From 4b6cae4c052dd5b3a1d4e6c9a4e849f94ea2742c Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 10 Jul 2023 02:05:31 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 683 ++++++++++++---------------------- sbom/cve-bin-tool-py3.10.spdx | 392 ++++++++++--------- 2 files changed, 426 insertions(+), 649 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index e60b284e6f..8f680f9af6 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,14 +2,14 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid9b76c916-732e-4270-b318-b3184bd48654", + "serialNumber": "urn:uuidf072e094-e7a4-493f-81d7-ebb4e3c7280f", "version": 1, "metadata": { - "timestamp": "2023-04-24T00:26:29Z", + "timestamp": "2023-07-10T02:05:29Z", "tools": [ { "name": "sbom4python", - "version": "0.9.1" + "version": "0.9.2" } ], "component": { @@ -43,11 +43,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/intel/cve-bin-tool", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/cve-bin-tool/3.2.1.dev0", "type": "distribution", @@ -71,11 +66,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/aiohttp", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/aiohttp/3.8.4", "type": "distribution", @@ -95,7 +85,6 @@ "bom-ref": "3-aiosignal", "name": "aiosignal", "version": "1.3.1", - "description": "aiosignal: a list of registered asynchronous callbacks", "licenses": [ { "license": { @@ -105,11 +94,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/aiosignal", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/aiosignal/1.3.1", "type": "distribution", @@ -139,11 +123,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/frozenlist", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/frozenlist/1.3.3", "type": "distribution", @@ -182,11 +161,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/async-timeout", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/async-timeout/4.0.2", "type": "distribution", @@ -229,7 +203,7 @@ "type": "library", "bom-ref": "7-charset-normalizer", "name": "charset-normalizer", - "version": "3.1.0", + "version": "3.2.0", "supplier": { "name": "Ahmed TAHRI", "contact": [ @@ -238,7 +212,7 @@ } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:*", "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", "licenses": [ { @@ -250,17 +224,12 @@ ], "externalReferences": [ { - "url": "https://github.com/Ousret/charset_normalizer", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/charset-normalizer/3.1.0", + "url": "https://pypi.org/project/charset-normalizer/3.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/charset-normalizer@3.1.0" + "purl": "pkg:pypi/charset-normalizer@3.2.0" }, { "type": "library", @@ -286,11 +255,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/aio-libs/multidict", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/multidict/6.0.4", "type": "distribution", @@ -309,7 +273,7 @@ "type": "library", "bom-ref": "9-yarl", "name": "yarl", - "version": "1.9.1", + "version": "1.9.2", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -318,7 +282,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -330,17 +294,12 @@ ], "externalReferences": [ { - "url": "https://github.com/aio-libs/yarl/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/yarl/1.9.1", + "url": "https://pypi.org/project/yarl/1.9.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.9.1" + "purl": "pkg:pypi/yarl@1.9.2" }, { "type": "library", @@ -438,11 +397,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/RedHatProductSecurity/cvss", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/cvss/2.6", "type": "distribution", @@ -481,11 +435,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/tiran/defusedxml", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/defusedxml/0.7.1", "type": "distribution", @@ -524,11 +473,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/python-distro/distro", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/distro/1.8.0", "type": "distribution", @@ -547,7 +491,7 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.23", + "version": "5.25", "supplier": { "name": "Google Inc.", "contact": [ @@ -556,7 +500,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -568,17 +512,12 @@ ], "externalReferences": [ { - "url": "https://cloud.google.com/storage/docs/gsutil", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/gsutil/5.23", + "url": "https://pypi.org/project/gsutil/5.25", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.23", + "purl": "pkg:pypi/gsutil@5.25", "properties": [ { "name": "License Comments", @@ -590,7 +529,7 @@ "type": "library", "bom-ref": "17-argcomplete", "name": "argcomplete", - "version": "3.0.8", + "version": "3.1.1", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -599,7 +538,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", "licenses": [ { @@ -611,17 +550,12 @@ ], "externalReferences": [ { - "url": "https://github.com/kislyuk/argcomplete", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/argcomplete/3.0.8", + "url": "https://pypi.org/project/argcomplete/3.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.0.8", + "purl": "pkg:pypi/argcomplete@3.1.1", "properties": [ { "name": "License Comments", @@ -653,11 +587,6 @@ } ], "externalReferences": [ - { - "url": "http://crcmod.sourceforge.net/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/crcmod/1.7", "type": "distribution", @@ -685,11 +614,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/harlowja/fasteners", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/fasteners/0.18", "type": "distribution", @@ -728,11 +652,6 @@ } ], "externalReferences": [ - { - "url": "https://developers.google.com/storage/docs/gspythonlibrary", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0", "type": "distribution", @@ -771,11 +690,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/boto/boto/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/boto/2.49.0", "type": "distribution", @@ -808,11 +722,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/Google/google-reauth-python", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/google-reauth/0.1.1", "type": "distribution", @@ -851,11 +760,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/google/pyu2f/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pyu2f/0.1.5", "type": "distribution", @@ -894,11 +798,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/benjaminp/six", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/six/1.16.0", "type": "distribution", @@ -931,11 +830,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/httplib2/httplib2", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/httplib2/0.20.4", "type": "distribution", @@ -948,7 +842,7 @@ "type": "library", "bom-ref": "26-pyparsing", "name": "pyparsing", - "version": "3.0.9", + "version": "3.1.0", "supplier": { "name": "Paul McGuire", "contact": [ @@ -957,16 +851,16 @@ } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*", "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.0.9", + "url": "https://pypi.org/project/pyparsing/3.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.0.9" + "purl": "pkg:pypi/pyparsing@3.1.0" }, { "type": "library", @@ -992,11 +886,6 @@ } ], "externalReferences": [ - { - "url": "http://github.com/google/oauth2client/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/oauth2client/4.1.3", "type": "distribution", @@ -1035,11 +924,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/pyasn1/pyasn1", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pyasn1/0.5.0", "type": "distribution", @@ -1072,11 +956,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/pyasn1/pyasn1-modules", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pyasn1-modules/0.3.0", "type": "distribution", @@ -1115,11 +994,6 @@ } ], "externalReferences": [ - { - "url": "https://stuvel.eu/rsa", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/rsa/4.7.2", "type": "distribution", @@ -1138,7 +1012,7 @@ "type": "library", "bom-ref": "31-pyopenssl", "name": "pyopenssl", - "version": "23.1.1", + "version": "23.2.0", "supplier": { "name": "The pyOpenSSL developers", "contact": [ @@ -1147,7 +1021,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:*", "description": "Python wrapper module around the OpenSSL library", "licenses": [ { @@ -1159,17 +1033,12 @@ ], "externalReferences": [ { - "url": "https://pyopenssl.org/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/pyOpenSSL/23.1.1", + "url": "https://pypi.org/project/pyOpenSSL/23.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyopenssl@23.1.1", + "purl": "pkg:pypi/pyopenssl@23.2.0", "properties": [ { "name": "License Comments", @@ -1181,7 +1050,7 @@ "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "40.0.2", + "version": "41.0.1", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1190,28 +1059,23 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { "license": { - "expression": "(Apache-2.0 OR BSD-3-Clause) AND PSF-2.0" + "expression": "Apache-2.0 OR BSD-3-Clause" } } ], "externalReferences": [ { - "url": "https://github.com/pyca/cryptography", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/cryptography/40.0.2", + "url": "https://pypi.org/project/cryptography/41.0.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@40.0.2" + "purl": "pkg:pypi/cryptography@41.0.1" }, { "type": "library", @@ -1237,11 +1101,6 @@ } ], "externalReferences": [ - { - "url": "http://cffi.readthedocs.org", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/cffi/1.15.1", "type": "distribution", @@ -1274,11 +1133,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/eliben/pycparser", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/pycparser/2.21", "type": "distribution", @@ -1317,11 +1171,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/pnpnpn/retry-decorator", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/retry-decorator/1.1.1", "type": "distribution", @@ -1354,11 +1203,6 @@ } ], "externalReferences": [ - { - "url": "http://github.com/google/apitools", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/google-apitools/0.5.32", "type": "distribution", @@ -1377,7 +1221,7 @@ "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.17.3", + "version": "2.21.0", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1386,7 +1230,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1398,17 +1242,12 @@ ], "externalReferences": [ { - "url": "https://github.com/googleapis/google-auth-library-python", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/google-auth/2.17.3", + "url": "https://pypi.org/project/google-auth/2.21.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.17.3", + "purl": "pkg:pypi/google-auth@2.21.0", "properties": [ { "name": "License Comments", @@ -1420,7 +1259,7 @@ "type": "library", "bom-ref": "38-cachetools", "name": "cachetools", - "version": "5.3.0", + "version": "5.3.1", "supplier": { "name": "Thomas Kemmer", "contact": [ @@ -1429,7 +1268,7 @@ } ] }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*", "description": "Extensible memoizing collections and decorators", "licenses": [ { @@ -1441,21 +1280,48 @@ ], "externalReferences": [ { - "url": "https://github.com/tkem/cachetools/", - "type": "website", - "comment": "Home page for project" - }, + "url": "https://pypi.org/project/cachetools/5.3.1", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/cachetools@5.3.1" + }, + { + "type": "library", + "bom-ref": "39-urllib3", + "name": "urllib3", + "version": "1.26.16", + "supplier": { + "name": "Andrey Petrov", + "contact": [ + { + "email": "andrey.petrov@shazow.net" + } + ] + }, + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "licenses": [ { - "url": "https://pypi.org/project/cachetools/5.3.0", + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/urllib3/1.26.16", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cachetools@5.3.0" + "purl": "pkg:pypi/urllib3@1.26.16" }, { "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1477,11 +1343,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/atdt/monotonic", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/monotonic/1.6", "type": "distribution", @@ -1498,7 +1359,7 @@ }, { "type": "library", - "bom-ref": "40-jinja2", + "bom-ref": "41-jinja2", "name": "jinja2", "version": "3.1.2", "supplier": { @@ -1520,11 +1381,6 @@ } ], "externalReferences": [ - { - "url": "https://palletsprojects.com/p/jinja/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/Jinja2/3.1.2", "type": "distribution", @@ -1535,18 +1391,9 @@ }, { "type": "library", - "bom-ref": "41-markupsafe", + "bom-ref": "42-markupsafe", "name": "markupsafe", - "version": "2.1.2", - "supplier": { - "name": "Armin Ronacher", - "contact": [ - { - "email": "armin.ronacher@active-4.com" - } - ] - }, - "cpe": "cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:*", + "version": "2.1.3", "description": "Safely add untrusted strings to HTML/XML markup.", "licenses": [ { @@ -1558,27 +1405,22 @@ ], "externalReferences": [ { - "url": "https://palletsprojects.com/p/markupsafe/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/MarkupSafe/2.1.2", + "url": "https://pypi.org/project/MarkupSafe/2.1.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@2.1.2" + "purl": "pkg:pypi/markupsafe@2.1.3" }, { "type": "library", - "bom-ref": "42-jsonschema", + "bom-ref": "43-jsonschema", "name": "jsonschema", - "version": "4.17.3", + "version": "4.18.0", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1590,28 +1432,50 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.17.3", + "url": "https://pypi.org/project/jsonschema/4.18.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.17.3" + "purl": "pkg:pypi/jsonschema@4.18.0" }, { "type": "library", - "bom-ref": "43-pyrsistent", - "name": "pyrsistent", - "version": "0.19.3", + "bom-ref": "44-jsonschema-specifications", + "name": "jsonschema-specifications", + "version": "2023.6.1", "supplier": { - "name": "Tobias Gustafsson", - "contact": [ - { - "email": "tobias.l.gustafsson@gmail.com" + "name": "Julian Berman" + }, + "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:*", + "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" } - ] + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/jsonschema-specifications/2023.6.1", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/jsonschema-specifications@2023.6.1" + }, + { + "type": "library", + "bom-ref": "45-referencing", + "name": "referencing", + "version": "0.29.1", + "supplier": { + "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:*", - "description": "Persistent/Functional/Immutable data structures", + "cpe": "cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:*", + "description": "JSON Referencing + Python", "licenses": [ { "license": { @@ -1622,21 +1486,43 @@ ], "externalReferences": [ { - "url": "https://github.com/tobgu/pyrsistent/", - "type": "website", - "comment": "Home page for project" - }, + "url": "https://pypi.org/project/referencing/0.29.1", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/referencing@0.29.1" + }, + { + "type": "library", + "bom-ref": "46-rpds-py", + "name": "rpds-py", + "version": "0.8.10", + "supplier": { + "name": "Julian Berman" + }, + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:*", + "description": "Python bindings to Rust's persistent data structures (rpds)", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ { - "url": "https://pypi.org/project/pyrsistent/0.19.3", + "url": "https://pypi.org/project/rpds-py/0.8.10", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyrsistent@0.19.3" + "purl": "pkg:pypi/rpds-py@0.8.10" }, { "type": "library", - "bom-ref": "44-lib4sbom", + "bom-ref": "47-lib4sbom", "name": "lib4sbom", "version": "0.3.1", "supplier": { @@ -1658,11 +1544,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/anthonyharrison/lib4sbom", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/lib4sbom/0.3.1", "type": "distribution", @@ -1673,7 +1554,7 @@ }, { "type": "library", - "bom-ref": "45-pyyaml", + "bom-ref": "48-pyyaml", "name": "pyyaml", "version": "6.0", "supplier": { @@ -1695,11 +1576,6 @@ } ], "externalReferences": [ - { - "url": "https://pyyaml.org/", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/PyYAML/6.0", "type": "distribution", @@ -1710,7 +1586,7 @@ }, { "type": "library", - "bom-ref": "46-semantic-version", + "bom-ref": "49-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -1732,11 +1608,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/rbarrois/python-semanticversion", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/semantic-version/2.10.0", "type": "distribution", @@ -1753,7 +1624,7 @@ }, { "type": "library", - "bom-ref": "47-packaging", + "bom-ref": "50-packaging", "name": "packaging", "version": "21.3", "supplier": { @@ -1774,11 +1645,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/pypa/packaging", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/packaging/21.3", "type": "distribution", @@ -1795,9 +1661,9 @@ }, { "type": "library", - "bom-ref": "48-plotly", + "bom-ref": "51-plotly", "name": "plotly", - "version": "5.14.1", + "version": "5.15.0", "supplier": { "name": "Chris P", "contact": [ @@ -1806,7 +1672,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.14.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -1818,21 +1684,16 @@ ], "externalReferences": [ { - "url": "https://plotly.com/python/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/plotly/5.14.1", + "url": "https://pypi.org/project/plotly/5.15.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.14.1" + "purl": "pkg:pypi/plotly@5.15.0" }, { "type": "library", - "bom-ref": "49-tenacity", + "bom-ref": "52-tenacity", "name": "tenacity", "version": "8.2.2", "supplier": { @@ -1854,11 +1715,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/jd/tenacity", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/tenacity/8.2.2", "type": "distribution", @@ -1875,9 +1731,9 @@ }, { "type": "library", - "bom-ref": "50-requests", + "bom-ref": "53-requests", "name": "requests", - "version": "2.28.2", + "version": "2.31.0", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -1886,7 +1742,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*", "description": "Python HTTP for Humans.", "licenses": [ { @@ -1898,17 +1754,12 @@ ], "externalReferences": [ { - "url": "https://requests.readthedocs.io", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/requests/2.28.2", + "url": "https://pypi.org/project/requests/2.31.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/requests@2.28.2", + "purl": "pkg:pypi/requests@2.31.0", "properties": [ { "name": "License Comments", @@ -1918,9 +1769,9 @@ }, { "type": "library", - "bom-ref": "51-certifi", + "bom-ref": "54-certifi", "name": "certifi", - "version": "2022.12.7", + "version": "2023.5.7", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -1929,7 +1780,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { @@ -1941,60 +1792,18 @@ ], "externalReferences": [ { - "url": "https://github.com/certifi/python-certifi", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/certifi/2022.12.7", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/certifi@2022.12.7" - }, - { - "type": "library", - "bom-ref": "52-urllib3", - "name": "urllib3", - "version": "1.26.15", - "supplier": { - "name": "Andrey Petrov", - "contact": [ - { - "email": "andrey.petrov@shazow.net" - } - ] - }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://urllib3.readthedocs.io/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/urllib3/1.26.15", + "url": "https://pypi.org/project/certifi/2023.5.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/urllib3@1.26.15" + "purl": "pkg:pypi/certifi@2023.5.7" }, { "type": "library", - "bom-ref": "53-rich", + "bom-ref": "55-rich", "name": "rich", - "version": "13.3.4", + "version": "13.4.2", "supplier": { "name": "Will McGugan", "contact": [ @@ -2003,7 +1812,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2015,23 +1824,18 @@ ], "externalReferences": [ { - "url": "https://github.com/Textualize/rich", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/rich/13.3.4", + "url": "https://pypi.org/project/rich/13.4.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.3.4" + "purl": "pkg:pypi/rich@13.4.2" }, { "type": "library", - "bom-ref": "54-markdown-it-py", + "bom-ref": "56-markdown-it-py", "name": "markdown-it-py", - "version": "2.2.0", + "version": "3.0.0", "supplier": { "name": "Chris Sewell", "contact": [ @@ -2040,20 +1844,20 @@ } ] }, - "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:*", "description": "Python port of markdown-it. Markdown parsing, done right!", "externalReferences": [ { - "url": "https://pypi.org/project/markdown-it-py/2.2.0", + "url": "https://pypi.org/project/markdown-it-py/3.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markdown-it-py@2.2.0" + "purl": "pkg:pypi/markdown-it-py@3.0.0" }, { "type": "library", - "bom-ref": "55-mdurl", + "bom-ref": "57-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2077,7 +1881,7 @@ }, { "type": "library", - "bom-ref": "56-pygments", + "bom-ref": "58-pygments", "name": "pygments", "version": "2.15.1", "supplier": { @@ -2109,7 +1913,7 @@ }, { "type": "library", - "bom-ref": "57-rpmfile", + "bom-ref": "59-rpmfile", "name": "rpmfile", "version": "1.1.1", "supplier": { @@ -2131,11 +1935,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/srossross/rpmfile", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/rpmfile/1.1.1", "type": "distribution", @@ -2146,7 +1945,7 @@ }, { "type": "library", - "bom-ref": "58-toml", + "bom-ref": "60-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2168,11 +1967,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/uiri/toml", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/toml/0.10.2", "type": "distribution", @@ -2183,9 +1977,9 @@ }, { "type": "library", - "bom-ref": "59-xmlschema", + "bom-ref": "61-xmlschema", "name": "xmlschema", - "version": "2.2.3", + "version": "2.3.1", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2194,7 +1988,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2206,23 +2000,18 @@ ], "externalReferences": [ { - "url": "https://github.com/sissaschool/xmlschema", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/xmlschema/2.2.3", + "url": "https://pypi.org/project/xmlschema/2.3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@2.2.3" + "purl": "pkg:pypi/xmlschema@2.3.1" }, { "type": "library", - "bom-ref": "60-elementpath", + "bom-ref": "62-elementpath", "name": "elementpath", - "version": "4.1.1", + "version": "4.1.4", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2231,7 +2020,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -2243,21 +2032,16 @@ ], "externalReferences": [ { - "url": "https://github.com/sissaschool/elementpath", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/elementpath/4.1.1", + "url": "https://pypi.org/project/elementpath/4.1.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.1.1" + "purl": "pkg:pypi/elementpath@4.1.4" }, { "type": "library", - "bom-ref": "61-zstandard", + "bom-ref": "63-zstandard", "name": "zstandard", "version": "0.21.0", "supplier": { @@ -2279,11 +2063,6 @@ } ], "externalReferences": [ - { - "url": "https://github.com/indygreg/python-zstandard", - "type": "website", - "comment": "Home page for project" - }, { "url": "https://pypi.org/project/zstandard/0.21.0", "type": "distribution", @@ -2315,19 +2094,19 @@ "14-defusedxml", "15-distro", "16-gsutil", - "40-jinja2", - "42-jsonschema", - "44-lib4sbom", - "47-packaging", - "48-plotly", - "45-pyyaml", - "50-requests", - "53-rich", - "57-rpmfile", - "58-toml", - "52-urllib3", - "59-xmlschema", - "61-zstandard" + "41-jinja2", + "43-jsonschema", + "47-lib4sbom", + "50-packaging", + "51-plotly", + "48-pyyaml", + "53-requests", + "55-rich", + "59-rpmfile", + "60-toml", + "39-urllib3", + "61-xmlschema", + "63-zstandard" ] }, { @@ -2372,7 +2151,7 @@ "37-google-auth", "22-google-reauth", "25-httplib2", - "39-monotonic", + "40-monotonic", "31-pyopenssl", "35-retry-decorator", "24-six" @@ -2464,68 +2243,84 @@ "38-cachetools", "29-pyasn1-modules", "30-rsa", - "24-six" + "24-six", + "39-urllib3" + ] + }, + { + "ref": "41-jinja2", + "dependsOn": [ + "42-markupsafe" + ] + }, + { + "ref": "43-jsonschema", + "dependsOn": [ + "6-attrs", + "44-jsonschema-specifications", + "45-referencing", + "46-rpds-py" ] }, { - "ref": "40-jinja2", + "ref": "44-jsonschema-specifications", "dependsOn": [ - "41-markupsafe" + "45-referencing" ] }, { - "ref": "42-jsonschema", + "ref": "45-referencing", "dependsOn": [ "6-attrs", - "43-pyrsistent" + "46-rpds-py" ] }, { - "ref": "44-lib4sbom", + "ref": "47-lib4sbom", "dependsOn": [ - "45-pyyaml", - "46-semantic-version" + "48-pyyaml", + "49-semantic-version" ] }, { - "ref": "47-packaging", + "ref": "50-packaging", "dependsOn": [ "26-pyparsing" ] }, { - "ref": "48-plotly", + "ref": "51-plotly", "dependsOn": [ - "47-packaging", - "49-tenacity" + "50-packaging", + "52-tenacity" ] }, { - "ref": "50-requests", + "ref": "53-requests", "dependsOn": [ - "51-certifi", + "54-certifi", "7-charset-normalizer", "10-idna", - "52-urllib3" + "39-urllib3" ] }, { - "ref": "53-rich", + "ref": "55-rich", "dependsOn": [ - "54-markdown-it-py", - "56-pygments" + "56-markdown-it-py", + "58-pygments" ] }, { - "ref": "54-markdown-it-py", + "ref": "56-markdown-it-py", "dependsOn": [ - "55-mdurl" + "57-mdurl" ] }, { - "ref": "59-xmlschema", + "ref": "61-xmlschema", "dependsOn": [ - "60-elementpath" + "62-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 16e35b3029..0573c976a6 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-39a8443b-80ea-4d11-b1fe-547b534a2d42 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f1517a70-2c8d-4f1e-891a-536256b68528 LicenseListVersion: 3.20 -Creator: Tool: sbom4python-0.9.1 -Created: 2023-04-24T00:25:19Z +Creator: Tool: sbom4python-0.9.2 +Created: 2023-07-10T02:04:12Z CreatorComment: This document has been automatically generated. ##### @@ -16,7 +16,6 @@ PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.1.dev0 FilesAnalyzed: false -PackageHomePage: https://github.com/intel/cve-bin-tool PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION @@ -32,7 +31,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -48,12 +46,10 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/aiosignal PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION -PackageSummary: aiosignal: a list of registered asynchronous callbacks ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### @@ -64,7 +60,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -80,7 +75,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/async-timeout PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: async-timeout declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -107,18 +101,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:* PackageName: charset-normalizer SPDXID: SPDXRef-Package-7-charset-normalizer -PackageVersion: 3.1.0 +PackageVersion: 3.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) -PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.1.0 +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.2.0 FilesAnalyzed: false -PackageHomePage: https://github.com/Ousret/charset_normalizer PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:* ##### PackageName: multidict @@ -128,7 +121,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageDownloadLocation: https://pypi.org/project/multidict/6.0.4 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/multidict PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -140,18 +132,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:* PackageName: yarl SPDXID: SPDXRef-Package-9-yarl -PackageVersion: 1.9.1 +PackageVersion: 1.9.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.9.1 +PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2 FilesAnalyzed: false -PackageHomePage: https://github.com/aio-libs/yarl/ PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:* ##### PackageName: idna @@ -206,7 +197,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageDownloadLocation: https://pypi.org/project/cvss/2.6 FilesAnalyzed: false -PackageHomePage: https://github.com/RedHatProductSecurity/cvss PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -223,7 +213,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1 FilesAnalyzed: false -PackageHomePage: https://github.com/tiran/defusedxml PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 PackageLicenseComments: defusedxml declares PSFL which is not currently a valid SPDX License identifier or expression. @@ -240,7 +229,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageDownloadLocation: https://pypi.org/project/distro/1.8.0 FilesAnalyzed: false -PackageHomePage: https://github.com/python-distro/distro PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. @@ -252,36 +240,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.23 +PackageVersion: 5.25 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.23 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.25 FilesAnalyzed: false -PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.23 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.25 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.25:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-17-argcomplete -PackageVersion: 3.0.8 +PackageVersion: 3.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.8 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.1.1 FilesAnalyzed: false -PackageHomePage: https://github.com/kislyuk/argcomplete PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.8 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.8:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.1.1:*:*:*:*:*:*:* ##### PackageName: crcmod @@ -291,7 +277,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) PackageDownloadLocation: https://pypi.org/project/crcmod/1.7 FilesAnalyzed: false -PackageHomePage: http://crcmod.sourceforge.net/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -307,7 +292,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow PackageDownloadLocation: https://pypi.org/project/fasteners/0.18 FilesAnalyzed: false -PackageHomePage: https://github.com/harlowja/fasteners PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: fasteners declares ASL 2.0 which is not currently a valid SPDX License identifier or expression. @@ -324,7 +308,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 FilesAnalyzed: false -PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -341,7 +324,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) PackageDownloadLocation: https://pypi.org/project/boto/2.49.0 FilesAnalyzed: false -PackageHomePage: https://github.com/boto/boto/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -357,7 +339,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -PackageHomePage: https://github.com/Google/google-reauth-python PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -374,7 +355,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false -PackageHomePage: https://github.com/google/pyu2f/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -391,7 +371,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageDownloadLocation: https://pypi.org/project/six/1.16.0 FilesAnalyzed: false -PackageHomePage: https://github.com/benjaminp/six PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -407,7 +386,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4 FilesAnalyzed: false -PackageHomePage: https://github.com/httplib2/httplib2 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -418,17 +396,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* PackageName: pyparsing SPDXID: SPDXRef-Package-26-pyparsing -PackageVersion: 3.0.9 +PackageVersion: 3.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyparsing/3.0.9 +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.0.9 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:* ##### PackageName: oauth2client @@ -438,7 +416,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -PackageHomePage: http://github.com/google/oauth2client/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -455,7 +432,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyasn1/0.5.0 FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION @@ -471,7 +447,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.3.0 FilesAnalyzed: false -PackageHomePage: https://github.com/pyasn1/pyasn1-modules PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. @@ -488,7 +463,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 FilesAnalyzed: false -PackageHomePage: https://stuvel.eu/rsa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression. @@ -500,35 +474,33 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* PackageName: pyopenssl SPDXID: SPDXRef-Package-31-pyopenssl -PackageVersion: 23.1.1 +PackageVersion: 23.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.1.1 +PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.2.0 FilesAnalyzed: false -PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.2.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 40.0.2 +PackageVersion: 41.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/40.0.2 +PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1 FilesAnalyzed: false -PackageHomePage: https://github.com/pyca/cryptography -PackageLicenseDeclared: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 -PackageLicenseConcluded: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 +PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause +PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@40.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:* ##### PackageName: cffi @@ -538,7 +510,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1 FilesAnalyzed: false -PackageHomePage: http://cffi.readthedocs.org PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -554,7 +525,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageDownloadLocation: https://pypi.org/project/pycparser/2.21 FilesAnalyzed: false -PackageHomePage: https://github.com/eliben/pycparser PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: pycparser declares BSD which is not currently a valid SPDX License identifier or expression. @@ -571,7 +541,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false -PackageHomePage: https://github.com/pnpnpn/retry-decorator PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -587,7 +556,6 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32 FilesAnalyzed: false -PackageHomePage: http://github.com/google/apitools PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-apitools declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -599,45 +567,57 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.17.3 +PackageVersion: 2.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.3 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.21.0 FilesAnalyzed: false -PackageHomePage: https://github.com/googleapis/google-auth-library-python PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.17.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.21.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:* ##### PackageName: cachetools SPDXID: SPDXRef-Package-38-cachetools -PackageVersion: 5.3.0 +PackageVersion: 5.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.0 +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1 FilesAnalyzed: false -PackageHomePage: https://github.com/tkem/cachetools/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:* +##### + +PackageName: urllib3 +SPDXID: SPDXRef-Package-39-urllib3 +PackageVersion: 1.26.16 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) +PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.16 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageDownloadLocation: https://pypi.org/project/monotonic/1.6 FilesAnalyzed: false -PackageHomePage: https://github.com/atdt/monotonic PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: monotonic declares Apache which is not currently a valid SPDX License identifier or expression. @@ -648,13 +628,12 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-40-jinja2 +SPDXID: SPDXRef-Package-41-jinja2 PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.2 FilesAnalyzed: false -PackageHomePage: https://palletsprojects.com/p/jinja/ PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -664,60 +643,86 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*: ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-41-markupsafe -PackageVersion: 2.1.2 +SPDXID: SPDXRef-Package-42-markupsafe +PackageVersion: 2.1.3 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) -PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.2 +PackageSupplier: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.3 FilesAnalyzed: false -PackageHomePage: https://palletsprojects.com/p/markupsafe/ PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-42-jsonschema -PackageVersion: 4.17.3 +SPDXID: SPDXRef-Package-43-jsonschema +PackageVersion: 4.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.17.3 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.17.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.0:*:*:*:*:*:*:* ##### -PackageName: pyrsistent -SPDXID: SPDXRef-Package-43-pyrsistent -PackageVersion: 0.19.3 +PackageName: jsonschema-specifications +SPDXID: SPDXRef-Package-44-jsonschema-specifications +PackageVersion: 2023.6.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyrsistent/0.19.3 +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.6.1 FilesAnalyzed: false -PackageHomePage: https://github.com/tobgu/pyrsistent/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION -PackageSummary: Persistent/Functional/Immutable data structures -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyrsistent@0.19.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:* +PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.6.1:*:*:*:*:*:*:* +##### + +PackageName: referencing +SPDXID: SPDXRef-Package-45-referencing +PackageVersion: 0.29.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/referencing/0.29.1 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: JSON Referencing + Python +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.29.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.29.1:*:*:*:*:*:*:* +##### + +PackageName: rpds-py +SPDXID: SPDXRef-Package-46-rpds-py +PackageVersion: 0.8.10 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.8.10 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.8.10 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.8.10:*:*:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-44-lib4sbom +SPDXID: SPDXRef-Package-47-lib4sbom PackageVersion: 0.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1 FilesAnalyzed: false -PackageHomePage: https://github.com/anthonyharrison/lib4sbom PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -727,13 +732,12 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-45-pyyaml +SPDXID: SPDXRef-Package-48-pyyaml PackageVersion: 6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0 FilesAnalyzed: false -PackageHomePage: https://pyyaml.org/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -743,13 +747,12 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-46-semantic-version +SPDXID: SPDXRef-Package-49-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0 FilesAnalyzed: false -PackageHomePage: https://github.com/rbarrois/python-semanticversion PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: semantic-version declares BSD which is not currently a valid SPDX License identifier or expression. @@ -760,13 +763,12 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packaging -SPDXID: SPDXRef-Package-47-packaging +SPDXID: SPDXRef-Package-50-packaging PackageVersion: 21.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) PackageDownloadLocation: https://pypi.org/project/packaging/21.3 FilesAnalyzed: false -PackageHomePage: https://github.com/pypa/packaging PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-2-Clause OR Apache-2.0 PackageLicenseComments: packaging declares BSD-2-Clause or Apache-2.0 which is not currently a valid SPDX License identifier or expression. @@ -777,29 +779,27 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut ##### PackageName: plotly -SPDXID: SPDXRef-Package-48-plotly -PackageVersion: 5.14.1 +SPDXID: SPDXRef-Package-51-plotly +PackageVersion: 5.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.14.1 +PackageDownloadLocation: https://pypi.org/project/plotly/5.15.0 FilesAnalyzed: false -PackageHomePage: https://plotly.com/python/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.14.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.14.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.15.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-49-tenacity +SPDXID: SPDXRef-Package-52-tenacity PackageVersion: 8.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2 FilesAnalyzed: false -PackageHomePage: https://github.com/jd/tenacity PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -810,87 +810,68 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-50-requests -PackageVersion: 2.28.2 +SPDXID: SPDXRef-Package-53-requests +PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) -PackageDownloadLocation: https://pypi.org/project/requests/2.28.2 +PackageDownloadLocation: https://pypi.org/project/requests/2.31.0 FilesAnalyzed: false -PackageHomePage: https://requests.readthedocs.io PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python HTTP for Humans. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.31.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:* ##### PackageName: certifi -SPDXID: SPDXRef-Package-51-certifi -PackageVersion: 2022.12.7 +SPDXID: SPDXRef-Package-54-certifi +PackageVersion: 2023.5.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7 +PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7 FilesAnalyzed: false -PackageHomePage: https://github.com/certifi/python-certifi PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:* -##### - -PackageName: urllib3 -SPDXID: SPDXRef-Package-52-urllib3 -PackageVersion: 1.26.15 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15 -FilesAnalyzed: false -PackageHomePage: https://urllib3.readthedocs.io/ -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:* ##### PackageName: rich -SPDXID: SPDXRef-Package-53-rich -PackageVersion: 13.3.4 +SPDXID: SPDXRef-Package-55-rich +PackageVersion: 13.4.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.3.4 +PackageDownloadLocation: https://pypi.org/project/rich/13.4.2 FilesAnalyzed: false -PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-54-markdown-it-py -PackageVersion: 2.2.0 +SPDXID: SPDXRef-Package-56-markdown-it-py +PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) -PackageDownloadLocation: https://pypi.org/project/markdown-it-py/2.2.0 +PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Python port of markdown-it. Markdown parsing, done right! -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@3.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:*:*:*:*:* ##### PackageName: mdurl -SPDXID: SPDXRef-Package-55-mdurl +SPDXID: SPDXRef-Package-57-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -905,7 +886,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-56-pygments +SPDXID: SPDXRef-Package-58-pygments PackageVersion: 2.15.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -920,13 +901,12 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:* ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-57-rpmfile +SPDXID: SPDXRef-Package-59-rpmfile PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1 FilesAnalyzed: false -PackageHomePage: https://github.com/srossross/rpmfile PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -936,13 +916,12 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-58-toml +SPDXID: SPDXRef-Package-60-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) PackageDownloadLocation: https://pypi.org/project/toml/0.10.2 FilesAnalyzed: false -PackageHomePage: https://github.com/uiri/toml PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -952,45 +931,42 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-59-xmlschema -PackageVersion: 2.2.3 +SPDXID: SPDXRef-Package-61-xmlschema +PackageVersion: 2.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/2.2.3 +PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1 FilesAnalyzed: false -PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-60-elementpath -PackageVersion: 4.1.1 +SPDXID: SPDXRef-Package-62-elementpath +PackageVersion: 4.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.1 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4 FilesAnalyzed: false -PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-61-zstandard +SPDXID: SPDXRef-Package-63-zstandard PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) PackageDownloadLocation: https://pypi.org/project/zstandard/0.21.0 FilesAnalyzed: false -PackageHomePage: https://github.com/indygreg/python-zstandard PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1007,19 +983,19 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defus Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-zstandard Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod @@ -1032,7 +1008,7 @@ Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout @@ -1070,21 +1046,27 @@ Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-24-six Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-pyrsistent -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-44-lib4sbom DEPENDS_ON SPDXRef-Package-45-pyyaml -Relationship: SPDXRef-Package-44-lib4sbom DEPENDS_ON SPDXRef-Package-46-semantic-version -Relationship: SPDXRef-Package-47-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-48-plotly DEPENDS_ON SPDXRef-Package-47-packaging -Relationship: SPDXRef-Package-48-plotly DEPENDS_ON SPDXRef-Package-49-tenacity -Relationship: SPDXRef-Package-50-requests DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-50-requests DEPENDS_ON SPDXRef-Package-51-certifi -Relationship: SPDXRef-Package-50-requests DEPENDS_ON SPDXRef-Package-52-urllib3 -Relationship: SPDXRef-Package-50-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer -Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-54-markdown-it-py -Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-56-pygments -Relationship: SPDXRef-Package-54-markdown-it-py DEPENDS_ON SPDXRef-Package-55-mdurl -Relationship: SPDXRef-Package-59-xmlschema DEPENDS_ON SPDXRef-Package-60-elementpath +Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version +Relationship: SPDXRef-Package-50-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing +Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-50-packaging +Relationship: SPDXRef-Package-51-plotly DEPENDS_ON SPDXRef-Package-52-tenacity +Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-54-certifi +Relationship: SPDXRef-Package-53-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer +Relationship: SPDXRef-Package-55-rich DEPENDS_ON SPDXRef-Package-56-markdown-it-py +Relationship: SPDXRef-Package-55-rich DEPENDS_ON SPDXRef-Package-58-pygments +Relationship: SPDXRef-Package-56-markdown-it-py DEPENDS_ON SPDXRef-Package-57-mdurl +Relationship: SPDXRef-Package-61-xmlschema DEPENDS_ON SPDXRef-Package-62-elementpath Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict