From c3ec7e2b2b982f310561bf278e0666d8cfffe951 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 27 Mar 2023 01:37:37 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 1199 ++++++++++++++++++++++++++++----- sbom/cve-bin-tool-py3.10.spdx | 533 ++++++++------- 2 files changed, 1340 insertions(+), 392 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index e4de9c86d6..ba8b88e791 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,25 +2,38 @@ "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.4", - "serialNumber": "urn:uuidfff932c0-06ef-485f-b571-b427b750b70e", + "serialNumber": "urn:uuid39962978-9156-44df-a7f1-2f97e0fd4ef5", "version": 1, "metadata": { - "timestamp": "2023-01-30T00:24:01Z", + "timestamp": "2023-03-27T01:37:36Z", "tools": [ { "name": "sbom4python", - "version": "0.7.0" + "version": "0.8.0" } - ] + ], + "component": { + "type": "application", + "bom-ref": "CDXRef-DOCUMENT", + "name": "Python-cve-bin-tool" + } }, "components": [ { - "type": "application", + "type": "library", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", "version": "3.2.1.dev0", - "author": "Terri Oda", - "cpe": "cpe:/a:terri_oda:cve-bin-tool:3.2.1.dev0", + "supplier": { + "name": "Terri Oda", + "contact": [ + { + "email": "terri.oda@intel.com" + } + ] + }, + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1.dev0:*:*:*:*:*:*:*", + "description": "CVE Binary Checker Tool", "licenses": [ { "license": { @@ -29,13 +42,21 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/intel/cve-bin-tool", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/cve-bin-tool@3.2.1.dev0" }, { "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.8.3", + "version": "3.8.4", + "description": "Async http client/server framework (asyncio)", "licenses": [ { "license": { @@ -44,13 +65,21 @@ } } ], - "purl": "pkg:pypi/aiohttp@3.8.3" + "externalReferences": [ + { + "url": "https://github.com/aio-libs/aiohttp", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/aiohttp@3.8.4" }, { "type": "library", "bom-ref": "3-aiosignal", "name": "aiosignal", "version": "1.3.1", + "description": "aiosignal: a list of registered asynchronous callbacks", "licenses": [ { "license": { @@ -59,6 +88,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/aiosignal", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/aiosignal@1.3.1" }, { @@ -66,6 +102,7 @@ "bom-ref": "4-frozenlist", "name": "frozenlist", "version": "1.3.3", + "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { "license": { @@ -74,6 +111,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/frozenlist", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/frozenlist@1.3.3" }, { @@ -81,8 +125,16 @@ "bom-ref": "5-async-timeout", "name": "async-timeout", "version": "4.0.2", - "author": "Andrew Svetlov", - "cpe": "cpe:/a:andrew_svetlov:async-timeout:4.0.2", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:*", + "description": "Timeout context manager for asyncio programs", "licenses": [ { "license": { @@ -91,6 +143,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/async-timeout", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/async-timeout@4.0.2" }, { @@ -98,8 +157,16 @@ "bom-ref": "6-attrs", "name": "attrs", "version": "22.2.0", - "author": "Hynek Schlawack", - "cpe": "cpe:/a:hynek_schlawack:attrs:22.2.0", + "supplier": { + "name": "Hynek Schlawack", + "contact": [ + { + "email": "hs@ox.cx" + } + ] + }, + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:22.2.0:*:*:*:*:*:*:*", + "description": "Classes Without Boilerplate", "licenses": [ { "license": { @@ -108,15 +175,30 @@ } } ], + "externalReferences": [ + { + "url": "https://www.attrs.org/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/attrs@22.2.0" }, { "type": "library", "bom-ref": "7-charset-normalizer", "name": "charset-normalizer", - "version": "2.1.1", - "author": "Ahmed TAHRI Ousret", - "cpe": "cpe:/a:ahmed_tahri_ousret:charset-normalizer:2.1.1", + "version": "3.1.0", + "supplier": { + "name": "Ahmed TAHRI", + "contact": [ + { + "email": "ahmed.tahri@cloudnursery.dev" + } + ] + }, + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:*", + "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", "licenses": [ { "license": { @@ -125,15 +207,30 @@ } } ], - "purl": "pkg:pypi/charset-normalizer@2.1.1" + "externalReferences": [ + { + "url": "https://github.com/Ousret/charset_normalizer", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/charset-normalizer@3.1.0" }, { "type": "library", "bom-ref": "8-multidict", "name": "multidict", "version": "6.0.4", - "author": "Andrew Svetlov", - "cpe": "cpe:/a:andrew_svetlov:multidict:6.0.4", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*:*:*:*", + "description": "multidict implementation", "licenses": [ { "license": { @@ -142,6 +239,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/multidict", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/multidict@6.0.4" }, { @@ -149,8 +253,16 @@ "bom-ref": "9-yarl", "name": "yarl", "version": "1.8.2", - "author": "Andrew Svetlov", - "cpe": "cpe:/a:andrew_svetlov:yarl:1.8.2", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:*", + "description": "Yet another URL library", "licenses": [ { "license": { @@ -159,6 +271,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/yarl/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/yarl@1.8.2" }, { @@ -166,17 +285,33 @@ "bom-ref": "10-idna", "name": "idna", "version": "3.4", - "author": "Kim Davies", - "cpe": "cpe:/a:kim_davies:idna:3.4", + "supplier": { + "name": "Kim Davies", + "contact": [ + { + "email": "kim@cynosure.com.au" + } + ] + }, + "cpe": "cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:*", + "description": "Internationalized Domain Names in Applications (IDNA)", "purl": "pkg:pypi/idna@3.4" }, { "type": "library", "bom-ref": "11-beautifulsoup4", "name": "beautifulsoup4", - "version": "4.11.1", - "author": "Leonard Richardson", - "cpe": "cpe:/a:leonard_richardson:beautifulsoup4:4.11.1", + "version": "4.12.0", + "supplier": { + "name": "Leonard Richardson", + "contact": [ + { + "email": "leonardr@segfault.org" + } + ] + }, + "cpe": "cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.0:*:*:*:*:*:*:*", + "description": "Screen-scraping library", "licenses": [ { "license": { @@ -185,24 +320,61 @@ } } ], - "purl": "pkg:pypi/beautifulsoup4@4.11.1" + "externalReferences": [ + { + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/beautifulsoup4@4.12.0" }, { "type": "library", "bom-ref": "12-soupsieve", "name": "soupsieve", - "version": "2.3.2.post1", - "author": "Isaac Muse", - "cpe": "cpe:/a:isaac_muse:soupsieve:2.3.2.post1", - "purl": "pkg:pypi/soupsieve@2.3.2.post1" + "version": "2.4", + "supplier": { + "name": "Isaac Muse", + "contact": [ + { + "email": "use@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:isaac_muse:soupsieve:2.4:*:*:*:*:*:*:*", + "description": "A modern CSS selector implementation for Beautiful Soup.", + "purl": "pkg:pypi/soupsieve@2.4" }, { "type": "library", "bom-ref": "13-cvss", "name": "cvss", "version": "2.6", - "author": "Stanislav Red Hat Product Security", - "cpe": "cpe:/a:stanislav_red_hat_product_security:cvss:2.6", + "supplier": { + "name": "Stanislav Red Hat Product Security", + "contact": [ + { + "email": "skontar@redhat.com" + } + ] + }, + "cpe": "cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.6:*:*:*:*:*:*:*", + "description": "CVSS2/3 library with interactive calculator for Python 2 and Python 3", + "licenses": [ + { + "license": { + "name": "LGPLv3+" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/cvss@2.6" }, { @@ -210,8 +382,30 @@ "bom-ref": "14-defusedxml", "name": "defusedxml", "version": "0.7.1", - "author": "Christian Heimes", - "cpe": "cpe:/a:christian_heimes:defusedxml:0.7.1", + "supplier": { + "name": "Christian Heimes", + "contact": [ + { + "email": "christian@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:*", + "description": "XML bomb protection for Python stdlib modules", + "licenses": [ + { + "license": { + "name": "PSFL" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/tiran/defusedxml", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/defusedxml@0.7.1" }, { @@ -219,8 +413,16 @@ "bom-ref": "15-distro", "name": "distro", "version": "1.8.0", - "author": "Nir Cohen", - "cpe": "cpe:/a:nir_cohen:distro:1.8.0", + "supplier": { + "name": "Nir Cohen", + "contact": [ + { + "email": "nir36g@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:*", + "description": "Distro - an OS platform information API", "licenses": [ { "license": { @@ -229,15 +431,30 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/python-distro/distro", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/distro@1.8.0" }, { "type": "library", "bom-ref": "16-gsutil", "name": "gsutil", - "version": "5.19", - "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:gsutil:5.19", + "version": "5.21", + "supplier": { + "name": "Google Inc.", + "contact": [ + { + "email": "buganizer-system+187143@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:*", + "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { "license": { @@ -246,15 +463,30 @@ } } ], - "purl": "pkg:pypi/gsutil@5.19" + "externalReferences": [ + { + "url": "https://cloud.google.com/storage/docs/gsutil", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/gsutil@5.21" }, { "type": "library", "bom-ref": "17-argcomplete", "name": "argcomplete", - "version": "2.0.0", - "author": "Andrey Kislyuk", - "cpe": "cpe:/a:andrey_kislyuk:argcomplete:2.0.0", + "version": "3.0.5", + "supplier": { + "name": "Andrey Kislyuk", + "contact": [ + { + "email": "kislyuk@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:*", + "description": "Bash tab completion for argparse", "licenses": [ { "license": { @@ -263,15 +495,30 @@ } } ], - "purl": "pkg:pypi/argcomplete@2.0.0" + "externalReferences": [ + { + "url": "https://github.com/kislyuk/argcomplete", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/argcomplete@3.0.5" }, { "type": "library", "bom-ref": "18-crcmod", "name": "crcmod", "version": "1.7", - "author": "Ray Buvel", - "cpe": "cpe:/a:ray_buvel:crcmod:1.7", + "supplier": { + "name": "Ray Buvel", + "contact": [ + { + "email": "rlbuvel@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:*", + "description": "CRC Generator", "licenses": [ { "license": { @@ -280,6 +527,13 @@ } } ], + "externalReferences": [ + { + "url": "http://crcmod.sourceforge.net/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/crcmod@1.7" }, { @@ -287,8 +541,25 @@ "bom-ref": "19-fasteners", "name": "fasteners", "version": "0.18", - "author": "Joshua Harlow", - "cpe": "cpe:/a:joshua_harlow:fasteners:0.18", + "supplier": { + "name": "Joshua Harlow" + }, + "cpe": "cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:*", + "description": "A python package that provides useful locks", + "licenses": [ + { + "license": { + "name": "ASL 2.0" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/harlowja/fasteners", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/fasteners@0.18" }, { @@ -296,8 +567,16 @@ "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.0", - "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:gcs-oauth2-boto-plugin:3.0", + "supplier": { + "name": "Google Inc.", + "contact": [ + { + "email": "gs-team@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*", + "description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.", "licenses": [ { "license": { @@ -306,6 +585,13 @@ } } ], + "externalReferences": [ + { + "url": "https://developers.google.com/storage/docs/gspythonlibrary", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0" }, { @@ -313,8 +599,16 @@ "bom-ref": "21-boto", "name": "boto", "version": "2.49.0", - "author": "Mitch Garnaat", - "cpe": "cpe:/a:mitch_garnaat:boto:2.49.0", + "supplier": { + "name": "Mitch Garnaat", + "contact": [ + { + "email": "mitch@garnaat.com" + } + ] + }, + "cpe": "cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*", + "description": "Amazon Web Services Library", "licenses": [ { "license": { @@ -323,6 +617,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/boto/boto/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/boto@2.49.0" }, { @@ -330,8 +631,16 @@ "bom-ref": "22-google-reauth", "name": "google-reauth", "version": "0.1.1", - "author": "Google", - "cpe": "cpe:/a:google:google-reauth:0.1.1", + "supplier": { + "name": "Google", + "contact": [ + { + "email": "googleapis-publisher@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*", + "description": "Google Reauth Library", "licenses": [ { "license": { @@ -340,6 +649,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/Google/google-reauth-python", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/google-reauth@0.1.1" }, { @@ -347,8 +663,16 @@ "bom-ref": "23-pyu2f", "name": "pyu2f", "version": "0.1.5", - "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:pyu2f:0.1.5", + "supplier": { + "name": "Google Inc.", + "contact": [ + { + "email": "pyu2f-team@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*", + "description": "U2F host library for interacting with a U2F device over USB.", "licenses": [ { "license": { @@ -357,6 +681,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/google/pyu2f/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyu2f@0.1.5" }, { @@ -364,8 +695,16 @@ "bom-ref": "24-six", "name": "six", "version": "1.16.0", - "author": "Benjamin Peterson", - "cpe": "cpe:/a:benjamin_peterson:six:1.16.0", + "supplier": { + "name": "Benjamin Peterson", + "contact": [ + { + "email": "benjamin@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*", + "description": "Python 2 and 3 compatibility utilities", "licenses": [ { "license": { @@ -374,6 +713,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/benjaminp/six", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/six@1.16.0" }, { @@ -381,8 +727,16 @@ "bom-ref": "25-httplib2", "name": "httplib2", "version": "0.20.4", - "author": "Joe Gregorio", - "cpe": "cpe:/a:joe_gregorio:httplib2:0.20.4", + "supplier": { + "name": "Joe Gregorio", + "contact": [ + { + "email": "joe@bitworking.org" + } + ] + }, + "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*", + "description": "A comprehensive HTTP client library.", "licenses": [ { "license": { @@ -391,6 +745,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/httplib2/httplib2", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/httplib2@0.20.4" }, { @@ -398,8 +759,16 @@ "bom-ref": "26-pyparsing", "name": "pyparsing", "version": "3.0.9", - "author": "Paul McGuire", - "cpe": "cpe:/a:paul_mcguire:pyparsing:3.0.9", + "supplier": { + "name": "Paul McGuire", + "contact": [ + { + "email": "ptmcg.gm+pyparsing@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*:*:*", + "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "purl": "pkg:pypi/pyparsing@3.0.9" }, { @@ -407,8 +776,16 @@ "bom-ref": "27-oauth2client", "name": "oauth2client", "version": "4.1.3", - "author": "Google Inc.", - "cpe": "cpe:/a:google_inc.:oauth2client:4.1.3", + "supplier": { + "name": "Google Inc.", + "contact": [ + { + "email": "jonwayne+oauth2client@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*", + "description": "OAuth 2.0 client library", "licenses": [ { "license": { @@ -417,6 +794,13 @@ } } ], + "externalReferences": [ + { + "url": "http://github.com/google/oauth2client/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/oauth2client@4.1.3" }, { @@ -424,8 +808,30 @@ "bom-ref": "28-pyasn1", "name": "pyasn1", "version": "0.4.8", - "author": "Ilya Etingof", - "cpe": "cpe:/a:ilya_etingof:pyasn1:0.4.8", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:*", + "description": "ASN.1 types and codecs", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/etingof/pyasn1", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyasn1@0.4.8" }, { @@ -433,8 +839,16 @@ "bom-ref": "29-pyasn1-modules", "name": "pyasn1-modules", "version": "0.2.8", - "author": "Ilya Etingof", - "cpe": "cpe:/a:ilya_etingof:pyasn1-modules:0.2.8", + "supplier": { + "name": "Ilya Etingof", + "contact": [ + { + "email": "etingof@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:*", + "description": "A collection of ASN.1-based protocols modules.", "licenses": [ { "license": { @@ -443,6 +857,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/etingof/pyasn1-modules", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyasn1-modules@0.2.8" }, { @@ -450,17 +871,47 @@ "bom-ref": "30-rsa", "name": "rsa", "version": "4.7.2", - "author": "Sybren A. Stuvel", - "cpe": "cpe:/a:sybren_a._stuvel:rsa:4.7.2", + "supplier": { + "name": "Sybren A. Stuvel", + "contact": [ + { + "email": "sybren@stuvel.eu" + } + ] + }, + "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*", + "description": "Pure-Python RSA implementation", + "licenses": [ + { + "license": { + "name": "ASL 2" + } + } + ], + "externalReferences": [ + { + "url": "https://stuvel.eu/rsa", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/rsa@4.7.2" }, { "type": "library", "bom-ref": "31-pyopenssl", "name": "pyopenssl", - "version": "23.0.0", - "author": "The pyOpenSSL developers", - "cpe": "cpe:/a:the_pyopenssl_developers:pyopenssl:23.0.0", + "version": "23.1.0", + "supplier": { + "name": "The pyOpenSSL developers", + "contact": [ + { + "email": "cryptography-dev@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.0:*:*:*:*:*:*:*", + "description": "Python wrapper module around the OpenSSL library", "licenses": [ { "license": { @@ -469,24 +920,61 @@ } } ], - "purl": "pkg:pypi/pyopenssl@23.0.0" + "externalReferences": [ + { + "url": "https://pyopenssl.org/", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/pyopenssl@23.1.0" }, { "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "39.0.0", - "author": "The Python Cryptographic Authority and individual contributors", - "cpe": "cpe:/a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.0", - "purl": "pkg:pypi/cryptography@39.0.0" + "version": "40.0.1", + "supplier": { + "name": "The Python Cryptographic Authority and individual contributors", + "contact": [ + { + "email": "cryptography-dev@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.1:*:*:*:*:*:*:*", + "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", + "licenses": [ + { + "license": { + "name": "(Apache-2.0 OR BSD-3-Clause) AND PSF-2.0" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/pyca/cryptography", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/cryptography@40.0.1" }, { "type": "library", "bom-ref": "33-cffi", "name": "cffi", "version": "1.15.1", - "author": "Armin Maciej Fijalkowski", - "cpe": "cpe:/a:armin_maciej_fijalkowski:cffi:1.15.1", + "supplier": { + "name": "Armin Maciej Fijalkowski", + "contact": [ + { + "email": "python-cffi@googlegroups.com" + } + ] + }, + "cpe": "cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:*", + "description": "Foreign Function Interface for Python calling C code.", "licenses": [ { "license": { @@ -495,6 +983,13 @@ } } ], + "externalReferences": [ + { + "url": "http://cffi.readthedocs.org", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/cffi@1.15.1" }, { @@ -502,8 +997,30 @@ "bom-ref": "34-pycparser", "name": "pycparser", "version": "2.21", - "author": "Eli Bendersky", - "cpe": "cpe:/a:eli_bendersky:pycparser:2.21", + "supplier": { + "name": "Eli Bendersky", + "contact": [ + { + "email": "eliben@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:*", + "description": "C parser in Python", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/eliben/pycparser", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pycparser@2.21" }, { @@ -511,8 +1028,16 @@ "bom-ref": "35-retry-decorator", "name": "retry-decorator", "version": "1.1.1", - "author": "Patrick Ng", - "cpe": "cpe:/a:patrick_ng:retry-decorator:1.1.1", + "supplier": { + "name": "Patrick Ng", + "contact": [ + { + "email": "pn.appdev@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:*", + "description": "Retry Decorator", "licenses": [ { "license": { @@ -521,6 +1046,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/pnpnpn/retry-decorator", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/retry-decorator@1.1.1" }, { @@ -528,8 +1060,16 @@ "bom-ref": "36-google-apitools", "name": "google-apitools", "version": "0.5.32", - "author": "Craig Citro", - "cpe": "cpe:/a:craig_citro:google-apitools:0.5.32", + "supplier": { + "name": "Craig Citro", + "contact": [ + { + "email": "craigcitro@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*", + "description": "client libraries for humans", "licenses": [ { "license": { @@ -538,15 +1078,30 @@ } } ], + "externalReferences": [ + { + "url": "http://github.com/google/apitools", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/google-apitools@0.5.32" }, { "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.16.0", - "author": "Google Cloud Platform", - "cpe": "cpe:/a:google_cloud_platform:google-auth:2.16.0", + "version": "2.16.3", + "supplier": { + "name": "Google Cloud Platform", + "contact": [ + { + "email": "googleapis-packages@google.com" + } + ] + }, + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.16.3:*:*:*:*:*:*:*", + "description": "Google Authentication Library", "licenses": [ { "license": { @@ -555,15 +1110,30 @@ } } ], - "purl": "pkg:pypi/google-auth@2.16.0" + "externalReferences": [ + { + "url": "https://github.com/googleapis/google-auth-library-python", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/google-auth@2.16.3" }, { "type": "library", "bom-ref": "38-cachetools", "name": "cachetools", "version": "5.3.0", - "author": "Thomas Kemmer", - "cpe": "cpe:/a:thomas_kemmer:cachetools:5.3.0", + "supplier": { + "name": "Thomas Kemmer", + "contact": [ + { + "email": "tkemmer@computer.org" + } + ] + }, + "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:*", + "description": "Extensible memoizing collections and decorators", "licenses": [ { "license": { @@ -572,6 +1142,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/tkem/cachetools/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/cachetools@5.3.0" }, { @@ -579,8 +1156,30 @@ "bom-ref": "39-monotonic", "name": "monotonic", "version": "1.6", - "author": "Ori Livneh", - "cpe": "cpe:/a:ori_livneh:monotonic:1.6", + "supplier": { + "name": "Ori Livneh", + "contact": [ + { + "email": "ori@wikimedia.org" + } + ] + }, + "cpe": "cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*", + "description": "An implementation of time.monotonic() for Python 2 & < 3.3", + "licenses": [ + { + "license": { + "name": "Apache" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/atdt/monotonic", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/monotonic@1.6" }, { @@ -588,8 +1187,16 @@ "bom-ref": "40-jinja2", "name": "jinja2", "version": "3.1.2", - "author": "Armin Ronacher", - "cpe": "cpe:/a:armin_ronacher:jinja2:3.1.2", + "supplier": { + "name": "Armin Ronacher", + "contact": [ + { + "email": "armin.ronacher@active-4.com" + } + ] + }, + "cpe": "cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:*", + "description": "A very fast and expressive template engine.", "licenses": [ { "license": { @@ -598,6 +1205,13 @@ } } ], + "externalReferences": [ + { + "url": "https://palletsprojects.com/p/jinja/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/jinja2@3.1.2" }, { @@ -605,8 +1219,16 @@ "bom-ref": "41-markupsafe", "name": "markupsafe", "version": "2.1.2", - "author": "Armin Ronacher", - "cpe": "cpe:/a:armin_ronacher:markupsafe:2.1.2", + "supplier": { + "name": "Armin Ronacher", + "contact": [ + { + "email": "armin.ronacher@active-4.com" + } + ] + }, + "cpe": "cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:*", + "description": "Safely add untrusted strings to HTML/XML markup.", "licenses": [ { "license": { @@ -615,6 +1237,13 @@ } } ], + "externalReferences": [ + { + "url": "https://palletsprojects.com/p/markupsafe/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/markupsafe@2.1.2" }, { @@ -622,8 +1251,11 @@ "bom-ref": "42-jsonschema", "name": "jsonschema", "version": "4.17.3", - "author": "Julian Berman", - "cpe": "cpe:/a:julian_berman:jsonschema:4.17.3", + "supplier": { + "name": "Julian Berman" + }, + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:*", + "description": "An implementation of JSON Schema validation for Python", "licenses": [ { "license": { @@ -639,8 +1271,16 @@ "bom-ref": "43-pyrsistent", "name": "pyrsistent", "version": "0.19.3", - "author": "Tobias Gustafsson", - "cpe": "cpe:/a:tobias_gustafsson:pyrsistent:0.19.3", + "supplier": { + "name": "Tobias Gustafsson", + "contact": [ + { + "email": "tobias.l.gustafsson@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:*", + "description": "Persistent/Functional/Immutable data structures", "licenses": [ { "license": { @@ -649,6 +1289,13 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/tobgu/pyrsistent/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyrsistent@0.19.3" }, { @@ -656,17 +1303,47 @@ "bom-ref": "44-packaging", "name": "packaging", "version": "21.3", - "author": "Donald Stufft and individual contributors", - "cpe": "cpe:/a:donald_stufft_and_individual_contributors:packaging:21.3", + "supplier": { + "name": "Donald Stufft and individual contributors", + "contact": [ + { + "email": "donald@stufft.io" + } + ] + }, + "cpe": "cpe:2.3:a:donald_stufft_and_individual_contributors:packaging:21.3:*:*:*:*:*:*:*", + "description": "Core utilities for Python packages", + "licenses": [ + { + "license": { + "name": "BSD-2-Clause or Apache-2.0" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/pypa/packaging", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/packaging@21.3" }, { "type": "library", "bom-ref": "45-plotly", "name": "plotly", - "version": "5.13.0", - "author": "Chris P", - "cpe": "cpe:/a:chris_p:plotly:5.13.0", + "version": "5.13.1", + "supplier": { + "name": "Chris P", + "contact": [ + { + "email": "chris@plot.ly" + } + ] + }, + "cpe": "cpe:2.3:a:chris_p:plotly:5.13.1:*:*:*:*:*:*:*", + "description": "An open-source, interactive data visualization library for Python", "licenses": [ { "license": { @@ -675,15 +1352,30 @@ } } ], - "purl": "pkg:pypi/plotly@5.13.0" + "externalReferences": [ + { + "url": "https://plotly.com/python/", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/plotly@5.13.1" }, { "type": "library", "bom-ref": "46-tenacity", "name": "tenacity", - "version": "8.1.0", - "author": "Julien Danjou", - "cpe": "cpe:/a:julien_danjou:tenacity:8.1.0", + "version": "8.2.2", + "supplier": { + "name": "Julien Danjou", + "contact": [ + { + "email": "julien@danjou.info" + } + ] + }, + "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:*", + "description": "Retry code until it succeeds", "licenses": [ { "license": { @@ -692,15 +1384,30 @@ } } ], - "purl": "pkg:pypi/tenacity@8.1.0" + "externalReferences": [ + { + "url": "https://github.com/jd/tenacity", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/tenacity@8.2.2" }, { "type": "library", "bom-ref": "47-pyyaml", "name": "pyyaml", "version": "6.0", - "author": "Kirill Simonov", - "cpe": "cpe:/a:kirill_simonov:pyyaml:6.0", + "supplier": { + "name": "Kirill Simonov", + "contact": [ + { + "email": "xi@resolvent.net" + } + ] + }, + "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*", + "description": "YAML parser and emitter for Python", "licenses": [ { "license": { @@ -709,6 +1416,13 @@ } } ], + "externalReferences": [ + { + "url": "https://pyyaml.org/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pyyaml@6.0" }, { @@ -716,8 +1430,16 @@ "bom-ref": "48-requests", "name": "requests", "version": "2.28.2", - "author": "Kenneth Reitz", - "cpe": "cpe:/a:kenneth_reitz:requests:2.28.2", + "supplier": { + "name": "Kenneth Reitz", + "contact": [ + { + "email": "me@kennethreitz.org" + } + ] + }, + "cpe": "cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:*", + "description": "Python HTTP for Humans.", "licenses": [ { "license": { @@ -726,6 +1448,13 @@ } } ], + "externalReferences": [ + { + "url": "https://requests.readthedocs.io", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/requests@2.28.2" }, { @@ -733,8 +1462,16 @@ "bom-ref": "49-certifi", "name": "certifi", "version": "2022.12.7", - "author": "Kenneth Reitz", - "cpe": "cpe:/a:kenneth_reitz:certifi:2022.12.7", + "supplier": { + "name": "Kenneth Reitz", + "contact": [ + { + "email": "me@kennethreitz.com" + } + ] + }, + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:*", + "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { "license": { @@ -743,15 +1480,30 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/certifi/python-certifi", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/certifi@2022.12.7" }, { "type": "library", "bom-ref": "50-urllib3", "name": "urllib3", - "version": "1.26.14", - "author": "Andrey Petrov", - "cpe": "cpe:/a:andrey_petrov:urllib3:1.26.14", + "version": "1.26.15", + "supplier": { + "name": "Andrey Petrov", + "contact": [ + { + "email": "andrey.petrov@shazow.net" + } + ] + }, + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:*", + "description": "HTTP library with thread-safe connection pooling, file post, and more.", "licenses": [ { "license": { @@ -760,15 +1512,30 @@ } } ], - "purl": "pkg:pypi/urllib3@1.26.14" + "externalReferences": [ + { + "url": "https://urllib3.readthedocs.io/", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/urllib3@1.26.15" }, { "type": "library", "bom-ref": "51-rich", "name": "rich", - "version": "13.3.1", - "author": "Will McGugan", - "cpe": "cpe:/a:will_mcgugan:rich:13.3.1", + "version": "13.3.2", + "supplier": { + "name": "Will McGugan", + "contact": [ + { + "email": "willmcgugan@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.3.2:*:*:*:*:*:*:*", + "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { "license": { @@ -777,24 +1544,47 @@ } } ], - "purl": "pkg:pypi/rich@13.3.1" + "externalReferences": [ + { + "url": "https://github.com/Textualize/rich", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/rich@13.3.2" }, { "type": "library", "bom-ref": "52-markdown-it-py", "name": "markdown-it-py", - "version": "2.1.0", - "author": "Chris Sewell", - "cpe": "cpe:/a:chris_sewell:markdown-it-py:2.1.0", - "purl": "pkg:pypi/markdown-it-py@2.1.0" + "version": "2.2.0", + "supplier": { + "name": "Chris Sewell", + "contact": [ + { + "email": "chrisj_sewell@hotmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:*", + "description": "Python port of markdown-it. Markdown parsing, done right!", + "purl": "pkg:pypi/markdown-it-py@2.2.0" }, { "type": "library", "bom-ref": "53-mdurl", "name": "mdurl", "version": "0.1.2", - "author": "Taneli Hukkinen", - "cpe": "cpe:/a:taneli_hukkinen:mdurl:0.1.2", + "supplier": { + "name": "Taneli Hukkinen", + "contact": [ + { + "email": "hukkin@users.noreply.github.com" + } + ] + }, + "cpe": "cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:*", + "description": "Markdown URL utilities", "purl": "pkg:pypi/mdurl@0.1.2" }, { @@ -802,8 +1592,16 @@ "bom-ref": "54-pygments", "name": "pygments", "version": "2.14.0", - "author": "Georg Brandl", - "cpe": "cpe:/a:georg_brandl:pygments:2.14.0", + "supplier": { + "name": "Georg Brandl", + "contact": [ + { + "email": "georg@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:*:*:*", + "description": "Pygments is a syntax highlighting package written in Python.", "licenses": [ { "license": { @@ -812,15 +1610,30 @@ } } ], + "externalReferences": [ + { + "url": "https://pygments.org/", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/pygments@2.14.0" }, { "type": "library", "bom-ref": "55-rpmfile", "name": "rpmfile", - "version": "1.0.8", - "author": "Sean Ross", - "cpe": "cpe:/a:sean_ross:rpmfile:1.0.8", + "version": "1.1.1", + "supplier": { + "name": "Sean Ross", + "contact": [ + { + "email": "srossross@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:*", + "description": "Read rpm archive files", "licenses": [ { "license": { @@ -829,15 +1642,30 @@ } } ], - "purl": "pkg:pypi/rpmfile@1.0.8" + "externalReferences": [ + { + "url": "https://github.com/srossross/rpmfile", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/rpmfile@1.1.1" }, { "type": "library", "bom-ref": "56-toml", "name": "toml", "version": "0.10.2", - "author": "William Pearson", - "cpe": "cpe:/a:william_pearson:toml:0.10.2", + "supplier": { + "name": "William Pearson", + "contact": [ + { + "email": "uiri@xqz.ca" + } + ] + }, + "cpe": "cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:*", + "description": "Python Library for Tom's Obvious, Minimal Language", "licenses": [ { "license": { @@ -846,15 +1674,30 @@ } } ], + "externalReferences": [ + { + "url": "https://github.com/uiri/toml", + "type": "other", + "comment": "Home page for project" + } + ], "purl": "pkg:pypi/toml@0.10.2" }, { "type": "library", "bom-ref": "57-xmlschema", "name": "xmlschema", - "version": "2.1.1", - "author": "Davide Brunato", - "cpe": "cpe:/a:davide_brunato:xmlschema:2.1.1", + "version": "2.2.2", + "supplier": { + "name": "Davide Brunato", + "contact": [ + { + "email": "brunato@sissa.it" + } + ] + }, + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:*", + "description": "An XML Schema validator and decoder", "licenses": [ { "license": { @@ -863,15 +1706,30 @@ } } ], - "purl": "pkg:pypi/xmlschema@2.1.1" + "externalReferences": [ + { + "url": "https://github.com/sissaschool/xmlschema", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/xmlschema@2.2.2" }, { "type": "library", "bom-ref": "58-elementpath", "name": "elementpath", - "version": "3.0.2", - "author": "Davide Brunato", - "cpe": "cpe:/a:davide_brunato:elementpath:3.0.2", + "version": "4.1.0", + "supplier": { + "name": "Davide Brunato", + "contact": [ + { + "email": "brunato@sissa.it" + } + ] + }, + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.0:*:*:*:*:*:*:*", + "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { "license": { @@ -880,19 +1738,54 @@ } } ], - "purl": "pkg:pypi/elementpath@3.0.2" + "externalReferences": [ + { + "url": "https://github.com/sissaschool/elementpath", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/elementpath@4.1.0" }, { "type": "library", "bom-ref": "59-zstandard", "name": "zstandard", - "version": "0.19.0", - "author": "Gregory Szorc", - "cpe": "cpe:/a:gregory_szorc:zstandard:0.19.0", - "purl": "pkg:pypi/zstandard@0.19.0" + "version": "0.20.0", + "supplier": { + "name": "Gregory Szorc", + "contact": [ + { + "email": "gregory.szorc@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:*", + "description": "Zstandard bindings for Python", + "licenses": [ + { + "license": { + "name": "BSD" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/indygreg/python-zstandard", + "type": "other", + "comment": "Home page for project" + } + ], + "purl": "pkg:pypi/zstandard@0.20.0" } ], "dependencies": [ + { + "ref": "CDXRef-DOCUMENT", + "dependsOn": [ + "1-cve-bin-tool" + ] + }, { "ref": "1-cve-bin-tool", "dependsOn": [ diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 84d770fd06..e9561fb918 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -1,835 +1,890 @@ -SPDXVersion: SPDX-2.2 +SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT -DocumentName: cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/cve-bin-tool-4348ce8a-c0db-4e46-a2ad-09ec503018f0 -LicenseListVersion: 3.18 -Creator: Tool: sbom4python-0.7.0 -Created: 2023-01-30T00:22:56Z +DocumentName: Python-cve-bin-tool +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-cb06e765-f110-4d64-9d4e-dab1cfc4e950 +LicenseListVersion: 3.20 +Creator: Tool: sbom4python-0.8.0 +Created: 2023-03-27T01:36:03Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageSupplier: Person: Terri Oda (terri.oda@intel.com) PackageVersion: 3.2.1.dev0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Terri Oda (terri.oda@intel.com) +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.2.1.dev0 FilesAnalyzed: false -##### Reported license GPL-3.0-or-later +PackageHomePage: https://github.com/intel/cve-bin-tool PackageLicenseConcluded: GPL-3.0-or-later PackageLicenseDeclared: GPL-3.0-or-later PackageCopyrightText: NOASSERTION +PackageSummary: CVE Binary Checker Tool ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cve-bin-tool@3.2.1.dev0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.1.dev0:*:*:*:*:*:*:* ##### PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp +PackageVersion: 3.8.4 PackageSupplier: NOASSERTION -PackageVersion: 3.8.3 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.3 +PackageSummary: Async http client/server framework (asyncio) +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4 ##### PackageName: aiosignal SPDXID: SPDXRef-Package-3-aiosignal -PackageSupplier: NOASSERTION PackageVersion: 1.3.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/aio-libs/aiosignal PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: aiosignal: a list of registered asynchronous callbacks ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist SPDXID: SPDXRef-Package-4-frozenlist -PackageSupplier: NOASSERTION PackageVersion: 1.3.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: A list-like structure which implements collections.abc.MutableSequence ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3 ##### PackageName: async-timeout SPDXID: SPDXRef-Package-5-async-timeout -PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) PackageVersion: 4.0.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.2 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/async-timeout PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Timeout context manager for asyncio programs ExternalRef: PACKAGE-MANAGER purl pkg:pypi/async-timeout@4.0.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.2:*:*:*:*:*:*:* ##### PackageName: attrs SPDXID: SPDXRef-Package-6-attrs -PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) PackageVersion: 22.2.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) +PackageDownloadLocation: https://pypi.org/project/attrs/22.2.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://www.attrs.org/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Classes Without Boilerplate ExternalRef: PACKAGE-MANAGER purl pkg:pypi/attrs@22.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:22.2.0:*:*:*:*:*:*:* ##### PackageName: charset-normalizer SPDXID: SPDXRef-Package-7-charset-normalizer -PackageSupplier: Organization: Ahmed TAHRI Ousret (ahmed.tahri@cloudnursery.dev) -PackageVersion: 2.1.1 -PackageDownloadLocation: NOASSERTION +PackageVersion: 3.1.0 +PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.1.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/Ousret/charset_normalizer PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@2.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri_ousret:charset-normalizer:2.1.1:*:*:*:*:*:*:* +PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:* ##### PackageName: multidict SPDXID: SPDXRef-Package-8-multidict -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageVersion: 6.0.4 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/multidict/6.0.4 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/multidict PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: multidict implementation ExternalRef: PACKAGE-MANAGER purl pkg:pypi/multidict@6.0.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.4:*:*:*:*:*:*:* ##### PackageName: yarl SPDXID: SPDXRef-Package-9-yarl -PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) PackageVersion: 1.8.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/yarl/1.8.2 FilesAnalyzed: false -##### Reported license Apache 2 +PackageHomePage: https://github.com/aio-libs/yarl/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Yet another URL library ExternalRef: PACKAGE-MANAGER purl pkg:pypi/yarl@1.8.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.8.2:*:*:*:*:*:*:* ##### PackageName: idna SPDXID: SPDXRef-Package-10-idna -PackageSupplier: Person: Kim Davies (kim@cynosure.com.au) PackageVersion: 3.4 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Kim Davies (kim@cynosure.com.au) +PackageDownloadLocation: https://pypi.org/project/idna/3.4 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION +PackageSummary: Internationalized Domain Names in Applications (IDNA) ExternalRef: PACKAGE-MANAGER purl pkg:pypi/idna@3.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.4:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 SPDXID: SPDXRef-Package-11-beautifulsoup4 +PackageVersion: 4.12.0 PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) -PackageVersion: 4.11.1 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.11.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.11.1:*:*:*:*:*:*:* +PackageSummary: Screen-scraping library +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/beautifulsoup4@4.12.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12.0:*:*:*:*:*:*:* ##### PackageName: soupsieve SPDXID: SPDXRef-Package-12-soupsieve +PackageVersion: 2.4 PackageSupplier: Person: Isaac Muse (use@gmail.com) -PackageVersion: 2.3.2.post1 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/soupsieve/2.4 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.3.2.post1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.3.2.post1:*:*:*:*:*:*:* +PackageSummary: A modern CSS selector implementation for Beautiful Soup. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/soupsieve@2.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.4:*:*:*:*:*:*:* ##### PackageName: cvss SPDXID: SPDXRef-Package-13-cvss -PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) PackageVersion: 2.6 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) +PackageDownloadLocation: https://pypi.org/project/cvss/2.6 FilesAnalyzed: false -##### Reported license LGPLv3+ -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/RedHatProductSecurity/cvss +PackageLicenseConcluded: LGPLv3+ +PackageLicenseDeclared: LGPLv3+ PackageCopyrightText: NOASSERTION +PackageSummary: CVSS2/3 library with interactive calculator for Python 2 and Python 3 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cvss@2.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvss:2.6:*:*:*:*:*:*:* ##### PackageName: defusedxml SPDXID: SPDXRef-Package-14-defusedxml -PackageSupplier: Person: Christian Heimes (christian@python.org) PackageVersion: 0.7.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Christian Heimes (christian@python.org) +PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1 FilesAnalyzed: false -##### Reported license PSFL -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/tiran/defusedxml +PackageLicenseConcluded: PSFL +PackageLicenseDeclared: PSFL PackageCopyrightText: NOASSERTION +PackageSummary: XML bomb protection for Python stdlib modules ExternalRef: PACKAGE-MANAGER purl pkg:pypi/defusedxml@0.7.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*:*:*:*:*:* ##### PackageName: distro SPDXID: SPDXRef-Package-15-distro -PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) PackageVersion: 1.8.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) +PackageDownloadLocation: https://pypi.org/project/distro/1.8.0 FilesAnalyzed: false -##### Reported license Apache License, Version 2.0 +PackageHomePage: https://github.com/python-distro/distro PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Distro - an OS platform information API ExternalRef: PACKAGE-MANAGER purl pkg:pypi/distro@1.8.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.8.0:*:*:*:*:*:*:* ##### PackageName: gsutil SPDXID: SPDXRef-Package-16-gsutil +PackageVersion: 5.21 PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageVersion: 5.19 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/gsutil/5.21 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.19 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.19:*:*:*:*:*:*:* +PackageSummary: A command line tool for interacting with cloud storage services. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gsutil@5.21 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.21:*:*:*:*:*:*:* ##### PackageName: argcomplete SPDXID: SPDXRef-Package-17-argcomplete +PackageVersion: 3.0.5 PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageVersion: 2.0.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.0.5 FilesAnalyzed: false -##### Reported license Apache Software License +PackageHomePage: https://github.com/kislyuk/argcomplete PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@2.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:2.0.0:*:*:*:*:*:*:* +PackageSummary: Bash tab completion for argparse +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/argcomplete@3.0.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.0.5:*:*:*:*:*:*:* ##### PackageName: crcmod SPDXID: SPDXRef-Package-18-crcmod -PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) PackageVersion: 1.7 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) +PackageDownloadLocation: https://pypi.org/project/crcmod/1.7 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: http://crcmod.sourceforge.net/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: CRC Generator ExternalRef: PACKAGE-MANAGER purl pkg:pypi/crcmod@1.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners SPDXID: SPDXRef-Package-19-fasteners -PackageSupplier: Person: Joshua Harlow PackageVersion: 0.18 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Joshua Harlow +PackageDownloadLocation: https://pypi.org/project/fasteners/0.18 FilesAnalyzed: false -##### Reported license ASL 2.0 -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/harlowja/fasteners +PackageLicenseConcluded: ASL 2.0 +PackageLicenseDeclared: ASL 2.0 PackageCopyrightText: NOASSERTION +PackageSummary: A python package that provides useful locks ExternalRef: PACKAGE-MANAGER purl pkg:pypi/fasteners@0.18 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.18:*:*:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin -PackageSupplier: Person: Google Inc. (gs-team@google.com) PackageVersion: 3.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Google Inc. (gs-team@google.com) +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:* ##### PackageName: boto SPDXID: SPDXRef-Package-21-boto -PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) PackageVersion: 2.49.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/boto/boto/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Amazon Web Services Library ExternalRef: PACKAGE-MANAGER purl pkg:pypi/boto@2.49.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:* ##### PackageName: google-reauth SPDXID: SPDXRef-Package-22-google-reauth -PackageSupplier: Person: Google (googleapis-publisher@google.com) PackageVersion: 0.1.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Google (googleapis-publisher@google.com) +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/Google/google-reauth-python PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Google Reauth Library ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-reauth@0.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:* ##### PackageName: pyu2f SPDXID: SPDXRef-Package-23-pyu2f -PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) PackageVersion: 0.1.5 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/google/pyu2f/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: U2F host library for interacting with a U2F device over USB. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyu2f@0.1.5 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: six SPDXID: SPDXRef-Package-24-six -PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) PackageVersion: 1.16.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) +PackageDownloadLocation: https://pypi.org/project/six/1.16.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/benjaminp/six PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Python 2 and 3 compatibility utilities ExternalRef: PACKAGE-MANAGER purl pkg:pypi/six@1.16.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:* ##### PackageName: httplib2 SPDXID: SPDXRef-Package-25-httplib2 -PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) PackageVersion: 0.20.4 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) +PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/httplib2/httplib2 PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: A comprehensive HTTP client library. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/httplib2@0.20.4 ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:* ##### PackageName: pyparsing SPDXID: SPDXRef-Package-26-pyparsing -PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) PackageVersion: 3.0.9 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.0.9 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION +PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.0.9 ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.0.9:*:*:*:*:*:*:* ##### PackageName: oauth2client SPDXID: SPDXRef-Package-27-oauth2client -PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) PackageVersion: 4.1.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: http://github.com/google/oauth2client/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: OAuth 2.0 client library ExternalRef: PACKAGE-MANAGER purl pkg:pypi/oauth2client@4.1.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:* ##### PackageName: pyasn1 SPDXID: SPDXRef-Package-28-pyasn1 -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageVersion: 0.4.8 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.4.8 FilesAnalyzed: false -##### Reported license BSD -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/etingof/pyasn1 +PackageLicenseConcluded: BSD +PackageLicenseDeclared: BSD PackageCopyrightText: NOASSERTION +PackageSummary: ASN.1 types and codecs ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1@0.4.8 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.4.8:*:*:*:*:*:*:* ##### PackageName: pyasn1-modules SPDXID: SPDXRef-Package-29-pyasn1-modules -PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) PackageVersion: 0.2.8 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.2.8 FilesAnalyzed: false -##### Reported license BSD-2-Clause +PackageHomePage: https://github.com/etingof/pyasn1-modules PackageLicenseConcluded: BSD-2-Clause PackageLicenseDeclared: BSD-2-Clause PackageCopyrightText: NOASSERTION +PackageSummary: A collection of ASN.1-based protocols modules. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyasn1-modules@0.2.8 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.2.8:*:*:*:*:*:*:* ##### PackageName: rsa SPDXID: SPDXRef-Package-30-rsa -PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) PackageVersion: 4.7.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 FilesAnalyzed: false -##### Reported license ASL 2 -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://stuvel.eu/rsa +PackageLicenseConcluded: ASL 2 +PackageLicenseDeclared: ASL 2 PackageCopyrightText: NOASSERTION +PackageSummary: Pure-Python RSA implementation ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rsa@4.7.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:* ##### PackageName: pyopenssl SPDXID: SPDXRef-Package-31-pyopenssl +PackageVersion: 23.1.0 PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageVersion: 23.0.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/23.1.0 FilesAnalyzed: false -##### Reported license Apache License, Version 2.0 +PackageHomePage: https://pyopenssl.org/ PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.0.0:*:*:*:*:*:*:* +PackageSummary: Python wrapper module around the OpenSSL library +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyopenssl@23.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23.1.0:*:*:*:*:*:*:* ##### PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography +PackageVersion: 40.0.1 PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageVersion: 39.0.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/cryptography/40.0.1 FilesAnalyzed: false -##### Reported license (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/pyca/cryptography +PackageLicenseConcluded: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 +PackageLicenseDeclared: (Apache-2.0 OR BSD-3-Clause) AND PSF-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@39.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:39.0.0:*:*:*:*:*:*:* +PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@40.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:40.0.1:*:*:*:*:*:*:* ##### PackageName: cffi SPDXID: SPDXRef-Package-33-cffi -PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) PackageVersion: 1.15.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) +PackageDownloadLocation: https://pypi.org/project/cffi/1.15.1 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: http://cffi.readthedocs.org PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Foreign Function Interface for Python calling C code. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cffi@1.15.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.15.1:*:*:*:*:*:*:* ##### PackageName: pycparser SPDXID: SPDXRef-Package-34-pycparser -PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) PackageVersion: 2.21 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pycparser/2.21 FilesAnalyzed: false -##### Reported license BSD -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/eliben/pycparser +PackageLicenseConcluded: BSD +PackageLicenseDeclared: BSD PackageCopyrightText: NOASSERTION +PackageSummary: C parser in Python ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pycparser@2.21 ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.21:*:*:*:*:*:*:* ##### PackageName: retry-decorator SPDXID: SPDXRef-Package-35-retry-decorator -PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) PackageVersion: 1.1.1 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) +PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/pnpnpn/retry-decorator PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Retry Decorator ExternalRef: PACKAGE-MANAGER purl pkg:pypi/retry-decorator@1.1.1 ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*:*:*:*:* ##### PackageName: google-apitools SPDXID: SPDXRef-Package-36-google-apitools -PackageSupplier: Person: Craig Citro (craigcitro@google.com) PackageVersion: 0.5.32 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Craig Citro (craigcitro@google.com) +PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: http://github.com/google/apitools PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: client libraries for humans ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-apitools@0.5.32 ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:* ##### PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth +PackageVersion: 2.16.3 PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageVersion: 2.16.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/google-auth/2.16.3 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/googleapis/google-auth-library-python PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.0:*:*:*:*:*:*:* +PackageSummary: Google Authentication Library +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.16.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.16.3:*:*:*:*:*:*:* ##### PackageName: cachetools SPDXID: SPDXRef-Package-38-cachetools -PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) PackageVersion: 5.3.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) +PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/tkem/cachetools/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Extensible memoizing collections and decorators ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cachetools@5.3.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.0:*:*:*:*:*:*:* ##### PackageName: monotonic SPDXID: SPDXRef-Package-39-monotonic -PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) PackageVersion: 1.6 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) +PackageDownloadLocation: https://pypi.org/project/monotonic/1.6 FilesAnalyzed: false -##### Reported license Apache -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/atdt/monotonic +PackageLicenseConcluded: Apache +PackageLicenseDeclared: Apache PackageCopyrightText: NOASSERTION +PackageSummary: An implementation of time.monotonic() for Python 2 & < 3.3 ExternalRef: PACKAGE-MANAGER purl pkg:pypi/monotonic@1.6 ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 SPDXID: SPDXRef-Package-40-jinja2 -PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) PackageVersion: 3.1.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) +PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.2 FilesAnalyzed: false -##### Reported license BSD-3-Clause +PackageHomePage: https://palletsprojects.com/p/jinja/ PackageLicenseConcluded: BSD-3-Clause PackageLicenseDeclared: BSD-3-Clause PackageCopyrightText: NOASSERTION +PackageSummary: A very fast and expressive template engine. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jinja2@3.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:jinja2:3.1.2:*:*:*:*:*:*:* ##### PackageName: markupsafe SPDXID: SPDXRef-Package-41-markupsafe -PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) PackageVersion: 2.1.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Armin Ronacher (armin.ronacher@active-4.com) +PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.2 FilesAnalyzed: false -##### Reported license BSD-3-Clause +PackageHomePage: https://palletsprojects.com/p/markupsafe/ PackageLicenseConcluded: BSD-3-Clause PackageLicenseDeclared: BSD-3-Clause PackageCopyrightText: NOASSERTION +PackageSummary: Safely add untrusted strings to HTML/XML markup. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_ronacher:markupsafe:2.1.2:*:*:*:*:*:*:* ##### PackageName: jsonschema SPDXID: SPDXRef-Package-42-jsonschema -PackageSupplier: Person: Julian Berman PackageVersion: 4.17.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.17.3 FilesAnalyzed: false -##### Reported license MIT PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: An implementation of JSON Schema validation for Python ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.17.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:* ##### PackageName: pyrsistent SPDXID: SPDXRef-Package-43-pyrsistent -PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) PackageVersion: 0.19.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) +PackageDownloadLocation: https://pypi.org/project/pyrsistent/0.19.3 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/tobgu/pyrsistent/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Persistent/Functional/Immutable data structures ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyrsistent@0.19.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:* ##### PackageName: packaging SPDXID: SPDXRef-Package-44-packaging -PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) PackageVersion: 21.3 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) +PackageDownloadLocation: https://pypi.org/project/packaging/21.3 FilesAnalyzed: false -##### Reported license BSD-2-Clause or Apache-2.0 -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/pypa/packaging +PackageLicenseConcluded: BSD-2-Clause or Apache-2.0 +PackageLicenseDeclared: BSD-2-Clause or Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Core utilities for Python packages ExternalRef: PACKAGE-MANAGER purl pkg:pypi/packaging@21.3 ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contributors:packaging:21.3:*:*:*:*:*:*:* ##### PackageName: plotly SPDXID: SPDXRef-Package-45-plotly +PackageVersion: 5.13.1 PackageSupplier: Person: Chris P (chris@plot.ly) -PackageVersion: 5.13.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/plotly/5.13.1 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://plotly.com/python/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.13.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.0:*:*:*:*:*:*:* +PackageSummary: An open-source, interactive data visualization library for Python +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/plotly@5.13.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.13.1:*:*:*:*:*:*:* ##### PackageName: tenacity SPDXID: SPDXRef-Package-46-tenacity +PackageVersion: 8.2.2 PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageVersion: 8.1.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/tenacity/8.2.2 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://github.com/jd/tenacity PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.1.0:*:*:*:*:*:*:* +PackageSummary: Retry code until it succeeds +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/tenacity@8.2.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:*:*:* ##### PackageName: pyyaml SPDXID: SPDXRef-Package-47-pyyaml -PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) PackageVersion: 6.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) +PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://pyyaml.org/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: YAML parser and emitter for Python ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:* ##### PackageName: requests SPDXID: SPDXRef-Package-48-requests -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) PackageVersion: 2.28.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) +PackageDownloadLocation: https://pypi.org/project/requests/2.28.2 FilesAnalyzed: false -##### Reported license Apache 2.0 +PackageHomePage: https://requests.readthedocs.io PackageLicenseConcluded: Apache-2.0 PackageLicenseDeclared: Apache-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Python HTTP for Humans. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/requests@2.28.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.28.2:*:*:*:*:*:*:* ##### PackageName: certifi SPDXID: SPDXRef-Package-49-certifi -PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) PackageVersion: 2022.12.7 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) +PackageDownloadLocation: https://pypi.org/project/certifi/2022.12.7 FilesAnalyzed: false -##### Reported license MPL-2.0 +PackageHomePage: https://github.com/certifi/python-certifi PackageLicenseConcluded: MPL-2.0 PackageLicenseDeclared: MPL-2.0 PackageCopyrightText: NOASSERTION +PackageSummary: Python package for providing Mozilla's CA Bundle. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2022.12.7 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2022.12.7:*:*:*:*:*:*:* ##### PackageName: urllib3 SPDXID: SPDXRef-Package-50-urllib3 +PackageVersion: 1.26.15 PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageVersion: 1.26.14 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/urllib3/1.26.15 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://urllib3.readthedocs.io/ PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.14 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.14:*:*:*:*:*:*:* +PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/urllib3@1.26.15 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:1.26.15:*:*:*:*:*:*:* ##### PackageName: rich SPDXID: SPDXRef-Package-51-rich +PackageVersion: 13.3.2 PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageVersion: 13.3.1 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/rich/13.3.2 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/Textualize/rich PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.1:*:*:*:*:*:*:* +PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.3.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py SPDXID: SPDXRef-Package-52-markdown-it-py +PackageVersion: 2.2.0 PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) -PackageVersion: 2.1.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/markdown-it-py/2.2.0 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.1.0:*:*:*:*:*:*:* +PackageSummary: Python port of markdown-it. Markdown parsing, done right! +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markdown-it-py@2.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:2.2.0:*:*:*:*:*:*:* ##### PackageName: mdurl SPDXID: SPDXRef-Package-53-mdurl -PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) PackageVersion: 0.1.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) +PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2 FilesAnalyzed: false -##### Reported license PackageLicenseConcluded: NOASSERTION PackageLicenseDeclared: NOASSERTION PackageCopyrightText: NOASSERTION +PackageSummary: Markdown URL utilities ExternalRef: PACKAGE-MANAGER purl pkg:pypi/mdurl@0.1.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:*:* ##### PackageName: pygments SPDXID: SPDXRef-Package-54-pygments -PackageSupplier: Person: Georg Brandl (georg@python.org) PackageVersion: 2.14.0 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: Georg Brandl (georg@python.org) +PackageDownloadLocation: https://pypi.org/project/Pygments/2.14.0 FilesAnalyzed: false -##### Reported license BSD-2-Clause +PackageHomePage: https://pygments.org/ PackageLicenseConcluded: BSD-2-Clause PackageLicenseDeclared: BSD-2-Clause PackageCopyrightText: NOASSERTION +PackageSummary: Pygments is a syntax highlighting package written in Python. ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.14.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.14.0:*:*:*:*:*:*:* ##### PackageName: rpmfile SPDXID: SPDXRef-Package-55-rpmfile +PackageVersion: 1.1.1 PackageSupplier: Person: Sean Ross (srossross@gmail.com) -PackageVersion: 1.0.8 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/rpmfile/1.1.1 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/srossross/rpmfile PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.0.8 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.0.8:*:*:*:*:*:*:* +PackageSummary: Read rpm archive files +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpmfile@1.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:* ##### PackageName: toml SPDXID: SPDXRef-Package-56-toml -PackageSupplier: Person: William Pearson (uiri@xqz.ca) PackageVersion: 0.10.2 -PackageDownloadLocation: NOASSERTION +PackageSupplier: Person: William Pearson (uiri@xqz.ca) +PackageDownloadLocation: https://pypi.org/project/toml/0.10.2 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/uiri/toml PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION +PackageSummary: Python Library for Tom's Obvious, Minimal Language ExternalRef: PACKAGE-MANAGER purl pkg:pypi/toml@0.10.2 ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:*:* ##### PackageName: xmlschema SPDXID: SPDXRef-Package-57-xmlschema +PackageVersion: 2.2.2 PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageVersion: 2.1.1 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/xmlschema/2.2.2 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.1.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.1.1:*:*:*:*:*:*:* +PackageSummary: An XML Schema validator and decoder +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.2.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.2.2:*:*:*:*:*:*:* ##### PackageName: elementpath SPDXID: SPDXRef-Package-58-elementpath +PackageVersion: 4.1.0 PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageVersion: 3.0.2 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.0 FilesAnalyzed: false -##### Reported license MIT +PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseConcluded: MIT PackageLicenseDeclared: MIT PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@3.0.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:3.0.2:*:*:*:*:*:*:* +PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.0:*:*:*:*:*:*:* ##### PackageName: zstandard SPDXID: SPDXRef-Package-59-zstandard +PackageVersion: 0.20.0 PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) -PackageVersion: 0.19.0 -PackageDownloadLocation: NOASSERTION +PackageDownloadLocation: https://pypi.org/project/zstandard/0.20.0 FilesAnalyzed: false -##### Reported license BSD -PackageLicenseConcluded: NOASSERTION -PackageLicenseDeclared: NOASSERTION +PackageHomePage: https://github.com/indygreg/python-zstandard +PackageLicenseConcluded: BSD +PackageLicenseDeclared: BSD PackageCopyrightText: NOASSERTION -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.19.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.19.0:*:*:*:*:*:*:* +PackageSummary: Zstandard bindings for Python +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zstandard@0.20.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.20.0:*:*:*:*:*:*:* +##### + Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-cvss