From 32adc008dfff840edca969d1c141e56e592df545 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 16 Oct 2023 01:21:06 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 426 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.10.spdx | 344 ++++++++++++++------------- 2 files changed, 381 insertions(+), 389 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index 179b74f34f..59f3532a48 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -1,17 +1,20 @@ { - "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.4", - "serialNumber": "urn:uuid2d1fb677-cf32-4abd-a3eb-622b5bcc965b", + "specVersion": "1.5", + "serialNumber": "urn:uuid:c668fd7a-2fa1-474c-8d94-3dd9a4232a41", "version": 1, "metadata": { - "timestamp": "2023-07-10T00:40:56Z", - "tools": [ - { - "name": "sbom4python", - "version": "0.9.2" - } - ], + "timestamp": "2023-10-16T01:21:05Z", + "tools": { + "components": [ + { + "name": "sbom4python", + "version": "0.10.0", + "type": "application" + } + ] + }, "component": { "type": "application", "bom-ref": "CDXRef-DOCUMENT", @@ -55,7 +58,11 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.8.4", + "version": "3.8.6", + "supplier": { + "name": "NOASSERTION" + }, + "cpe": "cpe:/a:NOASSERTION:aiohttp:3.8.6", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -67,12 +74,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.8.4", + "url": "https://pypi.org/project/aiohttp/3.8.6", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.8.4", + "purl": "pkg:pypi/aiohttp@3.8.6", "properties": [ { "name": "License Comments", @@ -85,6 +92,10 @@ "bom-ref": "3-aiosignal", "name": "aiosignal", "version": "1.3.1", + "supplier": { + "name": "NOASSERTION" + }, + "cpe": "cpe:/a:NOASSERTION:aiosignal:1.3.1", "licenses": [ { "license": { @@ -112,7 +123,11 @@ "type": "library", "bom-ref": "4-frozenlist", "name": "frozenlist", - "version": "1.3.3", + "version": "1.4.0", + "supplier": { + "name": "NOASSERTION" + }, + "cpe": "cpe:/a:NOASSERTION:frozenlist:1.4.0", "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { @@ -124,12 +139,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/frozenlist/1.3.3", + "url": "https://pypi.org/project/frozenlist/1.4.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/frozenlist@1.3.3", + "purl": "pkg:pypi/frozenlist@1.4.0", "properties": [ { "name": "License Comments", @@ -141,7 +156,7 @@ "type": "library", "bom-ref": "5-async-timeout", "name": "async-timeout", - "version": "4.0.2", + "version": "4.0.3", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -150,7 +165,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*", "description": "Timeout context manager for asyncio programs", "licenses": [ { @@ -162,12 +177,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/async-timeout/4.0.2", + "url": "https://pypi.org/project/async-timeout/4.0.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/async-timeout@4.0.2", + "purl": "pkg:pypi/async-timeout@4.0.3", "properties": [ { "name": "License Comments", @@ -203,7 +218,7 @@ "type": "library", "bom-ref": "7-charset-normalizer", "name": "charset-normalizer", - "version": "3.2.0", + "version": "3.3.0", "supplier": { "name": "Ahmed TAHRI", "contact": [ @@ -212,7 +227,7 @@ } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.0:*:*:*:*:*:*:*", "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", "licenses": [ { @@ -224,12 +239,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/charset-normalizer/3.2.0", + "url": "https://pypi.org/project/charset-normalizer/3.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/charset-normalizer@3.2.0" + "purl": "pkg:pypi/charset-normalizer@3.3.0" }, { "type": "library", @@ -353,7 +368,7 @@ "type": "library", "bom-ref": "12-soupsieve", "name": "soupsieve", - "version": "2.4.1", + "version": "2.5", "supplier": { "name": "Isaac Muse", "contact": [ @@ -362,16 +377,16 @@ } ] }, - "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:*", "description": "A modern CSS selector implementation for Beautiful Soup.", "externalReferences": [ { - "url": "https://pypi.org/project/soupsieve/2.4.1", + "url": "https://pypi.org/project/soupsieve/2.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/soupsieve@2.4.1" + "purl": "pkg:pypi/soupsieve@2.5" }, { "type": "library", @@ -491,16 +506,16 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.25", + "version": "5.26", "supplier": { - "name": "Google Inc.", + "name": "Google Inc .", "contact": [ { "email": "buganizer-system+187143@google.com" } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -512,12 +527,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.25", + "url": "https://pypi.org/project/gsutil/5.26", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.25", + "purl": "pkg:pypi/gsutil@5.26", "properties": [ { "name": "License Comments", @@ -529,7 +544,7 @@ "type": "library", "bom-ref": "17-argcomplete", "name": "argcomplete", - "version": "3.1.1", + "version": "3.1.2", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -538,7 +553,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.2:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", "licenses": [ { @@ -550,12 +565,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.1.1", + "url": "https://pypi.org/project/argcomplete/3.1.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.1.1", + "purl": "pkg:pypi/argcomplete@3.1.2", "properties": [ { "name": "License Comments", @@ -599,11 +614,11 @@ "type": "library", "bom-ref": "19-fasteners", "name": "fasteners", - "version": "0.18", + "version": "0.19", "supplier": { "name": "Joshua Harlow" }, - "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:*", "description": "A python package that provides useful locks", "licenses": [ { @@ -615,18 +630,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/fasteners/0.18", + "url": "https://pypi.org/project/fasteners/0.19", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/fasteners@0.18", - "properties": [ - { - "name": "License Comments", - "value": "fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression." - } - ] + "purl": "pkg:pypi/fasteners@0.19" }, { "type": "library", @@ -634,7 +643,7 @@ "name": "gcs-oauth2-boto-plugin", "version": "3.0", "supplier": { - "name": "Google Inc.", + "name": "Google Inc .", "contact": [ { "email": "gs-team@google.com" @@ -742,7 +751,7 @@ "name": "pyu2f", "version": "0.1.5", "supplier": { - "name": "Google Inc.", + "name": "Google Inc .", "contact": [ { "email": "pyu2f-team@google.com" @@ -842,7 +851,7 @@ "type": "library", "bom-ref": "26-pyparsing", "name": "pyparsing", - "version": "3.1.0", + "version": "3.1.1", "supplier": { "name": "Paul McGuire", "contact": [ @@ -851,16 +860,16 @@ } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*", "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.0", + "url": "https://pypi.org/project/pyparsing/3.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.0" + "purl": "pkg:pypi/pyparsing@3.1.1" }, { "type": "library", @@ -868,7 +877,7 @@ "name": "oauth2client", "version": "4.1.3", "supplier": { - "name": "Google Inc.", + "name": "Google Inc .", "contact": [ { "email": "jonwayne+oauth2client@google.com" @@ -976,7 +985,7 @@ "name": "rsa", "version": "4.7.2", "supplier": { - "name": "Sybren A. Stuvel", + "name": "Sybren A . Stuvel", "contact": [ { "email": "sybren@stuvel.eu" @@ -1050,7 +1059,7 @@ "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "41.0.1", + "version": "41.0.4", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1059,29 +1068,27 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { - "license": { - "expression": "Apache-2.0 OR BSD-3-Clause" - } + "expression": "Apache-2.0 OR BSD-3-Clause" } ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/41.0.1", + "url": "https://pypi.org/project/cryptography/41.0.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@41.0.1" + "purl": "pkg:pypi/cryptography@41.0.4" }, { "type": "library", "bom-ref": "33-cffi", "name": "cffi", - "version": "1.15.1", + "version": "1.16.0", "supplier": { "name": "Armin Maciej Fijalkowski", "contact": [ @@ -1090,7 +1097,7 @@ } ] }, - "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:*", "description": "Foreign Function Interface for Python calling C code.", "licenses": [ { @@ -1102,12 +1109,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cffi/1.15.1", + "url": "https://pypi.org/project/cffi/1.16.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cffi@1.15.1" + "purl": "pkg:pypi/cffi@1.16.0" }, { "type": "library", @@ -1221,7 +1228,7 @@ "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.21.0", + "version": "2.23.3", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1230,7 +1237,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1242,12 +1249,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-auth/2.21.0", + "url": "https://pypi.org/project/google-auth/2.23.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.21.0", + "purl": "pkg:pypi/google-auth@2.23.3", "properties": [ { "name": "License Comments", @@ -1289,39 +1296,7 @@ }, { "type": "library", - "bom-ref": "39-urllib3", - "name": "urllib3", - "version": "1.26.16", - "supplier": { - "name": "Andrey Petrov", - "contact": [ - { - "email": "andrey.petrov@shazow.net" - } - ] - }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://pypi.org/project/urllib3/1.26.16", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/urllib3@1.26.16" - }, - { - "type": "library", - "bom-ref": "40-monotonic", + "bom-ref": "39-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1359,7 +1334,7 @@ }, { "type": "library", - "bom-ref": "41-jinja2", + "bom-ref": "40-jinja2", "name": "jinja2", "version": "3.1.2", "supplier": { @@ -1391,9 +1366,13 @@ }, { "type": "library", - "bom-ref": "42-markupsafe", + "bom-ref": "41-markupsafe", "name": "markupsafe", "version": "2.1.3", + "supplier": { + "name": "NOASSERTION" + }, + "cpe": "cpe:/a:NOASSERTION:markupsafe:2.1.3", "description": "Safely add untrusted strings to HTML/XML markup.", "licenses": [ { @@ -1414,13 +1393,13 @@ }, { "type": "library", - "bom-ref": "43-jsonschema", + "bom-ref": "42-jsonschema", "name": "jsonschema", - "version": "4.18.0", + "version": "4.19.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1432,22 +1411,22 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.18.0", + "url": "https://pypi.org/project/jsonschema/4.19.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.18.0" + "purl": "pkg:pypi/jsonschema@4.19.1" }, { "type": "library", - "bom-ref": "44-jsonschema-specifications", + "bom-ref": "43-jsonschema-specifications", "name": "jsonschema-specifications", - "version": "2023.6.1", + "version": "2023.7.1", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.7.1:*:*:*:*:*:*:*", "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "licenses": [ { @@ -1459,22 +1438,22 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema-specifications/2023.6.1", + "url": "https://pypi.org/project/jsonschema-specifications/2023.7.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema-specifications@2023.6.1" + "purl": "pkg:pypi/jsonschema-specifications@2023.7.1" }, { "type": "library", - "bom-ref": "45-referencing", + "bom-ref": "44-referencing", "name": "referencing", - "version": "0.29.1", + "version": "0.30.2", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "licenses": [ { @@ -1486,22 +1465,22 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.29.1", + "url": "https://pypi.org/project/referencing/0.30.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/referencing@0.29.1" + "purl": "pkg:pypi/referencing@0.30.2" }, { "type": "library", - "bom-ref": "46-rpds-py", + "bom-ref": "45-rpds-py", "name": "rpds-py", - "version": "0.8.10", + "version": "0.10.6", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { @@ -1513,18 +1492,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.8.10", + "url": "https://pypi.org/project/rpds-py/0.10.6", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rpds-py@0.8.10" + "purl": "pkg:pypi/rpds-py@0.10.6" }, { "type": "library", - "bom-ref": "47-lib4sbom", + "bom-ref": "46-lib4sbom", "name": "lib4sbom", - "version": "0.3.1", + "version": "0.5.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -1533,7 +1512,7 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.5.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "licenses": [ { @@ -1545,18 +1524,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.3.1", + "url": "https://pypi.org/project/lib4sbom/0.5.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.3.1" + "purl": "pkg:pypi/lib4sbom@0.5.1" }, { "type": "library", - "bom-ref": "48-pyyaml", + "bom-ref": "47-pyyaml", "name": "pyyaml", - "version": "6.0", + "version": "6.0.1", "supplier": { "name": "Kirill Simonov", "contact": [ @@ -1565,7 +1544,7 @@ } ] }, - "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", "licenses": [ { @@ -1577,16 +1556,16 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0", + "url": "https://pypi.org/project/PyYAML/6.0.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyyaml@6.0" + "purl": "pkg:pypi/pyyaml@6.0.1" }, { "type": "library", - "bom-ref": "49-semantic-version", + "bom-ref": "48-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -1624,7 +1603,7 @@ }, { "type": "library", - "bom-ref": "50-packaging", + "bom-ref": "49-packaging", "name": "packaging", "version": "21.3", "supplier": { @@ -1639,9 +1618,7 @@ "description": "Core utilities for Python packages", "licenses": [ { - "license": { - "expression": "BSD-2-Clause OR Apache-2.0" - } + "expression": "BSD-2-Clause OR Apache-2.0" } ], "externalReferences": [ @@ -1661,9 +1638,9 @@ }, { "type": "library", - "bom-ref": "51-plotly", + "bom-ref": "50-plotly", "name": "plotly", - "version": "5.15.0", + "version": "5.17.0", "supplier": { "name": "Chris P", "contact": [ @@ -1672,7 +1649,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -1684,18 +1661,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.15.0", + "url": "https://pypi.org/project/plotly/5.17.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.15.0" + "purl": "pkg:pypi/plotly@5.17.0" }, { "type": "library", - "bom-ref": "52-tenacity", + "bom-ref": "51-tenacity", "name": "tenacity", - "version": "8.2.2", + "version": "8.2.3", "supplier": { "name": "Julien Danjou", "contact": [ @@ -1704,7 +1681,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -1716,12 +1693,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.2.2", + "url": "https://pypi.org/project/tenacity/8.2.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.2.2", + "purl": "pkg:pypi/tenacity@8.2.3", "properties": [ { "name": "License Comments", @@ -1731,9 +1708,9 @@ }, { "type": "library", - "bom-ref": "53-python-gnupg", + "bom-ref": "52-python-gnupg", "name": "python-gnupg", - "version": "0.5.0", + "version": "0.5.1", "supplier": { "name": "Vinay Sajip", "contact": [ @@ -1742,7 +1719,7 @@ } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "licenses": [ { @@ -1754,12 +1731,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/python-gnupg/0.5.0", + "url": "https://pypi.org/project/python-gnupg/0.5.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.0", + "purl": "pkg:pypi/python-gnupg@0.5.1", "properties": [ { "name": "License Comments", @@ -1769,7 +1746,7 @@ }, { "type": "library", - "bom-ref": "54-requests", + "bom-ref": "53-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -1807,9 +1784,9 @@ }, { "type": "library", - "bom-ref": "55-certifi", + "bom-ref": "54-certifi", "name": "certifi", - "version": "2023.5.7", + "version": "2023.7.22", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -1818,7 +1795,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { @@ -1830,18 +1807,42 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/certifi/2023.5.7", + "url": "https://pypi.org/project/certifi/2023.7.22", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/certifi@2023.5.7" + "purl": "pkg:pypi/certifi@2023.7.22" + }, + { + "type": "library", + "bom-ref": "55-urllib3", + "name": "urllib3", + "version": "2.0.6", + "supplier": { + "name": "Andrey Petrov", + "contact": [ + { + "email": "andrey.petrov@shazow.net" + } + ] + }, + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.0.6:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "externalReferences": [ + { + "url": "https://pypi.org/project/urllib3/2.0.6", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/urllib3@2.0.6" }, { "type": "library", "bom-ref": "56-rich", "name": "rich", - "version": "13.4.2", + "version": "13.6.0", "supplier": { "name": "Will McGugan", "contact": [ @@ -1850,7 +1851,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.6.0:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -1862,12 +1863,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.4.2", + "url": "https://pypi.org/project/rich/13.6.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.4.2" + "purl": "pkg:pypi/rich@13.6.0" }, { "type": "library", @@ -1921,7 +1922,7 @@ "type": "library", "bom-ref": "59-pygments", "name": "pygments", - "version": "2.15.1", + "version": "2.16.1", "supplier": { "name": "Georg Brandl", "contact": [ @@ -1930,7 +1931,7 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", "licenses": [ { @@ -1942,12 +1943,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.15.1", + "url": "https://pypi.org/project/Pygments/2.16.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.15.1" + "purl": "pkg:pypi/pygments@2.16.1" }, { "type": "library", @@ -2017,7 +2018,7 @@ "type": "library", "bom-ref": "62-xmlschema", "name": "xmlschema", - "version": "2.3.1", + "version": "2.5.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2026,7 +2027,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2038,18 +2039,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/2.3.1", + "url": "https://pypi.org/project/xmlschema/2.5.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@2.3.1" + "purl": "pkg:pypi/xmlschema@2.5.0" }, { "type": "library", "bom-ref": "63-elementpath", "name": "elementpath", - "version": "4.1.4", + "version": "4.1.5", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2058,7 +2059,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -2070,12 +2071,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/elementpath/4.1.4", + "url": "https://pypi.org/project/elementpath/4.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.1.4" + "purl": "pkg:pypi/elementpath@4.1.5" }, { "type": "library", @@ -2117,12 +2118,6 @@ } ], "dependencies": [ - { - "ref": "CDXRef-DOCUMENT", - "dependsOn": [ - "1-cve-bin-tool" - ] - }, { "ref": "1-cve-bin-tool", "dependsOn": [ @@ -2132,18 +2127,18 @@ "14-defusedxml", "15-distro", "16-gsutil", - "41-jinja2", - "43-jsonschema", - "47-lib4sbom", - "50-packaging", - "51-plotly", - "53-python-gnupg", - "48-pyyaml", - "54-requests", + "40-jinja2", + "42-jsonschema", + "46-lib4sbom", + "49-packaging", + "50-plotly", + "52-python-gnupg", + "47-pyyaml", + "53-requests", "56-rich", "60-rpmfile", "61-toml", - "39-urllib3", + "55-urllib3", "62-xmlschema", "64-zstandard" ] @@ -2190,7 +2185,7 @@ "37-google-auth", "22-google-reauth", "25-httplib2", - "40-monotonic", + "39-monotonic", "31-pyopenssl", "35-retry-decorator", "24-six" @@ -2281,66 +2276,65 @@ "dependsOn": [ "38-cachetools", "29-pyasn1-modules", - "30-rsa", - "24-six", - "39-urllib3" + "30-rsa" ] }, { - "ref": "41-jinja2", + "ref": "40-jinja2", "dependsOn": [ - "42-markupsafe" + "41-markupsafe" ] }, { - "ref": "43-jsonschema", + "ref": "42-jsonschema", "dependsOn": [ "6-attrs", - "44-jsonschema-specifications", - "45-referencing", - "46-rpds-py" + "43-jsonschema-specifications", + "44-referencing", + "45-rpds-py" ] }, { - "ref": "44-jsonschema-specifications", + "ref": "43-jsonschema-specifications", "dependsOn": [ - "45-referencing" + "44-referencing" ] }, { - "ref": "45-referencing", + "ref": "44-referencing", "dependsOn": [ "6-attrs", - "46-rpds-py" + "45-rpds-py" ] }, { - "ref": "47-lib4sbom", + "ref": "46-lib4sbom", "dependsOn": [ - "48-pyyaml", - "49-semantic-version" + "14-defusedxml", + "47-pyyaml", + "48-semantic-version" ] }, { - "ref": "50-packaging", + "ref": "49-packaging", "dependsOn": [ "26-pyparsing" ] }, { - "ref": "51-plotly", + "ref": "50-plotly", "dependsOn": [ - "50-packaging", - "52-tenacity" + "49-packaging", + "51-tenacity" ] }, { - "ref": "54-requests", + "ref": "53-requests", "dependsOn": [ - "55-certifi", + "54-certifi", "7-charset-normalizer", "10-idna", - "39-urllib3" + "55-urllib3" ] }, { diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index cf98d162b3..87f4c1c1d8 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8cf27c00-ca66-457e-9fd5-d1ed47312a40 -LicenseListVersion: 3.20 -Creator: Tool: sbom4python-0.9.2 -Created: 2023-07-10T00:39:41Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-907a1588-4658-42d8-9537-de4e5c13e0ad +LicenseListVersion: 3.21 +Creator: Tool: sbom4python-0.10.0 +Created: 2023-10-16T01:19:34Z CreatorComment: This document has been automatically generated. ##### @@ -26,24 +26,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.8.4 +PackageVersion: 3.8.6 PrimaryPackagePurpose: LIBRARY -PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4 +PackageSupplier: Organization: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.6 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.6 ##### PackageName: aiosignal SPDXID: SPDXRef-Package-3-aiosignal PackageVersion: 1.3.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: NOASSERTION +PackageSupplier: Organization: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION @@ -55,33 +55,33 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1 PackageName: frozenlist SPDXID: SPDXRef-Package-4-frozenlist -PackageVersion: 1.3.3 +PackageVersion: 1.4.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3 +PackageSupplier: Organization: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.0 ##### PackageName: async-timeout SPDXID: SPDXRef-Package-5-async-timeout -PackageVersion: 4.0.2 +PackageVersion: 4.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2 +PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Timeout context manager for asyncio programs -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:* ##### PackageName: attrs @@ -101,17 +101,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:* PackageName: charset-normalizer SPDXID: SPDXRef-Package-7-charset-normalizer -PackageVersion: 3.2.0 +PackageVersion: 3.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) -PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.2.0 +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.0:*:*:*:*:*:*:* ##### PackageName: multidict @@ -177,17 +177,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 PackageName: soupsieve SPDXID: SPDXRef-Package-12-soupsieve -PackageVersion: 2.4.1 +PackageVersion: 2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) -PackageDownloadLocation: https://pypi.org/project/soupsieve/2.4.1 +PackageDownloadLocation: https://pypi.org/project/soupsieve/2.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: A modern CSS selector implementation for Beautiful Soup. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* ##### PackageName: cvss @@ -240,34 +240,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.25 +PackageVersion: 5.26 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.25 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.26 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.26 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.26:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-17-argcomplete -PackageVersion: 3.1.1 +PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.1 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.2:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -287,18 +287,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* PackageName: fasteners SPDXID: SPDXRef-Package-19-fasteners -PackageVersion: 0.18 +PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow -PackageDownloadLocation: https://pypi.org/project/fasteners/0.18 +PackageDownloadLocation: https://pypi.org/project/fasteners/0.19 FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION +PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A python package that provides useful locks -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.19 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin @@ -396,17 +395,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* PackageName: pyparsing SPDXID: SPDXRef-Package-26-pyparsing -PackageVersion: 3.1.0 +PackageVersion: 3.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0 +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:* ##### PackageName: oauth2client @@ -490,32 +489,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23. PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 41.0.1 +PackageVersion: 41.0.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1 +PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.4 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.4:*:*:*:*:*:*:* ##### PackageName: cffi SPDXID: SPDXRef-Package-33-cffi -PackageVersion: 1.15.1 +PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) -PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1 +PackageDownloadLocation: https://pypi.org/project/cffi/1.16.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Foreign Function Interface for Python calling C code. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.15.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.16.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*:*:*:*:*:*:* ##### PackageName: pycparser @@ -567,18 +566,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.21.0 +PackageVersion: 2.23.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.21.0 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.23.3 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.23.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.23.3:*:*:*:*:*:*:* ##### PackageName: cachetools @@ -596,23 +595,8 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:* ##### -PackageName: urllib3 -SPDXID: SPDXRef-Package-39-urllib3 -PackageVersion: 1.26.16 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.16 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:* -##### - PackageName: monotonic -SPDXID: SPDXRef-Package-40-monotonic +SPDXID: SPDXRef-Package-39-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -628,7 +612,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-41-jinja2 +SPDXID: SPDXRef-Package-40-jinja2 PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) @@ -643,10 +627,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*: ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-42-markupsafe +SPDXID: SPDXRef-Package-41-markupsafe PackageVersion: 2.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: NOASSERTION +PackageSupplier: Organization: NOASSERTION PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3 FilesAnalyzed: false PackageLicenseDeclared: BSD-3-Clause @@ -657,97 +641,97 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-43-jsonschema -PackageVersion: 4.18.0 +SPDXID: SPDXRef-Package-42-jsonschema +PackageVersion: 4.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.0 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.19.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.1:*:*:*:*:*:*:* ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-44-jsonschema-specifications -PackageVersion: 2023.6.1 +SPDXID: SPDXRef-Package-43-jsonschema-specifications +PackageVersion: 2023.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.6.1 +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.7.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.6.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.7.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.7.1:*:*:*:*:*:*:* ##### PackageName: referencing -SPDXID: SPDXRef-Package-45-referencing -PackageVersion: 0.29.1 +SPDXID: SPDXRef-Package-44-referencing +PackageVersion: 0.30.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.29.1 +PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: JSON Referencing + Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.29.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-46-rpds-py -PackageVersion: 0.8.10 +SPDXID: SPDXRef-Package-45-rpds-py +PackageVersion: 0.10.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.8.10 +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.10.6 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Python bindings to Rust's persistent data structures (rpds) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.8.10 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.10.6 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.10.6:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-47-lib4sbom -PackageVersion: 0.3.1 +SPDXID: SPDXRef-Package-46-lib4sbom +PackageVersion: 0.5.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.5.1 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.5.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.5.1:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-48-pyyaml -PackageVersion: 6.0 +SPDXID: SPDXRef-Package-47-pyyaml +PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0 +PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:* ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-49-semantic-version +SPDXID: SPDXRef-Package-48-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -763,7 +747,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packaging -SPDXID: SPDXRef-Package-50-packaging +SPDXID: SPDXRef-Package-49-packaging PackageVersion: 21.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) @@ -779,54 +763,54 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut ##### PackageName: plotly -SPDXID: SPDXRef-Package-51-plotly -PackageVersion: 5.15.0 +SPDXID: SPDXRef-Package-50-plotly +PackageVersion: 5.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.17.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.15.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.17.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.17.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-52-tenacity -PackageVersion: 8.2.2 +SPDXID: SPDXRef-Package-51-tenacity +PackageVersion: 8.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2 +PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-53-python-gnupg -PackageVersion: 0.5.0 +SPDXID: SPDXRef-Package-52-python-gnupg +PackageVersion: 0.5.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.0 +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-54-requests +SPDXID: SPDXRef-Package-53-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -842,33 +826,48 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-55-certifi -PackageVersion: 2023.5.7 +SPDXID: SPDXRef-Package-54-certifi +PackageVersion: 2023.7.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7 +PackageDownloadLocation: https://pypi.org/project/certifi/2023.7.22 FilesAnalyzed: false PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.7.22 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:*:*:*:* +##### + +PackageName: urllib3 +SPDXID: SPDXRef-Package-55-urllib3 +PackageVersion: 2.0.6 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) +PackageDownloadLocation: https://pypi.org/project/urllib3/2.0.6 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@2.0.6 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.0.6:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-Package-56-rich -PackageVersion: 13.4.2 +PackageVersion: 13.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.4.2 +PackageDownloadLocation: https://pypi.org/project/rich/13.6.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.6.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.6.0:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -903,17 +902,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: PackageName: pygments SPDXID: SPDXRef-Package-59-pygments -PackageVersion: 2.15.1 +PackageVersion: 2.16.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1 FilesAnalyzed: false PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:* ##### PackageName: rpmfile @@ -948,32 +947,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-Package-62-xmlschema -PackageVersion: 2.3.1 +PackageVersion: 2.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/2.5.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.5.0:*:*:*:*:*:*:* ##### PackageName: elementpath SPDXID: SPDXRef-Package-63-elementpath -PackageVersion: 4.1.4 +PackageVersion: 4.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.5 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:* ##### PackageName: zstandard @@ -992,22 +991,21 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.21.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.21.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-cvss Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defusedxml Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-urllib3 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-rich Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rpmfile Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-toml @@ -1025,7 +1023,7 @@ Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout @@ -1059,31 +1057,31 @@ Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-f Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2 Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-24-six Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing -Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py -Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml -Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version -Relationship: SPDXRef-Package-50-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-50-packaging -Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-52-tenacity -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-55-certifi -Relationship: SPDXRef-Package-54-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer +Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-jsonschema-specifications +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-44-referencing +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-45-rpds-py +Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-43-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-referencing +Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-45-rpds-py +Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-14-defusedxml +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-47-pyyaml +Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-48-semantic-version +Relationship: SPDXRef-Package-49-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing +Relationship: SPDXRef-Package-50-plotly DEPENDS_ON SPDXRef-Package-49-packaging +Relationship: SPDXRef-Package-50-plotly DEPENDS_ON SPDXRef-Package-51-tenacity +Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-54-certifi +Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-55-urllib3 +Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-57-markdown-it-py Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-59-pygments Relationship: SPDXRef-Package-57-markdown-it-py DEPENDS_ON SPDXRef-Package-58-mdurl Relationship: SPDXRef-Package-62-xmlschema DEPENDS_ON SPDXRef-Package-63-elementpath Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict +Relationship: SPDXRef-Package-None DESCRIBES SPDXRef-Package-1-cve-bin-tool