRef-50-semantic-version
+SPDXID: SPDXRef-53-semantic-version
PackageVersion: 2.10.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/rbarrois/python-semanticversion
-PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a
+PackageChecksum: SHA256: de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A library implementing the 'SemVer' scheme.
+ReleaseDate: 2022-05-26T13:35:21Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/semantic-version@2.10.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.0:*:*:*:*:*:*:*
#####
PackageName: lib4vex
-SPDXID: SPDXRef-51-lib4vex
+SPDXID: SPDXRef-54-lib4vex
PackageVersion: 0.2.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/lib4vex
-PackageChecksum: SHA1: b7815c41b68867451b849d4d8e239cb79cc0acf2
+PackageChecksum: SHA256: bbe730148c1a7629473067ba9702b673af11e225fcd76e6431b881f0731f52ce
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: VEX generator and consumer library
+ReleaseDate: 2024-08-29T20:36:52Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*
#####
PackageName: csaf-tool
-SPDXID: SPDXRef-52-csaf-tool
+SPDXID: SPDXRef-55-csaf-tool
PackageVersion: 0.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/anthonyharrison/csaf
-PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4
+PackageChecksum: SHA256: 7e5559cb522eb76e3acad39a7bf9ba1b81e5a6224099d511a4c9c2dcf36caa16
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: CSAF generator and analyser
+ReleaseDate: 2024-06-12T20:10:06Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/csaf-tool@0.3.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:*:*:*:*:*
#####
PackageName: packageurl-python
-SPDXID: SPDXRef-53-packageurl-python
+SPDXID: SPDXRef-56-packageurl-python
PackageVersion: 0.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.16.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/package-url/packageurl-python
-PackageChecksum: SHA1: 9155d4173e4c1f29a345de86c280ab783c837882
+PackageChecksum: SHA256: 5c3872638b177b0f1cf01c3673017b7b27ebee485693ae12a8bed70fa7fa7c35
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: A purl aka. Package URL parser and builder
+ReleaseDate: 2024-10-22T05:51:23Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packageurl-python@0.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.16.0:*:*:*:*:*:*:*
#####
PackageName: rich
-SPDXID: SPDXRef-54-rich
+SPDXID: SPDXRef-57-rich
PackageVersion: 13.9.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rich/13.9.4/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Textualize/rich
-PackageChecksum: SHA1: 43d3b04725ab9731727fb1126e35980c62f32377
+PackageChecksum: SHA256: 6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
+ReleaseDate: 2024-11-01T16:43:55Z
+ExternalRef: OTHER documentation https://rich.readthedocs.io/en/latest/
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.9.4
ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.4:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
-SPDXID: SPDXRef-55-markdown-it-py
+SPDXID: SPDXRef-58-markdown-it-py
PackageVersion: 3.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/markdown-it-py
-PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d
+PackageChecksum: SHA256: 355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Python port of markdown-it. Markdown parsing, done right!
+ReleaseDate: 2023-06-03T06:41:11Z
+ExternalRef: OTHER documentation https://markdown-it-py.readthedocs.io
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markdown-it-py@3.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*
#####
PackageName: mdurl
-SPDXID: SPDXRef-56-mdurl
+SPDXID: SPDXRef-59-mdurl
PackageVersion: 0.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/executablebooks/mdurl
-PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e
+PackageChecksum: SHA256: 84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Markdown URL utilities
+ReleaseDate: 2022-08-14T12:40:09Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/mdurl@0.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*
#####
PackageName: pygments
-SPDXID: SPDXRef-57-pygments
+SPDXID: SPDXRef-60-pygments
PackageVersion: 2.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files
FilesAnalyzed: false
PackageHomePage: https://pygments.org
-PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb
+PackageChecksum: SHA256: b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
+ReleaseDate: 2024-05-04T13:41:57Z
+ExternalRef: OTHER documentation https://pygments.org/docs
+ExternalRef: OTHER vcs https://github.com/pygments/pygments
+ExternalRef: OTHER issue-tracker https://github.com/pygments/pygments/issues
+ExternalRef: OTHER log https://github.com/pygments/pygments/blob/master/CHANGES
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
+PackageName: python-gnupg
+SPDXID: SPDXRef-61-python-gnupg
+PackageVersion: 0.5.3
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/vsajip/python-gnupg
+PackageChecksum: SHA256: 2f8a4c6f63766feca6cc1416408f8b84e1b914fe7b54514e570fc5cbe92e9248
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
+ReleaseDate: 2024-09-20T16:43:47Z
+ExternalRef: OTHER documentation https://gnupg.readthedocs.io/
+ExternalRef: OTHER vcs https://github.com/vsajip/python-gnupg
+ExternalRef: OTHER issue-tracker https://github.com/vsajip/python-gnupg/issues
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
+#####
+
PackageName: packaging
-SPDXID: SPDXRef-58-packaging
+SPDXID: SPDXRef-62-packaging
PackageVersion: 24.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
PackageDownloadLocation: https://pypi.org/project/packaging/24.2/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: d8e3b31b734926ebbcaff654279f6855a73e052f
+PackageChecksum: SHA256: 09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Core utilities for Python packages
+ReleaseDate: 2024-11-08T09:47:44Z
+ExternalRef: OTHER documentation https://packaging.pypa.io/
+ExternalRef: OTHER vcs https://github.com/pypa/packaging
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/packaging@24.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.2:*:*:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-59-plotly
+SPDXID: SPDXRef-63-plotly
PackageVersion: 5.24.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files
FilesAnalyzed: false
PackageHomePage: https://plotly.com/python/
+PackageChecksum: SHA256: f67073a1e637eb0dc3e46324d9d51e2fe76e9727c892dde64ddf1e1b51f29089
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
+ReleaseDate: 2024-09-12T15:36:24Z
+ExternalRef: OTHER documentation https://plotly.com/python/
+ExternalRef: OTHER vcs https://github.com/plotly/plotly.py
+ExternalRef: OTHER log https://github.com/plotly/plotly.py/blob/master/CHANGELOG.md
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1
ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-60-tenacity
+SPDXID: SPDXRef-64-tenacity
PackageVersion: 9.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/jd/tenacity
-PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb
+PackageChecksum: SHA256: 93de0c98785b27fcf659856aa9f54bfbd399e29969b0621bc7f762bd441b4539
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
+ReleaseDate: 2024-07-29T12:12:25Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*
#####
-PackageName: python-gnupg
-SPDXID: SPDXRef-61-python-gnupg
-PackageVersion: 0.5.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/vsajip/python-gnupg
-PackageChecksum: SHA1: 498440ce2caefc10a7426a52bc1866c1ce0f923c
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*
-#####
-
PackageName: requests
-SPDXID: SPDXRef-62-requests
+SPDXID: SPDXRef-65-requests
PackageVersion: 2.32.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files
FilesAnalyzed: false
PackageHomePage: https://requests.readthedocs.io
-PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068
+PackageChecksum: SHA256: 70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python HTTP for Humans.
+ReleaseDate: 2024-05-29T15:37:47Z
+ExternalRef: OTHER documentation https://requests.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/psf/requests
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/requests@2.32.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*:*:*:*
#####
-PackageName: certifi
-SPDXID: SPDXRef-63-certifi
-PackageVersion: 2024.8.30
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files
-FilesAnalyzed: false
-PackageHomePage: https://github.com/certifi/python-certifi
-PackageLicenseDeclared: MPL-2.0
-PackageLicenseConcluded: MPL-2.0
-PackageCopyrightText: NOASSERTION
-PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*
-#####
-
PackageName: charset-normalizer
-SPDXID: SPDXRef-64-charset-normalizer
+SPDXID: SPDXRef-66-charset-normalizer
PackageVersion: 3.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me)
PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/Ousret/charset_normalizer
+PackageChecksum: SHA256: 4f9fc98dad6c2eaa32fc3af1417d95b5e3d08aff968df0cd320066def971f9a6
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.
+ReleaseDate: 2024-10-09T07:38:02Z
+ExternalRef: OTHER issue-tracker https://github.com/Ousret/charset_normalizer/issues
+ExternalRef: OTHER documentation https://charset-normalizer.readthedocs.io/en/latest
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-65-urllib3
+SPDXID: SPDXRef-67-urllib3
PackageVersion: 2.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files
FilesAnalyzed: false
-PackageChecksum: SHA1: 2458bfcd3dacdf6c196e98d077fc6bb02a5fc1df
+PackageChecksum: SHA256: ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: HTTP library with thread-safe connection pooling, file post, and more.
+ReleaseDate: 2024-09-12T10:52:16Z
+ExternalRef: OTHER log https://github.com/urllib3/urllib3/blob/main/CHANGES.rst
+ExternalRef: OTHER documentation https://urllib3.readthedocs.io
+ExternalRef: OTHER vcs https://github.com/urllib3/urllib3
+ExternalRef: OTHER issue-tracker https://github.com/urllib3/urllib3/issues
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*
#####
+PackageName: certifi
+SPDXID: SPDXRef-68-certifi
+PackageVersion: 2024.12.14
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
+PackageDownloadLocation: https://pypi.org/project/certifi/2024.12.14/#files
+FilesAnalyzed: false
+PackageHomePage: https://github.com/certifi/python-certifi
+PackageChecksum: SHA256: 1275f7a45be9464efc1173084eaa30f866fe2e47d389406136d332ed4967ec56
+PackageLicenseDeclared: MPL-2.0
+PackageLicenseConcluded: MPL-2.0
+PackageCopyrightText: NOASSERTION
+PackageSummary: Python package for providing Mozilla's CA Bundle.
+ReleaseDate: 2024-12-14T13:52:36Z
+ExternalRef: OTHER vcs https://github.com/certifi/python-certifi
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.12.14
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.12.14:*:*:*:*:*:*:*
+#####
+
PackageName: rpmfile
-SPDXID: SPDXRef-66-rpmfile
+SPDXID: SPDXRef-69-rpmfile
PackageVersion: 2.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/srossross/rpmfile
-PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5
+PackageChecksum: SHA256: 9d180ffffef5ca1377a33eb4af3e2de69dccafe7e10aa20b06d191bd8e8d369c
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Read rpm archive files
+ReleaseDate: 2024-07-24T21:57:45Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:*
#####
PackageName: setuptools
-SPDXID: SPDXRef-67-setuptools
+SPDXID: SPDXRef-70-setuptools
PackageVersion: 75.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org)
PackageDownloadLocation: https://pypi.org/project/setuptools/75.6.0/#files
FilesAnalyzed: false
+PackageChecksum: SHA256: ce74b49e8f7110f9bf04883b730f4765b774ef3ef28f722cce7c273d253aaf7d
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages
+ReleaseDate: 2024-11-20T18:16:10Z
+ExternalRef: OTHER vcs https://github.com/pypa/setuptools
+ExternalRef: OTHER documentation https://setuptools.pypa.io/
+ExternalRef: OTHER log https://setuptools.pypa.io/en/stable/history.html
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.6.0:*:*:*:*:*:*:*
#####
PackageName: xmlschema
-SPDXID: SPDXRef-68-xmlschema
+SPDXID: SPDXRef-71-xmlschema
PackageVersion: 3.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.3/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/xmlschema
+PackageChecksum: SHA256: eea4e5a1aac041b546ebe7b2eb68eb5eaebf5c5258e573cfc182375676b2e4e3
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
+ReleaseDate: 2024-10-31T09:47:12Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.3
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.3:*:*:*:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-69-elementpath
+SPDXID: SPDXRef-72-elementpath
PackageVersion: 4.6.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
PackageDownloadLocation: https://pypi.org/project/elementpath/4.6.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/sissaschool/elementpath
+PackageChecksum: SHA256: e578677f19ccc6ff374c4477c687c547ecbaf7b478d98abb951b7b4b45260a17
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
+ReleaseDate: 2024-10-27T21:52:58Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.6.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.6.0:*:*:*:*:*:*:*
#####
-PackageName: zipp
-SPDXID: SPDXRef-70-zipp
-PackageVersion: 3.21.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Jason R. (jaraco@jaraco.com)
-PackageDownloadLocation: https://pypi.org/project/zipp/3.21.0/#files
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageCopyrightText: NOASSERTION
-PackageSummary: Backport of pathlib-compatible object wrapper for zip files
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.21.0:*:*:*:*:*:*:*
-#####
-
PackageName: zstandard
-SPDXID: SPDXRef-71-zstandard
+SPDXID: SPDXRef-73-zstandard
PackageVersion: 0.23.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files
FilesAnalyzed: false
PackageHomePage: https://github.com/indygreg/python-zstandard
+PackageChecksum: SHA256: bf0a05b6059c0528477fba9054d09179beb63744355cab9f38059548fedd46a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Zstandard bindings for Python
+ReleaseDate: 2024-07-15T00:13:27Z
ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:*
#####
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-11-beautifulsoup4
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-cvss
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-defusedxml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-distro
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-filetype
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-beautifulsoup4
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-cvss
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-defusedxml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-distro
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-filetype
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-42-jinja2
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jsonschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-lib4sbom
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-pyyaml
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4vex
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-rich
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packaging
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-20-gsutil
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jinja2
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jsonschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4sbom
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-pyyaml
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4vex
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-rich
Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-python-gnupg
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-requests
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-urllib3
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-rpmfile
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-setuptools
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-xmlschema
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-zipp
-Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-zstandard
-Relationship: SPDXRef-11-beautifulsoup4 DEPENDS_ON SPDXRef-12-soupsieve
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-18-argcomplete
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-19-crcmod
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-20-fasteners
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-21-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-29-google-auth-httplib2
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-32-google-reauth
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-35-pyopenssl
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-39-retry-decorator
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-40-google-apitools
-Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-41-monotonic
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-packaging
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-plotly
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-requests
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-urllib3
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-rpmfile
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-7-importlib-metadata
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-setuptools
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-xmlschema
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zstandard
+Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-10-multidict DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-11-propcache
+Relationship: SPDXRef-12-yarl DEPENDS_ON SPDXRef-13-idna
+Relationship: SPDXRef-14-beautifulsoup4 DEPENDS_ON SPDXRef-15-soupsieve
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-multidict
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-11-propcache
+Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-12-yarl
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist
Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-propcache
-Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-9-yarl
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-auth-httplib2
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-google-reauth
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl
-Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-24-cachetools
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-25-pyasn1-modules
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-25-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-27-rsa DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-23-google-auth
-Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-30-httplib2 DEPENDS_ON SPDXRef-31-pyparsing
-Relationship: SPDXRef-32-google-reauth DEPENDS_ON SPDXRef-33-pyu2f
-Relationship: SPDXRef-33-pyu2f DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-25-pyasn1-modules
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-pyasn1
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-rsa
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-30-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-21-argcomplete
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-22-crcmod
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-23-fasteners
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-24-gcs-oauth2-boto-plugin
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-28-google-reauth
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-35-pyopenssl
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-39-retry-decorator
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-42-google-auth-httplib2
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-43-google-apitools
+Relationship: SPDXRef-20-gsutil DEPENDS_ON SPDXRef-44-monotonic
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-boto
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-google-reauth
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-oauth2client
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-24-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-42-google-auth-httplib2
+Relationship: SPDXRef-25-rsa DEPENDS_ON SPDXRef-26-pyasn1
+Relationship: SPDXRef-28-google-reauth DEPENDS_ON SPDXRef-29-pyu2f
+Relationship: SPDXRef-29-pyu2f DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-31-httplib2 DEPENDS_ON SPDXRef-32-pyparsing
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-26-pyasn1
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-34-pyasn1-modules
+Relationship: SPDXRef-34-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1
Relationship: SPDXRef-35-pyopenssl DEPENDS_ON SPDXRef-36-cryptography
Relationship: SPDXRef-36-cryptography DEPENDS_ON SPDXRef-37-cffi
Relationship: SPDXRef-37-cffi DEPENDS_ON SPDXRef-38-pycparser
Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-20-fasteners
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-28-six
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-30-httplib2
-Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-34-oauth2client
-Relationship: SPDXRef-42-jinja2 DEPENDS_ON SPDXRef-43-markupsafe
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-45-jsonschema-specifications
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-46-referencing
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-47-rpds-py
-Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-45-jsonschema-specifications DEPENDS_ON SPDXRef-46-referencing
-Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-47-rpds-py
-Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-6-attrs
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-14-defusedxml
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-49-pyyaml
-Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-50-semantic-version
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-48-lib4sbom
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-52-csaf-tool
-Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-53-packageurl-python
-Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-54-rich
-Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-55-markdown-it-py
-Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments
-Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl
-Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging
-Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-10-idna
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer
-Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3
-Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath
-Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-10-idna
-Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-7-multidict
-Relationship: SPDXRef-9-yarl DEPENDS_ON SPDXRef-8-propcache
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-25-rsa
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-34-pyasn1-modules
+Relationship: SPDXRef-40-google-auth DEPENDS_ON SPDXRef-41-cachetools
+Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-42-google-auth-httplib2 DEPENDS_ON SPDXRef-40-google-auth
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-23-fasteners
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-30-six
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-31-httplib2
+Relationship: SPDXRef-43-google-apitools DEPENDS_ON SPDXRef-33-oauth2client
+Relationship: SPDXRef-45-jinja2 DEPENDS_ON SPDXRef-46-markupsafe
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-48-jsonschema-specifications
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-49-referencing
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-50-rpds-py
+Relationship: SPDXRef-47-jsonschema DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-48-jsonschema-specifications DEPENDS_ON SPDXRef-49-referencing
+Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-50-rpds-py
+Relationship: SPDXRef-49-referencing DEPENDS_ON SPDXRef-6-attrs
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-17-defusedxml
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-52-pyyaml
+Relationship: SPDXRef-51-lib4sbom DEPENDS_ON SPDXRef-53-semantic-version
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-51-lib4sbom
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-55-csaf-tool
+Relationship: SPDXRef-54-lib4vex DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-56-packageurl-python
+Relationship: SPDXRef-55-csaf-tool DEPENDS_ON SPDXRef-57-rich
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-58-markdown-it-py
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-60-pygments
+Relationship: SPDXRef-57-rich DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-58-markdown-it-py DEPENDS_ON SPDXRef-59-mdurl
+Relationship: SPDXRef-6-attrs DEPENDS_ON SPDXRef-7-importlib-metadata
+Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-62-packaging
+Relationship: SPDXRef-63-plotly DEPENDS_ON SPDXRef-64-tenacity
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-13-idna
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-66-charset-normalizer
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-67-urllib3
+Relationship: SPDXRef-65-requests DEPENDS_ON SPDXRef-68-certifi
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-8-zipp
+Relationship: SPDXRef-7-importlib-metadata DEPENDS_ON SPDXRef-9-typing-extensions
+Relationship: SPDXRef-71-xmlschema DEPENDS_ON SPDXRef-72-elementpath
+Relationship: SPDXRef-73-zstandard DEPENDS_ON SPDXRef-37-cffi
Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool