diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index f0e9b3852f..f0a728f3c5 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -40,6 +40,7 @@ bcca bdbd bdist bestpractices +bfb bhargavh bigbird bind @@ -67,8 +68,10 @@ bzip c cabextract capnproto +cbt CDNs ceph +cfa cfea cff chaitanyamogal @@ -136,6 +139,8 @@ dgst dhclient dhcpcd dhcpd +dio +Dio distro distros dmidecode @@ -175,6 +180,7 @@ exiv expat exploitability Exploitablity +extenstion f faad facebook @@ -192,6 +198,7 @@ filterdiv firefox flac fluidsynth +flutterchina freeradius freerdp FReeshabh @@ -217,6 +224,7 @@ Gemfiles geopy getenv gettext +GHSA gimp Giridhar git @@ -386,6 +394,7 @@ lz mailx malloc malware +Management Manjaro mariadb mariuszskon @@ -427,14 +436,16 @@ msys mtr mupdf mutt +myapp +myappvendor myfork mypy mysource mysql Mystylesheet MYUSERNAME -namespaces namespace +namespaces nano nasm nbd @@ -463,6 +474,7 @@ noreferrer nosec nowdailynever nplurals +npm ntfs ntia ntp @@ -570,6 +582,7 @@ renv reportlab requirementstxt rhythmrx +Rishabh Romi rossburton rpm @@ -652,6 +665,7 @@ tesseract testfiles tgz thrift +throughout thttpd thunderbird timeline @@ -696,9 +710,11 @@ utf util utkarsh utm +uuid varnish venv VEXs +vextype vfy vim virtualenv @@ -709,6 +725,7 @@ Vorbis vorbis VPkg vsftpd +Vulnerability Vulnerabity vulnerablities vulnerablity diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 792331fd4a..fd3171373d 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1,12 +1,5 @@ Interoperability -csvjsonconsolehtml cyclonedx -nvdjson -mirrorapiapi -jsonapi -jsonapiapi -lowmediumhighcritical -nowdailyneverlatest rdf sbom spdx diff --git a/.github/workflows/build-wheel.yml b/.github/workflows/build-wheel.yml index 192dadeda5..479ba1aef1 100644 --- a/.github/workflows/build-wheel.yml +++ b/.github/workflows/build-wheel.yml @@ -10,7 +10,7 @@ on: jobs: build: name: Build wheel - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} permissions: id-token: write attestations: write diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index f413bf1b90..3327df7652 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -26,7 +26,7 @@ permissions: jobs: analyze: name: Analyze - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} permissions: actions: read contents: read @@ -51,7 +51,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index c03063c5d3..9901fdb5af 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -11,7 +11,7 @@ permissions: jobs: coverity: - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 diff --git a/.github/workflows/cve_bin_tool_action.yml b/.github/workflows/cve_bin_tool_action.yml index e1b0624b94..cdf5f45c47 100644 --- a/.github/workflows/cve_bin_tool_action.yml +++ b/.github/workflows/cve_bin_tool_action.yml @@ -11,7 +11,7 @@ jobs: scan: permissions: security-events: write - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - uses: intel/cve-bin-tool-action@main with: diff --git a/.github/workflows/cve_scan.yml b/.github/workflows/cve_scan.yml index 94fc746ac3..874d847cd7 100644 --- a/.github/workflows/cve_scan.yml +++ b/.github/workflows/cve_scan.yml @@ -11,8 +11,8 @@ permissions: jobs: cve_scan: name: CVE scan on dependencies - runs-on: ubuntu-22.04 - timeout-minutes: 10 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} + timeout-minutes: 30 steps: - name: Harden Runner uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 693e437b4e..031421650d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -14,7 +14,7 @@ permissions: jobs: dependency-review: - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index d5f0a35f8a..978149ff0e 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -16,7 +16,7 @@ jobs: contents: write # for peter-evans/create-pull-request to create branch pull-requests: write # for peter-evans/create-pull-request to create a PR name: Update checkers table - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml index 29d861a396..19c87446d1 100644 --- a/.github/workflows/fuzzing.yml +++ b/.github/workflows/fuzzing.yml @@ -12,7 +12,7 @@ permissions: jobs: fuzzing: name: Fuzzing - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} if: github.event.repository.fork == false steps: - name: Check out code diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 9ec0b315f5..13cb56331e 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -11,7 +11,7 @@ permissions: jobs: linting: name: Linting - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} strategy: fail-fast: false matrix: diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 943c3e0f8a..2f888ca7c8 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -16,7 +16,7 @@ jobs: pull-requests: write # for peter-evans/create-pull-request to create a PR name: Generate SBOM if: github.repository == 'intel/cve-bin-tool' # for SBOM generation on forks - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} strategy: matrix: python: ['3.8', '3.9', '3.10', '3.11', '3.12'] diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 61764d819a..cce5fe9c34 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -15,7 +15,7 @@ permissions: read-all jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} permissions: security-events: write id-token: write @@ -32,7 +32,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 14d5b1aec6..6afcc2ce84 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -11,7 +11,7 @@ jobs: contents: read pull-requests: read actions: read - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 7923ea69b6..f9781813b3 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -36,7 +36,7 @@ jobs: github.head_ref ) ) - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 @@ -69,11 +69,11 @@ jobs: name: Linux tests permissions: contents: read - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} strategy: matrix: python: ['3.8', '3.9', '3.11', '3.12'] - timeout-minutes: 60 + timeout-minutes: 90 steps: - name: Harden Runner uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0 @@ -197,8 +197,8 @@ jobs: github.head_ref ) ) - runs-on: ubuntu-22.04 - timeout-minutes: 90 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} + timeout-minutes: 120 env: LONG_TESTS: 1 steps: @@ -359,7 +359,7 @@ jobs: github.head_ref ) ) - runs-on: ubuntu-22.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} timeout-minutes: 45 env: EXTERNAL_SYSTEM: 1 diff --git a/.github/workflows/update-cache.yml b/.github/workflows/update-cache.yml index b3f9b7faae..51231fbdf4 100644 --- a/.github/workflows/update-cache.yml +++ b/.github/workflows/update-cache.yml @@ -23,7 +23,7 @@ jobs: linux: if: github.repository == 'intel/cve-bin-tool' name: Update linux cached database - runs-on: ubuntu-20.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} timeout-minutes: 60 steps: - name: Harden Runner diff --git a/.github/workflows/update-js-dependencies.yml b/.github/workflows/update-js-dependencies.yml index b8f1bdd24b..f229de6e3b 100644 --- a/.github/workflows/update-js-dependencies.yml +++ b/.github/workflows/update-js-dependencies.yml @@ -18,7 +18,7 @@ jobs: permissions: contents: write # for peter-evans/create-pull-request to create branch pull-requests: write # for peter-evans/create-pull-request to create a PR - runs-on: ubuntu-20.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner diff --git a/.github/workflows/update-pre-commit.yml b/.github/workflows/update-pre-commit.yml index 53af72ab83..102682d1b5 100644 --- a/.github/workflows/update-pre-commit.yml +++ b/.github/workflows/update-pre-commit.yml @@ -18,7 +18,7 @@ jobs: permissions: contents: write # for peter-evans/create-pull-request to create branch pull-requests: write # for peter-evans/create-pull-request to create a PR - runs-on: ubuntu-20.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner diff --git a/.github/workflows/update-spdx-header.yml b/.github/workflows/update-spdx-header.yml index 76c3fc746b..5878cddf54 100644 --- a/.github/workflows/update-spdx-header.yml +++ b/.github/workflows/update-spdx-header.yml @@ -19,7 +19,7 @@ jobs: contents: write # for peter-evans/create-pull-request to create branch pull-requests: write # for peter-evans/create-pull-request to create a PR name: Update spdx header - runs-on: ubuntu-20.04 + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner diff --git a/.github/workflows/validate-yml.yml b/.github/workflows/validate-yml.yml index cfed593596..f5dcc6cc63 100644 --- a/.github/workflows/validate-yml.yml +++ b/.github/workflows/validate-yml.yml @@ -8,7 +8,7 @@ on: jobs: validate-yml: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }} steps: - name: Harden Runner diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5bd799a0b0..b562440781 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -20,7 +20,7 @@ repos: exclude: ^fuzz/generated/ - repo: https://github.com/asottile/pyupgrade - rev: v3.16.0 + rev: v3.17.0 hooks: - id: pyupgrade exclude: ^fuzz/generated/ @@ -45,7 +45,7 @@ repos: - id: gitlint - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.10.1 + rev: v1.11.1 hooks: - id: mypy additional_dependencies: diff --git a/dev-requirements.txt b/dev-requirements.txt index 9ea3f2b936..e48ad15cf0 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -2,13 +2,13 @@ black==24.4.2 isort; python_version < "3.8" isort==5.13.2; python_version >= "3.8" pre-commit; python_version <= "3.8" -pre-commit==3.7.1; python_version > "3.8" +pre-commit==3.8.0; python_version > "3.8" flake8; python_version < "3.8" flake8==7.1.0; python_version >= "3.8" bandit==1.7.9 gitlint==v0.19.1 interrogate -mypy==v1.10.1 +mypy==v1.11.1 pytest>=7.2.0 pytest-xdist pytest-cov diff --git a/doc/MANUAL.md b/doc/MANUAL.md index 7fd74c13db..2da9caacb1 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -858,7 +858,7 @@ The type of SBOM is assumed to be SPDX unless specified using the `--sbom` optio This option is used as a part of a filtering/triaging process using Vulnerablity Exploitability eXchange (VEX) file. The tool supports VEX files in given formats including [CSAF](https://oasis-open.github.io/csaf-documentation/), [CycloneDX](https://cyclonedx.org/capabilities/vex/) and [OpenVEX](https://edu.chainguard.dev/open-source/sbom/what-is-openvex/) -| SBOM Type | Format | Filename extension | +| VEX Type | Format | Filename extension | | --------- | -------- | ------------------ | | CycloneDX | JSON | .json | | CSAF | JSON | .json | diff --git a/doc/images/filter-triage.png b/doc/images/filter-triage.png new file mode 100644 index 0000000000..491d51f981 Binary files /dev/null and b/doc/images/filter-triage.png differ diff --git a/doc/images/standalone-triage.png b/doc/images/standalone-triage.png new file mode 100644 index 0000000000..1d9f26f403 Binary files /dev/null and b/doc/images/standalone-triage.png differ diff --git a/doc/index.rst b/doc/index.rst index 6b959f5279..727df275e1 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -22,6 +22,7 @@ The CVE Binary Tool helps you determine if your system includes known vulnerabil PARSERS.rst sources.md sboms_for_humans/README.md + triaging_process.md new-contributor-tips.md pypi_downloads.md mismatch_data.md diff --git a/doc/triaging_process.md b/doc/triaging_process.md new file mode 100644 index 0000000000..b71e1809c1 --- /dev/null +++ b/doc/triaging_process.md @@ -0,0 +1,268 @@ +# Vulnerability Exploitability eXchange(VEX) + +The CVE Binary Tool supports scanning VEX files and using them as triage files to filter out irrelevant vulnerabilities from the final report. + +## Why Use VEX? +As the software world evolves, security attacks pose significant risks to modern software infrastructure. Software component transparency is crucial in addressing these risks, making Software Bill of Materials (SBOM) an essential tool. However, a new problem arises when sharing SBOMs across different teams and organizations. As part of the software lifecycle, security professionals often scan these SBOMs to identify potential vulnerabilities. Here's a short story to illustrate the issue: + +Suppose CorporationX collaborates with CorporationY and exchanges software with them. CorporationY provides a firmware update to CorporationX and includes an SBOM with all the components of the firmware. Rishabh, a security professional at CorporationX, scans the SBOM and finds a reported vulnerability, CVE-2024-0803, in a component. He raises the issue with CorporationY, claiming they have shipped a vulnerable product. + +To his surprise, CorporationY explains that they were already aware of the vulnerability. They clarify that the vulnerable component (Component A) is associated with a function (Function A) that is not being used in the software. Instead, they are using Function B, which is not associated with the reported vulnerability. Therefore, the component is not affected by the vulnerability. + +This scenario can arise multiple times during the development and product shipment phases. With every iteration, it is inefficient for corporations to continually contact each other for clarification. A simple solution might seem to be creating a document that describes the vulnerabilities affecting the components and clarifies whether the component is impacted, along with necessary details and justifications. However, if the document is not machine-readable, Rishabh still has to scan the SBOM and manually triage the vulnerabilities using the shared document. + +In this scenario, a VEX file would have provided the necessary context to indicate that the vulnerability in Component A does not affect the overall security of the product. CorporationY would ship a VEX document along with the SBOM, indicating that the vulnerability in Component A is marked as "Not Affected." The justification provided would be "Vulnerable_code_not_present," with detailed descriptions explaining why it is not affected. + +Using tools like the CVE Binary Tool, Rishabh can scan both the SBOM and VEX files together. The CVE Binary Tool will generate a report with the irrelevant vulnerabilities filtered out, allowing Rishabh to focus on genuine threats. This improves the efficiency and accuracy of vulnerability management. + +Using VEX files in conjunction with SBOMs ensures that only relevant vulnerabilities are flagged, reducing false positives and enhancing the overall security assessment process. While VEX is often used with SBOMs, it can also be utilized with other types of scans, such as binaries, language dependency files, and input files. + +We will now take a look at how we can use VEX with the CVE Binary Tool. + + +## How to use VEX with Cve Binary Tool? + +Cve Binary Tool supports following operation involving VEX files. + +- Generating VEX document from Scan. +- Scanning VEX document as a Standalone File. +- Scanning VEX document as a Triage File for other files(SBOMs, Binaries and Dependency Management files). +- Generating an updated VEX from scan. + +### Supported Types of VEX : + +| VEX Type | Format | Filename extension | +| --------- | -------- | ------------------ | +| CycloneDX | JSON | .json | +| CSAF | JSON | .json | +| OpenVEX | JSON | .json | + + +### Generating VEX document From Scan. + +`cve-bin-tool` can be used to generate VEX documents from the scan being run using the tool. To generate VEX, the flags used are `--vex-type`, which tells the tool which type of VEX to generate (cyclonedx, openvex, and csaf), and `--vex-output` to define the filename of the output file. If `--vex-output` is not provided, a filename with the following convention is used: `product_release_vendor_vextype.json`. + +Generating a new VEX document also requires you to define the name of the product being scanned, in addition to its release and vendor, using the flags `--vendor`, `--release`, and `--product`, respectively. + +Let's see how to generate a `sample-cyclonedx-vex`. + +```bash +cve-bin-tool --sbom cyclonedx --sbom-file sample-sbom.json --vex-type cyclonedx --vex-output sample-cyclonedx-vex.json --product myapp --vendor myappvendor --release 0.0.1 +``` +a vex file with name sample-cyclonedx-vex.json in cyclonedx type will be generated. + +Note: Always use `.json` extenstion with the name of vex output file to avoid facing errors. + +### Scanning VEX document as a Standalone File + +Individual vex file can be scanned using the flag provided `--vex-file`, cve-bin-tool automatically detects the vex type which is being scanned. + +Example Usage: + +We will use this `sample-vex.json` file throughout the usage demonstration. +``` +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:cfa059b7-03cb-4297-a73b-d2c57860067e", + "version": 1, + "metadata": { + "timestamp": "2024-07-31T10:38:40Z", + "tools": { + "components": [ + { + "name": "lib4vex", + "version": "0.1.0", + "type": "application" + } + ] + }, + "properties": [ + { + "name": "Revision_1", + "value": "Initial version" + } + ], + "component": { + "type": "application", + "bom-ref": "CDXRef-DOCUMENT", + "name": "myapp" + } + }, + "vulnerabilities": [ + { + "bom-ref": "archive@3.3.7", + "id": "GHSA-r285-q736-9v95", + "description": "Filename spoofing in archive", + "published": "2024-07-31T10:38:40Z", + "updated": "2024-07-31T10:38:40Z", + "analysis": { + "state": "in_triage", + "detail": "" + }, + "affects": [ + { + "ref": "urn:cbt:1/unknown#archive:3.3.7" + } + ] + }, + { + "bom-ref": "dio@4.0.0", + "id": "CVE-2021-31402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31402" + }, + "description": "The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.", + "published": "2024-07-31T10:38:40Z", + "updated": "2024-07-31T10:38:40Z", + "analysis": { + "state": "not_affected", + "detail": "Vulnerable function not present" + }, + "affects": [ + { + "ref": "urn:cbt:1/flutterchina#dio:4.0.0" + } + ] + } + ] +} +``` + +Now running the below command. + +```bash +cve-bin-tool --vex-file sample-cyclonedx-vex.json +``` +The output will look like the following: you can see that the `NotAffected` vulnerability is output in a separate field. + +![standalone-triage](images/standalone-triage.png) + + + +### Scanning VEX document as a Triage File + +For using the VEX file as a triage file, the primary file being scanned (which can be one of many) could be passed with their respective flag or without a flag. Preferably, an SBOM is a companion to VEX (we will discuss this further below), but it is not limited to SBOMs for scanning. + +For treating VEX as a triage file, we only require the `--vex-file` flag, and `cve-bin-tool` will automatically figure out that the VEX file being used is a companion file to other scan documents/files. + +The `--vex-file` flag can be used with the `--filter-triage` flag. By default, `cve-bin-tool` does not filter out irrelevant entries. Here is where the `--filter-triage` flag comes into play. Using this will filter out the vulnerabilities marked as NotAffected or FalsePositive. By default, since vulnerabilities are not filtered out, they will be outputted in the same format as mentioned in the above image of the output with a standalone file. + +Let's have a look at the use of the `--filter-triage` flag. + +```bash +cve-bin-tool --filter-triage --sbom cyclonedx --sbom-file sample-sbom.json --vex-file sample-cyclonedx-vex.json +``` +The output will look like the following. You can see that the `NotAffected` vulnerability is filtered out and a log message is displayed regarding it, and `CVE-2021-31402` related to the product: Dio is not reported in the output. + +![filter-triage](images/filter-triage.png) + +### Generating an updated VEX from scan. + +Many times in the security auditing process, a new vulnerability may be introduced for a component present in the application. In these cases, the existing VEX documentation needs to be updated. We can run the following command in those situations: +```bash +cve-bin-tool --vex-file vex.json --vex-type cyclonedx --vex-output vex.json -rr "dio@4.0.0 is not affected" +``` +Here, the `cve-bin-tool` will automatically take product, vendor, and release information from the VEX file being scanned, so we aren't required to define those. One flag that is required is the `--revision-reason` or `-rr` flag, which specifies the reason for why the VEX document is being updated. Hence, if the `vex.json` already exists in the path, `cve-bin-tool` will update the `vex.json` file and generate a new `1_vex.json` file, also taking the revision reason into account. Below is the updated file demonstrating the same. + +Note: Always pass value for `-rr` flag in double quotes + +``` +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "serialNumber": "urn:uuid:603cb3c5-0bfb-40d1-9db2-6c3f1a14015d", + "version": 2, + "metadata": { + "timestamp": "2024-08-03T17:49:49Z", + "tools": { + "components": [ + { + "name": "lib4vex", + "version": "0.1.0", + "type": "application" + } + ] + }, + "properties": [ + { + "name": "Revision_1", + "value": "Initial version" + }, + { + "name": "Revision_2", + "value": "dio@4.0.0 is not affected" + } + ], + "component": { + "type": "application", + "bom-ref": "CDXRef-DOCUMENT", + "name": "myapp" + } + }, + "vulnerabilities": [ + { + "bom-ref": "archive@3.3.7", + "id": "GHSA-r285-q736-9v95", + "description": "Filename spoofing in archive", + "published": "2024-08-03T17:49:49Z", + "updated": "2024-08-03T17:49:49Z", + "analysis": { + "state": "in_triage", + "detail": "" + }, + "affects": [ + { + "ref": "urn:cbt:1/unknown#archive:3.3.7" + } + ] + }, + { + "bom-ref": "dio@4.0.0", + "id": "CVE-2021-31402", + "source": { + "name": "NVD", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31402" + }, + "description": "The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.", + "published": "2024-07-31T10:38:40Z", + "updated": "2024-08-03T17:49:49Z", + "analysis": { + "state": "not_affected", + "detail": "Vulnerable function not present" + }, + "affects": [ + { + "ref": "urn:cbt:1/flutterchina#dio:4.0.0", + "versions": { + "version": "4.0.0", + "status": "unaffected" + } + } + ] + } + ] +} +``` + +### Limitations : + +There are some limitations associated with product identification. We mainly use two types of product identification strings: Bom_ref and PackageURL (purl). + +- Bom_ref is used to identify products in the CycloneDX format. We primarily support the bom_ref in this format: `urn:cbt:{bom_version}/{vendor}#{product}:{version}`. + +- Purl is used to identify products in the OpenVEX and CSAF formats. The format is `pkg:generic/{vendor}/{product}@{version}`. Here, the type is set to generic by default. However, if a language dependency file is being scanned and the CVE Binary Tool can generate a valid purl from processing it, the type is set to the respective dependency management type (e.g., go, pypi, gem, npm, etc.), and the namespace field is used for vendor information. + +- Cve Binary Tool will also ignore the entries for components which are from VEX document but are not present in the file/binary being scanned and log a message asking weather the VEX document being scanned belongs to the file/binary being scanned, example: `Product: dio with Version: 1.3.2 not found in Parsed Data, is valid vex file being used?` + +This holy trio of vendor, product, and version/release allows the CVE Binary Tool to identify the component exactly and use it for the VEX process. Thus, it's no secret that the CVE Binary Tool works wonderfully with these. However, any VEX document generated outside the CVE Binary Tool may not be fully supported in the same way. + +### Credits : +CVE Binary Tool heavily relies on many external open source libraries for its SBOM and VEX operations, so do check them out. + +- [Lib4VEX](https://github.com/anthonyharrison/lib4vex) +- [Lib4SBOM](https://github.com/anthonyharrison/lib4sbom) +- [PackageURL-Python](https://github.com/package-url/packageurl-python) diff --git a/fuzz/fuzz_cargo_lock.py b/fuzz/fuzz_cargo_lock.py index 6adcb18da9..7444712b6b 100644 --- a/fuzz/fuzz_cargo_lock.py +++ b/fuzz/fuzz_cargo_lock.py @@ -33,7 +33,9 @@ def CargoLockBuilder(data, file_path): data (protobuf message): The protobuf message to convert to a Cargo.lock file. """ json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_composer_lock.py b/fuzz/fuzz_composer_lock.py index 37476e30aa..f4311841c0 100644 --- a/fuzz/fuzz_composer_lock.py +++ b/fuzz/fuzz_composer_lock.py @@ -35,7 +35,9 @@ def ComposerLockBuilder(data, file_path): file_path: The path of the file to build. """ json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_cpanfile.py b/fuzz/fuzz_cpanfile.py index 0447822156..b6881360a9 100644 --- a/fuzz/fuzz_cpanfile.py +++ b/fuzz/fuzz_cpanfile.py @@ -34,7 +34,9 @@ def cpanfileBuilder(data, file_path): """ # Convert the Protobuf message to a dictionary json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_cyclonedx.py b/fuzz/fuzz_cyclonedx.py index da4700cfcd..41311a9090 100644 --- a/fuzz/fuzz_cyclonedx.py +++ b/fuzz/fuzz_cyclonedx.py @@ -29,7 +29,9 @@ def TestParseData(data): """ try: json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) components = [] diff --git a/fuzz/fuzz_gemfile_lock.py b/fuzz/fuzz_gemfile_lock.py index 6daff643e8..fc0185404f 100644 --- a/fuzz/fuzz_gemfile_lock.py +++ b/fuzz/fuzz_gemfile_lock.py @@ -33,7 +33,9 @@ def GemfileLockBuilder(data, file_path): file_path: File path of the file to write the Gemfile.lock into. """ json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_go.py b/fuzz/fuzz_go.py index 9955e58b72..5228cb77c7 100644 --- a/fuzz/fuzz_go.py +++ b/fuzz/fuzz_go.py @@ -32,7 +32,9 @@ def GoModBuilder(data, file_path): file_path: The path of the file to build. """ json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_intermediate_report_merge.py b/fuzz/fuzz_intermediate_report_merge.py index 6da76e3ad8..03dc1d0a9a 100644 --- a/fuzz/fuzz_intermediate_report_merge.py +++ b/fuzz/fuzz_intermediate_report_merge.py @@ -26,7 +26,9 @@ def TestParseData(data): """ try: json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) if json_data.get("metadata") is not None: diff --git a/fuzz/fuzz_package_list_parser.py b/fuzz/fuzz_package_list_parser.py index 419fb8dae7..c5b800d581 100644 --- a/fuzz/fuzz_package_list_parser.py +++ b/fuzz/fuzz_package_list_parser.py @@ -50,7 +50,9 @@ def TestPackageData(data): with_version = [] without_version = [] json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) print(json_data) diff --git a/fuzz/fuzz_package_lock.py b/fuzz/fuzz_package_lock.py index 5b3a3316ac..2643d189dd 100644 --- a/fuzz/fuzz_package_lock.py +++ b/fuzz/fuzz_package_lock.py @@ -68,7 +68,9 @@ def TestParseData(data): """ try: json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_package_resolved.py b/fuzz/fuzz_package_resolved.py index a7a27dfc88..ad3e1eebd7 100644 --- a/fuzz/fuzz_package_resolved.py +++ b/fuzz/fuzz_package_resolved.py @@ -24,7 +24,9 @@ def PackageResolvedBuilder(data): """Convert the Protobuf message to a dictionary""" json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_pkg_info.py b/fuzz/fuzz_pkg_info.py index bab4aacfa5..d540312722 100644 --- a/fuzz/fuzz_pkg_info.py +++ b/fuzz/fuzz_pkg_info.py @@ -33,7 +33,9 @@ def PkgInfoBuilder(data, file_path): file_path (str): The path to the file to write the PKG-INFO data to. """ json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_pom_xml.py b/fuzz/fuzz_pom_xml.py index a4e090753f..15274f6f72 100644 --- a/fuzz/fuzz_pom_xml.py +++ b/fuzz/fuzz_pom_xml.py @@ -33,7 +33,9 @@ def PomXmlBuilder(data, file_path): file_path: The path of the file to build. """ json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_pubspec_lock.py b/fuzz/fuzz_pubspec_lock.py index 992573051d..d54b0ac268 100644 --- a/fuzz/fuzz_pubspec_lock.py +++ b/fuzz/fuzz_pubspec_lock.py @@ -29,7 +29,9 @@ def PubspecLockBuilder(data, file_path): data (protobuf message): The protobuf message to convert to a pubspec.lock file. """ json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/fuzz/fuzz_python_requirement_parser.py b/fuzz/fuzz_python_requirement_parser.py index 84ca040baf..cc78ba2e3e 100644 --- a/fuzz/fuzz_python_requirement_parser.py +++ b/fuzz/fuzz_python_requirement_parser.py @@ -36,7 +36,9 @@ def TestParseData(data, cve_db, logger, tmpdir): """ try: json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) file_path = os.path.join(tmpdir, "requirements.txt") with open(file_path, "w") as f: diff --git a/fuzz/fuzz_renv_lock.py b/fuzz/fuzz_renv_lock.py index 7092b53ead..8c0cee8464 100644 --- a/fuzz/fuzz_renv_lock.py +++ b/fuzz/fuzz_renv_lock.py @@ -36,7 +36,9 @@ def RenvLockBuilder(data, file_path): """ # Parse the JSON data json_data = MessageToDict( - data, preserving_proto_field_name=True, including_default_value_fields=True + data, + preserving_proto_field_name=True, + always_print_fields_with_no_presence=True, ) with open(file_path, "w") as f: diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index bf3f28422f..7a72baf396 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,15 +2,20 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:ac0b77d6-4ec3-471f-b842-d525dc0b23af", + "serialNumber": "urn:uuid:b44353db-f855-4638-9945-257ecfc7299e", "version": 1, "metadata": { - "timestamp": "2024-07-29T00:29:56Z", + "timestamp": "2024-08-05T00:34:35Z", + "lifecycles": [ + { + "phase": "build" + } + ], "tools": { "components": [ { "name": "sbom4python", - "version": "0.10.4", + "version": "0.11.0", "type": "application" } ] @@ -69,7 +74,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.5", + "version": "3.10.1", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -82,12 +87,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.5", + "url": "https://pypi.org/project/aiohttp/3.10.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.5", + "purl": "pkg:pypi/aiohttp@3.10.1", "properties": [ { "name": "language", @@ -101,7 +106,50 @@ }, { "type": "library", - "bom-ref": "3-aiosignal", + "bom-ref": "3-aiohappyeyeballs", + "name": "aiohappyeyeballs", + "version": "2.3.4", + "supplier": { + "name": "J. Nick Koston", + "contact": [ + { + "email": "nick@koston.org" + } + ] + }, + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*", + "description": "Happy Eyeballs for asyncio", + "licenses": [ + { + "license": { + "id": "PSF-2.0", + "url": "https://opensource.org/licenses/Python-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/aiohappyeyeballs/2.3.4", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/aiohappyeyeballs@2.3.4", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.10.14" + } + ] + }, + { + "type": "library", + "bom-ref": "4-aiosignal", "name": "aiosignal", "version": "1.3.1", "hashes": [ @@ -140,7 +188,7 @@ }, { "type": "library", - "bom-ref": "4-frozenlist", + "bom-ref": "5-frozenlist", "name": "frozenlist", "version": "1.4.1", "description": "A list-like structure which implements collections.abc.MutableSequence", @@ -174,7 +222,7 @@ }, { "type": "library", - "bom-ref": "5-async-timeout", + "bom-ref": "6-async-timeout", "name": "async-timeout", "version": "4.0.3", "supplier": { @@ -223,9 +271,9 @@ }, { "type": "library", - "bom-ref": "6-attrs", + "bom-ref": "7-attrs", "name": "attrs", - "version": "23.2.0", + "version": "24.1.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -234,16 +282,16 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", "externalReferences": [ { - "url": "https://pypi.org/project/attrs/23.2.0", + "url": "https://pypi.org/project/attrs/24.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.2.0", + "purl": "pkg:pypi/attrs@24.1.0", "properties": [ { "name": "language", @@ -257,7 +305,7 @@ }, { "type": "library", - "bom-ref": "7-multidict", + "bom-ref": "8-multidict", "name": "multidict", "version": "6.0.5", "supplier": { @@ -306,7 +354,7 @@ }, { "type": "library", - "bom-ref": "8-yarl", + "bom-ref": "9-yarl", "name": "yarl", "version": "1.9.4", "supplier": { @@ -355,7 +403,7 @@ }, { "type": "library", - "bom-ref": "9-idna", + "bom-ref": "10-idna", "name": "idna", "version": "3.7", "supplier": { @@ -395,7 +443,7 @@ }, { "type": "library", - "bom-ref": "10-beautifulsoup4", + "bom-ref": "11-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -438,7 +486,7 @@ }, { "type": "library", - "bom-ref": "11-soupsieve", + "bom-ref": "12-soupsieve", "name": "soupsieve", "version": "2.5", "supplier": { @@ -478,7 +526,7 @@ }, { "type": "library", - "bom-ref": "12-cvss", + "bom-ref": "13-cvss", "name": "cvss", "version": "3.1", "supplier": { @@ -527,7 +575,7 @@ }, { "type": "library", - "bom-ref": "13-defusedxml", + "bom-ref": "14-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -576,7 +624,7 @@ }, { "type": "library", - "bom-ref": "14-distro", + "bom-ref": "15-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -619,7 +667,7 @@ }, { "type": "library", - "bom-ref": "15-filetype", + "bom-ref": "16-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -668,7 +716,7 @@ }, { "type": "library", - "bom-ref": "16-gsutil", + "bom-ref": "17-gsutil", "name": "gsutil", "version": "5.30", "supplier": { @@ -711,7 +759,7 @@ }, { "type": "library", - "bom-ref": "17-argcomplete", + "bom-ref": "18-argcomplete", "name": "argcomplete", "version": "3.4.0", "supplier": { @@ -754,7 +802,7 @@ }, { "type": "library", - "bom-ref": "18-crcmod", + "bom-ref": "19-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -797,7 +845,7 @@ }, { "type": "library", - "bom-ref": "19-fasteners", + "bom-ref": "20-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -841,7 +889,7 @@ }, { "type": "library", - "bom-ref": "20-gcs-oauth2-boto-plugin", + "bom-ref": "21-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -884,7 +932,7 @@ }, { "type": "library", - "bom-ref": "21-boto", + "bom-ref": "22-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -933,7 +981,7 @@ }, { "type": "library", - "bom-ref": "22-google-auth", + "bom-ref": "23-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -982,7 +1030,7 @@ }, { "type": "library", - "bom-ref": "23-cachetools", + "bom-ref": "24-cachetools", "name": "cachetools", "version": "5.4.0", "supplier": { @@ -1025,7 +1073,7 @@ }, { "type": "library", - "bom-ref": "24-pyasn1-modules", + "bom-ref": "25-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.0", "supplier": { @@ -1049,7 +1097,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyasn1-modules/0.4.0", "type": "distribution", "comment": "Download location for component" } @@ -1068,7 +1116,7 @@ }, { "type": "library", - "bom-ref": "25-pyasn1", + "bom-ref": "26-pyasn1", "name": "pyasn1", "version": "0.6.0", "supplier": { @@ -1111,7 +1159,7 @@ }, { "type": "library", - "bom-ref": "26-rsa", + "bom-ref": "27-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1160,7 +1208,7 @@ }, { "type": "library", - "bom-ref": "27-six", + "bom-ref": "28-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1209,7 +1257,7 @@ }, { "type": "library", - "bom-ref": "28-google-auth-httplib2", + "bom-ref": "29-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1257,7 +1305,7 @@ }, { "type": "library", - "bom-ref": "29-httplib2", + "bom-ref": "30-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1306,7 +1354,7 @@ }, { "type": "library", - "bom-ref": "30-pyparsing", + "bom-ref": "31-pyparsing", "name": "pyparsing", "version": "3.1.2", "supplier": { @@ -1346,7 +1394,7 @@ }, { "type": "library", - "bom-ref": "31-google-reauth", + "bom-ref": "32-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1395,7 +1443,7 @@ }, { "type": "library", - "bom-ref": "32-pyu2f", + "bom-ref": "33-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1444,7 +1492,7 @@ }, { "type": "library", - "bom-ref": "33-oauth2client", + "bom-ref": "34-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1493,7 +1541,7 @@ }, { "type": "library", - "bom-ref": "34-pyopenssl", + "bom-ref": "35-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1517,7 +1565,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyOpenSSL/24.2.1", + "url": "https://pypi.org/project/pyopenssl/24.2.1", "type": "distribution", "comment": "Download location for component" } @@ -1536,7 +1584,7 @@ }, { "type": "library", - "bom-ref": "35-cryptography", + "bom-ref": "36-cryptography", "name": "cryptography", "version": "43.0.0", "supplier": { @@ -1575,7 +1623,7 @@ }, { "type": "library", - "bom-ref": "36-cffi", + "bom-ref": "37-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1624,7 +1672,7 @@ }, { "type": "library", - "bom-ref": "37-pycparser", + "bom-ref": "38-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1673,7 +1721,7 @@ }, { "type": "library", - "bom-ref": "38-retry-decorator", + "bom-ref": "39-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1703,7 +1751,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/retry_decorator/1.1.1", + "url": "https://pypi.org/project/retry-decorator/1.1.1", "type": "distribution", "comment": "Download location for component" } @@ -1722,7 +1770,7 @@ }, { "type": "library", - "bom-ref": "39-google-apitools", + "bom-ref": "40-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1771,7 +1819,7 @@ }, { "type": "library", - "bom-ref": "40-monotonic", + "bom-ref": "41-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1820,13 +1868,13 @@ }, { "type": "library", - "bom-ref": "41-jinja2", + "bom-ref": "42-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.4", + "url": "https://pypi.org/project/jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } @@ -1845,7 +1893,7 @@ }, { "type": "library", - "bom-ref": "42-markupsafe", + "bom-ref": "43-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1866,7 +1914,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/MarkupSafe/2.1.5", + "url": "https://pypi.org/project/markupsafe/2.1.5", "type": "distribution", "comment": "Download location for component" } @@ -1885,7 +1933,7 @@ }, { "type": "library", - "bom-ref": "43-jsonschema", + "bom-ref": "44-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -1923,7 +1971,7 @@ }, { "type": "library", - "bom-ref": "44-jsonschema-specifications", + "bom-ref": "45-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1967,7 +2015,7 @@ }, { "type": "library", - "bom-ref": "45-referencing", + "bom-ref": "46-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -1996,7 +2044,7 @@ }, { "type": "library", - "bom-ref": "46-rpds-py", + "bom-ref": "47-rpds-py", "name": "rpds-py", "version": "0.19.1", "supplier": { @@ -2034,7 +2082,7 @@ }, { "type": "library", - "bom-ref": "47-lib4sbom", + "bom-ref": "48-lib4sbom", "name": "lib4sbom", "version": "0.7.2", "supplier": { @@ -2077,7 +2125,7 @@ }, { "type": "library", - "bom-ref": "48-pyyaml", + "bom-ref": "49-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2107,7 +2155,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0.1", + "url": "https://pypi.org/project/pyyaml/6.0.1", "type": "distribution", "comment": "Download location for component" } @@ -2126,7 +2174,7 @@ }, { "type": "library", - "bom-ref": "49-semantic-version", + "bom-ref": "50-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2175,7 +2223,7 @@ }, { "type": "library", - "bom-ref": "50-lib4vex", + "bom-ref": "51-lib4vex", "name": "lib4vex", "version": "0.1.0", "supplier": { @@ -2224,7 +2272,7 @@ }, { "type": "library", - "bom-ref": "51-csaf-tool", + "bom-ref": "52-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2273,7 +2321,7 @@ }, { "type": "library", - "bom-ref": "52-packageurl-python", + "bom-ref": "53-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2311,7 +2359,7 @@ }, { "type": "library", - "bom-ref": "53-rich", + "bom-ref": "54-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2354,7 +2402,7 @@ }, { "type": "library", - "bom-ref": "54-markdown-it-py", + "bom-ref": "55-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2394,7 +2442,7 @@ }, { "type": "library", - "bom-ref": "55-mdurl", + "bom-ref": "56-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2434,7 +2482,7 @@ }, { "type": "library", - "bom-ref": "56-pygments", + "bom-ref": "57-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2464,7 +2512,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.18.0", + "url": "https://pypi.org/project/pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } @@ -2483,7 +2531,7 @@ }, { "type": "library", - "bom-ref": "57-packaging", + "bom-ref": "58-packaging", "name": "packaging", "version": "24.1", "supplier": { @@ -2517,7 +2565,7 @@ }, { "type": "library", - "bom-ref": "58-plotly", + "bom-ref": "59-plotly", "name": "plotly", "version": "5.23.0", "supplier": { @@ -2560,9 +2608,9 @@ }, { "type": "library", - "bom-ref": "59-tenacity", + "bom-ref": "60-tenacity", "name": "tenacity", - "version": "8.5.0", + "version": "9.0.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2571,7 +2619,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -2584,12 +2632,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.5.0", + "url": "https://pypi.org/project/tenacity/9.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.5.0", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ { "name": "language", @@ -2603,7 +2651,7 @@ }, { "type": "library", - "bom-ref": "60-python-gnupg", + "bom-ref": "61-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2652,7 +2700,7 @@ }, { "type": "library", - "bom-ref": "61-requests", + "bom-ref": "62-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -2701,7 +2749,7 @@ }, { "type": "library", - "bom-ref": "62-certifi", + "bom-ref": "63-certifi", "name": "certifi", "version": "2024.7.4", "supplier": { @@ -2744,7 +2792,7 @@ }, { "type": "library", - "bom-ref": "63-charset-normalizer", + "bom-ref": "64-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2793,7 +2841,7 @@ }, { "type": "library", - "bom-ref": "64-urllib3", + "bom-ref": "65-urllib3", "name": "urllib3", "version": "2.2.2", "supplier": { @@ -2827,7 +2875,7 @@ }, { "type": "library", - "bom-ref": "65-rpmfile", + "bom-ref": "66-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -2876,7 +2924,41 @@ }, { "type": "library", - "bom-ref": "66-toml", + "bom-ref": "67-setuptools", + "name": "setuptools", + "version": "72.1.0", + "supplier": { + "name": "Python Packaging Authority", + "contact": [ + { + "email": "distutils-sig@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*", + "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "externalReferences": [ + { + "url": "https://pypi.org/project/setuptools/72.1.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/setuptools@72.1.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.10.14" + } + ] + }, + { + "type": "library", + "bom-ref": "68-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2925,9 +3007,9 @@ }, { "type": "library", - "bom-ref": "67-xmlschema", + "bom-ref": "69-xmlschema", "name": "xmlschema", - "version": "3.3.1", + "version": "3.3.2", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2936,7 +3018,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2949,12 +3031,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.3.1", + "url": "https://pypi.org/project/xmlschema/3.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.3.1", + "purl": "pkg:pypi/xmlschema@3.3.2", "properties": [ { "name": "language", @@ -2968,7 +3050,7 @@ }, { "type": "library", - "bom-ref": "68-elementpath", + "bom-ref": "70-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -3017,7 +3099,7 @@ }, { "type": "library", - "bom-ref": "69-zstandard", + "bom-ref": "71-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -3070,260 +3152,262 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "10-beautifulsoup4", - "12-cvss", - "13-defusedxml", - "14-distro", - "15-filetype", - "16-gsutil", - "41-jinja2", - "43-jsonschema", - "47-lib4sbom", - "50-lib4vex", - "52-packageurl-python", - "57-packaging", - "58-plotly", - "60-python-gnupg", - "48-pyyaml", - "61-requests", - "53-rich", - "65-rpmfile", - "66-toml", - "64-urllib3", - "67-xmlschema", - "69-zstandard" + "11-beautifulsoup4", + "13-cvss", + "14-defusedxml", + "15-distro", + "16-filetype", + "17-gsutil", + "42-jinja2", + "44-jsonschema", + "48-lib4sbom", + "51-lib4vex", + "53-packageurl-python", + "58-packaging", + "59-plotly", + "61-python-gnupg", + "49-pyyaml", + "62-requests", + "54-rich", + "66-rpmfile", + "67-setuptools", + "68-toml", + "65-urllib3", + "69-xmlschema", + "71-zstandard" ] }, { "ref": "2-aiohttp", "dependsOn": [ - "3-aiosignal", - "5-async-timeout", - "6-attrs", - "4-frozenlist", - "7-multidict", - "8-yarl" + "3-aiohappyeyeballs", + "4-aiosignal", + "6-async-timeout", + "7-attrs", + "5-frozenlist", + "8-multidict", + "9-yarl" ] }, { - "ref": "3-aiosignal", + "ref": "4-aiosignal", "dependsOn": [ - "4-frozenlist" + "5-frozenlist" ] }, { - "ref": "8-yarl", + "ref": "9-yarl", "dependsOn": [ - "9-idna", - "7-multidict" + "10-idna", + "8-multidict" ] }, { - "ref": "10-beautifulsoup4", + "ref": "11-beautifulsoup4", "dependsOn": [ - "11-soupsieve" + "12-soupsieve" ] }, { - "ref": "16-gsutil", + "ref": "17-gsutil", "dependsOn": [ - "17-argcomplete", - "18-crcmod", - "19-fasteners", - "20-gcs-oauth2-boto-plugin", - "39-google-apitools", - "22-google-auth", - "28-google-auth-httplib2", - "31-google-reauth", - "29-httplib2", - "40-monotonic", - "34-pyopenssl", - "38-retry-decorator", - "27-six" - ] - }, - { - "ref": "20-gcs-oauth2-boto-plugin", + "18-argcomplete", + "19-crcmod", + "20-fasteners", + "21-gcs-oauth2-boto-plugin", + "40-google-apitools", + "23-google-auth", + "29-google-auth-httplib2", + "32-google-reauth", + "30-httplib2", + "41-monotonic", + "35-pyopenssl", + "39-retry-decorator", + "28-six" + ] + }, + { + "ref": "21-gcs-oauth2-boto-plugin", "dependsOn": [ - "21-boto", - "22-google-auth", - "28-google-auth-httplib2", - "31-google-reauth", - "29-httplib2", - "33-oauth2client", - "34-pyopenssl", - "38-retry-decorator", - "26-rsa", - "27-six" + "22-boto", + "23-google-auth", + "29-google-auth-httplib2", + "32-google-reauth", + "30-httplib2", + "34-oauth2client", + "35-pyopenssl", + "39-retry-decorator", + "27-rsa", + "28-six" ] }, { - "ref": "22-google-auth", + "ref": "23-google-auth", "dependsOn": [ - "23-cachetools", - "24-pyasn1-modules", - "26-rsa", - "27-six" + "24-cachetools", + "25-pyasn1-modules", + "27-rsa", + "28-six" ] }, { - "ref": "24-pyasn1-modules", + "ref": "25-pyasn1-modules", "dependsOn": [ - "25-pyasn1" + "26-pyasn1" ] }, { - "ref": "26-rsa", + "ref": "27-rsa", "dependsOn": [ - "25-pyasn1" + "26-pyasn1" ] }, { - "ref": "28-google-auth-httplib2", + "ref": "29-google-auth-httplib2", "dependsOn": [ - "22-google-auth", - "29-httplib2" + "23-google-auth", + "30-httplib2" ] }, { - "ref": "29-httplib2", + "ref": "30-httplib2", "dependsOn": [ - "30-pyparsing" + "31-pyparsing" ] }, { - "ref": "31-google-reauth", + "ref": "32-google-reauth", "dependsOn": [ - "32-pyu2f" + "33-pyu2f" ] }, { - "ref": "32-pyu2f", + "ref": "33-pyu2f", "dependsOn": [ - "27-six" + "28-six" ] }, { - "ref": "33-oauth2client", + "ref": "34-oauth2client", "dependsOn": [ - "29-httplib2", - "25-pyasn1", - "24-pyasn1-modules", - "26-rsa", - "27-six" + "30-httplib2", + "26-pyasn1", + "25-pyasn1-modules", + "27-rsa", + "28-six" ] }, { - "ref": "34-pyopenssl", + "ref": "35-pyopenssl", "dependsOn": [ - "35-cryptography" + "36-cryptography" ] }, { - "ref": "35-cryptography", + "ref": "36-cryptography", "dependsOn": [ - "36-cffi" + "37-cffi" ] }, { - "ref": "36-cffi", + "ref": "37-cffi", "dependsOn": [ - "37-pycparser" + "38-pycparser" ] }, { - "ref": "39-google-apitools", + "ref": "40-google-apitools", "dependsOn": [ - "19-fasteners", - "29-httplib2", - "33-oauth2client", - "27-six" + "20-fasteners", + "30-httplib2", + "34-oauth2client", + "28-six" ] }, { - "ref": "41-jinja2", + "ref": "42-jinja2", "dependsOn": [ - "42-markupsafe" + "43-markupsafe" ] }, { - "ref": "43-jsonschema", + "ref": "44-jsonschema", "dependsOn": [ - "6-attrs", - "44-jsonschema-specifications", - "45-referencing", - "46-rpds-py" + "7-attrs", + "45-jsonschema-specifications", + "46-referencing", + "47-rpds-py" ] }, { - "ref": "44-jsonschema-specifications", + "ref": "45-jsonschema-specifications", "dependsOn": [ - "45-referencing" + "46-referencing" ] }, { - "ref": "45-referencing", + "ref": "46-referencing", "dependsOn": [ - "6-attrs", - "46-rpds-py" + "7-attrs", + "47-rpds-py" ] }, { - "ref": "47-lib4sbom", + "ref": "48-lib4sbom", "dependsOn": [ - "13-defusedxml", - "48-pyyaml", - "49-semantic-version" + "14-defusedxml", + "49-pyyaml", + "50-semantic-version" ] }, { - "ref": "50-lib4vex", + "ref": "51-lib4vex", "dependsOn": [ - "51-csaf-tool", - "47-lib4sbom", - "52-packageurl-python" + "52-csaf-tool", + "48-lib4sbom", + "53-packageurl-python" ] }, { - "ref": "51-csaf-tool", + "ref": "52-csaf-tool", "dependsOn": [ - "52-packageurl-python", - "53-rich" + "53-packageurl-python", + "54-rich" ] }, { - "ref": "53-rich", + "ref": "54-rich", "dependsOn": [ - "54-markdown-it-py", - "56-pygments" + "55-markdown-it-py", + "57-pygments" ] }, { - "ref": "54-markdown-it-py", + "ref": "55-markdown-it-py", "dependsOn": [ - "55-mdurl" + "56-mdurl" ] }, { - "ref": "58-plotly", + "ref": "59-plotly", "dependsOn": [ - "57-packaging", - "59-tenacity" + "58-packaging", + "60-tenacity" ] }, { - "ref": "61-requests", + "ref": "62-requests", "dependsOn": [ - "62-certifi", - "63-charset-normalizer", - "9-idna", - "64-urllib3" + "63-certifi", + "64-charset-normalizer", + "10-idna", + "65-urllib3" ] }, { - "ref": "67-xmlschema", + "ref": "69-xmlschema", "dependsOn": [ - "68-elementpath" + "70-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index f5a9a4bbe2..9b9eab9135 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-39de7c99-0272-41ae-96e8-c287bf241cc5 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-03621ea4-c05f-43a7-a28e-109a7b284c29 LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.10.4 -Created: 2024-07-29T00:29:01Z +Creator: Tool: sbom4python-0.11.0 +Created: 2024-08-05T00:33:25Z CreatorComment: This document has been automatically generated. ##### @@ -26,21 +26,36 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.5 +PackageVersion: 3.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.1 +##### + +PackageName: aiohappyeyeballs +SPDXID: SPDXRef-Package-3-aiohappyeyeballs +PackageVersion: 2.3.4 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: J. Nick Koston (nick@koston.org) +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.4 +FilesAnalyzed: false +PackageLicenseDeclared: PSF-2.0 +PackageLicenseConcluded: PSF-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Happy Eyeballs for asyncio +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:* ##### PackageName: aiosignal -SPDXID: SPDXRef-Package-3-aiosignal +SPDXID: SPDXRef-Package-4-aiosignal PackageVersion: 1.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -55,7 +70,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist -SPDXID: SPDXRef-Package-4-frozenlist +SPDXID: SPDXRef-Package-5-frozenlist PackageVersion: 1.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -70,7 +85,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 ##### PackageName: async-timeout -SPDXID: SPDXRef-Package-5-async-timeout +SPDXID: SPDXRef-Package-6-async-timeout PackageVersion: 4.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -87,22 +102,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:* ##### PackageName: attrs -SPDXID: SPDXRef-Package-6-attrs -PackageVersion: 23.2.0 +SPDXID: SPDXRef-Package-7-attrs +PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0 +PackageDownloadLocation: https://pypi.org/project/attrs/24.1.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@23.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:* ##### PackageName: multidict -SPDXID: SPDXRef-Package-7-multidict +SPDXID: SPDXRef-Package-8-multidict PackageVersion: 6.0.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -119,7 +134,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-Package-8-yarl +SPDXID: SPDXRef-Package-9-yarl PackageVersion: 1.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -135,7 +150,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: ##### PackageName: idna -SPDXID: SPDXRef-Package-9-idna +SPDXID: SPDXRef-Package-10-idna PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -151,7 +166,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-10-beautifulsoup4 +SPDXID: SPDXRef-Package-11-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -167,7 +182,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-11-soupsieve +SPDXID: SPDXRef-Package-12-soupsieve PackageVersion: 2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) @@ -183,7 +198,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-12-cvss +SPDXID: SPDXRef-Package-13-cvss PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -200,7 +215,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-13-defusedxml +SPDXID: SPDXRef-Package-14-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -217,7 +232,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-14-distro +SPDXID: SPDXRef-Package-15-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -233,7 +248,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-Package-15-filetype +SPDXID: SPDXRef-Package-16-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -249,7 +264,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-Package-16-gsutil +SPDXID: SPDXRef-Package-17-gsutil PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) @@ -265,7 +280,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-17-argcomplete +SPDXID: SPDXRef-Package-18-argcomplete PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) @@ -281,7 +296,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-18-crcmod +SPDXID: SPDXRef-Package-19-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -296,7 +311,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-19-fasteners +SPDXID: SPDXRef-Package-20-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -312,7 +327,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-Package-21-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -328,7 +343,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-Package-21-boto +SPDXID: SPDXRef-Package-22-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -344,7 +359,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-Package-22-google-auth +SPDXID: SPDXRef-Package-23-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -361,7 +376,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-Package-23-cachetools +SPDXID: SPDXRef-Package-24-cachetools PackageVersion: 5.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -376,15 +391,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-24-pyasn1-modules +SPDXID: SPDXRef-Package-25-pyasn1-modules PackageVersion: 0.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A collection of ASN.1-based protocols modules ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 @@ -392,7 +407,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-25-pyasn1 +SPDXID: SPDXRef-Package-26-pyasn1 PackageVersion: 0.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -407,7 +422,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-Package-26-rsa +SPDXID: SPDXRef-Package-27-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -424,7 +439,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-27-six +SPDXID: SPDXRef-Package-28-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -440,7 +455,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-Package-28-google-auth-httplib2 +SPDXID: SPDXRef-Package-29-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -456,7 +471,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-29-httplib2 +SPDXID: SPDXRef-Package-30-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -472,7 +487,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-30-pyparsing +SPDXID: SPDXRef-Package-31-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -488,7 +503,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-31-google-reauth +SPDXID: SPDXRef-Package-32-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -505,7 +520,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-32-pyu2f +SPDXID: SPDXRef-Package-33-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -522,7 +537,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-33-oauth2client +SPDXID: SPDXRef-Package-34-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -539,15 +554,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-34-pyopenssl +SPDXID: SPDXRef-Package-35-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.2.1 +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 @@ -555,7 +570,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-35-cryptography +SPDXID: SPDXRef-Package-36-cryptography PackageVersion: 43.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -570,7 +585,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-Package-36-cffi +SPDXID: SPDXRef-Package-37-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -586,7 +601,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-37-pycparser +SPDXID: SPDXRef-Package-38-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -602,11 +617,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-38-retry-decorator +SPDXID: SPDXRef-Package-39-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) -PackageDownloadLocation: https://pypi.org/project/retry_decorator/1.1.1 +PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 PackageLicenseDeclared: MIT @@ -618,7 +633,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-39-google-apitools +SPDXID: SPDXRef-Package-40-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -635,7 +650,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-40-monotonic +SPDXID: SPDXRef-Package-41-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -652,11 +667,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-41-jinja2 +SPDXID: SPDXRef-Package-42-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 +PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -666,11 +681,11 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-42-markupsafe +SPDXID: SPDXRef-Package-43-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 +PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5 FilesAnalyzed: false PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause @@ -681,7 +696,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-43-jsonschema +SPDXID: SPDXRef-Package-44-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -696,7 +711,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-44-jsonschema-specifications +SPDXID: SPDXRef-Package-45-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -712,7 +727,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-45-referencing +SPDXID: SPDXRef-Package-46-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -727,7 +742,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-46-rpds-py +SPDXID: SPDXRef-Package-47-rpds-py PackageVersion: 0.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -742,7 +757,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-47-lib4sbom +SPDXID: SPDXRef-Package-48-lib4sbom PackageVersion: 0.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -757,11 +772,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-48-pyyaml +SPDXID: SPDXRef-Package-49-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 +PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.1 FilesAnalyzed: false PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479 PackageLicenseDeclared: MIT @@ -773,7 +788,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-49-semantic-version +SPDXID: SPDXRef-Package-50-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -790,7 +805,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-Package-50-lib4vex +SPDXID: SPDXRef-Package-51-lib4vex PackageVersion: 0.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -806,7 +821,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-Package-51-csaf-tool +SPDXID: SPDXRef-Package-52-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -822,7 +837,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-52-packageurl-python +SPDXID: SPDXRef-Package-53-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -837,7 +852,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-Package-53-rich +SPDXID: SPDXRef-Package-54-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -852,7 +867,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-54-markdown-it-py +SPDXID: SPDXRef-Package-55-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -868,7 +883,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-55-mdurl +SPDXID: SPDXRef-Package-56-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -884,11 +899,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-56-pygments +SPDXID: SPDXRef-Package-57-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 +PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0 FilesAnalyzed: false PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb PackageLicenseDeclared: BSD-2-Clause @@ -900,7 +915,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-Package-57-packaging +SPDXID: SPDXRef-Package-58-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -915,7 +930,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-58-plotly +SPDXID: SPDXRef-Package-59-plotly PackageVersion: 5.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -930,23 +945,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-59-tenacity -PackageVersion: 8.5.0 +SPDXID: SPDXRef-Package-60-tenacity +PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.5.0 +PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-60-python-gnupg +SPDXID: SPDXRef-Package-61-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -963,7 +978,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-61-requests +SPDXID: SPDXRef-Package-62-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -979,7 +994,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-62-certifi +SPDXID: SPDXRef-Package-63-certifi PackageVersion: 2024.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -994,7 +1009,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-63-charset-normalizer +SPDXID: SPDXRef-Package-64-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -1010,7 +1025,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-64-urllib3 +SPDXID: SPDXRef-Package-65-urllib3 PackageVersion: 2.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1025,7 +1040,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-65-rpmfile +SPDXID: SPDXRef-Package-66-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1040,8 +1055,23 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### +PackageName: setuptools +SPDXID: SPDXRef-Package-67-setuptools +PackageVersion: 72.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) +PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:* +##### + PackageName: toml -SPDXID: SPDXRef-Package-66-toml +SPDXID: SPDXRef-Package-68-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1057,22 +1087,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-67-xmlschema -PackageVersion: 3.3.1 +SPDXID: SPDXRef-Package-69-xmlschema +PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-68-elementpath +SPDXID: SPDXRef-Package-70-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1088,7 +1118,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-69-zstandard +SPDXID: SPDXRef-Package-71-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1104,108 +1134,110 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:* ##### Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-10-beautifulsoup4 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-cvss +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defusedxml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-filetype +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-17-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4vex -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard -Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing -Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f -Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography -Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi -Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client -Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py -Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing -Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py -Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml -Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version -Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-47-lib4sbom -Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-51-csaf-tool -Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-52-packageurl-python -Relationship: SPDXRef-Package-51-csaf-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python -Relationship: SPDXRef-Package-51-csaf-tool DEPENDS_ON SPDXRef-Package-53-rich -Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-54-markdown-it-py -Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-56-pygments -Relationship: SPDXRef-Package-54-markdown-it-py DEPENDS_ON SPDXRef-Package-55-mdurl -Relationship: SPDXRef-Package-58-plotly DEPENDS_ON SPDXRef-Package-57-packaging -Relationship: SPDXRef-Package-58-plotly DEPENDS_ON SPDXRef-Package-59-tenacity -Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-62-certifi -Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-63-charset-normalizer -Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-64-urllib3 -Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath -Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict -Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4vex +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-setuptools +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-zstandard +Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-18-argcomplete +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-19-crcmod +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-20-fasteners +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-21-gcs-oauth2-boto-plugin +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-29-google-auth-httplib2 +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-32-google-reauth +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-35-pyopenssl +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-39-retry-decorator +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-40-google-apitools +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-41-monotonic +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiohappyeyeballs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-aiosignal +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-async-timeout +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-multidict +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-9-yarl +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-boto +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-google-auth-httplib2 +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-google-reauth +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-oauth2client +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-pyopenssl +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-39-retry-decorator +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-24-cachetools +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-25-pyasn1-modules +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-25-pyasn1-modules DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-27-rsa DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-29-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-29-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-30-httplib2 DEPENDS_ON SPDXRef-Package-31-pyparsing +Relationship: SPDXRef-Package-32-google-reauth DEPENDS_ON SPDXRef-Package-33-pyu2f +Relationship: SPDXRef-Package-33-pyu2f DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1-modules +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-35-pyopenssl DEPENDS_ON SPDXRef-Package-36-cryptography +Relationship: SPDXRef-Package-36-cryptography DEPENDS_ON SPDXRef-Package-37-cffi +Relationship: SPDXRef-Package-37-cffi DEPENDS_ON SPDXRef-Package-38-pycparser +Relationship: SPDXRef-Package-4-aiosignal DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-20-fasteners +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-34-oauth2client +Relationship: SPDXRef-Package-42-jinja2 DEPENDS_ON SPDXRef-Package-43-markupsafe +Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-45-jsonschema-specifications +Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-46-referencing +Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-47-rpds-py +Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-45-jsonschema-specifications DEPENDS_ON SPDXRef-Package-46-referencing +Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-47-rpds-py +Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-14-defusedxml +Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-49-pyyaml +Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-50-semantic-version +Relationship: SPDXRef-Package-51-lib4vex DEPENDS_ON SPDXRef-Package-48-lib4sbom +Relationship: SPDXRef-Package-51-lib4vex DEPENDS_ON SPDXRef-Package-52-csaf-tool +Relationship: SPDXRef-Package-51-lib4vex DEPENDS_ON SPDXRef-Package-53-packageurl-python +Relationship: SPDXRef-Package-52-csaf-tool DEPENDS_ON SPDXRef-Package-53-packageurl-python +Relationship: SPDXRef-Package-52-csaf-tool DEPENDS_ON SPDXRef-Package-54-rich +Relationship: SPDXRef-Package-54-rich DEPENDS_ON SPDXRef-Package-55-markdown-it-py +Relationship: SPDXRef-Package-54-rich DEPENDS_ON SPDXRef-Package-57-pygments +Relationship: SPDXRef-Package-55-markdown-it-py DEPENDS_ON SPDXRef-Package-56-mdurl +Relationship: SPDXRef-Package-59-plotly DEPENDS_ON SPDXRef-Package-58-packaging +Relationship: SPDXRef-Package-59-plotly DEPENDS_ON SPDXRef-Package-60-tenacity +Relationship: SPDXRef-Package-62-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-62-requests DEPENDS_ON SPDXRef-Package-63-certifi +Relationship: SPDXRef-Package-62-requests DEPENDS_ON SPDXRef-Package-64-charset-normalizer +Relationship: SPDXRef-Package-62-requests DEPENDS_ON SPDXRef-Package-65-urllib3 +Relationship: SPDXRef-Package-69-xmlschema DEPENDS_ON SPDXRef-Package-70-elementpath +Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 9675fa0c38..3e8b018e6e 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,15 +2,20 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:8f0dea29-eb99-43e5-9ff2-de0ff4515bd6", + "serialNumber": "urn:uuid:ce44f268-ce23-443b-95c9-c3bffd9fe217", "version": 1, "metadata": { - "timestamp": "2024-07-29T00:29:53Z", + "timestamp": "2024-08-05T00:35:43Z", + "lifecycles": [ + { + "phase": "build" + } + ], "tools": { "components": [ { "name": "sbom4python", - "version": "0.10.4", + "version": "0.11.0", "type": "application" } ] @@ -69,7 +74,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.5", + "version": "3.10.1", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -82,12 +87,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.5", + "url": "https://pypi.org/project/aiohttp/3.10.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.5", + "purl": "pkg:pypi/aiohttp@3.10.1", "properties": [ { "name": "language", @@ -101,7 +106,50 @@ }, { "type": "library", - "bom-ref": "3-aiosignal", + "bom-ref": "3-aiohappyeyeballs", + "name": "aiohappyeyeballs", + "version": "2.3.4", + "supplier": { + "name": "J. Nick Koston", + "contact": [ + { + "email": "nick@koston.org" + } + ] + }, + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*", + "description": "Happy Eyeballs for asyncio", + "licenses": [ + { + "license": { + "id": "PSF-2.0", + "url": "https://opensource.org/licenses/Python-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/aiohappyeyeballs/2.3.4", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/aiohappyeyeballs@2.3.4", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.9" + } + ] + }, + { + "type": "library", + "bom-ref": "4-aiosignal", "name": "aiosignal", "version": "1.3.1", "hashes": [ @@ -140,7 +188,7 @@ }, { "type": "library", - "bom-ref": "4-frozenlist", + "bom-ref": "5-frozenlist", "name": "frozenlist", "version": "1.4.1", "description": "A list-like structure which implements collections.abc.MutableSequence", @@ -174,9 +222,9 @@ }, { "type": "library", - "bom-ref": "5-attrs", + "bom-ref": "6-attrs", "name": "attrs", - "version": "23.2.0", + "version": "24.1.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -185,16 +233,16 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", "externalReferences": [ { - "url": "https://pypi.org/project/attrs/23.2.0", + "url": "https://pypi.org/project/attrs/24.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.2.0", + "purl": "pkg:pypi/attrs@24.1.0", "properties": [ { "name": "language", @@ -208,7 +256,7 @@ }, { "type": "library", - "bom-ref": "6-multidict", + "bom-ref": "7-multidict", "name": "multidict", "version": "6.0.5", "supplier": { @@ -257,7 +305,7 @@ }, { "type": "library", - "bom-ref": "7-yarl", + "bom-ref": "8-yarl", "name": "yarl", "version": "1.9.4", "supplier": { @@ -306,7 +354,7 @@ }, { "type": "library", - "bom-ref": "8-idna", + "bom-ref": "9-idna", "name": "idna", "version": "3.7", "supplier": { @@ -346,7 +394,7 @@ }, { "type": "library", - "bom-ref": "9-beautifulsoup4", + "bom-ref": "10-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -389,7 +437,7 @@ }, { "type": "library", - "bom-ref": "10-soupsieve", + "bom-ref": "11-soupsieve", "name": "soupsieve", "version": "2.5", "supplier": { @@ -429,7 +477,7 @@ }, { "type": "library", - "bom-ref": "11-cvss", + "bom-ref": "12-cvss", "name": "cvss", "version": "3.1", "supplier": { @@ -478,7 +526,7 @@ }, { "type": "library", - "bom-ref": "12-defusedxml", + "bom-ref": "13-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -527,7 +575,7 @@ }, { "type": "library", - "bom-ref": "13-distro", + "bom-ref": "14-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -570,7 +618,7 @@ }, { "type": "library", - "bom-ref": "14-filetype", + "bom-ref": "15-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -619,7 +667,7 @@ }, { "type": "library", - "bom-ref": "15-gsutil", + "bom-ref": "16-gsutil", "name": "gsutil", "version": "5.30", "supplier": { @@ -662,7 +710,7 @@ }, { "type": "library", - "bom-ref": "16-argcomplete", + "bom-ref": "17-argcomplete", "name": "argcomplete", "version": "3.4.0", "supplier": { @@ -705,7 +753,7 @@ }, { "type": "library", - "bom-ref": "17-crcmod", + "bom-ref": "18-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -748,7 +796,7 @@ }, { "type": "library", - "bom-ref": "18-fasteners", + "bom-ref": "19-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -792,7 +840,7 @@ }, { "type": "library", - "bom-ref": "19-gcs-oauth2-boto-plugin", + "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -835,7 +883,7 @@ }, { "type": "library", - "bom-ref": "20-boto", + "bom-ref": "21-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -884,7 +932,7 @@ }, { "type": "library", - "bom-ref": "21-google-auth", + "bom-ref": "22-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -933,7 +981,7 @@ }, { "type": "library", - "bom-ref": "22-cachetools", + "bom-ref": "23-cachetools", "name": "cachetools", "version": "5.4.0", "supplier": { @@ -976,7 +1024,7 @@ }, { "type": "library", - "bom-ref": "23-pyasn1-modules", + "bom-ref": "24-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.0", "supplier": { @@ -1000,7 +1048,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyasn1-modules/0.4.0", "type": "distribution", "comment": "Download location for component" } @@ -1019,7 +1067,7 @@ }, { "type": "library", - "bom-ref": "24-pyasn1", + "bom-ref": "25-pyasn1", "name": "pyasn1", "version": "0.6.0", "supplier": { @@ -1062,7 +1110,7 @@ }, { "type": "library", - "bom-ref": "25-rsa", + "bom-ref": "26-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1111,7 +1159,7 @@ }, { "type": "library", - "bom-ref": "26-six", + "bom-ref": "27-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1160,7 +1208,7 @@ }, { "type": "library", - "bom-ref": "27-google-auth-httplib2", + "bom-ref": "28-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1208,7 +1256,7 @@ }, { "type": "library", - "bom-ref": "28-httplib2", + "bom-ref": "29-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1257,7 +1305,7 @@ }, { "type": "library", - "bom-ref": "29-pyparsing", + "bom-ref": "30-pyparsing", "name": "pyparsing", "version": "3.1.2", "supplier": { @@ -1297,7 +1345,7 @@ }, { "type": "library", - "bom-ref": "30-google-reauth", + "bom-ref": "31-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1346,7 +1394,7 @@ }, { "type": "library", - "bom-ref": "31-pyu2f", + "bom-ref": "32-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1395,7 +1443,7 @@ }, { "type": "library", - "bom-ref": "32-oauth2client", + "bom-ref": "33-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1444,7 +1492,7 @@ }, { "type": "library", - "bom-ref": "33-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1468,7 +1516,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyOpenSSL/24.2.1", + "url": "https://pypi.org/project/pyopenssl/24.2.1", "type": "distribution", "comment": "Download location for component" } @@ -1487,7 +1535,7 @@ }, { "type": "library", - "bom-ref": "34-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", "version": "43.0.0", "supplier": { @@ -1526,7 +1574,7 @@ }, { "type": "library", - "bom-ref": "35-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1575,7 +1623,7 @@ }, { "type": "library", - "bom-ref": "36-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1624,7 +1672,7 @@ }, { "type": "library", - "bom-ref": "37-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1654,7 +1702,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/retry_decorator/1.1.1", + "url": "https://pypi.org/project/retry-decorator/1.1.1", "type": "distribution", "comment": "Download location for component" } @@ -1673,7 +1721,7 @@ }, { "type": "library", - "bom-ref": "38-google-apitools", + "bom-ref": "39-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1722,7 +1770,7 @@ }, { "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1771,13 +1819,13 @@ }, { "type": "library", - "bom-ref": "40-jinja2", + "bom-ref": "41-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.4", + "url": "https://pypi.org/project/jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } @@ -1796,7 +1844,7 @@ }, { "type": "library", - "bom-ref": "41-markupsafe", + "bom-ref": "42-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1817,7 +1865,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/MarkupSafe/2.1.5", + "url": "https://pypi.org/project/markupsafe/2.1.5", "type": "distribution", "comment": "Download location for component" } @@ -1836,7 +1884,7 @@ }, { "type": "library", - "bom-ref": "42-jsonschema", + "bom-ref": "43-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -1874,7 +1922,7 @@ }, { "type": "library", - "bom-ref": "43-jsonschema-specifications", + "bom-ref": "44-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1918,7 +1966,7 @@ }, { "type": "library", - "bom-ref": "44-referencing", + "bom-ref": "45-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -1947,7 +1995,7 @@ }, { "type": "library", - "bom-ref": "45-rpds-py", + "bom-ref": "46-rpds-py", "name": "rpds-py", "version": "0.19.1", "supplier": { @@ -1985,7 +2033,7 @@ }, { "type": "library", - "bom-ref": "46-lib4sbom", + "bom-ref": "47-lib4sbom", "name": "lib4sbom", "version": "0.7.2", "supplier": { @@ -2028,7 +2076,7 @@ }, { "type": "library", - "bom-ref": "47-pyyaml", + "bom-ref": "48-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2058,7 +2106,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0.1", + "url": "https://pypi.org/project/pyyaml/6.0.1", "type": "distribution", "comment": "Download location for component" } @@ -2077,7 +2125,7 @@ }, { "type": "library", - "bom-ref": "48-semantic-version", + "bom-ref": "49-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2126,7 +2174,7 @@ }, { "type": "library", - "bom-ref": "49-lib4vex", + "bom-ref": "50-lib4vex", "name": "lib4vex", "version": "0.1.0", "supplier": { @@ -2175,7 +2223,7 @@ }, { "type": "library", - "bom-ref": "50-csaf-tool", + "bom-ref": "51-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2224,7 +2272,7 @@ }, { "type": "library", - "bom-ref": "51-packageurl-python", + "bom-ref": "52-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2262,7 +2310,7 @@ }, { "type": "library", - "bom-ref": "52-rich", + "bom-ref": "53-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2305,7 +2353,7 @@ }, { "type": "library", - "bom-ref": "53-markdown-it-py", + "bom-ref": "54-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2345,7 +2393,7 @@ }, { "type": "library", - "bom-ref": "54-mdurl", + "bom-ref": "55-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2385,7 +2433,7 @@ }, { "type": "library", - "bom-ref": "55-pygments", + "bom-ref": "56-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2415,7 +2463,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.18.0", + "url": "https://pypi.org/project/pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } @@ -2434,7 +2482,7 @@ }, { "type": "library", - "bom-ref": "56-packaging", + "bom-ref": "57-packaging", "name": "packaging", "version": "24.1", "supplier": { @@ -2468,7 +2516,7 @@ }, { "type": "library", - "bom-ref": "57-plotly", + "bom-ref": "58-plotly", "name": "plotly", "version": "5.23.0", "supplier": { @@ -2511,9 +2559,9 @@ }, { "type": "library", - "bom-ref": "58-tenacity", + "bom-ref": "59-tenacity", "name": "tenacity", - "version": "8.5.0", + "version": "9.0.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2522,7 +2570,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -2535,12 +2583,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.5.0", + "url": "https://pypi.org/project/tenacity/9.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.5.0", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ { "name": "language", @@ -2554,7 +2602,7 @@ }, { "type": "library", - "bom-ref": "59-python-gnupg", + "bom-ref": "60-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2603,7 +2651,7 @@ }, { "type": "library", - "bom-ref": "60-requests", + "bom-ref": "61-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -2652,7 +2700,7 @@ }, { "type": "library", - "bom-ref": "61-certifi", + "bom-ref": "62-certifi", "name": "certifi", "version": "2024.7.4", "supplier": { @@ -2695,7 +2743,7 @@ }, { "type": "library", - "bom-ref": "62-charset-normalizer", + "bom-ref": "63-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2744,7 +2792,7 @@ }, { "type": "library", - "bom-ref": "63-urllib3", + "bom-ref": "64-urllib3", "name": "urllib3", "version": "2.2.2", "supplier": { @@ -2778,7 +2826,7 @@ }, { "type": "library", - "bom-ref": "64-rpmfile", + "bom-ref": "65-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -2827,9 +2875,43 @@ }, { "type": "library", - "bom-ref": "65-xmlschema", + "bom-ref": "66-setuptools", + "name": "setuptools", + "version": "72.1.0", + "supplier": { + "name": "Python Packaging Authority", + "contact": [ + { + "email": "distutils-sig@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*", + "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "externalReferences": [ + { + "url": "https://pypi.org/project/setuptools/72.1.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/setuptools@72.1.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.11.9" + } + ] + }, + { + "type": "library", + "bom-ref": "67-xmlschema", "name": "xmlschema", - "version": "3.3.1", + "version": "3.3.2", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2838,7 +2920,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2851,12 +2933,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.3.1", + "url": "https://pypi.org/project/xmlschema/3.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.3.1", + "purl": "pkg:pypi/xmlschema@3.3.2", "properties": [ { "name": "language", @@ -2870,7 +2952,7 @@ }, { "type": "library", - "bom-ref": "66-elementpath", + "bom-ref": "68-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -2919,7 +3001,7 @@ }, { "type": "library", - "bom-ref": "67-zstandard", + "bom-ref": "69-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -2972,258 +3054,260 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "9-beautifulsoup4", - "11-cvss", - "12-defusedxml", - "13-distro", - "14-filetype", - "15-gsutil", - "40-jinja2", - "42-jsonschema", - "46-lib4sbom", - "49-lib4vex", - "51-packageurl-python", - "56-packaging", - "57-plotly", - "59-python-gnupg", - "47-pyyaml", - "60-requests", - "52-rich", - "64-rpmfile", - "63-urllib3", - "65-xmlschema", - "67-zstandard" + "10-beautifulsoup4", + "12-cvss", + "13-defusedxml", + "14-distro", + "15-filetype", + "16-gsutil", + "41-jinja2", + "43-jsonschema", + "47-lib4sbom", + "50-lib4vex", + "52-packageurl-python", + "57-packaging", + "58-plotly", + "60-python-gnupg", + "48-pyyaml", + "61-requests", + "53-rich", + "65-rpmfile", + "66-setuptools", + "64-urllib3", + "67-xmlschema", + "69-zstandard" ] }, { "ref": "2-aiohttp", "dependsOn": [ - "3-aiosignal", - "5-attrs", - "4-frozenlist", - "6-multidict", - "7-yarl" + "3-aiohappyeyeballs", + "4-aiosignal", + "6-attrs", + "5-frozenlist", + "7-multidict", + "8-yarl" ] }, { - "ref": "3-aiosignal", + "ref": "4-aiosignal", "dependsOn": [ - "4-frozenlist" + "5-frozenlist" ] }, { - "ref": "7-yarl", + "ref": "8-yarl", "dependsOn": [ - "8-idna", - "6-multidict" + "9-idna", + "7-multidict" ] }, { - "ref": "9-beautifulsoup4", + "ref": "10-beautifulsoup4", "dependsOn": [ - "10-soupsieve" + "11-soupsieve" ] }, { - "ref": "15-gsutil", + "ref": "16-gsutil", "dependsOn": [ - "16-argcomplete", - "17-crcmod", - "18-fasteners", - "19-gcs-oauth2-boto-plugin", - "38-google-apitools", - "21-google-auth", - "27-google-auth-httplib2", - "30-google-reauth", - "28-httplib2", - "39-monotonic", - "33-pyopenssl", - "37-retry-decorator", - "26-six" - ] - }, - { - "ref": "19-gcs-oauth2-boto-plugin", + "17-argcomplete", + "18-crcmod", + "19-fasteners", + "20-gcs-oauth2-boto-plugin", + "39-google-apitools", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "40-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "27-six" + ] + }, + { + "ref": "20-gcs-oauth2-boto-plugin", "dependsOn": [ - "20-boto", - "21-google-auth", - "27-google-auth-httplib2", - "30-google-reauth", - "28-httplib2", - "32-oauth2client", - "33-pyopenssl", - "37-retry-decorator", - "25-rsa", - "26-six" + "21-boto", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "33-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "26-rsa", + "27-six" ] }, { - "ref": "21-google-auth", + "ref": "22-google-auth", "dependsOn": [ - "22-cachetools", - "23-pyasn1-modules", - "25-rsa", - "26-six" + "23-cachetools", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "23-pyasn1-modules", + "ref": "24-pyasn1-modules", "dependsOn": [ - "24-pyasn1" + "25-pyasn1" ] }, { - "ref": "25-rsa", + "ref": "26-rsa", "dependsOn": [ - "24-pyasn1" + "25-pyasn1" ] }, { - "ref": "27-google-auth-httplib2", + "ref": "28-google-auth-httplib2", "dependsOn": [ - "21-google-auth", - "28-httplib2" + "22-google-auth", + "29-httplib2" ] }, { - "ref": "28-httplib2", + "ref": "29-httplib2", "dependsOn": [ - "29-pyparsing" + "30-pyparsing" ] }, { - "ref": "30-google-reauth", + "ref": "31-google-reauth", "dependsOn": [ - "31-pyu2f" + "32-pyu2f" ] }, { - "ref": "31-pyu2f", + "ref": "32-pyu2f", "dependsOn": [ - "26-six" + "27-six" ] }, { - "ref": "32-oauth2client", + "ref": "33-oauth2client", "dependsOn": [ - "28-httplib2", - "24-pyasn1", - "23-pyasn1-modules", - "25-rsa", - "26-six" + "29-httplib2", + "25-pyasn1", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "33-pyopenssl", + "ref": "34-pyopenssl", "dependsOn": [ - "34-cryptography" + "35-cryptography" ] }, { - "ref": "34-cryptography", + "ref": "35-cryptography", "dependsOn": [ - "35-cffi" + "36-cffi" ] }, { - "ref": "35-cffi", + "ref": "36-cffi", "dependsOn": [ - "36-pycparser" + "37-pycparser" ] }, { - "ref": "38-google-apitools", + "ref": "39-google-apitools", "dependsOn": [ - "18-fasteners", - "28-httplib2", - "32-oauth2client", - "26-six" + "19-fasteners", + "29-httplib2", + "33-oauth2client", + "27-six" ] }, { - "ref": "40-jinja2", + "ref": "41-jinja2", "dependsOn": [ - "41-markupsafe" + "42-markupsafe" ] }, { - "ref": "42-jsonschema", + "ref": "43-jsonschema", "dependsOn": [ - "5-attrs", - "43-jsonschema-specifications", - "44-referencing", - "45-rpds-py" + "6-attrs", + "44-jsonschema-specifications", + "45-referencing", + "46-rpds-py" ] }, { - "ref": "43-jsonschema-specifications", + "ref": "44-jsonschema-specifications", "dependsOn": [ - "44-referencing" + "45-referencing" ] }, { - "ref": "44-referencing", + "ref": "45-referencing", "dependsOn": [ - "5-attrs", - "45-rpds-py" + "6-attrs", + "46-rpds-py" ] }, { - "ref": "46-lib4sbom", + "ref": "47-lib4sbom", "dependsOn": [ - "12-defusedxml", - "47-pyyaml", - "48-semantic-version" + "13-defusedxml", + "48-pyyaml", + "49-semantic-version" ] }, { - "ref": "49-lib4vex", + "ref": "50-lib4vex", "dependsOn": [ - "50-csaf-tool", - "46-lib4sbom", - "51-packageurl-python" + "51-csaf-tool", + "47-lib4sbom", + "52-packageurl-python" ] }, { - "ref": "50-csaf-tool", + "ref": "51-csaf-tool", "dependsOn": [ - "51-packageurl-python", - "52-rich" + "52-packageurl-python", + "53-rich" ] }, { - "ref": "52-rich", + "ref": "53-rich", "dependsOn": [ - "53-markdown-it-py", - "55-pygments" + "54-markdown-it-py", + "56-pygments" ] }, { - "ref": "53-markdown-it-py", + "ref": "54-markdown-it-py", "dependsOn": [ - "54-mdurl" + "55-mdurl" ] }, { - "ref": "57-plotly", + "ref": "58-plotly", "dependsOn": [ - "56-packaging", - "58-tenacity" + "57-packaging", + "59-tenacity" ] }, { - "ref": "60-requests", + "ref": "61-requests", "dependsOn": [ - "61-certifi", - "62-charset-normalizer", - "8-idna", - "63-urllib3" + "62-certifi", + "63-charset-normalizer", + "9-idna", + "64-urllib3" ] }, { - "ref": "65-xmlschema", + "ref": "67-xmlschema", "dependsOn": [ - "66-elementpath" + "68-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index 002625b688..c1bf230717 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6b27a946-5082-45b5-85ac-67a98438db13 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-1def56df-3f82-414b-9f3a-e2bb56f8db7d LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.10.4 -Created: 2024-07-29T00:29:03Z +Creator: Tool: sbom4python-0.11.0 +Created: 2024-08-05T00:34:25Z CreatorComment: This document has been automatically generated. ##### @@ -26,21 +26,36 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.5 +PackageVersion: 3.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.1 +##### + +PackageName: aiohappyeyeballs +SPDXID: SPDXRef-Package-3-aiohappyeyeballs +PackageVersion: 2.3.4 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: J. Nick Koston (nick@koston.org) +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.4 +FilesAnalyzed: false +PackageLicenseDeclared: PSF-2.0 +PackageLicenseConcluded: PSF-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Happy Eyeballs for asyncio +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:* ##### PackageName: aiosignal -SPDXID: SPDXRef-Package-3-aiosignal +SPDXID: SPDXRef-Package-4-aiosignal PackageVersion: 1.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -55,7 +70,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist -SPDXID: SPDXRef-Package-4-frozenlist +SPDXID: SPDXRef-Package-5-frozenlist PackageVersion: 1.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -70,22 +85,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 ##### PackageName: attrs -SPDXID: SPDXRef-Package-5-attrs -PackageVersion: 23.2.0 +SPDXID: SPDXRef-Package-6-attrs +PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0 +PackageDownloadLocation: https://pypi.org/project/attrs/24.1.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@23.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:* ##### PackageName: multidict -SPDXID: SPDXRef-Package-6-multidict +SPDXID: SPDXRef-Package-7-multidict PackageVersion: 6.0.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -102,7 +117,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-Package-7-yarl +SPDXID: SPDXRef-Package-8-yarl PackageVersion: 1.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -118,7 +133,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: ##### PackageName: idna -SPDXID: SPDXRef-Package-8-idna +SPDXID: SPDXRef-Package-9-idna PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -134,7 +149,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-9-beautifulsoup4 +SPDXID: SPDXRef-Package-10-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -150,7 +165,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-10-soupsieve +SPDXID: SPDXRef-Package-11-soupsieve PackageVersion: 2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) @@ -166,7 +181,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-11-cvss +SPDXID: SPDXRef-Package-12-cvss PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -183,7 +198,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-12-defusedxml +SPDXID: SPDXRef-Package-13-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -200,7 +215,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-13-distro +SPDXID: SPDXRef-Package-14-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -216,7 +231,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-Package-14-filetype +SPDXID: SPDXRef-Package-15-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -232,7 +247,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-Package-15-gsutil +SPDXID: SPDXRef-Package-16-gsutil PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) @@ -248,7 +263,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-16-argcomplete +SPDXID: SPDXRef-Package-17-argcomplete PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) @@ -264,7 +279,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-17-crcmod +SPDXID: SPDXRef-Package-18-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -279,7 +294,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-18-fasteners +SPDXID: SPDXRef-Package-19-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -295,7 +310,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-19-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -311,7 +326,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-Package-20-boto +SPDXID: SPDXRef-Package-21-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -327,7 +342,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-Package-21-google-auth +SPDXID: SPDXRef-Package-22-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -344,7 +359,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-Package-22-cachetools +SPDXID: SPDXRef-Package-23-cachetools PackageVersion: 5.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -359,15 +374,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-23-pyasn1-modules +SPDXID: SPDXRef-Package-24-pyasn1-modules PackageVersion: 0.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A collection of ASN.1-based protocols modules ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 @@ -375,7 +390,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-24-pyasn1 +SPDXID: SPDXRef-Package-25-pyasn1 PackageVersion: 0.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -390,7 +405,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-Package-25-rsa +SPDXID: SPDXRef-Package-26-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -407,7 +422,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-26-six +SPDXID: SPDXRef-Package-27-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -423,7 +438,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-Package-27-google-auth-httplib2 +SPDXID: SPDXRef-Package-28-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -439,7 +454,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-28-httplib2 +SPDXID: SPDXRef-Package-29-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -455,7 +470,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-29-pyparsing +SPDXID: SPDXRef-Package-30-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -471,7 +486,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-30-google-reauth +SPDXID: SPDXRef-Package-31-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -488,7 +503,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-31-pyu2f +SPDXID: SPDXRef-Package-32-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -505,7 +520,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-32-oauth2client +SPDXID: SPDXRef-Package-33-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -522,15 +537,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-33-pyopenssl +SPDXID: SPDXRef-Package-34-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.2.1 +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 @@ -538,7 +553,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-34-cryptography +SPDXID: SPDXRef-Package-35-cryptography PackageVersion: 43.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -553,7 +568,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-Package-35-cffi +SPDXID: SPDXRef-Package-36-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -569,7 +584,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-36-pycparser +SPDXID: SPDXRef-Package-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -585,11 +600,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-37-retry-decorator +SPDXID: SPDXRef-Package-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) -PackageDownloadLocation: https://pypi.org/project/retry_decorator/1.1.1 +PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 PackageLicenseDeclared: MIT @@ -601,7 +616,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-38-google-apitools +SPDXID: SPDXRef-Package-39-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -618,7 +633,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -635,11 +650,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-40-jinja2 +SPDXID: SPDXRef-Package-41-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 +PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -649,11 +664,11 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-41-markupsafe +SPDXID: SPDXRef-Package-42-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 +PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5 FilesAnalyzed: false PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause @@ -664,7 +679,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-42-jsonschema +SPDXID: SPDXRef-Package-43-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -679,7 +694,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-43-jsonschema-specifications +SPDXID: SPDXRef-Package-44-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -695,7 +710,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-44-referencing +SPDXID: SPDXRef-Package-45-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -710,7 +725,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-45-rpds-py +SPDXID: SPDXRef-Package-46-rpds-py PackageVersion: 0.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -725,7 +740,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-46-lib4sbom +SPDXID: SPDXRef-Package-47-lib4sbom PackageVersion: 0.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -740,11 +755,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-47-pyyaml +SPDXID: SPDXRef-Package-48-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 +PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.1 FilesAnalyzed: false PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479 PackageLicenseDeclared: MIT @@ -756,7 +771,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-48-semantic-version +SPDXID: SPDXRef-Package-49-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -773,7 +788,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-Package-49-lib4vex +SPDXID: SPDXRef-Package-50-lib4vex PackageVersion: 0.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -789,7 +804,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-Package-50-csaf-tool +SPDXID: SPDXRef-Package-51-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -805,7 +820,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-51-packageurl-python +SPDXID: SPDXRef-Package-52-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -820,7 +835,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-Package-52-rich +SPDXID: SPDXRef-Package-53-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -835,7 +850,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-53-markdown-it-py +SPDXID: SPDXRef-Package-54-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -851,7 +866,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-54-mdurl +SPDXID: SPDXRef-Package-55-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -867,11 +882,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-55-pygments +SPDXID: SPDXRef-Package-56-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 +PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0 FilesAnalyzed: false PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb PackageLicenseDeclared: BSD-2-Clause @@ -883,7 +898,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-Package-56-packaging +SPDXID: SPDXRef-Package-57-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -898,7 +913,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-57-plotly +SPDXID: SPDXRef-Package-58-plotly PackageVersion: 5.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -913,23 +928,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-58-tenacity -PackageVersion: 8.5.0 +SPDXID: SPDXRef-Package-59-tenacity +PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.5.0 +PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-59-python-gnupg +SPDXID: SPDXRef-Package-60-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -946,7 +961,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-60-requests +SPDXID: SPDXRef-Package-61-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -962,7 +977,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-61-certifi +SPDXID: SPDXRef-Package-62-certifi PackageVersion: 2024.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -977,7 +992,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-62-charset-normalizer +SPDXID: SPDXRef-Package-63-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -993,7 +1008,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-63-urllib3 +SPDXID: SPDXRef-Package-64-urllib3 PackageVersion: 2.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1008,7 +1023,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-64-rpmfile +SPDXID: SPDXRef-Package-65-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1023,23 +1038,38 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### +PackageName: setuptools +SPDXID: SPDXRef-Package-66-setuptools +PackageVersion: 72.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) +PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:* +##### + PackageName: xmlschema -SPDXID: SPDXRef-Package-65-xmlschema -PackageVersion: 3.3.1 +SPDXID: SPDXRef-Package-67-xmlschema +PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-66-elementpath +SPDXID: SPDXRef-Package-68-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1055,7 +1085,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-67-zstandard +SPDXID: SPDXRef-Package-69-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1071,106 +1101,108 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:* ##### Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-filetype -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-gsutil +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-10-beautifulsoup4 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-cvss +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distro +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4vex -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-zstandard -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-9-beautifulsoup4 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-16-argcomplete -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-17-crcmod -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-18-fasteners -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-19-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-google-reauth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-33-pyopenssl -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-37-retry-decorator -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-google-apitools -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-20-boto -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-google-reauth -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-oauth2client -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-pyopenssl -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-37-retry-decorator -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-multidict -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-yarl -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-22-cachetools -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-23-pyasn1-modules -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-23-pyasn1-modules DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-25-rsa DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-28-httplib2 DEPENDS_ON SPDXRef-Package-29-pyparsing -Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-google-reauth DEPENDS_ON SPDXRef-Package-31-pyu2f -Relationship: SPDXRef-Package-31-pyu2f DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-23-pyasn1-modules -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-33-pyopenssl DEPENDS_ON SPDXRef-Package-34-cryptography -Relationship: SPDXRef-Package-34-cryptography DEPENDS_ON SPDXRef-Package-35-cffi -Relationship: SPDXRef-Package-35-cffi DEPENDS_ON SPDXRef-Package-36-pycparser -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-32-oauth2client -Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-jsonschema-specifications -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-44-referencing -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-45-rpds-py -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-43-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-referencing -Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-45-rpds-py -Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-12-defusedxml -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-47-pyyaml -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-48-semantic-version -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-46-lib4sbom -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-50-csaf-tool -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-50-csaf-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-50-csaf-tool DEPENDS_ON SPDXRef-Package-52-rich -Relationship: SPDXRef-Package-52-rich DEPENDS_ON SPDXRef-Package-53-markdown-it-py -Relationship: SPDXRef-Package-52-rich DEPENDS_ON SPDXRef-Package-55-pygments -Relationship: SPDXRef-Package-53-markdown-it-py DEPENDS_ON SPDXRef-Package-54-mdurl -Relationship: SPDXRef-Package-57-plotly DEPENDS_ON SPDXRef-Package-56-packaging -Relationship: SPDXRef-Package-57-plotly DEPENDS_ON SPDXRef-Package-58-tenacity -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-61-certifi -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-62-charset-normalizer -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-63-urllib3 -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-8-idna -Relationship: SPDXRef-Package-65-xmlschema DEPENDS_ON SPDXRef-Package-66-elementpath -Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-6-multidict -Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-8-idna -Relationship: SPDXRef-Package-9-beautifulsoup4 DEPENDS_ON SPDXRef-Package-10-soupsieve +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4vex +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-setuptools +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard +Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiohappyeyeballs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-aiosignal +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing +Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f +Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography +Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi +Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-4-aiosignal DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-51-csaf-tool +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-51-csaf-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-51-csaf-tool DEPENDS_ON SPDXRef-Package-53-rich +Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-54-markdown-it-py +Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-56-pygments +Relationship: SPDXRef-Package-54-markdown-it-py DEPENDS_ON SPDXRef-Package-55-mdurl +Relationship: SPDXRef-Package-58-plotly DEPENDS_ON SPDXRef-Package-57-packaging +Relationship: SPDXRef-Package-58-plotly DEPENDS_ON SPDXRef-Package-59-tenacity +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-62-certifi +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-63-charset-normalizer +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-64-urllib3 +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath +Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict +Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index ae198562b6..21b0083702 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,15 +2,20 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:3f8d8251-ef82-48eb-a46a-125d2884925d", + "serialNumber": "urn:uuid:42803ee0-c89b-4dfb-8bea-285783cb9e51", "version": 1, "metadata": { - "timestamp": "2024-07-29T00:30:22Z", + "timestamp": "2024-08-05T00:34:41Z", + "lifecycles": [ + { + "phase": "build" + } + ], "tools": { "components": [ { "name": "sbom4python", - "version": "0.10.4", + "version": "0.11.0", "type": "application" } ] @@ -69,7 +74,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.5", + "version": "3.10.1", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -82,12 +87,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.5", + "url": "https://pypi.org/project/aiohttp/3.10.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.5", + "purl": "pkg:pypi/aiohttp@3.10.1", "properties": [ { "name": "language", @@ -101,7 +106,50 @@ }, { "type": "library", - "bom-ref": "3-aiosignal", + "bom-ref": "3-aiohappyeyeballs", + "name": "aiohappyeyeballs", + "version": "2.3.4", + "supplier": { + "name": "J. Nick Koston", + "contact": [ + { + "email": "nick@koston.org" + } + ] + }, + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*", + "description": "Happy Eyeballs for asyncio", + "licenses": [ + { + "license": { + "id": "PSF-2.0", + "url": "https://opensource.org/licenses/Python-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/aiohappyeyeballs/2.3.4", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/aiohappyeyeballs@2.3.4", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.4" + } + ] + }, + { + "type": "library", + "bom-ref": "4-aiosignal", "name": "aiosignal", "version": "1.3.1", "hashes": [ @@ -140,7 +188,7 @@ }, { "type": "library", - "bom-ref": "4-frozenlist", + "bom-ref": "5-frozenlist", "name": "frozenlist", "version": "1.4.1", "description": "A list-like structure which implements collections.abc.MutableSequence", @@ -174,9 +222,9 @@ }, { "type": "library", - "bom-ref": "5-attrs", + "bom-ref": "6-attrs", "name": "attrs", - "version": "23.2.0", + "version": "24.1.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -185,16 +233,16 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", "externalReferences": [ { - "url": "https://pypi.org/project/attrs/23.2.0", + "url": "https://pypi.org/project/attrs/24.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.2.0", + "purl": "pkg:pypi/attrs@24.1.0", "properties": [ { "name": "language", @@ -208,7 +256,7 @@ }, { "type": "library", - "bom-ref": "6-multidict", + "bom-ref": "7-multidict", "name": "multidict", "version": "6.0.5", "supplier": { @@ -257,7 +305,7 @@ }, { "type": "library", - "bom-ref": "7-yarl", + "bom-ref": "8-yarl", "name": "yarl", "version": "1.9.4", "supplier": { @@ -306,7 +354,7 @@ }, { "type": "library", - "bom-ref": "8-idna", + "bom-ref": "9-idna", "name": "idna", "version": "3.7", "supplier": { @@ -346,7 +394,7 @@ }, { "type": "library", - "bom-ref": "9-beautifulsoup4", + "bom-ref": "10-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -389,7 +437,7 @@ }, { "type": "library", - "bom-ref": "10-soupsieve", + "bom-ref": "11-soupsieve", "name": "soupsieve", "version": "2.5", "supplier": { @@ -429,7 +477,7 @@ }, { "type": "library", - "bom-ref": "11-cvss", + "bom-ref": "12-cvss", "name": "cvss", "version": "3.1", "supplier": { @@ -478,7 +526,7 @@ }, { "type": "library", - "bom-ref": "12-defusedxml", + "bom-ref": "13-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -527,7 +575,7 @@ }, { "type": "library", - "bom-ref": "13-distro", + "bom-ref": "14-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -570,7 +618,7 @@ }, { "type": "library", - "bom-ref": "14-filetype", + "bom-ref": "15-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -619,7 +667,7 @@ }, { "type": "library", - "bom-ref": "15-gsutil", + "bom-ref": "16-gsutil", "name": "gsutil", "version": "5.30", "supplier": { @@ -662,7 +710,7 @@ }, { "type": "library", - "bom-ref": "16-argcomplete", + "bom-ref": "17-argcomplete", "name": "argcomplete", "version": "3.4.0", "supplier": { @@ -705,7 +753,7 @@ }, { "type": "library", - "bom-ref": "17-crcmod", + "bom-ref": "18-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -748,7 +796,7 @@ }, { "type": "library", - "bom-ref": "18-fasteners", + "bom-ref": "19-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -792,7 +840,7 @@ }, { "type": "library", - "bom-ref": "19-gcs-oauth2-boto-plugin", + "bom-ref": "20-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -835,7 +883,7 @@ }, { "type": "library", - "bom-ref": "20-boto", + "bom-ref": "21-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -884,7 +932,7 @@ }, { "type": "library", - "bom-ref": "21-google-auth", + "bom-ref": "22-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -933,7 +981,7 @@ }, { "type": "library", - "bom-ref": "22-cachetools", + "bom-ref": "23-cachetools", "name": "cachetools", "version": "5.4.0", "supplier": { @@ -976,7 +1024,7 @@ }, { "type": "library", - "bom-ref": "23-pyasn1-modules", + "bom-ref": "24-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.0", "supplier": { @@ -1000,7 +1048,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyasn1-modules/0.4.0", "type": "distribution", "comment": "Download location for component" } @@ -1019,7 +1067,7 @@ }, { "type": "library", - "bom-ref": "24-pyasn1", + "bom-ref": "25-pyasn1", "name": "pyasn1", "version": "0.6.0", "supplier": { @@ -1062,7 +1110,7 @@ }, { "type": "library", - "bom-ref": "25-rsa", + "bom-ref": "26-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1111,7 +1159,7 @@ }, { "type": "library", - "bom-ref": "26-six", + "bom-ref": "27-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1160,7 +1208,7 @@ }, { "type": "library", - "bom-ref": "27-google-auth-httplib2", + "bom-ref": "28-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1208,7 +1256,7 @@ }, { "type": "library", - "bom-ref": "28-httplib2", + "bom-ref": "29-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1257,7 +1305,7 @@ }, { "type": "library", - "bom-ref": "29-pyparsing", + "bom-ref": "30-pyparsing", "name": "pyparsing", "version": "3.1.2", "supplier": { @@ -1297,7 +1345,7 @@ }, { "type": "library", - "bom-ref": "30-google-reauth", + "bom-ref": "31-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1346,7 +1394,7 @@ }, { "type": "library", - "bom-ref": "31-pyu2f", + "bom-ref": "32-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1395,7 +1443,7 @@ }, { "type": "library", - "bom-ref": "32-oauth2client", + "bom-ref": "33-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1444,7 +1492,7 @@ }, { "type": "library", - "bom-ref": "33-pyopenssl", + "bom-ref": "34-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1468,7 +1516,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyOpenSSL/24.2.1", + "url": "https://pypi.org/project/pyopenssl/24.2.1", "type": "distribution", "comment": "Download location for component" } @@ -1487,7 +1535,7 @@ }, { "type": "library", - "bom-ref": "34-cryptography", + "bom-ref": "35-cryptography", "name": "cryptography", "version": "43.0.0", "supplier": { @@ -1526,7 +1574,7 @@ }, { "type": "library", - "bom-ref": "35-cffi", + "bom-ref": "36-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1575,7 +1623,7 @@ }, { "type": "library", - "bom-ref": "36-pycparser", + "bom-ref": "37-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1624,7 +1672,7 @@ }, { "type": "library", - "bom-ref": "37-retry-decorator", + "bom-ref": "38-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1654,7 +1702,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/retry_decorator/1.1.1", + "url": "https://pypi.org/project/retry-decorator/1.1.1", "type": "distribution", "comment": "Download location for component" } @@ -1673,7 +1721,7 @@ }, { "type": "library", - "bom-ref": "38-google-apitools", + "bom-ref": "39-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1722,7 +1770,7 @@ }, { "type": "library", - "bom-ref": "39-monotonic", + "bom-ref": "40-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1771,13 +1819,13 @@ }, { "type": "library", - "bom-ref": "40-jinja2", + "bom-ref": "41-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.4", + "url": "https://pypi.org/project/jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } @@ -1796,7 +1844,7 @@ }, { "type": "library", - "bom-ref": "41-markupsafe", + "bom-ref": "42-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1817,7 +1865,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/MarkupSafe/2.1.5", + "url": "https://pypi.org/project/markupsafe/2.1.5", "type": "distribution", "comment": "Download location for component" } @@ -1836,7 +1884,7 @@ }, { "type": "library", - "bom-ref": "42-jsonschema", + "bom-ref": "43-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -1874,7 +1922,7 @@ }, { "type": "library", - "bom-ref": "43-jsonschema-specifications", + "bom-ref": "44-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -1918,7 +1966,7 @@ }, { "type": "library", - "bom-ref": "44-referencing", + "bom-ref": "45-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -1947,7 +1995,7 @@ }, { "type": "library", - "bom-ref": "45-rpds-py", + "bom-ref": "46-rpds-py", "name": "rpds-py", "version": "0.19.1", "supplier": { @@ -1985,7 +2033,7 @@ }, { "type": "library", - "bom-ref": "46-lib4sbom", + "bom-ref": "47-lib4sbom", "name": "lib4sbom", "version": "0.7.2", "supplier": { @@ -2028,7 +2076,7 @@ }, { "type": "library", - "bom-ref": "47-pyyaml", + "bom-ref": "48-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2058,7 +2106,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0.1", + "url": "https://pypi.org/project/pyyaml/6.0.1", "type": "distribution", "comment": "Download location for component" } @@ -2077,7 +2125,7 @@ }, { "type": "library", - "bom-ref": "48-semantic-version", + "bom-ref": "49-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2126,7 +2174,7 @@ }, { "type": "library", - "bom-ref": "49-lib4vex", + "bom-ref": "50-lib4vex", "name": "lib4vex", "version": "0.1.0", "supplier": { @@ -2175,7 +2223,7 @@ }, { "type": "library", - "bom-ref": "50-csaf-tool", + "bom-ref": "51-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2224,7 +2272,7 @@ }, { "type": "library", - "bom-ref": "51-packageurl-python", + "bom-ref": "52-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2262,7 +2310,7 @@ }, { "type": "library", - "bom-ref": "52-rich", + "bom-ref": "53-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2305,7 +2353,7 @@ }, { "type": "library", - "bom-ref": "53-markdown-it-py", + "bom-ref": "54-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2345,7 +2393,7 @@ }, { "type": "library", - "bom-ref": "54-mdurl", + "bom-ref": "55-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2385,7 +2433,7 @@ }, { "type": "library", - "bom-ref": "55-pygments", + "bom-ref": "56-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2415,7 +2463,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.18.0", + "url": "https://pypi.org/project/pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } @@ -2434,7 +2482,7 @@ }, { "type": "library", - "bom-ref": "56-packaging", + "bom-ref": "57-packaging", "name": "packaging", "version": "24.1", "supplier": { @@ -2468,7 +2516,7 @@ }, { "type": "library", - "bom-ref": "57-plotly", + "bom-ref": "58-plotly", "name": "plotly", "version": "5.23.0", "supplier": { @@ -2511,9 +2559,9 @@ }, { "type": "library", - "bom-ref": "58-tenacity", + "bom-ref": "59-tenacity", "name": "tenacity", - "version": "8.5.0", + "version": "9.0.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2522,7 +2570,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -2535,12 +2583,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.5.0", + "url": "https://pypi.org/project/tenacity/9.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.5.0", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ { "name": "language", @@ -2554,7 +2602,7 @@ }, { "type": "library", - "bom-ref": "59-python-gnupg", + "bom-ref": "60-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2603,7 +2651,7 @@ }, { "type": "library", - "bom-ref": "60-requests", + "bom-ref": "61-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -2652,7 +2700,7 @@ }, { "type": "library", - "bom-ref": "61-certifi", + "bom-ref": "62-certifi", "name": "certifi", "version": "2024.7.4", "supplier": { @@ -2695,7 +2743,7 @@ }, { "type": "library", - "bom-ref": "62-charset-normalizer", + "bom-ref": "63-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2744,7 +2792,7 @@ }, { "type": "library", - "bom-ref": "63-urllib3", + "bom-ref": "64-urllib3", "name": "urllib3", "version": "2.2.2", "supplier": { @@ -2778,7 +2826,7 @@ }, { "type": "library", - "bom-ref": "64-rpmfile", + "bom-ref": "65-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -2827,9 +2875,43 @@ }, { "type": "library", - "bom-ref": "65-xmlschema", + "bom-ref": "66-setuptools", + "name": "setuptools", + "version": "72.1.0", + "supplier": { + "name": "Python Packaging Authority", + "contact": [ + { + "email": "distutils-sig@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*", + "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "externalReferences": [ + { + "url": "https://pypi.org/project/setuptools/72.1.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/setuptools@72.1.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.4" + } + ] + }, + { + "type": "library", + "bom-ref": "67-xmlschema", "name": "xmlschema", - "version": "3.3.1", + "version": "3.3.2", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2838,7 +2920,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2851,12 +2933,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.3.1", + "url": "https://pypi.org/project/xmlschema/3.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.3.1", + "purl": "pkg:pypi/xmlschema@3.3.2", "properties": [ { "name": "language", @@ -2870,7 +2952,7 @@ }, { "type": "library", - "bom-ref": "66-elementpath", + "bom-ref": "68-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -2919,7 +3001,7 @@ }, { "type": "library", - "bom-ref": "67-zstandard", + "bom-ref": "69-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -2972,258 +3054,260 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "9-beautifulsoup4", - "11-cvss", - "12-defusedxml", - "13-distro", - "14-filetype", - "15-gsutil", - "40-jinja2", - "42-jsonschema", - "46-lib4sbom", - "49-lib4vex", - "51-packageurl-python", - "56-packaging", - "57-plotly", - "59-python-gnupg", - "47-pyyaml", - "60-requests", - "52-rich", - "64-rpmfile", - "63-urllib3", - "65-xmlschema", - "67-zstandard" + "10-beautifulsoup4", + "12-cvss", + "13-defusedxml", + "14-distro", + "15-filetype", + "16-gsutil", + "41-jinja2", + "43-jsonschema", + "47-lib4sbom", + "50-lib4vex", + "52-packageurl-python", + "57-packaging", + "58-plotly", + "60-python-gnupg", + "48-pyyaml", + "61-requests", + "53-rich", + "65-rpmfile", + "66-setuptools", + "64-urllib3", + "67-xmlschema", + "69-zstandard" ] }, { "ref": "2-aiohttp", "dependsOn": [ - "3-aiosignal", - "5-attrs", - "4-frozenlist", - "6-multidict", - "7-yarl" + "3-aiohappyeyeballs", + "4-aiosignal", + "6-attrs", + "5-frozenlist", + "7-multidict", + "8-yarl" ] }, { - "ref": "3-aiosignal", + "ref": "4-aiosignal", "dependsOn": [ - "4-frozenlist" + "5-frozenlist" ] }, { - "ref": "7-yarl", + "ref": "8-yarl", "dependsOn": [ - "8-idna", - "6-multidict" + "9-idna", + "7-multidict" ] }, { - "ref": "9-beautifulsoup4", + "ref": "10-beautifulsoup4", "dependsOn": [ - "10-soupsieve" + "11-soupsieve" ] }, { - "ref": "15-gsutil", + "ref": "16-gsutil", "dependsOn": [ - "16-argcomplete", - "17-crcmod", - "18-fasteners", - "19-gcs-oauth2-boto-plugin", - "38-google-apitools", - "21-google-auth", - "27-google-auth-httplib2", - "30-google-reauth", - "28-httplib2", - "39-monotonic", - "33-pyopenssl", - "37-retry-decorator", - "26-six" - ] - }, - { - "ref": "19-gcs-oauth2-boto-plugin", + "17-argcomplete", + "18-crcmod", + "19-fasteners", + "20-gcs-oauth2-boto-plugin", + "39-google-apitools", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "40-monotonic", + "34-pyopenssl", + "38-retry-decorator", + "27-six" + ] + }, + { + "ref": "20-gcs-oauth2-boto-plugin", "dependsOn": [ - "20-boto", - "21-google-auth", - "27-google-auth-httplib2", - "30-google-reauth", - "28-httplib2", - "32-oauth2client", - "33-pyopenssl", - "37-retry-decorator", - "25-rsa", - "26-six" + "21-boto", + "22-google-auth", + "28-google-auth-httplib2", + "31-google-reauth", + "29-httplib2", + "33-oauth2client", + "34-pyopenssl", + "38-retry-decorator", + "26-rsa", + "27-six" ] }, { - "ref": "21-google-auth", + "ref": "22-google-auth", "dependsOn": [ - "22-cachetools", - "23-pyasn1-modules", - "25-rsa", - "26-six" + "23-cachetools", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "23-pyasn1-modules", + "ref": "24-pyasn1-modules", "dependsOn": [ - "24-pyasn1" + "25-pyasn1" ] }, { - "ref": "25-rsa", + "ref": "26-rsa", "dependsOn": [ - "24-pyasn1" + "25-pyasn1" ] }, { - "ref": "27-google-auth-httplib2", + "ref": "28-google-auth-httplib2", "dependsOn": [ - "21-google-auth", - "28-httplib2" + "22-google-auth", + "29-httplib2" ] }, { - "ref": "28-httplib2", + "ref": "29-httplib2", "dependsOn": [ - "29-pyparsing" + "30-pyparsing" ] }, { - "ref": "30-google-reauth", + "ref": "31-google-reauth", "dependsOn": [ - "31-pyu2f" + "32-pyu2f" ] }, { - "ref": "31-pyu2f", + "ref": "32-pyu2f", "dependsOn": [ - "26-six" + "27-six" ] }, { - "ref": "32-oauth2client", + "ref": "33-oauth2client", "dependsOn": [ - "28-httplib2", - "24-pyasn1", - "23-pyasn1-modules", - "25-rsa", - "26-six" + "29-httplib2", + "25-pyasn1", + "24-pyasn1-modules", + "26-rsa", + "27-six" ] }, { - "ref": "33-pyopenssl", + "ref": "34-pyopenssl", "dependsOn": [ - "34-cryptography" + "35-cryptography" ] }, { - "ref": "34-cryptography", + "ref": "35-cryptography", "dependsOn": [ - "35-cffi" + "36-cffi" ] }, { - "ref": "35-cffi", + "ref": "36-cffi", "dependsOn": [ - "36-pycparser" + "37-pycparser" ] }, { - "ref": "38-google-apitools", + "ref": "39-google-apitools", "dependsOn": [ - "18-fasteners", - "28-httplib2", - "32-oauth2client", - "26-six" + "19-fasteners", + "29-httplib2", + "33-oauth2client", + "27-six" ] }, { - "ref": "40-jinja2", + "ref": "41-jinja2", "dependsOn": [ - "41-markupsafe" + "42-markupsafe" ] }, { - "ref": "42-jsonschema", + "ref": "43-jsonschema", "dependsOn": [ - "5-attrs", - "43-jsonschema-specifications", - "44-referencing", - "45-rpds-py" + "6-attrs", + "44-jsonschema-specifications", + "45-referencing", + "46-rpds-py" ] }, { - "ref": "43-jsonschema-specifications", + "ref": "44-jsonschema-specifications", "dependsOn": [ - "44-referencing" + "45-referencing" ] }, { - "ref": "44-referencing", + "ref": "45-referencing", "dependsOn": [ - "5-attrs", - "45-rpds-py" + "6-attrs", + "46-rpds-py" ] }, { - "ref": "46-lib4sbom", + "ref": "47-lib4sbom", "dependsOn": [ - "12-defusedxml", - "47-pyyaml", - "48-semantic-version" + "13-defusedxml", + "48-pyyaml", + "49-semantic-version" ] }, { - "ref": "49-lib4vex", + "ref": "50-lib4vex", "dependsOn": [ - "50-csaf-tool", - "46-lib4sbom", - "51-packageurl-python" + "51-csaf-tool", + "47-lib4sbom", + "52-packageurl-python" ] }, { - "ref": "50-csaf-tool", + "ref": "51-csaf-tool", "dependsOn": [ - "51-packageurl-python", - "52-rich" + "52-packageurl-python", + "53-rich" ] }, { - "ref": "52-rich", + "ref": "53-rich", "dependsOn": [ - "53-markdown-it-py", - "55-pygments" + "54-markdown-it-py", + "56-pygments" ] }, { - "ref": "53-markdown-it-py", + "ref": "54-markdown-it-py", "dependsOn": [ - "54-mdurl" + "55-mdurl" ] }, { - "ref": "57-plotly", + "ref": "58-plotly", "dependsOn": [ - "56-packaging", - "58-tenacity" + "57-packaging", + "59-tenacity" ] }, { - "ref": "60-requests", + "ref": "61-requests", "dependsOn": [ - "61-certifi", - "62-charset-normalizer", - "8-idna", - "63-urllib3" + "62-certifi", + "63-charset-normalizer", + "9-idna", + "64-urllib3" ] }, { - "ref": "65-xmlschema", + "ref": "67-xmlschema", "dependsOn": [ - "66-elementpath" + "68-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 204efb1af9..98501c9ba8 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-158f8405-532c-4623-bb08-eeaa53e36cee +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-9d2497ce-dad5-46ac-b3f6-584adacf8fd7 LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.10.4 -Created: 2024-07-29T00:29:23Z +Creator: Tool: sbom4python-0.11.0 +Created: 2024-08-05T00:33:38Z CreatorComment: This document has been automatically generated. ##### @@ -26,21 +26,36 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.5 +PackageVersion: 3.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.1 +##### + +PackageName: aiohappyeyeballs +SPDXID: SPDXRef-Package-3-aiohappyeyeballs +PackageVersion: 2.3.4 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: J. Nick Koston (nick@koston.org) +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.4 +FilesAnalyzed: false +PackageLicenseDeclared: PSF-2.0 +PackageLicenseConcluded: PSF-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Happy Eyeballs for asyncio +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:* ##### PackageName: aiosignal -SPDXID: SPDXRef-Package-3-aiosignal +SPDXID: SPDXRef-Package-4-aiosignal PackageVersion: 1.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -55,7 +70,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist -SPDXID: SPDXRef-Package-4-frozenlist +SPDXID: SPDXRef-Package-5-frozenlist PackageVersion: 1.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -70,22 +85,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 ##### PackageName: attrs -SPDXID: SPDXRef-Package-5-attrs -PackageVersion: 23.2.0 +SPDXID: SPDXRef-Package-6-attrs +PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0 +PackageDownloadLocation: https://pypi.org/project/attrs/24.1.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@23.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:* ##### PackageName: multidict -SPDXID: SPDXRef-Package-6-multidict +SPDXID: SPDXRef-Package-7-multidict PackageVersion: 6.0.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -102,7 +117,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-Package-7-yarl +SPDXID: SPDXRef-Package-8-yarl PackageVersion: 1.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -118,7 +133,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: ##### PackageName: idna -SPDXID: SPDXRef-Package-8-idna +SPDXID: SPDXRef-Package-9-idna PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -134,7 +149,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-9-beautifulsoup4 +SPDXID: SPDXRef-Package-10-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -150,7 +165,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-10-soupsieve +SPDXID: SPDXRef-Package-11-soupsieve PackageVersion: 2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) @@ -166,7 +181,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-11-cvss +SPDXID: SPDXRef-Package-12-cvss PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -183,7 +198,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-12-defusedxml +SPDXID: SPDXRef-Package-13-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -200,7 +215,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-13-distro +SPDXID: SPDXRef-Package-14-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -216,7 +231,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-Package-14-filetype +SPDXID: SPDXRef-Package-15-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -232,7 +247,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-Package-15-gsutil +SPDXID: SPDXRef-Package-16-gsutil PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) @@ -248,7 +263,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-16-argcomplete +SPDXID: SPDXRef-Package-17-argcomplete PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) @@ -264,7 +279,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-17-crcmod +SPDXID: SPDXRef-Package-18-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -279,7 +294,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-18-fasteners +SPDXID: SPDXRef-Package-19-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -295,7 +310,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-19-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -311,7 +326,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-Package-20-boto +SPDXID: SPDXRef-Package-21-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -327,7 +342,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-Package-21-google-auth +SPDXID: SPDXRef-Package-22-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -344,7 +359,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-Package-22-cachetools +SPDXID: SPDXRef-Package-23-cachetools PackageVersion: 5.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -359,15 +374,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-23-pyasn1-modules +SPDXID: SPDXRef-Package-24-pyasn1-modules PackageVersion: 0.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A collection of ASN.1-based protocols modules ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 @@ -375,7 +390,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-24-pyasn1 +SPDXID: SPDXRef-Package-25-pyasn1 PackageVersion: 0.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -390,7 +405,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-Package-25-rsa +SPDXID: SPDXRef-Package-26-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -407,7 +422,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-26-six +SPDXID: SPDXRef-Package-27-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -423,7 +438,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-Package-27-google-auth-httplib2 +SPDXID: SPDXRef-Package-28-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -439,7 +454,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-28-httplib2 +SPDXID: SPDXRef-Package-29-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -455,7 +470,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-29-pyparsing +SPDXID: SPDXRef-Package-30-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -471,7 +486,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-30-google-reauth +SPDXID: SPDXRef-Package-31-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -488,7 +503,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-31-pyu2f +SPDXID: SPDXRef-Package-32-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -505,7 +520,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-32-oauth2client +SPDXID: SPDXRef-Package-33-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -522,15 +537,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-33-pyopenssl +SPDXID: SPDXRef-Package-34-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.2.1 +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 @@ -538,7 +553,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-34-cryptography +SPDXID: SPDXRef-Package-35-cryptography PackageVersion: 43.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -553,7 +568,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-Package-35-cffi +SPDXID: SPDXRef-Package-36-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -569,7 +584,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-36-pycparser +SPDXID: SPDXRef-Package-37-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -585,11 +600,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-37-retry-decorator +SPDXID: SPDXRef-Package-38-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) -PackageDownloadLocation: https://pypi.org/project/retry_decorator/1.1.1 +PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 PackageLicenseDeclared: MIT @@ -601,7 +616,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-38-google-apitools +SPDXID: SPDXRef-Package-39-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -618,7 +633,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-39-monotonic +SPDXID: SPDXRef-Package-40-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -635,11 +650,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-40-jinja2 +SPDXID: SPDXRef-Package-41-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 +PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -649,11 +664,11 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-41-markupsafe +SPDXID: SPDXRef-Package-42-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 +PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5 FilesAnalyzed: false PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause @@ -664,7 +679,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-42-jsonschema +SPDXID: SPDXRef-Package-43-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -679,7 +694,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-43-jsonschema-specifications +SPDXID: SPDXRef-Package-44-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -695,7 +710,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-44-referencing +SPDXID: SPDXRef-Package-45-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -710,7 +725,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-45-rpds-py +SPDXID: SPDXRef-Package-46-rpds-py PackageVersion: 0.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -725,7 +740,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-46-lib4sbom +SPDXID: SPDXRef-Package-47-lib4sbom PackageVersion: 0.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -740,11 +755,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-47-pyyaml +SPDXID: SPDXRef-Package-48-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 +PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.1 FilesAnalyzed: false PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479 PackageLicenseDeclared: MIT @@ -756,7 +771,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-48-semantic-version +SPDXID: SPDXRef-Package-49-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -773,7 +788,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-Package-49-lib4vex +SPDXID: SPDXRef-Package-50-lib4vex PackageVersion: 0.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -789,7 +804,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-Package-50-csaf-tool +SPDXID: SPDXRef-Package-51-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -805,7 +820,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-51-packageurl-python +SPDXID: SPDXRef-Package-52-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -820,7 +835,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-Package-52-rich +SPDXID: SPDXRef-Package-53-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -835,7 +850,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-53-markdown-it-py +SPDXID: SPDXRef-Package-54-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -851,7 +866,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-54-mdurl +SPDXID: SPDXRef-Package-55-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -867,11 +882,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-55-pygments +SPDXID: SPDXRef-Package-56-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 +PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0 FilesAnalyzed: false PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb PackageLicenseDeclared: BSD-2-Clause @@ -883,7 +898,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-Package-56-packaging +SPDXID: SPDXRef-Package-57-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -898,7 +913,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-57-plotly +SPDXID: SPDXRef-Package-58-plotly PackageVersion: 5.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -913,23 +928,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-58-tenacity -PackageVersion: 8.5.0 +SPDXID: SPDXRef-Package-59-tenacity +PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.5.0 +PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-59-python-gnupg +SPDXID: SPDXRef-Package-60-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -946,7 +961,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-60-requests +SPDXID: SPDXRef-Package-61-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -962,7 +977,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-61-certifi +SPDXID: SPDXRef-Package-62-certifi PackageVersion: 2024.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -977,7 +992,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-62-charset-normalizer +SPDXID: SPDXRef-Package-63-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -993,7 +1008,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-63-urllib3 +SPDXID: SPDXRef-Package-64-urllib3 PackageVersion: 2.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1008,7 +1023,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-64-rpmfile +SPDXID: SPDXRef-Package-65-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1023,23 +1038,38 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### +PackageName: setuptools +SPDXID: SPDXRef-Package-66-setuptools +PackageVersion: 72.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) +PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:* +##### + PackageName: xmlschema -SPDXID: SPDXRef-Package-65-xmlschema -PackageVersion: 3.3.1 +SPDXID: SPDXRef-Package-67-xmlschema +PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-66-elementpath +SPDXID: SPDXRef-Package-68-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1055,7 +1085,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-67-zstandard +SPDXID: SPDXRef-Package-69-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1071,106 +1101,108 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:* ##### Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-filetype -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-gsutil +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-10-beautifulsoup4 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-cvss +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distro +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4vex -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-zstandard -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-9-beautifulsoup4 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-16-argcomplete -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-17-crcmod -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-18-fasteners -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-19-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-30-google-reauth -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-33-pyopenssl -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-37-retry-decorator -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-38-google-apitools -Relationship: SPDXRef-Package-15-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-20-boto -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-google-auth-httplib2 -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-google-reauth -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-oauth2client -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-pyopenssl -Relationship: SPDXRef-Package-19-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-37-retry-decorator -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-multidict -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-yarl -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-22-cachetools -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-23-pyasn1-modules -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-21-google-auth DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-23-pyasn1-modules DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-25-rsa DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-21-google-auth -Relationship: SPDXRef-Package-27-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-28-httplib2 DEPENDS_ON SPDXRef-Package-29-pyparsing -Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-30-google-reauth DEPENDS_ON SPDXRef-Package-31-pyu2f -Relationship: SPDXRef-Package-31-pyu2f DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-23-pyasn1-modules -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1 -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-25-rsa -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-32-oauth2client DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-33-pyopenssl DEPENDS_ON SPDXRef-Package-34-cryptography -Relationship: SPDXRef-Package-34-cryptography DEPENDS_ON SPDXRef-Package-35-cffi -Relationship: SPDXRef-Package-35-cffi DEPENDS_ON SPDXRef-Package-36-pycparser -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-18-fasteners -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-26-six -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-28-httplib2 -Relationship: SPDXRef-Package-38-google-apitools DEPENDS_ON SPDXRef-Package-32-oauth2client -Relationship: SPDXRef-Package-40-jinja2 DEPENDS_ON SPDXRef-Package-41-markupsafe -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-43-jsonschema-specifications -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-44-referencing -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-45-rpds-py -Relationship: SPDXRef-Package-42-jsonschema DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-43-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-referencing -Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-45-rpds-py -Relationship: SPDXRef-Package-44-referencing DEPENDS_ON SPDXRef-Package-5-attrs -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-12-defusedxml -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-47-pyyaml -Relationship: SPDXRef-Package-46-lib4sbom DEPENDS_ON SPDXRef-Package-48-semantic-version -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-46-lib4sbom -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-50-csaf-tool -Relationship: SPDXRef-Package-49-lib4vex DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-50-csaf-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python -Relationship: SPDXRef-Package-50-csaf-tool DEPENDS_ON SPDXRef-Package-52-rich -Relationship: SPDXRef-Package-52-rich DEPENDS_ON SPDXRef-Package-53-markdown-it-py -Relationship: SPDXRef-Package-52-rich DEPENDS_ON SPDXRef-Package-55-pygments -Relationship: SPDXRef-Package-53-markdown-it-py DEPENDS_ON SPDXRef-Package-54-mdurl -Relationship: SPDXRef-Package-57-plotly DEPENDS_ON SPDXRef-Package-56-packaging -Relationship: SPDXRef-Package-57-plotly DEPENDS_ON SPDXRef-Package-58-tenacity -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-61-certifi -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-62-charset-normalizer -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-63-urllib3 -Relationship: SPDXRef-Package-60-requests DEPENDS_ON SPDXRef-Package-8-idna -Relationship: SPDXRef-Package-65-xmlschema DEPENDS_ON SPDXRef-Package-66-elementpath -Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-6-multidict -Relationship: SPDXRef-Package-7-yarl DEPENDS_ON SPDXRef-Package-8-idna -Relationship: SPDXRef-Package-9-beautifulsoup4 DEPENDS_ON SPDXRef-Package-10-soupsieve +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4vex +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-setuptools +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard +Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools +Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiohappyeyeballs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-aiosignal +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl +Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth +Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing +Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f +Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography +Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi +Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 +Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client +Relationship: SPDXRef-Package-4-aiosignal DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-41-jinja2 DEPENDS_ON SPDXRef-Package-42-markupsafe +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-44-jsonschema-specifications +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-43-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-44-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-referencing +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-46-rpds-py +Relationship: SPDXRef-Package-45-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-48-pyyaml +Relationship: SPDXRef-Package-47-lib4sbom DEPENDS_ON SPDXRef-Package-49-semantic-version +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-47-lib4sbom +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-51-csaf-tool +Relationship: SPDXRef-Package-50-lib4vex DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-51-csaf-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python +Relationship: SPDXRef-Package-51-csaf-tool DEPENDS_ON SPDXRef-Package-53-rich +Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-54-markdown-it-py +Relationship: SPDXRef-Package-53-rich DEPENDS_ON SPDXRef-Package-56-pygments +Relationship: SPDXRef-Package-54-markdown-it-py DEPENDS_ON SPDXRef-Package-55-mdurl +Relationship: SPDXRef-Package-58-plotly DEPENDS_ON SPDXRef-Package-57-packaging +Relationship: SPDXRef-Package-58-plotly DEPENDS_ON SPDXRef-Package-59-tenacity +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-62-certifi +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-63-charset-normalizer +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-64-urllib3 +Relationship: SPDXRef-Package-61-requests DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath +Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict +Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 2f72868191..838cc5b5b1 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,15 +2,20 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:35109470-b30a-4f6f-b745-e4fd7099884c", + "serialNumber": "urn:uuid:6bb32096-62a7-40ca-8a5d-657e8d2da37b", "version": 1, "metadata": { - "timestamp": "2024-07-29T00:30:28Z", + "timestamp": "2024-08-05T00:36:06Z", + "lifecycles": [ + { + "phase": "build" + } + ], "tools": { "components": [ { "name": "sbom4python", - "version": "0.10.4", + "version": "0.11.0", "type": "application" } ] @@ -69,7 +74,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.5", + "version": "3.10.1", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -82,12 +87,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.5", + "url": "https://pypi.org/project/aiohttp/3.10.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.5", + "purl": "pkg:pypi/aiohttp@3.10.1", "properties": [ { "name": "language", @@ -101,7 +106,50 @@ }, { "type": "library", - "bom-ref": "3-aiosignal", + "bom-ref": "3-aiohappyeyeballs", + "name": "aiohappyeyeballs", + "version": "2.3.4", + "supplier": { + "name": "J. Nick Koston", + "contact": [ + { + "email": "nick@koston.org" + } + ] + }, + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*", + "description": "Happy Eyeballs for asyncio", + "licenses": [ + { + "license": { + "id": "PSF-2.0", + "url": "https://opensource.org/licenses/Python-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/aiohappyeyeballs/2.3.4", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/aiohappyeyeballs@2.3.4", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "4-aiosignal", "name": "aiosignal", "version": "1.3.1", "hashes": [ @@ -140,7 +188,7 @@ }, { "type": "library", - "bom-ref": "4-frozenlist", + "bom-ref": "5-frozenlist", "name": "frozenlist", "version": "1.4.1", "description": "A list-like structure which implements collections.abc.MutableSequence", @@ -174,7 +222,7 @@ }, { "type": "library", - "bom-ref": "5-async-timeout", + "bom-ref": "6-async-timeout", "name": "async-timeout", "version": "4.0.3", "supplier": { @@ -223,9 +271,9 @@ }, { "type": "library", - "bom-ref": "6-attrs", + "bom-ref": "7-attrs", "name": "attrs", - "version": "23.2.0", + "version": "24.1.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -234,16 +282,16 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", "externalReferences": [ { - "url": "https://pypi.org/project/attrs/23.2.0", + "url": "https://pypi.org/project/attrs/24.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.2.0", + "purl": "pkg:pypi/attrs@24.1.0", "properties": [ { "name": "language", @@ -257,7 +305,7 @@ }, { "type": "library", - "bom-ref": "7-multidict", + "bom-ref": "8-multidict", "name": "multidict", "version": "6.0.5", "supplier": { @@ -306,7 +354,7 @@ }, { "type": "library", - "bom-ref": "8-yarl", + "bom-ref": "9-yarl", "name": "yarl", "version": "1.9.4", "supplier": { @@ -355,7 +403,7 @@ }, { "type": "library", - "bom-ref": "9-idna", + "bom-ref": "10-idna", "name": "idna", "version": "3.7", "supplier": { @@ -395,7 +443,7 @@ }, { "type": "library", - "bom-ref": "10-beautifulsoup4", + "bom-ref": "11-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -438,7 +486,7 @@ }, { "type": "library", - "bom-ref": "11-soupsieve", + "bom-ref": "12-soupsieve", "name": "soupsieve", "version": "2.5", "supplier": { @@ -478,7 +526,7 @@ }, { "type": "library", - "bom-ref": "12-cvss", + "bom-ref": "13-cvss", "name": "cvss", "version": "3.1", "supplier": { @@ -527,7 +575,7 @@ }, { "type": "library", - "bom-ref": "13-defusedxml", + "bom-ref": "14-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -576,7 +624,7 @@ }, { "type": "library", - "bom-ref": "14-distro", + "bom-ref": "15-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -619,7 +667,7 @@ }, { "type": "library", - "bom-ref": "15-filetype", + "bom-ref": "16-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -668,7 +716,7 @@ }, { "type": "library", - "bom-ref": "16-gsutil", + "bom-ref": "17-gsutil", "name": "gsutil", "version": "5.30", "supplier": { @@ -711,7 +759,7 @@ }, { "type": "library", - "bom-ref": "17-argcomplete", + "bom-ref": "18-argcomplete", "name": "argcomplete", "version": "3.4.0", "supplier": { @@ -754,7 +802,7 @@ }, { "type": "library", - "bom-ref": "18-crcmod", + "bom-ref": "19-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -797,7 +845,7 @@ }, { "type": "library", - "bom-ref": "19-fasteners", + "bom-ref": "20-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -841,7 +889,7 @@ }, { "type": "library", - "bom-ref": "20-gcs-oauth2-boto-plugin", + "bom-ref": "21-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -884,7 +932,7 @@ }, { "type": "library", - "bom-ref": "21-boto", + "bom-ref": "22-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -933,7 +981,7 @@ }, { "type": "library", - "bom-ref": "22-google-auth", + "bom-ref": "23-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -982,7 +1030,7 @@ }, { "type": "library", - "bom-ref": "23-cachetools", + "bom-ref": "24-cachetools", "name": "cachetools", "version": "5.4.0", "supplier": { @@ -1025,7 +1073,7 @@ }, { "type": "library", - "bom-ref": "24-pyasn1-modules", + "bom-ref": "25-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.0", "supplier": { @@ -1049,7 +1097,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyasn1-modules/0.4.0", "type": "distribution", "comment": "Download location for component" } @@ -1068,7 +1116,7 @@ }, { "type": "library", - "bom-ref": "25-pyasn1", + "bom-ref": "26-pyasn1", "name": "pyasn1", "version": "0.6.0", "supplier": { @@ -1111,7 +1159,7 @@ }, { "type": "library", - "bom-ref": "26-rsa", + "bom-ref": "27-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1160,7 +1208,7 @@ }, { "type": "library", - "bom-ref": "27-six", + "bom-ref": "28-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1209,7 +1257,7 @@ }, { "type": "library", - "bom-ref": "28-google-auth-httplib2", + "bom-ref": "29-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1257,7 +1305,7 @@ }, { "type": "library", - "bom-ref": "29-httplib2", + "bom-ref": "30-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1306,7 +1354,7 @@ }, { "type": "library", - "bom-ref": "30-pyparsing", + "bom-ref": "31-pyparsing", "name": "pyparsing", "version": "3.1.2", "supplier": { @@ -1346,7 +1394,7 @@ }, { "type": "library", - "bom-ref": "31-google-reauth", + "bom-ref": "32-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1395,7 +1443,7 @@ }, { "type": "library", - "bom-ref": "32-pyu2f", + "bom-ref": "33-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1444,7 +1492,7 @@ }, { "type": "library", - "bom-ref": "33-oauth2client", + "bom-ref": "34-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1493,7 +1541,7 @@ }, { "type": "library", - "bom-ref": "34-pyopenssl", + "bom-ref": "35-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1517,7 +1565,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyOpenSSL/24.2.1", + "url": "https://pypi.org/project/pyopenssl/24.2.1", "type": "distribution", "comment": "Download location for component" } @@ -1536,7 +1584,7 @@ }, { "type": "library", - "bom-ref": "35-cryptography", + "bom-ref": "36-cryptography", "name": "cryptography", "version": "43.0.0", "supplier": { @@ -1575,7 +1623,7 @@ }, { "type": "library", - "bom-ref": "36-cffi", + "bom-ref": "37-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1624,7 +1672,7 @@ }, { "type": "library", - "bom-ref": "37-pycparser", + "bom-ref": "38-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1673,7 +1721,7 @@ }, { "type": "library", - "bom-ref": "38-retry-decorator", + "bom-ref": "39-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1722,7 +1770,7 @@ }, { "type": "library", - "bom-ref": "39-google-apitools", + "bom-ref": "40-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1771,7 +1819,7 @@ }, { "type": "library", - "bom-ref": "40-monotonic", + "bom-ref": "41-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1820,7 +1868,7 @@ }, { "type": "library", - "bom-ref": "41-importlib-metadata", + "bom-ref": "42-importlib-metadata", "name": "importlib-metadata", "version": "8.2.0", "supplier": { @@ -1835,7 +1883,7 @@ "description": "Read metadata from Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/importlib_metadata/8.2.0", + "url": "https://pypi.org/project/importlib-metadata/8.2.0", "type": "distribution", "comment": "Download location for component" } @@ -1854,7 +1902,7 @@ }, { "type": "library", - "bom-ref": "42-zipp", + "bom-ref": "43-zipp", "name": "zipp", "version": "3.19.2", "supplier": { @@ -1888,7 +1936,7 @@ }, { "type": "library", - "bom-ref": "43-importlib-resources", + "bom-ref": "44-importlib-resources", "name": "importlib-resources", "version": "6.4.0", "supplier": { @@ -1909,7 +1957,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/importlib_resources/6.4.0", + "url": "https://pypi.org/project/importlib-resources/6.4.0", "type": "distribution", "comment": "Download location for component" } @@ -1928,13 +1976,13 @@ }, { "type": "library", - "bom-ref": "44-jinja2", + "bom-ref": "45-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.4", + "url": "https://pypi.org/project/jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } @@ -1953,7 +2001,7 @@ }, { "type": "library", - "bom-ref": "45-markupsafe", + "bom-ref": "46-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1974,7 +2022,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/MarkupSafe/2.1.5", + "url": "https://pypi.org/project/markupsafe/2.1.5", "type": "distribution", "comment": "Download location for component" } @@ -1993,7 +2041,7 @@ }, { "type": "library", - "bom-ref": "46-jsonschema", + "bom-ref": "47-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -2031,7 +2079,7 @@ }, { "type": "library", - "bom-ref": "47-jsonschema-specifications", + "bom-ref": "48-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -2075,7 +2123,7 @@ }, { "type": "library", - "bom-ref": "48-referencing", + "bom-ref": "49-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -2104,7 +2152,7 @@ }, { "type": "library", - "bom-ref": "49-rpds-py", + "bom-ref": "50-rpds-py", "name": "rpds-py", "version": "0.19.1", "supplier": { @@ -2142,7 +2190,7 @@ }, { "type": "library", - "bom-ref": "50-pkgutil-resolve-name", + "bom-ref": "51-pkgutil-resolve-name", "name": "pkgutil-resolve-name", "version": "1.3.10", "supplier": { @@ -2157,7 +2205,7 @@ "description": "Resolve a name to an object.", "externalReferences": [ { - "url": "https://pypi.org/project/pkgutil_resolve_name/1.3.10", + "url": "https://pypi.org/project/pkgutil-resolve-name/1.3.10", "type": "distribution", "comment": "Download location for component" } @@ -2176,7 +2224,7 @@ }, { "type": "library", - "bom-ref": "51-lib4sbom", + "bom-ref": "52-lib4sbom", "name": "lib4sbom", "version": "0.7.2", "supplier": { @@ -2219,7 +2267,7 @@ }, { "type": "library", - "bom-ref": "52-pyyaml", + "bom-ref": "53-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2249,7 +2297,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0.1", + "url": "https://pypi.org/project/pyyaml/6.0.1", "type": "distribution", "comment": "Download location for component" } @@ -2268,7 +2316,7 @@ }, { "type": "library", - "bom-ref": "53-semantic-version", + "bom-ref": "54-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2317,7 +2365,7 @@ }, { "type": "library", - "bom-ref": "54-lib4vex", + "bom-ref": "55-lib4vex", "name": "lib4vex", "version": "0.1.0", "supplier": { @@ -2366,7 +2414,7 @@ }, { "type": "library", - "bom-ref": "55-csaf-tool", + "bom-ref": "56-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2415,7 +2463,7 @@ }, { "type": "library", - "bom-ref": "56-packageurl-python", + "bom-ref": "57-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2453,7 +2501,7 @@ }, { "type": "library", - "bom-ref": "57-rich", + "bom-ref": "58-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2496,7 +2544,7 @@ }, { "type": "library", - "bom-ref": "58-markdown-it-py", + "bom-ref": "59-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2536,7 +2584,7 @@ }, { "type": "library", - "bom-ref": "59-mdurl", + "bom-ref": "60-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2576,7 +2624,7 @@ }, { "type": "library", - "bom-ref": "60-pygments", + "bom-ref": "61-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2606,7 +2654,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.18.0", + "url": "https://pypi.org/project/pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } @@ -2625,7 +2673,7 @@ }, { "type": "library", - "bom-ref": "61-typing-extensions", + "bom-ref": "62-typing-extensions", "name": "typing-extensions", "version": "4.12.2", "supplier": { @@ -2640,7 +2688,7 @@ "description": "Backported and Experimental Type Hints for Python 3.8+", "externalReferences": [ { - "url": "https://pypi.org/project/typing_extensions/4.12.2", + "url": "https://pypi.org/project/typing-extensions/4.12.2", "type": "distribution", "comment": "Download location for component" } @@ -2659,7 +2707,7 @@ }, { "type": "library", - "bom-ref": "62-packaging", + "bom-ref": "63-packaging", "name": "packaging", "version": "24.1", "supplier": { @@ -2693,7 +2741,7 @@ }, { "type": "library", - "bom-ref": "63-plotly", + "bom-ref": "64-plotly", "name": "plotly", "version": "5.23.0", "supplier": { @@ -2736,9 +2784,9 @@ }, { "type": "library", - "bom-ref": "64-tenacity", + "bom-ref": "65-tenacity", "name": "tenacity", - "version": "8.5.0", + "version": "9.0.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2747,7 +2795,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -2760,12 +2808,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.5.0", + "url": "https://pypi.org/project/tenacity/9.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.5.0", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ { "name": "language", @@ -2779,7 +2827,7 @@ }, { "type": "library", - "bom-ref": "65-python-gnupg", + "bom-ref": "66-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2828,7 +2876,7 @@ }, { "type": "library", - "bom-ref": "66-requests", + "bom-ref": "67-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -2877,7 +2925,7 @@ }, { "type": "library", - "bom-ref": "67-certifi", + "bom-ref": "68-certifi", "name": "certifi", "version": "2024.7.4", "supplier": { @@ -2920,7 +2968,7 @@ }, { "type": "library", - "bom-ref": "68-charset-normalizer", + "bom-ref": "69-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2969,7 +3017,7 @@ }, { "type": "library", - "bom-ref": "69-urllib3", + "bom-ref": "70-urllib3", "name": "urllib3", "version": "2.2.2", "supplier": { @@ -3003,7 +3051,7 @@ }, { "type": "library", - "bom-ref": "70-rpmfile", + "bom-ref": "71-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -3052,7 +3100,41 @@ }, { "type": "library", - "bom-ref": "71-toml", + "bom-ref": "72-setuptools", + "name": "setuptools", + "version": "72.1.0", + "supplier": { + "name": "Python Packaging Authority", + "contact": [ + { + "email": "distutils-sig@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*", + "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "externalReferences": [ + { + "url": "https://pypi.org/project/setuptools/72.1.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/setuptools@72.1.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "73-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -3101,9 +3183,9 @@ }, { "type": "library", - "bom-ref": "72-xmlschema", + "bom-ref": "74-xmlschema", "name": "xmlschema", - "version": "3.3.1", + "version": "3.3.2", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3112,7 +3194,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -3125,12 +3207,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.3.1", + "url": "https://pypi.org/project/xmlschema/3.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.3.1", + "purl": "pkg:pypi/xmlschema@3.3.2", "properties": [ { "name": "language", @@ -3144,7 +3226,7 @@ }, { "type": "library", - "bom-ref": "73-elementpath", + "bom-ref": "75-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -3193,7 +3275,7 @@ }, { "type": "library", - "bom-ref": "74-zstandard", + "bom-ref": "76-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -3246,278 +3328,280 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "10-beautifulsoup4", - "12-cvss", - "13-defusedxml", - "14-distro", - "15-filetype", - "16-gsutil", - "41-importlib-metadata", - "43-importlib-resources", - "44-jinja2", - "46-jsonschema", - "51-lib4sbom", - "54-lib4vex", - "56-packageurl-python", - "62-packaging", - "63-plotly", - "65-python-gnupg", - "52-pyyaml", - "66-requests", - "57-rich", - "70-rpmfile", - "71-toml", - "69-urllib3", - "72-xmlschema", - "74-zstandard" + "11-beautifulsoup4", + "13-cvss", + "14-defusedxml", + "15-distro", + "16-filetype", + "17-gsutil", + "42-importlib-metadata", + "44-importlib-resources", + "45-jinja2", + "47-jsonschema", + "52-lib4sbom", + "55-lib4vex", + "57-packageurl-python", + "63-packaging", + "64-plotly", + "66-python-gnupg", + "53-pyyaml", + "67-requests", + "58-rich", + "71-rpmfile", + "72-setuptools", + "73-toml", + "70-urllib3", + "74-xmlschema", + "76-zstandard" ] }, { "ref": "2-aiohttp", "dependsOn": [ - "3-aiosignal", - "5-async-timeout", - "6-attrs", - "4-frozenlist", - "7-multidict", - "8-yarl" + "3-aiohappyeyeballs", + "4-aiosignal", + "6-async-timeout", + "7-attrs", + "5-frozenlist", + "8-multidict", + "9-yarl" ] }, { - "ref": "3-aiosignal", + "ref": "4-aiosignal", "dependsOn": [ - "4-frozenlist" + "5-frozenlist" ] }, { - "ref": "8-yarl", + "ref": "9-yarl", "dependsOn": [ - "9-idna", - "7-multidict" + "10-idna", + "8-multidict" ] }, { - "ref": "10-beautifulsoup4", + "ref": "11-beautifulsoup4", "dependsOn": [ - "11-soupsieve" + "12-soupsieve" ] }, { - "ref": "16-gsutil", + "ref": "17-gsutil", "dependsOn": [ - "17-argcomplete", - "18-crcmod", - "19-fasteners", - "20-gcs-oauth2-boto-plugin", - "39-google-apitools", - "22-google-auth", - "28-google-auth-httplib2", - "31-google-reauth", - "29-httplib2", - "40-monotonic", - "34-pyopenssl", - "38-retry-decorator", - "27-six" - ] - }, - { - "ref": "20-gcs-oauth2-boto-plugin", + "18-argcomplete", + "19-crcmod", + "20-fasteners", + "21-gcs-oauth2-boto-plugin", + "40-google-apitools", + "23-google-auth", + "29-google-auth-httplib2", + "32-google-reauth", + "30-httplib2", + "41-monotonic", + "35-pyopenssl", + "39-retry-decorator", + "28-six" + ] + }, + { + "ref": "21-gcs-oauth2-boto-plugin", "dependsOn": [ - "21-boto", - "22-google-auth", - "28-google-auth-httplib2", - "31-google-reauth", - "29-httplib2", - "33-oauth2client", - "34-pyopenssl", - "38-retry-decorator", - "26-rsa", - "27-six" + "22-boto", + "23-google-auth", + "29-google-auth-httplib2", + "32-google-reauth", + "30-httplib2", + "34-oauth2client", + "35-pyopenssl", + "39-retry-decorator", + "27-rsa", + "28-six" ] }, { - "ref": "22-google-auth", + "ref": "23-google-auth", "dependsOn": [ - "23-cachetools", - "24-pyasn1-modules", - "26-rsa", - "27-six" + "24-cachetools", + "25-pyasn1-modules", + "27-rsa", + "28-six" ] }, { - "ref": "24-pyasn1-modules", + "ref": "25-pyasn1-modules", "dependsOn": [ - "25-pyasn1" + "26-pyasn1" ] }, { - "ref": "26-rsa", + "ref": "27-rsa", "dependsOn": [ - "25-pyasn1" + "26-pyasn1" ] }, { - "ref": "28-google-auth-httplib2", + "ref": "29-google-auth-httplib2", "dependsOn": [ - "22-google-auth", - "29-httplib2" + "23-google-auth", + "30-httplib2" ] }, { - "ref": "29-httplib2", + "ref": "30-httplib2", "dependsOn": [ - "30-pyparsing" + "31-pyparsing" ] }, { - "ref": "31-google-reauth", + "ref": "32-google-reauth", "dependsOn": [ - "32-pyu2f" + "33-pyu2f" ] }, { - "ref": "32-pyu2f", + "ref": "33-pyu2f", "dependsOn": [ - "27-six" + "28-six" ] }, { - "ref": "33-oauth2client", + "ref": "34-oauth2client", "dependsOn": [ - "29-httplib2", - "25-pyasn1", - "24-pyasn1-modules", - "26-rsa", - "27-six" + "30-httplib2", + "26-pyasn1", + "25-pyasn1-modules", + "27-rsa", + "28-six" ] }, { - "ref": "34-pyopenssl", + "ref": "35-pyopenssl", "dependsOn": [ - "35-cryptography" + "36-cryptography" ] }, { - "ref": "35-cryptography", + "ref": "36-cryptography", "dependsOn": [ - "36-cffi" + "37-cffi" ] }, { - "ref": "36-cffi", + "ref": "37-cffi", "dependsOn": [ - "37-pycparser" + "38-pycparser" ] }, { - "ref": "39-google-apitools", + "ref": "40-google-apitools", "dependsOn": [ - "19-fasteners", - "29-httplib2", - "33-oauth2client", - "27-six" + "20-fasteners", + "30-httplib2", + "34-oauth2client", + "28-six" ] }, { - "ref": "41-importlib-metadata", + "ref": "42-importlib-metadata", "dependsOn": [ - "42-zipp" + "43-zipp" ] }, { - "ref": "43-importlib-resources", + "ref": "44-importlib-resources", "dependsOn": [ - "42-zipp" + "43-zipp" ] }, { - "ref": "44-jinja2", + "ref": "45-jinja2", "dependsOn": [ - "45-markupsafe" + "46-markupsafe" ] }, { - "ref": "46-jsonschema", + "ref": "47-jsonschema", "dependsOn": [ - "6-attrs", - "43-importlib-resources", - "47-jsonschema-specifications", - "50-pkgutil-resolve-name", - "48-referencing", - "49-rpds-py" + "7-attrs", + "44-importlib-resources", + "48-jsonschema-specifications", + "51-pkgutil-resolve-name", + "49-referencing", + "50-rpds-py" ] }, { - "ref": "47-jsonschema-specifications", + "ref": "48-jsonschema-specifications", "dependsOn": [ - "43-importlib-resources", - "48-referencing" + "44-importlib-resources", + "49-referencing" ] }, { - "ref": "48-referencing", + "ref": "49-referencing", "dependsOn": [ - "6-attrs", - "49-rpds-py" + "7-attrs", + "50-rpds-py" ] }, { - "ref": "51-lib4sbom", + "ref": "52-lib4sbom", "dependsOn": [ - "13-defusedxml", - "52-pyyaml", - "53-semantic-version" + "14-defusedxml", + "53-pyyaml", + "54-semantic-version" ] }, { - "ref": "54-lib4vex", + "ref": "55-lib4vex", "dependsOn": [ - "55-csaf-tool", - "51-lib4sbom", - "56-packageurl-python" + "56-csaf-tool", + "52-lib4sbom", + "57-packageurl-python" ] }, { - "ref": "55-csaf-tool", + "ref": "56-csaf-tool", "dependsOn": [ - "56-packageurl-python", - "57-rich" + "57-packageurl-python", + "58-rich" ] }, { - "ref": "57-rich", + "ref": "58-rich", "dependsOn": [ - "58-markdown-it-py", - "60-pygments", - "61-typing-extensions" + "59-markdown-it-py", + "61-pygments", + "62-typing-extensions" ] }, { - "ref": "58-markdown-it-py", + "ref": "59-markdown-it-py", "dependsOn": [ - "59-mdurl" + "60-mdurl" ] }, { - "ref": "63-plotly", + "ref": "64-plotly", "dependsOn": [ - "62-packaging", - "64-tenacity" + "63-packaging", + "65-tenacity" ] }, { - "ref": "66-requests", + "ref": "67-requests", "dependsOn": [ - "67-certifi", - "68-charset-normalizer", - "9-idna", - "69-urllib3" + "68-certifi", + "69-charset-normalizer", + "10-idna", + "70-urllib3" ] }, { - "ref": "72-xmlschema", + "ref": "74-xmlschema", "dependsOn": [ - "73-elementpath" + "75-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index ac1dbf9fdd..29b282565b 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4de6303e-ce63-4982-a0b4-b2bb52b88eac +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f9b09a42-4476-4deb-9bc6-4cda3cc71ffc LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.10.4 -Created: 2024-07-29T00:29:29Z +Creator: Tool: sbom4python-0.11.0 +Created: 2024-08-05T00:34:36Z CreatorComment: This document has been automatically generated. ##### @@ -26,21 +26,36 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.5 +PackageVersion: 3.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.1 +##### + +PackageName: aiohappyeyeballs +SPDXID: SPDXRef-Package-3-aiohappyeyeballs +PackageVersion: 2.3.4 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: J. Nick Koston (nick@koston.org) +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.4 +FilesAnalyzed: false +PackageLicenseDeclared: PSF-2.0 +PackageLicenseConcluded: PSF-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Happy Eyeballs for asyncio +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:* ##### PackageName: aiosignal -SPDXID: SPDXRef-Package-3-aiosignal +SPDXID: SPDXRef-Package-4-aiosignal PackageVersion: 1.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -55,7 +70,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist -SPDXID: SPDXRef-Package-4-frozenlist +SPDXID: SPDXRef-Package-5-frozenlist PackageVersion: 1.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -70,7 +85,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 ##### PackageName: async-timeout -SPDXID: SPDXRef-Package-5-async-timeout +SPDXID: SPDXRef-Package-6-async-timeout PackageVersion: 4.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -87,22 +102,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:* ##### PackageName: attrs -SPDXID: SPDXRef-Package-6-attrs -PackageVersion: 23.2.0 +SPDXID: SPDXRef-Package-7-attrs +PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0 +PackageDownloadLocation: https://pypi.org/project/attrs/24.1.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@23.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:* ##### PackageName: multidict -SPDXID: SPDXRef-Package-7-multidict +SPDXID: SPDXRef-Package-8-multidict PackageVersion: 6.0.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -119,7 +134,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-Package-8-yarl +SPDXID: SPDXRef-Package-9-yarl PackageVersion: 1.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -135,7 +150,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: ##### PackageName: idna -SPDXID: SPDXRef-Package-9-idna +SPDXID: SPDXRef-Package-10-idna PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -151,7 +166,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-10-beautifulsoup4 +SPDXID: SPDXRef-Package-11-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -167,7 +182,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-11-soupsieve +SPDXID: SPDXRef-Package-12-soupsieve PackageVersion: 2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) @@ -183,7 +198,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-12-cvss +SPDXID: SPDXRef-Package-13-cvss PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -200,7 +215,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-13-defusedxml +SPDXID: SPDXRef-Package-14-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -217,7 +232,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-14-distro +SPDXID: SPDXRef-Package-15-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -233,7 +248,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-Package-15-filetype +SPDXID: SPDXRef-Package-16-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -249,7 +264,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-Package-16-gsutil +SPDXID: SPDXRef-Package-17-gsutil PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) @@ -265,7 +280,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-17-argcomplete +SPDXID: SPDXRef-Package-18-argcomplete PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) @@ -281,7 +296,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-18-crcmod +SPDXID: SPDXRef-Package-19-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -296,7 +311,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-19-fasteners +SPDXID: SPDXRef-Package-20-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -312,7 +327,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-Package-21-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -328,7 +343,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-Package-21-boto +SPDXID: SPDXRef-Package-22-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -344,7 +359,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-Package-22-google-auth +SPDXID: SPDXRef-Package-23-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -361,7 +376,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-Package-23-cachetools +SPDXID: SPDXRef-Package-24-cachetools PackageVersion: 5.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -376,15 +391,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-24-pyasn1-modules +SPDXID: SPDXRef-Package-25-pyasn1-modules PackageVersion: 0.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A collection of ASN.1-based protocols modules ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 @@ -392,7 +407,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-25-pyasn1 +SPDXID: SPDXRef-Package-26-pyasn1 PackageVersion: 0.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -407,7 +422,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-Package-26-rsa +SPDXID: SPDXRef-Package-27-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -424,7 +439,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-27-six +SPDXID: SPDXRef-Package-28-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -440,7 +455,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-Package-28-google-auth-httplib2 +SPDXID: SPDXRef-Package-29-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -456,7 +471,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-29-httplib2 +SPDXID: SPDXRef-Package-30-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -472,7 +487,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-30-pyparsing +SPDXID: SPDXRef-Package-31-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -488,7 +503,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-31-google-reauth +SPDXID: SPDXRef-Package-32-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -505,7 +520,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-32-pyu2f +SPDXID: SPDXRef-Package-33-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -522,7 +537,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-33-oauth2client +SPDXID: SPDXRef-Package-34-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -539,15 +554,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-34-pyopenssl +SPDXID: SPDXRef-Package-35-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.2.1 +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 @@ -555,7 +570,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-35-cryptography +SPDXID: SPDXRef-Package-36-cryptography PackageVersion: 43.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -570,7 +585,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-Package-36-cffi +SPDXID: SPDXRef-Package-37-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -586,7 +601,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-37-pycparser +SPDXID: SPDXRef-Package-38-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -602,7 +617,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-38-retry-decorator +SPDXID: SPDXRef-Package-39-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -618,7 +633,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-39-google-apitools +SPDXID: SPDXRef-Package-40-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -635,7 +650,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-40-monotonic +SPDXID: SPDXRef-Package-41-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -652,11 +667,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-metadata -SPDXID: SPDXRef-Package-41-importlib-metadata +SPDXID: SPDXRef-Package-42-importlib-metadata PackageVersion: 8.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib_metadata/8.2.0 +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.2.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -667,7 +682,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.2.0:*:*: ##### PackageName: zipp -SPDXID: SPDXRef-Package-42-zipp +SPDXID: SPDXRef-Package-43-zipp PackageVersion: 3.19.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) @@ -682,11 +697,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.19.2:*:*:*:*:*:*:* ##### PackageName: importlib-resources -SPDXID: SPDXRef-Package-43-importlib-resources +SPDXID: SPDXRef-Package-44-importlib-resources PackageVersion: 6.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) -PackageDownloadLocation: https://pypi.org/project/importlib_resources/6.4.0 +PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.0 FilesAnalyzed: false PackageChecksum: SHA1: 1f4d3f10a3ed5d65b3092a39369c08e71e30a97c PackageLicenseDeclared: NOASSERTION @@ -698,11 +713,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.0 ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-44-jinja2 +SPDXID: SPDXRef-Package-45-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 +PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -712,11 +727,11 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-45-markupsafe +SPDXID: SPDXRef-Package-46-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 +PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5 FilesAnalyzed: false PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause @@ -727,7 +742,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-46-jsonschema +SPDXID: SPDXRef-Package-47-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -742,7 +757,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-47-jsonschema-specifications +SPDXID: SPDXRef-Package-48-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -758,7 +773,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-48-referencing +SPDXID: SPDXRef-Package-49-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -773,7 +788,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-49-rpds-py +SPDXID: SPDXRef-Package-50-rpds-py PackageVersion: 0.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -788,11 +803,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:* ##### PackageName: pkgutil-resolve-name -SPDXID: SPDXRef-Package-50-pkgutil-resolve-name +SPDXID: SPDXRef-Package-51-pkgutil-resolve-name PackageVersion: 1.3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/pkgutil_resolve_name/1.3.10 +PackageDownloadLocation: https://pypi.org/project/pkgutil-resolve-name/1.3.10 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -803,7 +818,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-51-lib4sbom +SPDXID: SPDXRef-Package-52-lib4sbom PackageVersion: 0.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -818,11 +833,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-52-pyyaml +SPDXID: SPDXRef-Package-53-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 +PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.1 FilesAnalyzed: false PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479 PackageLicenseDeclared: MIT @@ -834,7 +849,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-53-semantic-version +SPDXID: SPDXRef-Package-54-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -851,7 +866,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-Package-54-lib4vex +SPDXID: SPDXRef-Package-55-lib4vex PackageVersion: 0.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -867,7 +882,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-Package-55-csaf-tool +SPDXID: SPDXRef-Package-56-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -883,7 +898,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-56-packageurl-python +SPDXID: SPDXRef-Package-57-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -898,7 +913,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-Package-57-rich +SPDXID: SPDXRef-Package-58-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -913,7 +928,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-58-markdown-it-py +SPDXID: SPDXRef-Package-59-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -929,7 +944,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-59-mdurl +SPDXID: SPDXRef-Package-60-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -945,11 +960,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-60-pygments +SPDXID: SPDXRef-Package-61-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 +PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0 FilesAnalyzed: false PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb PackageLicenseDeclared: BSD-2-Clause @@ -961,11 +976,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: typing-extensions -SPDXID: SPDXRef-Package-61-typing-extensions +SPDXID: SPDXRef-Package-62-typing-extensions PackageVersion: 4.12.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) -PackageDownloadLocation: https://pypi.org/project/typing_extensions/4.12.2 +PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -976,7 +991,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e ##### PackageName: packaging -SPDXID: SPDXRef-Package-62-packaging +SPDXID: SPDXRef-Package-63-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -991,7 +1006,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-63-plotly +SPDXID: SPDXRef-Package-64-plotly PackageVersion: 5.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -1006,23 +1021,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-64-tenacity -PackageVersion: 8.5.0 +SPDXID: SPDXRef-Package-65-tenacity +PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.5.0 +PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-65-python-gnupg +SPDXID: SPDXRef-Package-66-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -1039,7 +1054,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-66-requests +SPDXID: SPDXRef-Package-67-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -1055,7 +1070,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-67-certifi +SPDXID: SPDXRef-Package-68-certifi PackageVersion: 2024.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -1070,7 +1085,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-68-charset-normalizer +SPDXID: SPDXRef-Package-69-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -1086,7 +1101,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-69-urllib3 +SPDXID: SPDXRef-Package-70-urllib3 PackageVersion: 2.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1101,7 +1116,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-70-rpmfile +SPDXID: SPDXRef-Package-71-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1116,8 +1131,23 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### +PackageName: setuptools +SPDXID: SPDXRef-Package-72-setuptools +PackageVersion: 72.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) +PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:* +##### + PackageName: toml -SPDXID: SPDXRef-Package-71-toml +SPDXID: SPDXRef-Package-73-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1133,22 +1163,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-72-xmlschema -PackageVersion: 3.3.1 +SPDXID: SPDXRef-Package-74-xmlschema +PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-73-elementpath +SPDXID: SPDXRef-Package-75-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1164,7 +1194,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-74-zstandard +SPDXID: SPDXRef-Package-76-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1180,116 +1210,118 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:* ##### Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-10-beautifulsoup4 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-cvss +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defusedxml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-filetype +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-17-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-metadata -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-importlib-resources -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-lib4vex -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-74-zstandard -Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing -Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f -Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography -Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi -Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client -Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-42-zipp -Relationship: SPDXRef-Package-43-importlib-resources DEPENDS_ON SPDXRef-Package-42-zipp -Relationship: SPDXRef-Package-44-jinja2 DEPENDS_ON SPDXRef-Package-45-markupsafe -Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-43-importlib-resources -Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-47-jsonschema-specifications -Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-48-referencing -Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-49-rpds-py -Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-50-pkgutil-resolve-name -Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-43-importlib-resources -Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-48-referencing -Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-49-rpds-py -Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml -Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version -Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-51-lib4sbom -Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-55-csaf-tool -Relationship: SPDXRef-Package-54-lib4vex DEPENDS_ON SPDXRef-Package-56-packageurl-python -Relationship: SPDXRef-Package-55-csaf-tool DEPENDS_ON SPDXRef-Package-56-packageurl-python -Relationship: SPDXRef-Package-55-csaf-tool DEPENDS_ON SPDXRef-Package-57-rich -Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-58-markdown-it-py -Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-60-pygments -Relationship: SPDXRef-Package-57-rich DEPENDS_ON SPDXRef-Package-61-typing-extensions -Relationship: SPDXRef-Package-58-markdown-it-py DEPENDS_ON SPDXRef-Package-59-mdurl -Relationship: SPDXRef-Package-63-plotly DEPENDS_ON SPDXRef-Package-62-packaging -Relationship: SPDXRef-Package-63-plotly DEPENDS_ON SPDXRef-Package-64-tenacity -Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-67-certifi -Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-68-charset-normalizer -Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-69-urllib3 -Relationship: SPDXRef-Package-66-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-72-xmlschema DEPENDS_ON SPDXRef-Package-73-elementpath -Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict -Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-importlib-metadata +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-importlib-resources +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-lib4vex +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-setuptools +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-73-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-74-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-76-zstandard +Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-18-argcomplete +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-19-crcmod +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-20-fasteners +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-21-gcs-oauth2-boto-plugin +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-29-google-auth-httplib2 +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-32-google-reauth +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-35-pyopenssl +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-39-retry-decorator +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-40-google-apitools +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-41-monotonic +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiohappyeyeballs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-aiosignal +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-async-timeout +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-multidict +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-9-yarl +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-boto +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-google-auth-httplib2 +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-google-reauth +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-oauth2client +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-pyopenssl +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-39-retry-decorator +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-24-cachetools +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-25-pyasn1-modules +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-25-pyasn1-modules DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-27-rsa DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-29-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-29-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-30-httplib2 DEPENDS_ON SPDXRef-Package-31-pyparsing +Relationship: SPDXRef-Package-32-google-reauth DEPENDS_ON SPDXRef-Package-33-pyu2f +Relationship: SPDXRef-Package-33-pyu2f DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1-modules +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-35-pyopenssl DEPENDS_ON SPDXRef-Package-36-cryptography +Relationship: SPDXRef-Package-36-cryptography DEPENDS_ON SPDXRef-Package-37-cffi +Relationship: SPDXRef-Package-37-cffi DEPENDS_ON SPDXRef-Package-38-pycparser +Relationship: SPDXRef-Package-4-aiosignal DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-20-fasteners +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-34-oauth2client +Relationship: SPDXRef-Package-42-importlib-metadata DEPENDS_ON SPDXRef-Package-43-zipp +Relationship: SPDXRef-Package-44-importlib-resources DEPENDS_ON SPDXRef-Package-43-zipp +Relationship: SPDXRef-Package-45-jinja2 DEPENDS_ON SPDXRef-Package-46-markupsafe +Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-44-importlib-resources +Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-48-jsonschema-specifications +Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-49-referencing +Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-50-rpds-py +Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-51-pkgutil-resolve-name +Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-48-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-importlib-resources +Relationship: SPDXRef-Package-48-jsonschema-specifications DEPENDS_ON SPDXRef-Package-49-referencing +Relationship: SPDXRef-Package-49-referencing DEPENDS_ON SPDXRef-Package-50-rpds-py +Relationship: SPDXRef-Package-49-referencing DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-52-lib4sbom DEPENDS_ON SPDXRef-Package-14-defusedxml +Relationship: SPDXRef-Package-52-lib4sbom DEPENDS_ON SPDXRef-Package-53-pyyaml +Relationship: SPDXRef-Package-52-lib4sbom DEPENDS_ON SPDXRef-Package-54-semantic-version +Relationship: SPDXRef-Package-55-lib4vex DEPENDS_ON SPDXRef-Package-52-lib4sbom +Relationship: SPDXRef-Package-55-lib4vex DEPENDS_ON SPDXRef-Package-56-csaf-tool +Relationship: SPDXRef-Package-55-lib4vex DEPENDS_ON SPDXRef-Package-57-packageurl-python +Relationship: SPDXRef-Package-56-csaf-tool DEPENDS_ON SPDXRef-Package-57-packageurl-python +Relationship: SPDXRef-Package-56-csaf-tool DEPENDS_ON SPDXRef-Package-58-rich +Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-59-markdown-it-py +Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-61-pygments +Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-62-typing-extensions +Relationship: SPDXRef-Package-59-markdown-it-py DEPENDS_ON SPDXRef-Package-60-mdurl +Relationship: SPDXRef-Package-64-plotly DEPENDS_ON SPDXRef-Package-63-packaging +Relationship: SPDXRef-Package-64-plotly DEPENDS_ON SPDXRef-Package-65-tenacity +Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-68-certifi +Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-69-charset-normalizer +Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-70-urllib3 +Relationship: SPDXRef-Package-74-xmlschema DEPENDS_ON SPDXRef-Package-75-elementpath +Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 3a47f5689c..3e7be240f6 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,15 +2,20 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:c55db0d4-3bfe-442b-9b16-b3b25bf97a80", + "serialNumber": "urn:uuid:485924ac-6344-4b78-b66d-e84d13270170", "version": 1, "metadata": { - "timestamp": "2024-07-29T00:30:28Z", + "timestamp": "2024-08-05T00:37:48Z", + "lifecycles": [ + { + "phase": "build" + } + ], "tools": { "components": [ { "name": "sbom4python", - "version": "0.10.4", + "version": "0.11.0", "type": "application" } ] @@ -69,7 +74,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.9.5", + "version": "3.10.1", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -82,12 +87,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.9.5", + "url": "https://pypi.org/project/aiohttp/3.10.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.9.5", + "purl": "pkg:pypi/aiohttp@3.10.1", "properties": [ { "name": "language", @@ -101,7 +106,50 @@ }, { "type": "library", - "bom-ref": "3-aiosignal", + "bom-ref": "3-aiohappyeyeballs", + "name": "aiohappyeyeballs", + "version": "2.3.4", + "supplier": { + "name": "J. Nick Koston", + "contact": [ + { + "email": "nick@koston.org" + } + ] + }, + "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:*", + "description": "Happy Eyeballs for asyncio", + "licenses": [ + { + "license": { + "id": "PSF-2.0", + "url": "https://opensource.org/licenses/Python-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/aiohappyeyeballs/2.3.4", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/aiohappyeyeballs@2.3.4", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.19" + } + ] + }, + { + "type": "library", + "bom-ref": "4-aiosignal", "name": "aiosignal", "version": "1.3.1", "hashes": [ @@ -140,7 +188,7 @@ }, { "type": "library", - "bom-ref": "4-frozenlist", + "bom-ref": "5-frozenlist", "name": "frozenlist", "version": "1.4.1", "description": "A list-like structure which implements collections.abc.MutableSequence", @@ -174,7 +222,7 @@ }, { "type": "library", - "bom-ref": "5-async-timeout", + "bom-ref": "6-async-timeout", "name": "async-timeout", "version": "4.0.3", "supplier": { @@ -223,9 +271,9 @@ }, { "type": "library", - "bom-ref": "6-attrs", + "bom-ref": "7-attrs", "name": "attrs", - "version": "23.2.0", + "version": "24.1.0", "supplier": { "name": "Hynek Schlawack", "contact": [ @@ -234,16 +282,16 @@ } ] }, - "cpe": "cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:*", "description": "Classes Without Boilerplate", "externalReferences": [ { - "url": "https://pypi.org/project/attrs/23.2.0", + "url": "https://pypi.org/project/attrs/24.1.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/attrs@23.2.0", + "purl": "pkg:pypi/attrs@24.1.0", "properties": [ { "name": "language", @@ -257,7 +305,7 @@ }, { "type": "library", - "bom-ref": "7-multidict", + "bom-ref": "8-multidict", "name": "multidict", "version": "6.0.5", "supplier": { @@ -306,7 +354,7 @@ }, { "type": "library", - "bom-ref": "8-yarl", + "bom-ref": "9-yarl", "name": "yarl", "version": "1.9.4", "supplier": { @@ -355,7 +403,7 @@ }, { "type": "library", - "bom-ref": "9-idna", + "bom-ref": "10-idna", "name": "idna", "version": "3.7", "supplier": { @@ -395,7 +443,7 @@ }, { "type": "library", - "bom-ref": "10-beautifulsoup4", + "bom-ref": "11-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -438,7 +486,7 @@ }, { "type": "library", - "bom-ref": "11-soupsieve", + "bom-ref": "12-soupsieve", "name": "soupsieve", "version": "2.5", "supplier": { @@ -478,7 +526,7 @@ }, { "type": "library", - "bom-ref": "12-cvss", + "bom-ref": "13-cvss", "name": "cvss", "version": "3.1", "supplier": { @@ -527,7 +575,7 @@ }, { "type": "library", - "bom-ref": "13-defusedxml", + "bom-ref": "14-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -576,7 +624,7 @@ }, { "type": "library", - "bom-ref": "14-distro", + "bom-ref": "15-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -619,7 +667,7 @@ }, { "type": "library", - "bom-ref": "15-filetype", + "bom-ref": "16-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -668,7 +716,7 @@ }, { "type": "library", - "bom-ref": "16-gsutil", + "bom-ref": "17-gsutil", "name": "gsutil", "version": "5.30", "supplier": { @@ -711,7 +759,7 @@ }, { "type": "library", - "bom-ref": "17-argcomplete", + "bom-ref": "18-argcomplete", "name": "argcomplete", "version": "3.4.0", "supplier": { @@ -754,7 +802,7 @@ }, { "type": "library", - "bom-ref": "18-crcmod", + "bom-ref": "19-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -797,7 +845,7 @@ }, { "type": "library", - "bom-ref": "19-fasteners", + "bom-ref": "20-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -841,7 +889,7 @@ }, { "type": "library", - "bom-ref": "20-gcs-oauth2-boto-plugin", + "bom-ref": "21-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -884,7 +932,7 @@ }, { "type": "library", - "bom-ref": "21-boto", + "bom-ref": "22-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -933,7 +981,7 @@ }, { "type": "library", - "bom-ref": "22-google-auth", + "bom-ref": "23-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -982,7 +1030,7 @@ }, { "type": "library", - "bom-ref": "23-cachetools", + "bom-ref": "24-cachetools", "name": "cachetools", "version": "5.4.0", "supplier": { @@ -1025,7 +1073,7 @@ }, { "type": "library", - "bom-ref": "24-pyasn1-modules", + "bom-ref": "25-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.0", "supplier": { @@ -1049,7 +1097,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1_modules/0.4.0", + "url": "https://pypi.org/project/pyasn1-modules/0.4.0", "type": "distribution", "comment": "Download location for component" } @@ -1068,7 +1116,7 @@ }, { "type": "library", - "bom-ref": "25-pyasn1", + "bom-ref": "26-pyasn1", "name": "pyasn1", "version": "0.6.0", "supplier": { @@ -1111,7 +1159,7 @@ }, { "type": "library", - "bom-ref": "26-rsa", + "bom-ref": "27-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1160,7 +1208,7 @@ }, { "type": "library", - "bom-ref": "27-six", + "bom-ref": "28-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1209,7 +1257,7 @@ }, { "type": "library", - "bom-ref": "28-google-auth-httplib2", + "bom-ref": "29-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1257,7 +1305,7 @@ }, { "type": "library", - "bom-ref": "29-httplib2", + "bom-ref": "30-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1306,7 +1354,7 @@ }, { "type": "library", - "bom-ref": "30-pyparsing", + "bom-ref": "31-pyparsing", "name": "pyparsing", "version": "3.1.2", "supplier": { @@ -1346,7 +1394,7 @@ }, { "type": "library", - "bom-ref": "31-google-reauth", + "bom-ref": "32-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1395,7 +1443,7 @@ }, { "type": "library", - "bom-ref": "32-pyu2f", + "bom-ref": "33-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1444,7 +1492,7 @@ }, { "type": "library", - "bom-ref": "33-oauth2client", + "bom-ref": "34-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1493,7 +1541,7 @@ }, { "type": "library", - "bom-ref": "34-pyopenssl", + "bom-ref": "35-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1517,7 +1565,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyOpenSSL/24.2.1", + "url": "https://pypi.org/project/pyopenssl/24.2.1", "type": "distribution", "comment": "Download location for component" } @@ -1536,7 +1584,7 @@ }, { "type": "library", - "bom-ref": "35-cryptography", + "bom-ref": "36-cryptography", "name": "cryptography", "version": "43.0.0", "supplier": { @@ -1575,7 +1623,7 @@ }, { "type": "library", - "bom-ref": "36-cffi", + "bom-ref": "37-cffi", "name": "cffi", "version": "1.16.0", "supplier": { @@ -1624,7 +1672,7 @@ }, { "type": "library", - "bom-ref": "37-pycparser", + "bom-ref": "38-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1673,7 +1721,7 @@ }, { "type": "library", - "bom-ref": "38-retry-decorator", + "bom-ref": "39-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1703,7 +1751,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/retry_decorator/1.1.1", + "url": "https://pypi.org/project/retry-decorator/1.1.1", "type": "distribution", "comment": "Download location for component" } @@ -1722,7 +1770,7 @@ }, { "type": "library", - "bom-ref": "39-google-apitools", + "bom-ref": "40-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1771,7 +1819,7 @@ }, { "type": "library", - "bom-ref": "40-monotonic", + "bom-ref": "41-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1820,7 +1868,7 @@ }, { "type": "library", - "bom-ref": "41-importlib-metadata", + "bom-ref": "42-importlib-metadata", "name": "importlib-metadata", "version": "8.2.0", "supplier": { @@ -1835,7 +1883,7 @@ "description": "Read metadata from Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/importlib_metadata/8.2.0", + "url": "https://pypi.org/project/importlib-metadata/8.2.0", "type": "distribution", "comment": "Download location for component" } @@ -1854,7 +1902,7 @@ }, { "type": "library", - "bom-ref": "42-zipp", + "bom-ref": "43-zipp", "name": "zipp", "version": "3.19.2", "supplier": { @@ -1888,13 +1936,13 @@ }, { "type": "library", - "bom-ref": "43-jinja2", + "bom-ref": "44-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", "externalReferences": [ { - "url": "https://pypi.org/project/Jinja2/3.1.4", + "url": "https://pypi.org/project/jinja2/3.1.4", "type": "distribution", "comment": "Download location for component" } @@ -1913,7 +1961,7 @@ }, { "type": "library", - "bom-ref": "44-markupsafe", + "bom-ref": "45-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -1934,7 +1982,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/MarkupSafe/2.1.5", + "url": "https://pypi.org/project/markupsafe/2.1.5", "type": "distribution", "comment": "Download location for component" } @@ -1953,7 +2001,7 @@ }, { "type": "library", - "bom-ref": "45-jsonschema", + "bom-ref": "46-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -1991,7 +2039,7 @@ }, { "type": "library", - "bom-ref": "46-jsonschema-specifications", + "bom-ref": "47-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -2035,7 +2083,7 @@ }, { "type": "library", - "bom-ref": "47-referencing", + "bom-ref": "48-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -2064,7 +2112,7 @@ }, { "type": "library", - "bom-ref": "48-rpds-py", + "bom-ref": "49-rpds-py", "name": "rpds-py", "version": "0.19.1", "supplier": { @@ -2102,7 +2150,7 @@ }, { "type": "library", - "bom-ref": "49-lib4sbom", + "bom-ref": "50-lib4sbom", "name": "lib4sbom", "version": "0.7.2", "supplier": { @@ -2145,7 +2193,7 @@ }, { "type": "library", - "bom-ref": "50-pyyaml", + "bom-ref": "51-pyyaml", "name": "pyyaml", "version": "6.0.1", "supplier": { @@ -2175,7 +2223,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0.1", + "url": "https://pypi.org/project/pyyaml/6.0.1", "type": "distribution", "comment": "Download location for component" } @@ -2194,7 +2242,7 @@ }, { "type": "library", - "bom-ref": "51-semantic-version", + "bom-ref": "52-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2243,7 +2291,7 @@ }, { "type": "library", - "bom-ref": "52-lib4vex", + "bom-ref": "53-lib4vex", "name": "lib4vex", "version": "0.1.0", "supplier": { @@ -2292,7 +2340,7 @@ }, { "type": "library", - "bom-ref": "53-csaf-tool", + "bom-ref": "54-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2341,7 +2389,7 @@ }, { "type": "library", - "bom-ref": "54-packageurl-python", + "bom-ref": "55-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2379,7 +2427,7 @@ }, { "type": "library", - "bom-ref": "55-rich", + "bom-ref": "56-rich", "name": "rich", "version": "13.7.1", "supplier": { @@ -2422,7 +2470,7 @@ }, { "type": "library", - "bom-ref": "56-markdown-it-py", + "bom-ref": "57-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2462,7 +2510,7 @@ }, { "type": "library", - "bom-ref": "57-mdurl", + "bom-ref": "58-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2502,7 +2550,7 @@ }, { "type": "library", - "bom-ref": "58-pygments", + "bom-ref": "59-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2532,7 +2580,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.18.0", + "url": "https://pypi.org/project/pygments/2.18.0", "type": "distribution", "comment": "Download location for component" } @@ -2551,7 +2599,7 @@ }, { "type": "library", - "bom-ref": "59-packaging", + "bom-ref": "60-packaging", "name": "packaging", "version": "24.1", "supplier": { @@ -2585,7 +2633,7 @@ }, { "type": "library", - "bom-ref": "60-plotly", + "bom-ref": "61-plotly", "name": "plotly", "version": "5.23.0", "supplier": { @@ -2628,9 +2676,9 @@ }, { "type": "library", - "bom-ref": "61-tenacity", + "bom-ref": "62-tenacity", "name": "tenacity", - "version": "8.5.0", + "version": "9.0.0", "supplier": { "name": "Julien Danjou", "contact": [ @@ -2639,7 +2687,7 @@ } ] }, - "cpe": "cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:*", "description": "Retry code until it succeeds", "licenses": [ { @@ -2652,12 +2700,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/8.5.0", + "url": "https://pypi.org/project/tenacity/9.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/tenacity@8.5.0", + "purl": "pkg:pypi/tenacity@9.0.0", "properties": [ { "name": "language", @@ -2671,7 +2719,7 @@ }, { "type": "library", - "bom-ref": "62-python-gnupg", + "bom-ref": "63-python-gnupg", "name": "python-gnupg", "version": "0.5.2", "supplier": { @@ -2720,7 +2768,7 @@ }, { "type": "library", - "bom-ref": "63-requests", + "bom-ref": "64-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -2769,7 +2817,7 @@ }, { "type": "library", - "bom-ref": "64-certifi", + "bom-ref": "65-certifi", "name": "certifi", "version": "2024.7.4", "supplier": { @@ -2812,7 +2860,7 @@ }, { "type": "library", - "bom-ref": "65-charset-normalizer", + "bom-ref": "66-charset-normalizer", "name": "charset-normalizer", "version": "3.3.2", "supplier": { @@ -2861,7 +2909,7 @@ }, { "type": "library", - "bom-ref": "66-urllib3", + "bom-ref": "67-urllib3", "name": "urllib3", "version": "2.2.2", "supplier": { @@ -2895,7 +2943,7 @@ }, { "type": "library", - "bom-ref": "67-rpmfile", + "bom-ref": "68-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -2944,7 +2992,41 @@ }, { "type": "library", - "bom-ref": "68-toml", + "bom-ref": "69-setuptools", + "name": "setuptools", + "version": "72.1.0", + "supplier": { + "name": "Python Packaging Authority", + "contact": [ + { + "email": "distutils-sig@python.org" + } + ] + }, + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:*", + "description": "Easily download, build, install, upgrade, and uninstall Python packages", + "externalReferences": [ + { + "url": "https://pypi.org/project/setuptools/72.1.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/setuptools@72.1.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.9.19" + } + ] + }, + { + "type": "library", + "bom-ref": "70-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2993,9 +3075,9 @@ }, { "type": "library", - "bom-ref": "69-xmlschema", + "bom-ref": "71-xmlschema", "name": "xmlschema", - "version": "3.3.1", + "version": "3.3.2", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3004,7 +3086,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -3017,12 +3099,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.3.1", + "url": "https://pypi.org/project/xmlschema/3.3.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.3.1", + "purl": "pkg:pypi/xmlschema@3.3.2", "properties": [ { "name": "language", @@ -3036,7 +3118,7 @@ }, { "type": "library", - "bom-ref": "70-elementpath", + "bom-ref": "72-elementpath", "name": "elementpath", "version": "4.4.0", "supplier": { @@ -3085,7 +3167,7 @@ }, { "type": "library", - "bom-ref": "71-zstandard", + "bom-ref": "73-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -3138,267 +3220,269 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "10-beautifulsoup4", - "12-cvss", - "13-defusedxml", - "14-distro", - "15-filetype", - "16-gsutil", - "41-importlib-metadata", - "43-jinja2", - "45-jsonschema", - "49-lib4sbom", - "52-lib4vex", - "54-packageurl-python", - "59-packaging", - "60-plotly", - "62-python-gnupg", - "50-pyyaml", - "63-requests", - "55-rich", - "67-rpmfile", - "68-toml", - "66-urllib3", - "69-xmlschema", - "71-zstandard" + "11-beautifulsoup4", + "13-cvss", + "14-defusedxml", + "15-distro", + "16-filetype", + "17-gsutil", + "42-importlib-metadata", + "44-jinja2", + "46-jsonschema", + "50-lib4sbom", + "53-lib4vex", + "55-packageurl-python", + "60-packaging", + "61-plotly", + "63-python-gnupg", + "51-pyyaml", + "64-requests", + "56-rich", + "68-rpmfile", + "69-setuptools", + "70-toml", + "67-urllib3", + "71-xmlschema", + "73-zstandard" ] }, { "ref": "2-aiohttp", "dependsOn": [ - "3-aiosignal", - "5-async-timeout", - "6-attrs", - "4-frozenlist", - "7-multidict", - "8-yarl" + "3-aiohappyeyeballs", + "4-aiosignal", + "6-async-timeout", + "7-attrs", + "5-frozenlist", + "8-multidict", + "9-yarl" ] }, { - "ref": "3-aiosignal", + "ref": "4-aiosignal", "dependsOn": [ - "4-frozenlist" + "5-frozenlist" ] }, { - "ref": "8-yarl", + "ref": "9-yarl", "dependsOn": [ - "9-idna", - "7-multidict" + "10-idna", + "8-multidict" ] }, { - "ref": "10-beautifulsoup4", + "ref": "11-beautifulsoup4", "dependsOn": [ - "11-soupsieve" + "12-soupsieve" ] }, { - "ref": "16-gsutil", + "ref": "17-gsutil", "dependsOn": [ - "17-argcomplete", - "18-crcmod", - "19-fasteners", - "20-gcs-oauth2-boto-plugin", - "39-google-apitools", - "22-google-auth", - "28-google-auth-httplib2", - "31-google-reauth", - "29-httplib2", - "40-monotonic", - "34-pyopenssl", - "38-retry-decorator", - "27-six" - ] - }, - { - "ref": "20-gcs-oauth2-boto-plugin", + "18-argcomplete", + "19-crcmod", + "20-fasteners", + "21-gcs-oauth2-boto-plugin", + "40-google-apitools", + "23-google-auth", + "29-google-auth-httplib2", + "32-google-reauth", + "30-httplib2", + "41-monotonic", + "35-pyopenssl", + "39-retry-decorator", + "28-six" + ] + }, + { + "ref": "21-gcs-oauth2-boto-plugin", "dependsOn": [ - "21-boto", - "22-google-auth", - "28-google-auth-httplib2", - "31-google-reauth", - "29-httplib2", - "33-oauth2client", - "34-pyopenssl", - "38-retry-decorator", - "26-rsa", - "27-six" + "22-boto", + "23-google-auth", + "29-google-auth-httplib2", + "32-google-reauth", + "30-httplib2", + "34-oauth2client", + "35-pyopenssl", + "39-retry-decorator", + "27-rsa", + "28-six" ] }, { - "ref": "22-google-auth", + "ref": "23-google-auth", "dependsOn": [ - "23-cachetools", - "24-pyasn1-modules", - "26-rsa", - "27-six" + "24-cachetools", + "25-pyasn1-modules", + "27-rsa", + "28-six" ] }, { - "ref": "24-pyasn1-modules", + "ref": "25-pyasn1-modules", "dependsOn": [ - "25-pyasn1" + "26-pyasn1" ] }, { - "ref": "26-rsa", + "ref": "27-rsa", "dependsOn": [ - "25-pyasn1" + "26-pyasn1" ] }, { - "ref": "28-google-auth-httplib2", + "ref": "29-google-auth-httplib2", "dependsOn": [ - "22-google-auth", - "29-httplib2" + "23-google-auth", + "30-httplib2" ] }, { - "ref": "29-httplib2", + "ref": "30-httplib2", "dependsOn": [ - "30-pyparsing" + "31-pyparsing" ] }, { - "ref": "31-google-reauth", + "ref": "32-google-reauth", "dependsOn": [ - "32-pyu2f" + "33-pyu2f" ] }, { - "ref": "32-pyu2f", + "ref": "33-pyu2f", "dependsOn": [ - "27-six" + "28-six" ] }, { - "ref": "33-oauth2client", + "ref": "34-oauth2client", "dependsOn": [ - "29-httplib2", - "25-pyasn1", - "24-pyasn1-modules", - "26-rsa", - "27-six" + "30-httplib2", + "26-pyasn1", + "25-pyasn1-modules", + "27-rsa", + "28-six" ] }, { - "ref": "34-pyopenssl", + "ref": "35-pyopenssl", "dependsOn": [ - "35-cryptography" + "36-cryptography" ] }, { - "ref": "35-cryptography", + "ref": "36-cryptography", "dependsOn": [ - "36-cffi" + "37-cffi" ] }, { - "ref": "36-cffi", + "ref": "37-cffi", "dependsOn": [ - "37-pycparser" + "38-pycparser" ] }, { - "ref": "39-google-apitools", + "ref": "40-google-apitools", "dependsOn": [ - "19-fasteners", - "29-httplib2", - "33-oauth2client", - "27-six" + "20-fasteners", + "30-httplib2", + "34-oauth2client", + "28-six" ] }, { - "ref": "41-importlib-metadata", + "ref": "42-importlib-metadata", "dependsOn": [ - "42-zipp" + "43-zipp" ] }, { - "ref": "43-jinja2", + "ref": "44-jinja2", "dependsOn": [ - "44-markupsafe" + "45-markupsafe" ] }, { - "ref": "45-jsonschema", + "ref": "46-jsonschema", "dependsOn": [ - "6-attrs", - "46-jsonschema-specifications", - "47-referencing", - "48-rpds-py" + "7-attrs", + "47-jsonschema-specifications", + "48-referencing", + "49-rpds-py" ] }, { - "ref": "46-jsonschema-specifications", + "ref": "47-jsonschema-specifications", "dependsOn": [ - "47-referencing" + "48-referencing" ] }, { - "ref": "47-referencing", + "ref": "48-referencing", "dependsOn": [ - "6-attrs", - "48-rpds-py" + "7-attrs", + "49-rpds-py" ] }, { - "ref": "49-lib4sbom", + "ref": "50-lib4sbom", "dependsOn": [ - "13-defusedxml", - "50-pyyaml", - "51-semantic-version" + "14-defusedxml", + "51-pyyaml", + "52-semantic-version" ] }, { - "ref": "52-lib4vex", + "ref": "53-lib4vex", "dependsOn": [ - "53-csaf-tool", - "49-lib4sbom", - "54-packageurl-python" + "54-csaf-tool", + "50-lib4sbom", + "55-packageurl-python" ] }, { - "ref": "53-csaf-tool", + "ref": "54-csaf-tool", "dependsOn": [ - "54-packageurl-python", - "55-rich" + "55-packageurl-python", + "56-rich" ] }, { - "ref": "55-rich", + "ref": "56-rich", "dependsOn": [ - "56-markdown-it-py", - "58-pygments" + "57-markdown-it-py", + "59-pygments" ] }, { - "ref": "56-markdown-it-py", + "ref": "57-markdown-it-py", "dependsOn": [ - "57-mdurl" + "58-mdurl" ] }, { - "ref": "60-plotly", + "ref": "61-plotly", "dependsOn": [ - "59-packaging", - "61-tenacity" + "60-packaging", + "62-tenacity" ] }, { - "ref": "63-requests", + "ref": "64-requests", "dependsOn": [ - "64-certifi", - "65-charset-normalizer", - "9-idna", - "66-urllib3" + "65-certifi", + "66-charset-normalizer", + "10-idna", + "67-urllib3" ] }, { - "ref": "69-xmlschema", + "ref": "71-xmlschema", "dependsOn": [ - "70-elementpath" + "72-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index 9b9c904742..8138cbeb24 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-537d3fc3-395f-408e-844b-60648b1086c3 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c409e3d9-98e9-45ef-999b-5e3bf95aa4fb LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.10.4 -Created: 2024-07-29T00:29:20Z +Creator: Tool: sbom4python-0.11.0 +Created: 2024-08-05T00:36:32Z CreatorComment: This document has been automatically generated. ##### @@ -26,21 +26,36 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.3.1.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.9.5 +PackageVersion: 3.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.9.5 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.9.5 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.1 +##### + +PackageName: aiohappyeyeballs +SPDXID: SPDXRef-Package-3-aiohappyeyeballs +PackageVersion: 2.3.4 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: J. Nick Koston (nick@koston.org) +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.3.4 +FilesAnalyzed: false +PackageLicenseDeclared: PSF-2.0 +PackageLicenseConcluded: PSF-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Happy Eyeballs for asyncio +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohappyeyeballs@2.3.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.3.4:*:*:*:*:*:*:* ##### PackageName: aiosignal -SPDXID: SPDXRef-Package-3-aiosignal +SPDXID: SPDXRef-Package-4-aiosignal PackageVersion: 1.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -55,7 +70,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist -SPDXID: SPDXRef-Package-4-frozenlist +SPDXID: SPDXRef-Package-5-frozenlist PackageVersion: 1.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -70,7 +85,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 ##### PackageName: async-timeout -SPDXID: SPDXRef-Package-5-async-timeout +SPDXID: SPDXRef-Package-6-async-timeout PackageVersion: 4.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -87,22 +102,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:* ##### PackageName: attrs -SPDXID: SPDXRef-Package-6-attrs -PackageVersion: 23.2.0 +SPDXID: SPDXRef-Package-7-attrs +PackageVersion: 24.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/23.2.0 +PackageDownloadLocation: https://pypi.org/project/attrs/24.1.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Classes Without Boilerplate -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@23.2.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.2.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/attrs@24.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.1.0:*:*:*:*:*:*:* ##### PackageName: multidict -SPDXID: SPDXRef-Package-7-multidict +SPDXID: SPDXRef-Package-8-multidict PackageVersion: 6.0.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -119,7 +134,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-Package-8-yarl +SPDXID: SPDXRef-Package-9-yarl PackageVersion: 1.9.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) @@ -135,7 +150,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*: ##### PackageName: idna -SPDXID: SPDXRef-Package-9-idna +SPDXID: SPDXRef-Package-10-idna PackageVersion: 3.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) @@ -151,7 +166,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.7:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-10-beautifulsoup4 +SPDXID: SPDXRef-Package-11-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -167,7 +182,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-11-soupsieve +SPDXID: SPDXRef-Package-12-soupsieve PackageVersion: 2.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) @@ -183,7 +198,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.5:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-12-cvss +SPDXID: SPDXRef-Package-13-cvss PackageVersion: 3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -200,7 +215,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-13-defusedxml +SPDXID: SPDXRef-Package-14-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -217,7 +232,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-14-distro +SPDXID: SPDXRef-Package-15-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -233,7 +248,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-Package-15-filetype +SPDXID: SPDXRef-Package-16-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -249,7 +264,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-Package-16-gsutil +SPDXID: SPDXRef-Package-17-gsutil PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) @@ -265,7 +280,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-17-argcomplete +SPDXID: SPDXRef-Package-18-argcomplete PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) @@ -281,7 +296,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.4.0:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-18-crcmod +SPDXID: SPDXRef-Package-19-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -296,7 +311,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-19-fasteners +SPDXID: SPDXRef-Package-20-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -312,7 +327,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-Package-21-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -328,7 +343,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-Package-21-boto +SPDXID: SPDXRef-Package-22-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -344,7 +359,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-Package-22-google-auth +SPDXID: SPDXRef-Package-23-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -361,7 +376,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-Package-23-cachetools +SPDXID: SPDXRef-Package-24-cachetools PackageVersion: 5.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -376,15 +391,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.4.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-24-pyasn1-modules +SPDXID: SPDXRef-Package-25-pyasn1-modules PackageVersion: 0.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause -PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A collection of ASN.1-based protocols modules ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 @@ -392,7 +407,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-25-pyasn1 +SPDXID: SPDXRef-Package-26-pyasn1 PackageVersion: 0.6.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -407,7 +422,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-Package-26-rsa +SPDXID: SPDXRef-Package-27-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -424,7 +439,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-27-six +SPDXID: SPDXRef-Package-28-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -440,7 +455,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-Package-28-google-auth-httplib2 +SPDXID: SPDXRef-Package-29-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -456,7 +471,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-29-httplib2 +SPDXID: SPDXRef-Package-30-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -472,7 +487,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-30-pyparsing +SPDXID: SPDXRef-Package-31-pyparsing PackageVersion: 3.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -488,7 +503,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-31-google-reauth +SPDXID: SPDXRef-Package-32-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -505,7 +520,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-32-pyu2f +SPDXID: SPDXRef-Package-33-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -522,7 +537,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-33-oauth2client +SPDXID: SPDXRef-Package-34-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -539,15 +554,15 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-34-pyopenssl +SPDXID: SPDXRef-Package-35-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyOpenSSL/24.2.1 +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 -PackageLicenseComments: pyOpenSSL declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. +PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Python wrapper module around the OpenSSL library ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyopenssl@24.2.1 @@ -555,7 +570,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-35-cryptography +SPDXID: SPDXRef-Package-36-cryptography PackageVersion: 43.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -570,7 +585,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-Package-36-cffi +SPDXID: SPDXRef-Package-37-cffi PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -586,7 +601,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-37-pycparser +SPDXID: SPDXRef-Package-38-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -602,11 +617,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-38-retry-decorator +SPDXID: SPDXRef-Package-39-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) -PackageDownloadLocation: https://pypi.org/project/retry_decorator/1.1.1 +PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 FilesAnalyzed: false PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 PackageLicenseDeclared: MIT @@ -618,7 +633,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-39-google-apitools +SPDXID: SPDXRef-Package-40-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -635,7 +650,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-40-monotonic +SPDXID: SPDXRef-Package-41-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -652,11 +667,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-metadata -SPDXID: SPDXRef-Package-41-importlib-metadata +SPDXID: SPDXRef-Package-42-importlib-metadata PackageVersion: 8.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib_metadata/8.2.0 +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.2.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -667,7 +682,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.2.0:*:*: ##### PackageName: zipp -SPDXID: SPDXRef-Package-42-zipp +SPDXID: SPDXRef-Package-43-zipp PackageVersion: 3.19.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) @@ -682,11 +697,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.19.2:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-43-jinja2 +SPDXID: SPDXRef-Package-44-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4 +PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -696,11 +711,11 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-44-markupsafe +SPDXID: SPDXRef-Package-45-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/MarkupSafe/2.1.5 +PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5 FilesAnalyzed: false PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause @@ -711,7 +726,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-45-jsonschema +SPDXID: SPDXRef-Package-46-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -726,7 +741,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-46-jsonschema-specifications +SPDXID: SPDXRef-Package-47-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -742,7 +757,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-47-referencing +SPDXID: SPDXRef-Package-48-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -757,7 +772,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-48-rpds-py +SPDXID: SPDXRef-Package-49-rpds-py PackageVersion: 0.19.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -772,7 +787,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.19.1:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-49-lib4sbom +SPDXID: SPDXRef-Package-50-lib4sbom PackageVersion: 0.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -787,11 +802,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.2:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-50-pyyaml +SPDXID: SPDXRef-Package-51-pyyaml PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 +PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.1 FilesAnalyzed: false PackageChecksum: SHA1: c42fa3bff1eabdb64763bb1526d9ea1ccb708479 PackageLicenseDeclared: MIT @@ -803,7 +818,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-51-semantic-version +SPDXID: SPDXRef-Package-52-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -820,7 +835,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-Package-52-lib4vex +SPDXID: SPDXRef-Package-53-lib4vex PackageVersion: 0.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -836,7 +851,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-Package-53-csaf-tool +SPDXID: SPDXRef-Package-54-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -852,7 +867,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-54-packageurl-python +SPDXID: SPDXRef-Package-55-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -867,7 +882,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-Package-55-rich +SPDXID: SPDXRef-Package-56-rich PackageVersion: 13.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -882,7 +897,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-56-markdown-it-py +SPDXID: SPDXRef-Package-57-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -898,7 +913,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-57-mdurl +SPDXID: SPDXRef-Package-58-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -914,11 +929,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-58-pygments +SPDXID: SPDXRef-Package-59-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0 +PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0 FilesAnalyzed: false PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb PackageLicenseDeclared: BSD-2-Clause @@ -930,7 +945,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-Package-59-packaging +SPDXID: SPDXRef-Package-60-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -945,7 +960,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-60-plotly +SPDXID: SPDXRef-Package-61-plotly PackageVersion: 5.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -960,23 +975,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-61-tenacity -PackageVersion: 8.5.0 +SPDXID: SPDXRef-Package-62-tenacity +PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/8.5.0 +PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: tenacity declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Retry code until it succeeds -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@8.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/tenacity@9.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-62-python-gnupg +SPDXID: SPDXRef-Package-63-python-gnupg PackageVersion: 0.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -993,7 +1008,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-63-requests +SPDXID: SPDXRef-Package-64-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -1009,7 +1024,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-64-certifi +SPDXID: SPDXRef-Package-65-certifi PackageVersion: 2024.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -1024,7 +1039,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:* ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-65-charset-normalizer +SPDXID: SPDXRef-Package-66-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) @@ -1040,7 +1055,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-66-urllib3 +SPDXID: SPDXRef-Package-67-urllib3 PackageVersion: 2.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1055,7 +1070,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-67-rpmfile +SPDXID: SPDXRef-Package-68-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1070,8 +1085,23 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rpmfile@2.1.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### +PackageName: setuptools +SPDXID: SPDXRef-Package-69-setuptools +PackageVersion: 72.1.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) +PackageDownloadLocation: https://pypi.org/project/setuptools/72.1.0 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@72.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:72.1.0:*:*:*:*:*:*:* +##### + PackageName: toml -SPDXID: SPDXRef-Package-68-toml +SPDXID: SPDXRef-Package-70-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1087,22 +1117,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-69-xmlschema -PackageVersion: 3.3.1 +SPDXID: SPDXRef-Package-71-xmlschema +PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-70-elementpath +SPDXID: SPDXRef-Package-72-elementpath PackageVersion: 4.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1118,7 +1148,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-71-zstandard +SPDXID: SPDXRef-Package-73-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1134,110 +1164,112 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:* ##### Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-10-beautifulsoup4 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-cvss +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defusedxml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-filetype +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-17-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-metadata -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-lib4vex -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-zstandard -Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools -Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl -Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth -Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing -Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist -Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f -Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1 -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography -Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi -Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2 -Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client -Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-42-zipp -Relationship: SPDXRef-Package-43-jinja2 DEPENDS_ON SPDXRef-Package-44-markupsafe -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-46-jsonschema-specifications -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-47-referencing -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-48-rpds-py -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-47-referencing -Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-48-rpds-py -Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml -Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-50-pyyaml -Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-51-semantic-version -Relationship: SPDXRef-Package-52-lib4vex DEPENDS_ON SPDXRef-Package-49-lib4sbom -Relationship: SPDXRef-Package-52-lib4vex DEPENDS_ON SPDXRef-Package-53-csaf-tool -Relationship: SPDXRef-Package-52-lib4vex DEPENDS_ON SPDXRef-Package-54-packageurl-python -Relationship: SPDXRef-Package-53-csaf-tool DEPENDS_ON SPDXRef-Package-54-packageurl-python -Relationship: SPDXRef-Package-53-csaf-tool DEPENDS_ON SPDXRef-Package-55-rich -Relationship: SPDXRef-Package-55-rich DEPENDS_ON SPDXRef-Package-56-markdown-it-py -Relationship: SPDXRef-Package-55-rich DEPENDS_ON SPDXRef-Package-58-pygments -Relationship: SPDXRef-Package-56-markdown-it-py DEPENDS_ON SPDXRef-Package-57-mdurl -Relationship: SPDXRef-Package-60-plotly DEPENDS_ON SPDXRef-Package-59-packaging -Relationship: SPDXRef-Package-60-plotly DEPENDS_ON SPDXRef-Package-61-tenacity -Relationship: SPDXRef-Package-63-requests DEPENDS_ON SPDXRef-Package-64-certifi -Relationship: SPDXRef-Package-63-requests DEPENDS_ON SPDXRef-Package-65-charset-normalizer -Relationship: SPDXRef-Package-63-requests DEPENDS_ON SPDXRef-Package-66-urllib3 -Relationship: SPDXRef-Package-63-requests DEPENDS_ON SPDXRef-Package-9-idna -Relationship: SPDXRef-Package-69-xmlschema DEPENDS_ON SPDXRef-Package-70-elementpath -Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict -Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-importlib-metadata +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-lib4vex +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-urllib3 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-setuptools +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-71-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-73-zstandard +Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-18-argcomplete +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-19-crcmod +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-20-fasteners +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-21-gcs-oauth2-boto-plugin +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-29-google-auth-httplib2 +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-32-google-reauth +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-35-pyopenssl +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-39-retry-decorator +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-40-google-apitools +Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-41-monotonic +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiohappyeyeballs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-aiosignal +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-async-timeout +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-multidict +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-9-yarl +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-boto +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-google-auth-httplib2 +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-google-reauth +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-oauth2client +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-pyopenssl +Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-39-retry-decorator +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-24-cachetools +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-25-pyasn1-modules +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-25-pyasn1-modules DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-27-rsa DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-29-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-23-google-auth +Relationship: SPDXRef-Package-29-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-30-httplib2 DEPENDS_ON SPDXRef-Package-31-pyparsing +Relationship: SPDXRef-Package-32-google-reauth DEPENDS_ON SPDXRef-Package-33-pyu2f +Relationship: SPDXRef-Package-33-pyu2f DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1-modules +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-26-pyasn1 +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-27-rsa +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-35-pyopenssl DEPENDS_ON SPDXRef-Package-36-cryptography +Relationship: SPDXRef-Package-36-cryptography DEPENDS_ON SPDXRef-Package-37-cffi +Relationship: SPDXRef-Package-37-cffi DEPENDS_ON SPDXRef-Package-38-pycparser +Relationship: SPDXRef-Package-4-aiosignal DEPENDS_ON SPDXRef-Package-5-frozenlist +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-20-fasteners +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-28-six +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-30-httplib2 +Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-34-oauth2client +Relationship: SPDXRef-Package-42-importlib-metadata DEPENDS_ON SPDXRef-Package-43-zipp +Relationship: SPDXRef-Package-44-jinja2 DEPENDS_ON SPDXRef-Package-45-markupsafe +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-47-jsonschema-specifications +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-48-referencing +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-49-rpds-py +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-48-referencing +Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-49-rpds-py +Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-14-defusedxml +Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-51-pyyaml +Relationship: SPDXRef-Package-50-lib4sbom DEPENDS_ON SPDXRef-Package-52-semantic-version +Relationship: SPDXRef-Package-53-lib4vex DEPENDS_ON SPDXRef-Package-50-lib4sbom +Relationship: SPDXRef-Package-53-lib4vex DEPENDS_ON SPDXRef-Package-54-csaf-tool +Relationship: SPDXRef-Package-53-lib4vex DEPENDS_ON SPDXRef-Package-55-packageurl-python +Relationship: SPDXRef-Package-54-csaf-tool DEPENDS_ON SPDXRef-Package-55-packageurl-python +Relationship: SPDXRef-Package-54-csaf-tool DEPENDS_ON SPDXRef-Package-56-rich +Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-57-markdown-it-py +Relationship: SPDXRef-Package-56-rich DEPENDS_ON SPDXRef-Package-59-pygments +Relationship: SPDXRef-Package-57-markdown-it-py DEPENDS_ON SPDXRef-Package-58-mdurl +Relationship: SPDXRef-Package-61-plotly DEPENDS_ON SPDXRef-Package-60-packaging +Relationship: SPDXRef-Package-61-plotly DEPENDS_ON SPDXRef-Package-62-tenacity +Relationship: SPDXRef-Package-64-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-64-requests DEPENDS_ON SPDXRef-Package-65-certifi +Relationship: SPDXRef-Package-64-requests DEPENDS_ON SPDXRef-Package-66-charset-normalizer +Relationship: SPDXRef-Package-64-requests DEPENDS_ON SPDXRef-Package-67-urllib3 +Relationship: SPDXRef-Package-71-xmlschema DEPENDS_ON SPDXRef-Package-72-elementpath +Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict