From c1452787dcfacf8629a2d333c654244559888374 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 29 May 2023 01:42:38 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 225 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.10.spdx | 177 +++++++++++++------------- 2 files changed, 202 insertions(+), 200 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index e60b284e6f..c5068bfba5 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuid9b76c916-732e-4270-b318-b3184bd48654", + "serialNumber": "urn:uuid7dea029b-4368-470e-9908-01372b866791", "version": 1, "metadata": { - "timestamp": "2023-04-24T00:26:29Z", + "timestamp": "2023-05-29T01:42:36Z", "tools": [ { "name": "sbom4python", @@ -309,7 +309,7 @@ "type": "library", "bom-ref": "9-yarl", "name": "yarl", - "version": "1.9.1", + "version": "1.9.2", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -318,7 +318,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -335,12 +335,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.9.1", + "url": "https://pypi.org/project/yarl/1.9.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.9.1" + "purl": "pkg:pypi/yarl@1.9.2" }, { "type": "library", @@ -547,7 +547,7 @@ "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.23", + "version": "5.24", "supplier": { "name": "Google Inc.", "contact": [ @@ -556,7 +556,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.24:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -573,12 +573,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.23", + "url": "https://pypi.org/project/gsutil/5.24", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.23", + "purl": "pkg:pypi/gsutil@5.24", "properties": [ { "name": "License Comments", @@ -1377,7 +1377,7 @@ "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.17.3", + "version": "2.19.0", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1386,7 +1386,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.19.0:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1403,12 +1403,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/google-auth/2.17.3", + "url": "https://pypi.org/project/google-auth/2.19.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.17.3", + "purl": "pkg:pypi/google-auth@2.19.0", "properties": [ { "name": "License Comments", @@ -1420,7 +1420,7 @@ "type": "library", "bom-ref": "38-cachetools", "name": "cachetools", - "version": "5.3.0", + "version": "5.3.1", "supplier": { "name": "Thomas Kemmer", "contact": [ @@ -1429,7 +1429,7 @@ } ] }, - "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:*", "description": "Extensible memoizing collections and decorators", "licenses": [ { @@ -1446,16 +1446,53 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cachetools/5.3.0", + "url": "https://pypi.org/project/cachetools/5.3.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cachetools@5.3.0" + "purl": "pkg:pypi/cachetools@5.3.1" }, { "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "39-urllib3", + "name": "urllib3", + "version": "1.26.16", + "supplier": { + "name": "Andrey Petrov", + "contact": [ + { + "email": "andrey.petrov@shazow.net" + } + ] + }, + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], + "externalReferences": [ + { + "url": "https://urllib3.readthedocs.io/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/urllib3/1.26.16", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/urllib3@1.26.16" + }, + { + "type": "library", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1498,7 +1535,7 @@ }, { "type": "library", - "bom-ref": "40-jinja2", + "bom-ref": "41-jinja2", "name": "jinja2", "version": "3.1.2", "supplier": { @@ -1535,7 +1572,7 @@ }, { "type": "library", - "bom-ref": "41-markupsafe", + "bom-ref": "42-markupsafe", "name": "markupsafe", "version": "2.1.2", "supplier": { @@ -1572,7 +1609,7 @@ }, { "type": "library", - "bom-ref": "42-jsonschema", + "bom-ref": "43-jsonschema", "name": "jsonschema", "version": "4.17.3", "supplier": { @@ -1599,7 +1636,7 @@ }, { "type": "library", - "bom-ref": "43-pyrsistent", + "bom-ref": "44-pyrsistent", "name": "pyrsistent", "version": "0.19.3", "supplier": { @@ -1636,7 +1673,7 @@ }, { "type": "library", - "bom-ref": "44-lib4sbom", + "bom-ref": "45-lib4sbom", "name": "lib4sbom", "version": "0.3.1", "supplier": { @@ -1673,7 +1710,7 @@ }, { "type": "library", - "bom-ref": "45-pyyaml", + "bom-ref": "46-pyyaml", "name": "pyyaml", "version": "6.0", "supplier": { @@ -1710,7 +1747,7 @@ }, { "type": "library", - "bom-ref": "46-semantic-version", + "bom-ref": "47-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -1753,7 +1790,7 @@ }, { "type": "library", - "bom-ref": "47-packaging", + "bom-ref": "48-packaging", "name": "packaging", "version": "21.3", "supplier": { @@ -1795,7 +1832,7 @@ }, { "type": "library", - "bom-ref": "48-plotly", + "bom-ref": "49-plotly", "name": "plotly", "version": "5.14.1", "supplier": { @@ -1832,7 +1869,7 @@ }, { "type": "library", - "bom-ref": "49-tenacity", + "bom-ref": "50-tenacity", "name": "tenacity", "version": "8.2.2", "supplier": { @@ -1875,9 +1912,9 @@ }, { "type": "library", - "bom-ref": "50-requests", + "bom-ref": "51-requests", "name": "requests", - "version": "2.28.2", + "version": "2.31.0", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -1886,7 +1923,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:*", "description": "Python HTTP for Humans.", "licenses": [ { @@ -1903,12 +1940,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/requests/2.28.2", + "url": "https://pypi.org/project/requests/2.31.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/requests@2.28.2", + "purl": "pkg:pypi/requests@2.31.0", "properties": [ { "name": "License Comments", @@ -1918,9 +1955,9 @@ }, { "type": "library", - "bom-ref": "51-certifi", + "bom-ref": "52-certifi", "name": "certifi", - "version": "2022.12.7", + "version": "2023.5.7", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -1929,7 +1966,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { @@ -1946,55 +1983,18 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/certifi/2022.12.7", + "url": "https://pypi.org/project/certifi/2023.5.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/certifi@2022.12.7" - }, - { - "type": "library", - "bom-ref": "52-urllib3", - "name": "urllib3", - "version": "1.26.15", - "supplier": { - "name": "Andrey Petrov", - "contact": [ - { - "email": "andrey.petrov@shazow.net" - } - ] - }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*", - "description": "HTTP library with thread-safe connection pooling, file post, and more.", - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT" - } - } - ], - "externalReferences": [ - { - "url": "https://urllib3.readthedocs.io/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/urllib3/1.26.15", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/urllib3@1.26.15" + "purl": "pkg:pypi/certifi@2023.5.7" }, { "type": "library", "bom-ref": "53-rich", "name": "rich", - "version": "13.3.4", + "version": "13.3.5", "supplier": { "name": "Will McGugan", "contact": [ @@ -2003,7 +2003,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2020,12 +2020,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/rich/13.3.4", + "url": "https://pypi.org/project/rich/13.3.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.3.4" + "purl": "pkg:pypi/rich@13.3.5" }, { "type": "library", @@ -2185,7 +2185,7 @@ "type": "library", "bom-ref": "59-xmlschema", "name": "xmlschema", - "version": "2.2.3", + "version": "2.3.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2194,7 +2194,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.0:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2211,18 +2211,18 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/xmlschema/2.2.3", + "url": "https://pypi.org/project/xmlschema/2.3.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@2.2.3" + "purl": "pkg:pypi/xmlschema@2.3.0" }, { "type": "library", "bom-ref": "60-elementpath", "name": "elementpath", - "version": "4.1.1", + "version": "4.1.2", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2231,7 +2231,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -2248,12 +2248,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/elementpath/4.1.1", + "url": "https://pypi.org/project/elementpath/4.1.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.1.1" + "purl": "pkg:pypi/elementpath@4.1.2" }, { "type": "library", @@ -2315,17 +2315,17 @@ "14-defusedxml", "15-distro", "16-gsutil", - "40-jinja2", - "42-jsonschema", - "44-lib4sbom", - "47-packaging", - "48-plotly", - "45-pyyaml", - "50-requests", + "41-jinja2", + "43-jsonschema", + "45-lib4sbom", + "48-packaging", + "49-plotly", + "46-pyyaml", + "51-requests", "53-rich", "57-rpmfile", "58-toml", - "52-urllib3", + "39-urllib3", "59-xmlschema", "61-zstandard" ] @@ -2372,7 +2372,7 @@ "37-google-auth", "22-google-reauth", "25-httplib2", - "39-monotonic", + "40-monotonic", "31-pyopenssl", "35-retry-decorator", "24-six" @@ -2464,49 +2464,50 @@ "38-cachetools", "29-pyasn1-modules", "30-rsa", - "24-six" + "24-six", + "39-urllib3" ] }, { - "ref": "40-jinja2", + "ref": "41-jinja2", "dependsOn": [ - "41-markupsafe" + "42-markupsafe" ] }, { - "ref": "42-jsonschema", + "ref": "43-jsonschema", "dependsOn": [ "6-attrs", - "43-pyrsistent" + "44-pyrsistent" ] }, { - "ref": "44-lib4sbom", + "ref": "45-lib4sbom", "dependsOn": [ - "45-pyyaml", - "46-semantic-version" + "46-pyyaml", + "47-semantic-version" ] }, { - "ref": "47-packaging", + "ref": "48-packaging", "dependsOn": [ "26-pyparsing" ] }, { - "ref": "48-plotly", + "ref": "49-plotly", "dependsOn": [ - "47-packaging", - "49-tenacity" + "48-packaging", + "50-tenacity" ] }, { - "ref": "50-requests", + "ref": "51-requests", "dependsOn": [ - "51-certifi", + "52-certifi", "7-charset-normalizer", "10-idna", - "52-urllib3" + "39-urllib3" ] }, { diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 16e35b3029..e9111fab70 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-39a8443b-80ea-4d11-b1fe-547b534a2d42 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-bad7c9ff-c45e-466f-83eb-f67c5fc3f9d4 LicenseListVersion: 3.20 Creator: Tool: sbom4python-0.9.1 -Created: 2023-04-24T00:25:19Z +Created: 2023-05-29T01:41:26Z CreatorComment: This document has been automatically generated. ##### @@ -140,18 +140,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:* PackageName: yarl SPDXID: SPDXRef-Package-9-yarl -PackageVersion: 1.9.1 +PackageVersion: 1.9.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.9.1 +PackageDownloadLocation: https://pypi.org/project/yarl/1.9.2 FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl/ PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.9.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.2:*:*:*:*:*:*:* ##### PackageName: idna @@ -252,10 +252,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil -PackageVersion: 5.23 +PackageVersion: 5.24 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.23 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.24 FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION @@ -263,8 +263,8 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.23 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.23:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.24 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.24:*:*:*:*:*:*:* ##### PackageName: argcomplete @@ -599,10 +599,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.17.3 +PackageVersion: 2.19.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.3 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.19.0 FilesAnalyzed: false PackageHomePage: https://github.com/googleapis/google-auth-library-python PackageLicenseDeclared: NOASSERTION @@ -610,28 +610,44 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.17.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.19.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.19.0:*:*:*:*:*:*:* ##### PackageName: cachetools SPDXID: SPDXRef-Package-38-cachetools -PackageVersion: 5.3.0 +PackageVersion: 5.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.0 +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.1 FilesAnalyzed: false PackageHomePage: https://github.com/tkem/cachetools/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Extensible memoizing collections and decorators -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.1:*:*:*:*:*:*:* +##### + +PackageName: urllib3 +SPDXID: SPDXRef-Package-39-urllib3 +PackageVersion: 1.26.16 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) +PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.16 +FilesAnalyzed: false +PackageHomePage: https://urllib3.readthedocs.io/ +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.16 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.16:*:*:*:*:*:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -648,7 +664,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-40-jinja2 +SPDXID: SPDXRef-Package-41-jinja2 PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) @@ -664,7 +680,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*: ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-41-markupsafe +SPDXID: SPDXRef-Package-42-markupsafe PackageVersion: 2.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) @@ -680,7 +696,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*: ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-42-jsonschema +SPDXID: SPDXRef-Package-43-jsonschema PackageVersion: 4.17.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -695,7 +711,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*: ##### PackageName: pyrsistent -SPDXID: SPDXRef-Package-43-pyrsistent +SPDXID: SPDXRef-Package-44-pyrsistent PackageVersion: 0.19.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) @@ -711,7 +727,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*: ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-44-lib4sbom +SPDXID: SPDXRef-Package-45-lib4sbom PackageVersion: 0.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -727,7 +743,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-45-pyyaml +SPDXID: SPDXRef-Package-46-pyyaml PackageVersion: 6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -743,7 +759,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-46-semantic-version +SPDXID: SPDXRef-Package-47-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -760,7 +776,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packaging -SPDXID: SPDXRef-Package-47-packaging +SPDXID: SPDXRef-Package-48-packaging PackageVersion: 21.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) @@ -777,7 +793,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut ##### PackageName: plotly -SPDXID: SPDXRef-Package-48-plotly +SPDXID: SPDXRef-Package-49-plotly PackageVersion: 5.14.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -793,7 +809,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.14.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-49-tenacity +SPDXID: SPDXRef-Package-50-tenacity PackageVersion: 8.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) @@ -810,11 +826,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-50-requests -PackageVersion: 2.28.2 +SPDXID: SPDXRef-Package-51-requests +PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) -PackageDownloadLocation: https://pypi.org/project/requests/2.28.2 +PackageDownloadLocation: https://pypi.org/project/requests/2.31.0 FilesAnalyzed: false PackageHomePage: https://requests.readthedocs.io PackageLicenseDeclared: NOASSERTION @@ -822,56 +838,40 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: requests declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python HTTP for Humans. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.31.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:*:*:* ##### PackageName: certifi -SPDXID: SPDXRef-Package-51-certifi -PackageVersion: 2022.12.7 +SPDXID: SPDXRef-Package-52-certifi +PackageVersion: 2023.5.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7 +PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7 FilesAnalyzed: false PackageHomePage: https://github.com/certifi/python-certifi PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:* -##### - -PackageName: urllib3 -SPDXID: SPDXRef-Package-52-urllib3 -PackageVersion: 1.26.15 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15 -FilesAnalyzed: false -PackageHomePage: https://urllib3.readthedocs.io/ -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-Package-53-rich -PackageVersion: 13.3.4 +PackageVersion: 13.3.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.3.4 +PackageDownloadLocation: https://pypi.org/project/rich/13.3.5 FilesAnalyzed: false PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.5:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -953,34 +953,34 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-Package-59-xmlschema -PackageVersion: 2.2.3 +PackageVersion: 2.3.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/2.2.3 +PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.0 FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.0:*:*:*:*:*:*:* ##### PackageName: elementpath SPDXID: SPDXRef-Package-60-elementpath -PackageVersion: 4.1.1 +PackageVersion: 4.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.1 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.2 FilesAnalyzed: false PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.2:*:*:*:*:*:*:* ##### PackageName: zstandard @@ -1007,14 +1007,14 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defus Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-requests Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-rich Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-rpmfile Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-toml @@ -1032,7 +1032,7 @@ Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout @@ -1070,18 +1070,19 @@ Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-24-six Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools -Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-pyrsistent -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-44-lib4sbom DEPENDS_ON SPDXRef-Package-45-pyyaml -Relationship: SPDXRef-Package-44-lib4sbom DEPENDS_ON SPDXRef-Package-46-semantic-version -Relationship: SPDXRef-Package-47-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-48-plotly DEPENDS_ON SPDXRef-Package-47-packaging -Relationship: SPDXRef-Package-48-plotly DEPENDS_ON SPDXRef-Package-49-tenacity -Relationship: SPDXRef-Package-50-requests DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-50-requests DEPENDS_ON SPDXRef-Package-51-certifi -Relationship: SPDXRef-Package-50-requests DEPENDS_ON SPDXRef-Package-52-urllib3 -Relationship: SPDXRef-Package-50-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer +Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-pyrsistent +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-46-pyyaml +Relationship: SPDXRef-Package-45-lib4sbom DEPENDS_ON SPDXRef-Package-47-semantic-version +Relationship: SPDXRef-Package-48-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing +Relationship: SPDXRef-Package-49-plotly DEPENDS_ON SPDXRef-Package-48-packaging +Relationship: SPDXRef-Package-49-plotly DEPENDS_ON SPDXRef-Package-50-tenacity +Relationship: SPDXRef-Package-51-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-51-requests DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-51-requests DEPENDS_ON SPDXRef-Package-52-certifi +Relationship: SPDXRef-Package-51-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-54-markdown-it-py Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-56-pygments Relationship: SPDXRef-Package-54-markdown-it-py DEPENDS_ON SPDXRef-Package-55-mdurl