diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json
index 179b74f34f..4373b10e30 100644
--- a/sbom/cve-bin-tool-py3.10.json
+++ b/sbom/cve-bin-tool-py3.10.json
@@ -1,17 +1,20 @@
{
- "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
+ "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
"bomFormat": "CycloneDX",
- "specVersion": "1.4",
- "serialNumber": "urn:uuid2d1fb677-cf32-4abd-a3eb-622b5bcc965b",
+ "specVersion": "1.5",
+ "serialNumber": "urn:uuid:073f3dd0-76ff-463f-ab9c-4809412c9fe3",
"version": 1,
"metadata": {
- "timestamp": "2023-07-10T00:40:56Z",
- "tools": [
- {
- "name": "sbom4python",
- "version": "0.9.2"
- }
- ],
+ "timestamp": "2023-08-28T01:17:33Z",
+ "tools": {
+ "components": [
+ {
+ "name": "sbom4python",
+ "version": "0.10.0",
+ "type": "application"
+ }
+ ]
+ },
"component": {
"type": "application",
"bom-ref": "CDXRef-DOCUMENT",
@@ -55,7 +58,7 @@
"type": "library",
"bom-ref": "2-aiohttp",
"name": "aiohttp",
- "version": "3.8.4",
+ "version": "3.8.5",
"description": "Async http client/server framework (asyncio)",
"licenses": [
{
@@ -67,12 +70,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/aiohttp/3.8.4",
+ "url": "https://pypi.org/project/aiohttp/3.8.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/aiohttp@3.8.4",
+ "purl": "pkg:pypi/aiohttp@3.8.5",
"properties": [
{
"name": "License Comments",
@@ -112,7 +115,7 @@
"type": "library",
"bom-ref": "4-frozenlist",
"name": "frozenlist",
- "version": "1.3.3",
+ "version": "1.4.0",
"description": "A list-like structure which implements collections.abc.MutableSequence",
"licenses": [
{
@@ -124,12 +127,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/frozenlist/1.3.3",
+ "url": "https://pypi.org/project/frozenlist/1.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/frozenlist@1.3.3",
+ "purl": "pkg:pypi/frozenlist@1.4.0",
"properties": [
{
"name": "License Comments",
@@ -141,7 +144,7 @@
"type": "library",
"bom-ref": "5-async-timeout",
"name": "async-timeout",
- "version": "4.0.2",
+ "version": "4.0.3",
"supplier": {
"name": "Andrew Svetlov",
"contact": [
@@ -150,7 +153,7 @@
}
]
},
- "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*",
"description": "Timeout context manager for asyncio programs",
"licenses": [
{
@@ -162,12 +165,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/async-timeout/4.0.2",
+ "url": "https://pypi.org/project/async-timeout/4.0.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/async-timeout@4.0.2",
+ "purl": "pkg:pypi/async-timeout@4.0.3",
"properties": [
{
"name": "License Comments",
@@ -842,7 +845,7 @@
"type": "library",
"bom-ref": "26-pyparsing",
"name": "pyparsing",
- "version": "3.1.0",
+ "version": "3.1.1",
"supplier": {
"name": "Paul McGuire",
"contact": [
@@ -851,16 +854,16 @@
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*",
"description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"externalReferences": [
{
- "url": "https://pypi.org/project/pyparsing/3.1.0",
+ "url": "https://pypi.org/project/pyparsing/3.1.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyparsing@3.1.0"
+ "purl": "pkg:pypi/pyparsing@3.1.1"
},
{
"type": "library",
@@ -1050,7 +1053,7 @@
"type": "library",
"bom-ref": "32-cryptography",
"name": "cryptography",
- "version": "41.0.1",
+ "version": "41.0.3",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1059,7 +1062,7 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
"licenses": [
{
@@ -1070,12 +1073,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/41.0.1",
+ "url": "https://pypi.org/project/cryptography/41.0.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@41.0.1"
+ "purl": "pkg:pypi/cryptography@41.0.3"
},
{
"type": "library",
@@ -1221,7 +1224,7 @@
"type": "library",
"bom-ref": "37-google-auth",
"name": "google-auth",
- "version": "2.21.0",
+ "version": "2.22.0",
"supplier": {
"name": "Google Cloud Platform",
"contact": [
@@ -1230,7 +1233,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.22.0:*:*:*:*:*:*:*",
"description": "Google Authentication Library",
"licenses": [
{
@@ -1242,12 +1245,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-auth/2.21.0",
+ "url": "https://pypi.org/project/google-auth/2.22.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-auth@2.21.0",
+ "purl": "pkg:pypi/google-auth@2.22.0",
"properties": [
{
"name": "License Comments",
@@ -1416,11 +1419,11 @@
"type": "library",
"bom-ref": "43-jsonschema",
"name": "jsonschema",
- "version": "4.18.0",
+ "version": "4.19.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"licenses": [
{
@@ -1432,22 +1435,22 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema/4.18.0",
+ "url": "https://pypi.org/project/jsonschema/4.19.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema@4.18.0"
+ "purl": "pkg:pypi/jsonschema@4.19.0"
},
{
"type": "library",
"bom-ref": "44-jsonschema-specifications",
"name": "jsonschema-specifications",
- "version": "2023.6.1",
+ "version": "2023.7.1",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.7.1:*:*:*:*:*:*:*",
"description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry",
"licenses": [
{
@@ -1459,22 +1462,22 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema-specifications/2023.6.1",
+ "url": "https://pypi.org/project/jsonschema-specifications/2023.7.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema-specifications@2023.6.1"
+ "purl": "pkg:pypi/jsonschema-specifications@2023.7.1"
},
{
"type": "library",
"bom-ref": "45-referencing",
"name": "referencing",
- "version": "0.29.1",
+ "version": "0.30.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"licenses": [
{
@@ -1486,22 +1489,22 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.29.1",
+ "url": "https://pypi.org/project/referencing/0.30.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.29.1"
+ "purl": "pkg:pypi/referencing@0.30.2"
},
{
"type": "library",
"bom-ref": "46-rpds-py",
"name": "rpds-py",
- "version": "0.8.10",
+ "version": "0.9.2",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:*:*",
"description": "Python bindings to Rust's persistent data structures (rpds)",
"licenses": [
{
@@ -1513,18 +1516,18 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rpds-py/0.8.10",
+ "url": "https://pypi.org/project/rpds-py/0.9.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rpds-py@0.8.10"
+ "purl": "pkg:pypi/rpds-py@0.9.2"
},
{
"type": "library",
"bom-ref": "47-lib4sbom",
"name": "lib4sbom",
- "version": "0.3.1",
+ "version": "0.4.3",
"supplier": {
"name": "Anthony Harrison",
"contact": [
@@ -1533,7 +1536,7 @@
}
]
},
- "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.3:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
"licenses": [
{
@@ -1545,18 +1548,18 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/lib4sbom/0.3.1",
+ "url": "https://pypi.org/project/lib4sbom/0.4.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/lib4sbom@0.3.1"
+ "purl": "pkg:pypi/lib4sbom@0.4.3"
},
{
"type": "library",
"bom-ref": "48-pyyaml",
"name": "pyyaml",
- "version": "6.0",
+ "version": "6.0.1",
"supplier": {
"name": "Kirill Simonov",
"contact": [
@@ -1565,7 +1568,7 @@
}
]
},
- "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*",
"description": "YAML parser and emitter for Python",
"licenses": [
{
@@ -1577,12 +1580,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/PyYAML/6.0",
+ "url": "https://pypi.org/project/PyYAML/6.0.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyyaml@6.0"
+ "purl": "pkg:pypi/pyyaml@6.0.1"
},
{
"type": "library",
@@ -1663,7 +1666,7 @@
"type": "library",
"bom-ref": "51-plotly",
"name": "plotly",
- "version": "5.15.0",
+ "version": "5.16.1",
"supplier": {
"name": "Chris P",
"contact": [
@@ -1672,7 +1675,7 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.16.1:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
"licenses": [
{
@@ -1684,18 +1687,18 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/plotly/5.15.0",
+ "url": "https://pypi.org/project/plotly/5.16.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/plotly@5.15.0"
+ "purl": "pkg:pypi/plotly@5.16.1"
},
{
"type": "library",
"bom-ref": "52-tenacity",
"name": "tenacity",
- "version": "8.2.2",
+ "version": "8.2.3",
"supplier": {
"name": "Julien Danjou",
"contact": [
@@ -1704,7 +1707,7 @@
}
]
},
- "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*",
"description": "Retry code until it succeeds",
"licenses": [
{
@@ -1716,12 +1719,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/tenacity/8.2.2",
+ "url": "https://pypi.org/project/tenacity/8.2.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/tenacity@8.2.2",
+ "purl": "pkg:pypi/tenacity@8.2.3",
"properties": [
{
"name": "License Comments",
@@ -1733,7 +1736,7 @@
"type": "library",
"bom-ref": "53-python-gnupg",
"name": "python-gnupg",
- "version": "0.5.0",
+ "version": "0.5.1",
"supplier": {
"name": "Vinay Sajip",
"contact": [
@@ -1742,7 +1745,7 @@
}
]
},
- "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*:*:*:*",
"description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)",
"licenses": [
{
@@ -1754,12 +1757,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/python-gnupg/0.5.0",
+ "url": "https://pypi.org/project/python-gnupg/0.5.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/python-gnupg@0.5.0",
+ "purl": "pkg:pypi/python-gnupg@0.5.1",
"properties": [
{
"name": "License Comments",
@@ -1809,7 +1812,7 @@
"type": "library",
"bom-ref": "55-certifi",
"name": "certifi",
- "version": "2023.5.7",
+ "version": "2023.7.22",
"supplier": {
"name": "Kenneth Reitz",
"contact": [
@@ -1818,7 +1821,7 @@
}
]
},
- "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:*:*:*:*",
"description": "Python package for providing Mozilla's CA Bundle.",
"licenses": [
{
@@ -1830,18 +1833,18 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/certifi/2023.5.7",
+ "url": "https://pypi.org/project/certifi/2023.7.22",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/certifi@2023.5.7"
+ "purl": "pkg:pypi/certifi@2023.7.22"
},
{
"type": "library",
"bom-ref": "56-rich",
"name": "rich",
- "version": "13.4.2",
+ "version": "13.5.2",
"supplier": {
"name": "Will McGugan",
"contact": [
@@ -1850,7 +1853,7 @@
}
]
},
- "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*",
"description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal",
"licenses": [
{
@@ -1862,12 +1865,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rich/13.4.2",
+ "url": "https://pypi.org/project/rich/13.5.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rich@13.4.2"
+ "purl": "pkg:pypi/rich@13.5.2"
},
{
"type": "library",
@@ -1921,7 +1924,7 @@
"type": "library",
"bom-ref": "59-pygments",
"name": "pygments",
- "version": "2.15.1",
+ "version": "2.16.1",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -1930,7 +1933,7 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
"licenses": [
{
@@ -1942,12 +1945,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/Pygments/2.15.1",
+ "url": "https://pypi.org/project/Pygments/2.16.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.15.1"
+ "purl": "pkg:pypi/pygments@2.16.1"
},
{
"type": "library",
@@ -2017,7 +2020,7 @@
"type": "library",
"bom-ref": "62-xmlschema",
"name": "xmlschema",
- "version": "2.3.1",
+ "version": "2.4.0",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2026,7 +2029,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*",
"description": "An XML Schema validator and decoder",
"licenses": [
{
@@ -2038,18 +2041,18 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/xmlschema/2.3.1",
+ "url": "https://pypi.org/project/xmlschema/2.4.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/xmlschema@2.3.1"
+ "purl": "pkg:pypi/xmlschema@2.4.0"
},
{
"type": "library",
"bom-ref": "63-elementpath",
"name": "elementpath",
- "version": "4.1.4",
+ "version": "4.1.5",
"supplier": {
"name": "Davide Brunato",
"contact": [
@@ -2058,7 +2061,7 @@
}
]
},
- "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*",
"description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml",
"licenses": [
{
@@ -2070,12 +2073,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/elementpath/4.1.4",
+ "url": "https://pypi.org/project/elementpath/4.1.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/elementpath@4.1.4"
+ "purl": "pkg:pypi/elementpath@4.1.5"
},
{
"type": "library",
diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx
index cf98d162b3..3a9ee97c08 100644
--- a/sbom/cve-bin-tool-py3.10.spdx
+++ b/sbom/cve-bin-tool-py3.10.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-8cf27c00-ca66-457e-9fd5-d1ed47312a40
-LicenseListVersion: 3.20
-Creator: Tool: sbom4python-0.9.2
-Created: 2023-07-10T00:39:41Z
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9c88ffc9-c0a6-44b2-9620-8f16621dd770
+LicenseListVersion: 3.21
+Creator: Tool: sbom4python-0.10.0
+Created: 2023-08-28T01:16:14Z
CreatorComment: This document has been automatically generated.
#####
@@ -26,17 +26,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*:
PackageName: aiohttp
SPDXID: SPDXRef-Package-2-aiohttp
-PackageVersion: 3.8.4
+PackageVersion: 3.8.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4
+PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.5
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Async http client/server framework (asyncio)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.5
#####
PackageName: aiosignal
@@ -55,33 +55,33 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1
PackageName: frozenlist
SPDXID: SPDXRef-Package-4-frozenlist
-PackageVersion: 1.3.3
+PackageVersion: 1.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3
+PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A list-like structure which implements collections.abc.MutableSequence
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.0
#####
PackageName: async-timeout
SPDXID: SPDXRef-Package-5-async-timeout
-PackageVersion: 4.0.2
+PackageVersion: 4.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2
+PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Timeout context manager for asyncio programs
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:*:*:*:*:*:*
#####
PackageName: attrs
@@ -396,17 +396,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
PackageName: pyparsing
SPDXID: SPDXRef-Package-26-pyparsing
-PackageVersion: 3.1.0
+PackageVersion: 3.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0
+PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*
#####
PackageName: oauth2client
@@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.
PackageName: cryptography
SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 41.0.1
+PackageVersion: 41.0.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1
+PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*
#####
PackageName: cffi
@@ -567,18 +567,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*
PackageName: google-auth
SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.21.0
+PackageVersion: 2.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.21.0
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.22.0
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.22.0:*:*:*:*:*:*:*
#####
PackageName: cachetools
@@ -658,92 +658,92 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3
PackageName: jsonschema
SPDXID: SPDXRef-Package-43-jsonschema
-PackageVersion: 4.18.0
+PackageVersion: 4.19.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.0
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.19.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.19.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.19.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
SPDXID: SPDXRef-Package-44-jsonschema-specifications
-PackageVersion: 2023.6.1
+PackageVersion: 2023.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.6.1
+PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.7.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.6.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.7.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.7.1:*:*:*:*:*:*:*
#####
PackageName: referencing
SPDXID: SPDXRef-Package-45-referencing
-PackageVersion: 0.29.1
+PackageVersion: 0.30.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.29.1
+PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.29.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*
#####
PackageName: rpds-py
SPDXID: SPDXRef-Package-46-rpds-py
-PackageVersion: 0.8.10
+PackageVersion: 0.9.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/rpds-py/0.8.10
+PackageDownloadLocation: https://pypi.org/project/rpds-py/0.9.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Python bindings to Rust's persistent data structures (rpds)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.8.10
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.9.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:*:*
#####
PackageName: lib4sbom
SPDXID: SPDXRef-Package-47-lib4sbom
-PackageVersion: 0.3.1
+PackageVersion: 0.4.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1
+PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.3
FilesAnalyzed: false
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Software Bill of Material (SBOM) generator and consumer library
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.3:*:*:*:*:*:*:*
#####
PackageName: pyyaml
SPDXID: SPDXRef-Package-48-pyyaml
-PackageVersion: 6.0
+PackageVersion: 6.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
-PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0
+PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: YAML parser and emitter for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*
#####
PackageName: semantic-version
@@ -780,49 +780,49 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut
PackageName: plotly
SPDXID: SPDXRef-Package-51-plotly
-PackageVersion: 5.15.0
+PackageVersion: 5.16.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.16.1
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.15.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.16.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.16.1:*:*:*:*:*:*:*
#####
PackageName: tenacity
SPDXID: SPDXRef-Package-52-tenacity
-PackageVersion: 8.2.2
+PackageVersion: 8.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
-PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2
+PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.3
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Retry code until it succeeds
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*:*:*
#####
PackageName: python-gnupg
SPDXID: SPDXRef-Package-53-python-gnupg
-PackageVersion: 0.5.0
+PackageVersion: 0.5.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
-PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.0
+PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: BSD-3-Clause
PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*:*:*:*
#####
PackageName: requests
@@ -843,32 +843,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:
PackageName: certifi
SPDXID: SPDXRef-Package-55-certifi
-PackageVersion: 2023.5.7
+PackageVersion: 2023.7.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
-PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7
+PackageDownloadLocation: https://pypi.org/project/certifi/2023.7.22
FilesAnalyzed: false
PackageLicenseDeclared: MPL-2.0
PackageLicenseConcluded: MPL-2.0
PackageCopyrightText: NOASSERTION
PackageSummary: Python package for providing Mozilla's CA Bundle.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.7.22
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:*:*:*:*
#####
PackageName: rich
SPDXID: SPDXRef-Package-56-rich
-PackageVersion: 13.4.2
+PackageVersion: 13.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/rich/13.4.2
+PackageDownloadLocation: https://pypi.org/project/rich/13.5.2
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
@@ -903,17 +903,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
PackageName: pygments
SPDXID: SPDXRef-Package-59-pygments
-PackageVersion: 2.15.1
+PackageVersion: 2.16.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1
FilesAnalyzed: false
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*
#####
PackageName: rpmfile
@@ -948,32 +948,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
PackageName: xmlschema
SPDXID: SPDXRef-Package-62-xmlschema
-PackageVersion: 2.3.1
+PackageVersion: 2.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1
+PackageDownloadLocation: https://pypi.org/project/xmlschema/2.4.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An XML Schema validator and decoder
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*
#####
PackageName: elementpath
SPDXID: SPDXRef-Package-63-elementpath
-PackageVersion: 4.1.4
+PackageVersion: 4.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
-PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4
+PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.5
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml
-ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.4
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*
+ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*
#####
PackageName: zstandard