diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json
index fe17bf2ca3..3dfc265b8b 100644
--- a/sbom/cve-bin-tool-py3.9.json
+++ b/sbom/cve-bin-tool-py3.9.json
@@ -2,10 +2,10 @@
"$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.6",
- "serialNumber": "urn:uuid:0d3d2b16-7b83-46ba-9b16-bd2a7f58b42c",
+ "serialNumber": "urn:uuid:56c5c5f1-72d5-4d37-921d-7e5fa7e38ab0",
"version": 1,
"metadata": {
- "timestamp": "2024-04-29T00:27:05Z",
+ "timestamp": "2024-05-06T00:28:19Z",
"tools": {
"components": [
{
@@ -652,7 +652,7 @@
"type": "library",
"bom-ref": "16-gsutil",
"name": "gsutil",
- "version": "5.27",
+ "version": "5.28",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -661,7 +661,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gsutil:5.28:*:*:*:*:*:*:*",
"description": "A command line tool for interacting with cloud storage services.",
"licenses": [
{
@@ -673,12 +673,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/gsutil/5.27",
+ "url": "https://pypi.org/project/gsutil/5.28",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gsutil@5.27",
+ "purl": "pkg:pypi/gsutil@5.28",
"properties": [
{
"name": "language",
@@ -827,7 +827,7 @@
"type": "library",
"bom-ref": "20-gcs-oauth2-boto-plugin",
"name": "gcs-oauth2-boto-plugin",
- "version": "3.0",
+ "version": "3.2",
"supplier": {
"name": "Google Inc .",
"contact": [
@@ -836,7 +836,7 @@
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*",
"description": "Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.",
"licenses": [
{
@@ -848,12 +848,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.0",
+ "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.0",
+ "purl": "pkg:pypi/gcs-oauth2-boto-plugin@3.2",
"properties": [
{
"name": "language",
@@ -915,23 +915,23 @@
},
{
"type": "library",
- "bom-ref": "22-google-reauth",
- "name": "google-reauth",
- "version": "0.1.1",
+ "bom-ref": "22-google-auth",
+ "name": "google-auth",
+ "version": "2.17.0",
"supplier": {
- "name": "Google",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "googleapis-publisher@google.com"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
- "description": "Google Reauth Library",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*",
+ "description": "Google Authentication Library",
"hashes": [
{
"alg": "SHA-1",
- "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ "content": "f07e441fcd47f3ac16a5e59d5de5f38e7f602243"
}
],
"licenses": [
@@ -944,12 +944,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/google-reauth/0.1.1",
+ "url": "https://pypi.org/project/google-auth/2.17.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/google-reauth@0.1.1",
+ "purl": "pkg:pypi/google-auth@2.17.0",
"properties": [
{
"name": "language",
@@ -963,23 +963,149 @@
},
{
"type": "library",
- "bom-ref": "23-pyu2f",
- "name": "pyu2f",
- "version": "0.1.5",
+ "bom-ref": "23-cachetools",
+ "name": "cachetools",
+ "version": "5.3.3",
"supplier": {
- "name": "Google Inc .",
+ "name": "Thomas Kemmer",
"contact": [
{
- "email": "pyu2f-team@google.com"
+ "email": "tkemmer@computer.org"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
- "description": "U2F host library for interacting with a U2F device over USB.",
+ "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*",
+ "description": "Extensible memoizing collections and decorators",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/cachetools/5.3.3",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/cachetools@5.3.3",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.9.19"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "24-pyasn1-modules",
+ "name": "pyasn1-modules",
+ "version": "0.4.0",
+ "supplier": {
+ "name": "Ilya Etingof",
+ "contact": [
+ {
+ "email": "etingof@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*",
+ "description": "A collection of ASN.1-based protocols modules",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause",
+ "url": "https://opensource.org/licenses/BSD-3-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pyasn1_modules/0.4.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pyasn1-modules@0.4.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.9.19"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "25-pyasn1",
+ "name": "pyasn1",
+ "version": "0.6.0",
+ "supplier": {
+ "name": "Ilya Etingof",
+ "contact": [
+ {
+ "email": "etingof@gmail.com"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*",
+ "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause",
+ "url": "https://opensource.org/licenses/BSD-2-Clause"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "url": "https://pypi.org/project/pyasn1/0.6.0",
+ "type": "distribution",
+ "comment": "Download location for component"
+ }
+ ],
+ "purl": "pkg:pypi/pyasn1@0.6.0",
+ "properties": [
+ {
+ "name": "language",
+ "value": "Python"
+ },
+ {
+ "name": "python_version",
+ "value": "3.9.19"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "26-rsa",
+ "name": "rsa",
+ "version": "4.7.2",
+ "supplier": {
+ "name": "Sybren A . Stuvel",
+ "contact": [
+ {
+ "email": "sybren@stuvel.eu"
+ }
+ ]
+ },
+ "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
+ "description": "Pure-Python RSA implementation",
"hashes": [
{
"alg": "SHA-1",
- "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
}
],
"licenses": [
@@ -992,12 +1118,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyu2f/0.1.5",
+ "url": "https://pypi.org/project/rsa/4.7.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyu2f@0.1.5",
+ "purl": "pkg:pypi/rsa@4.7.2",
"properties": [
{
"name": "language",
@@ -1011,7 +1137,7 @@
},
{
"type": "library",
- "bom-ref": "24-six",
+ "bom-ref": "27-six",
"name": "six",
"version": "1.16.0",
"supplier": {
@@ -1059,41 +1185,40 @@
},
{
"type": "library",
- "bom-ref": "25-httplib2",
- "name": "httplib2",
- "version": "0.20.4",
+ "bom-ref": "28-google-auth-httplib2",
+ "name": "google-auth-httplib2",
+ "version": "0.2.0",
"supplier": {
- "name": "Joe Gregorio",
+ "name": "Google Cloud Platform",
"contact": [
{
- "email": "joe@bitworking.org"
+ "email": "googleapis-packages@google.com"
}
]
},
- "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
- "description": "A comprehensive HTTP client library.",
+ "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*",
"hashes": [
{
"alg": "SHA-1",
- "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ "content": "932ac88800dd6de004c1bd59867831ccf033f031"
}
],
"licenses": [
{
"license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/httplib2/0.20.4",
+ "url": "https://pypi.org/project/google-auth-httplib2/0.2.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/httplib2@0.20.4",
+ "purl": "pkg:pypi/google-auth-httplib2@0.2.0",
"properties": [
{
"name": "language",
@@ -1107,33 +1232,41 @@
},
{
"type": "library",
- "bom-ref": "26-pyparsing",
- "name": "pyparsing",
- "version": "3.1.2",
+ "bom-ref": "29-httplib2",
+ "name": "httplib2",
+ "version": "0.20.4",
"supplier": {
- "name": "Paul McGuire",
+ "name": "Joe Gregorio",
"contact": [
{
- "email": "ptmcg.gm+pyparsing@gmail.com"
+ "email": "joe@bitworking.org"
}
]
},
- "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*",
- "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
+ "cpe": "cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*:*:*",
+ "description": "A comprehensive HTTP client library.",
"hashes": [
{
"alg": "SHA-1",
- "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f"
+ "content": "9d4501760c8ac66326d672ab5c94737d3d690ca4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT",
+ "url": "https://opensource.org/licenses/MIT"
+ }
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyparsing/3.1.2",
+ "url": "https://pypi.org/project/httplib2/0.20.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyparsing@3.1.2",
+ "purl": "pkg:pypi/httplib2@0.20.4",
"properties": [
{
"name": "language",
@@ -1147,41 +1280,33 @@
},
{
"type": "library",
- "bom-ref": "27-oauth2client",
- "name": "oauth2client",
- "version": "4.1.3",
+ "bom-ref": "30-pyparsing",
+ "name": "pyparsing",
+ "version": "3.1.2",
"supplier": {
- "name": "Google Inc .",
+ "name": "Paul McGuire",
"contact": [
{
- "email": "jonwayne+oauth2client@google.com"
+ "email": "ptmcg.gm+pyparsing@gmail.com"
}
]
},
- "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
- "description": "OAuth 2.0 client library",
+ "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*",
+ "description": "pyparsing module - Classes and methods to define and execute parsing grammars",
"hashes": [
{
"alg": "SHA-1",
- "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
+ "content": "7d4bda2743ebc04f68d2594bc4fffc70cd65848f"
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/oauth2client/4.1.3",
+ "url": "https://pypi.org/project/pyparsing/3.1.2",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/oauth2client@4.1.3",
+ "purl": "pkg:pypi/pyparsing@3.1.2",
"properties": [
{
"name": "language",
@@ -1195,35 +1320,41 @@
},
{
"type": "library",
- "bom-ref": "28-pyasn1",
- "name": "pyasn1",
- "version": "0.6.0",
+ "bom-ref": "31-google-reauth",
+ "name": "google-reauth",
+ "version": "0.1.1",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "googleapis-publisher@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*",
- "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)",
+ "cpe": "cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*",
+ "description": "Google Reauth Library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4b2569e9b515fbe70523abcbdc7d736066ad531b"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-2-Clause",
- "url": "https://opensource.org/licenses/BSD-2-Clause"
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyasn1/0.6.0",
+ "url": "https://pypi.org/project/google-reauth/0.1.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1@0.6.0",
+ "purl": "pkg:pypi/google-reauth@0.1.1",
"properties": [
{
"name": "language",
@@ -1237,35 +1368,41 @@
},
{
"type": "library",
- "bom-ref": "29-pyasn1-modules",
- "name": "pyasn1-modules",
- "version": "0.4.0",
+ "bom-ref": "32-pyu2f",
+ "name": "pyu2f",
+ "version": "0.1.5",
"supplier": {
- "name": "Ilya Etingof",
+ "name": "Google Inc .",
"contact": [
{
- "email": "etingof@gmail.com"
+ "email": "pyu2f-team@google.com"
}
]
},
- "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*",
- "description": "A collection of ASN.1-based protocols modules",
+ "cpe": "cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*",
+ "description": "U2F host library for interacting with a U2F device over USB.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ca500df041b953b4048b2ed2a8e3294ff9ed6abe"
+ }
+ ],
"licenses": [
{
"license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
+ "id": "Apache-2.0",
+ "url": "https://www.apache.org/licenses/LICENSE-2.0"
}
}
],
"externalReferences": [
{
- "url": "https://pypi.org/project/pyasn1_modules/0.4.0",
+ "url": "https://pypi.org/project/pyu2f/0.1.5",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pyasn1-modules@0.4.0",
+ "purl": "pkg:pypi/pyu2f@0.1.5",
"properties": [
{
"name": "language",
@@ -1279,23 +1416,23 @@
},
{
"type": "library",
- "bom-ref": "30-rsa",
- "name": "rsa",
- "version": "4.7.2",
+ "bom-ref": "33-oauth2client",
+ "name": "oauth2client",
+ "version": "4.1.3",
"supplier": {
- "name": "Sybren A . Stuvel",
+ "name": "Google Inc .",
"contact": [
{
- "email": "sybren@stuvel.eu"
+ "email": "jonwayne+oauth2client@google.com"
}
]
},
- "cpe": "cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*",
- "description": "Pure-Python RSA implementation",
+ "cpe": "cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*",
+ "description": "OAuth 2.0 client library",
"hashes": [
{
"alg": "SHA-1",
- "content": "87664078fbbd8bd1f84a9dff05bb1d673b696eaa"
+ "content": "50d20532a748f18e53f7d24ccbe6647132c979a9"
}
],
"licenses": [
@@ -1308,12 +1445,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/rsa/4.7.2",
+ "url": "https://pypi.org/project/oauth2client/4.1.3",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/rsa@4.7.2",
+ "purl": "pkg:pypi/oauth2client@4.1.3",
"properties": [
{
"name": "language",
@@ -1327,7 +1464,7 @@
},
{
"type": "library",
- "bom-ref": "31-pyopenssl",
+ "bom-ref": "34-pyopenssl",
"name": "pyopenssl",
"version": "24.1.0",
"supplier": {
@@ -1375,9 +1512,9 @@
},
{
"type": "library",
- "bom-ref": "32-cryptography",
+ "bom-ref": "35-cryptography",
"name": "cryptography",
- "version": "42.0.5",
+ "version": "42.0.6",
"supplier": {
"name": "The Python Cryptographic Authority and individual contributors",
"contact": [
@@ -1386,14 +1523,8 @@
}
]
},
- "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.6:*:*:*:*:*:*:*",
"description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "33833f031d9d36234e11d9671be150d53b9e598d"
- }
- ],
"licenses": [
{
"expression": "Apache-2.0 OR BSD-3-Clause"
@@ -1401,12 +1532,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/cryptography/42.0.5",
+ "url": "https://pypi.org/project/cryptography/42.0.6",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/cryptography@42.0.5",
+ "purl": "pkg:pypi/cryptography@42.0.6",
"properties": [
{
"name": "language",
@@ -1420,7 +1551,7 @@
},
{
"type": "library",
- "bom-ref": "33-cffi",
+ "bom-ref": "36-cffi",
"name": "cffi",
"version": "1.16.0",
"supplier": {
@@ -1468,7 +1599,7 @@
},
{
"type": "library",
- "bom-ref": "34-pycparser",
+ "bom-ref": "37-pycparser",
"name": "pycparser",
"version": "2.22",
"supplier": {
@@ -1516,7 +1647,7 @@
},
{
"type": "library",
- "bom-ref": "35-retry-decorator",
+ "bom-ref": "38-retry-decorator",
"name": "retry-decorator",
"version": "1.1.1",
"supplier": {
@@ -1564,7 +1695,7 @@
},
{
"type": "library",
- "bom-ref": "36-google-apitools",
+ "bom-ref": "39-google-apitools",
"name": "google-apitools",
"version": "0.5.32",
"supplier": {
@@ -1612,91 +1743,7 @@
},
{
"type": "library",
- "bom-ref": "37-google-auth",
- "name": "google-auth",
- "version": "2.29.0",
- "supplier": {
- "name": "Google Cloud Platform",
- "contact": [
- {
- "email": "googleapis-packages@google.com"
- }
- ]
- },
- "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*",
- "description": "Google Authentication Library",
- "licenses": [
- {
- "license": {
- "id": "Apache-2.0",
- "url": "https://www.apache.org/licenses/LICENSE-2.0"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/google-auth/2.29.0",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/google-auth@2.29.0",
- "properties": [
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.9.19"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "38-cachetools",
- "name": "cachetools",
- "version": "5.3.3",
- "supplier": {
- "name": "Thomas Kemmer",
- "contact": [
- {
- "email": "tkemmer@computer.org"
- }
- ]
- },
- "cpe": "cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*",
- "description": "Extensible memoizing collections and decorators",
- "licenses": [
- {
- "license": {
- "id": "MIT",
- "url": "https://opensource.org/licenses/MIT"
- }
- }
- ],
- "externalReferences": [
- {
- "url": "https://pypi.org/project/cachetools/5.3.3",
- "type": "distribution",
- "comment": "Download location for component"
- }
- ],
- "purl": "pkg:pypi/cachetools@5.3.3",
- "properties": [
- {
- "name": "language",
- "value": "Python"
- },
- {
- "name": "python_version",
- "value": "3.9.19"
- }
- ]
- },
- {
- "type": "library",
- "bom-ref": "39-monotonic",
+ "bom-ref": "40-monotonic",
"name": "monotonic",
"version": "1.6",
"supplier": {
@@ -1744,7 +1791,7 @@
},
{
"type": "library",
- "bom-ref": "40-importlib-metadata",
+ "bom-ref": "41-importlib-metadata",
"name": "importlib-metadata",
"version": "7.1.0",
"supplier": {
@@ -1784,7 +1831,7 @@
},
{
"type": "library",
- "bom-ref": "41-zipp",
+ "bom-ref": "42-zipp",
"name": "zipp",
"version": "3.18.1",
"supplier": {
@@ -1824,32 +1871,18 @@
},
{
"type": "library",
- "bom-ref": "42-jinja2",
+ "bom-ref": "43-jinja2",
"name": "jinja2",
- "version": "3.1.3",
+ "version": "3.1.4",
"description": "A very fast and expressive template engine.",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "d9de4bb215fd1cc8092a410fb834c7c4060b1fc1"
- }
- ],
- "licenses": [
- {
- "license": {
- "id": "BSD-3-Clause",
- "url": "https://opensource.org/licenses/BSD-3-Clause"
- }
- }
- ],
"externalReferences": [
{
- "url": "https://pypi.org/project/Jinja2/3.1.3",
+ "url": "https://pypi.org/project/Jinja2/3.1.4",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jinja2@3.1.3",
+ "purl": "pkg:pypi/jinja2@3.1.4",
"properties": [
{
"name": "language",
@@ -1863,7 +1896,7 @@
},
{
"type": "library",
- "bom-ref": "43-markupsafe",
+ "bom-ref": "44-markupsafe",
"name": "markupsafe",
"version": "2.1.5",
"description": "Safely add untrusted strings to HTML/XML markup.",
@@ -1902,13 +1935,13 @@
},
{
"type": "library",
- "bom-ref": "44-jsonschema",
+ "bom-ref": "45-jsonschema",
"name": "jsonschema",
- "version": "4.21.1",
+ "version": "4.22.0",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*",
"description": "An implementation of JSON Schema validation for Python",
"licenses": [
{
@@ -1920,12 +1953,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/jsonschema/4.21.1",
+ "url": "https://pypi.org/project/jsonschema/4.22.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/jsonschema@4.21.1",
+ "purl": "pkg:pypi/jsonschema@4.22.0",
"properties": [
{
"name": "language",
@@ -1939,7 +1972,7 @@
},
{
"type": "library",
- "bom-ref": "45-jsonschema-specifications",
+ "bom-ref": "46-jsonschema-specifications",
"name": "jsonschema-specifications",
"version": "2023.12.1",
"supplier": {
@@ -1982,22 +2015,22 @@
},
{
"type": "library",
- "bom-ref": "46-referencing",
+ "bom-ref": "47-referencing",
"name": "referencing",
- "version": "0.35.0",
+ "version": "0.35.1",
"supplier": {
"name": "Julian Berman"
},
- "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*",
"description": "JSON Referencing + Python",
"externalReferences": [
{
- "url": "https://pypi.org/project/referencing/0.35.0",
+ "url": "https://pypi.org/project/referencing/0.35.1",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/referencing@0.35.0",
+ "purl": "pkg:pypi/referencing@0.35.1",
"properties": [
{
"name": "language",
@@ -2011,7 +2044,7 @@
},
{
"type": "library",
- "bom-ref": "47-rpds-py",
+ "bom-ref": "48-rpds-py",
"name": "rpds-py",
"version": "0.18.0",
"supplier": {
@@ -2048,7 +2081,7 @@
},
{
"type": "library",
- "bom-ref": "48-lib4sbom",
+ "bom-ref": "49-lib4sbom",
"name": "lib4sbom",
"version": "0.7.1",
"supplier": {
@@ -2061,6 +2094,12 @@
},
"cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:*:*:*:*",
"description": "Software Bill of Material (SBOM) generator and consumer library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4"
+ }
+ ],
"licenses": [
{
"license": {
@@ -2090,7 +2129,7 @@
},
{
"type": "library",
- "bom-ref": "49-pyyaml",
+ "bom-ref": "50-pyyaml",
"name": "pyyaml",
"version": "6.0.1",
"supplier": {
@@ -2138,7 +2177,7 @@
},
{
"type": "library",
- "bom-ref": "50-semantic-version",
+ "bom-ref": "51-semantic-version",
"name": "semantic-version",
"version": "2.10.0",
"supplier": {
@@ -2186,7 +2225,7 @@
},
{
"type": "library",
- "bom-ref": "51-packageurl-python",
+ "bom-ref": "52-packageurl-python",
"name": "packageurl-python",
"version": "0.15.0",
"supplier": {
@@ -2229,7 +2268,7 @@
},
{
"type": "library",
- "bom-ref": "52-packaging",
+ "bom-ref": "53-packaging",
"name": "packaging",
"version": "24.0",
"supplier": {
@@ -2263,9 +2302,9 @@
},
{
"type": "library",
- "bom-ref": "53-plotly",
+ "bom-ref": "54-plotly",
"name": "plotly",
- "version": "5.21.0",
+ "version": "5.22.0",
"supplier": {
"name": "Chris P",
"contact": [
@@ -2274,7 +2313,7 @@
}
]
},
- "cpe": "cpe:2.3:a:chris_p:plotly:5.21.0:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*",
"description": "An open-source, interactive data visualization library for Python",
"licenses": [
{
@@ -2286,12 +2325,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/plotly/5.21.0",
+ "url": "https://pypi.org/project/plotly/5.22.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/plotly@5.21.0",
+ "purl": "pkg:pypi/plotly@5.22.0",
"properties": [
{
"name": "language",
@@ -2305,7 +2344,7 @@
},
{
"type": "library",
- "bom-ref": "54-tenacity",
+ "bom-ref": "55-tenacity",
"name": "tenacity",
"version": "8.2.3",
"supplier": {
@@ -2353,7 +2392,7 @@
},
{
"type": "library",
- "bom-ref": "55-python-gnupg",
+ "bom-ref": "56-python-gnupg",
"name": "python-gnupg",
"version": "0.5.2",
"supplier": {
@@ -2401,7 +2440,7 @@
},
{
"type": "library",
- "bom-ref": "56-requests",
+ "bom-ref": "57-requests",
"name": "requests",
"version": "2.31.0",
"supplier": {
@@ -2449,7 +2488,7 @@
},
{
"type": "library",
- "bom-ref": "57-certifi",
+ "bom-ref": "58-certifi",
"name": "certifi",
"version": "2024.2.2",
"supplier": {
@@ -2491,7 +2530,7 @@
},
{
"type": "library",
- "bom-ref": "58-charset-normalizer",
+ "bom-ref": "59-charset-normalizer",
"name": "charset-normalizer",
"version": "3.3.2",
"supplier": {
@@ -2539,7 +2578,7 @@
},
{
"type": "library",
- "bom-ref": "59-urllib3",
+ "bom-ref": "60-urllib3",
"name": "urllib3",
"version": "2.2.1",
"supplier": {
@@ -2573,7 +2612,7 @@
},
{
"type": "library",
- "bom-ref": "60-rich",
+ "bom-ref": "61-rich",
"name": "rich",
"version": "13.7.1",
"supplier": {
@@ -2615,7 +2654,7 @@
},
{
"type": "library",
- "bom-ref": "61-markdown-it-py",
+ "bom-ref": "62-markdown-it-py",
"name": "markdown-it-py",
"version": "3.0.0",
"supplier": {
@@ -2655,7 +2694,7 @@
},
{
"type": "library",
- "bom-ref": "62-mdurl",
+ "bom-ref": "63-mdurl",
"name": "mdurl",
"version": "0.1.2",
"supplier": {
@@ -2695,9 +2734,9 @@
},
{
"type": "library",
- "bom-ref": "63-pygments",
+ "bom-ref": "64-pygments",
"name": "pygments",
- "version": "2.17.2",
+ "version": "2.18.0",
"supplier": {
"name": "Georg Brandl",
"contact": [
@@ -2706,14 +2745,8 @@
}
]
},
- "cpe": "cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*",
+ "cpe": "cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*",
"description": "Pygments is a syntax highlighting package written in Python.",
- "hashes": [
- {
- "alg": "SHA-1",
- "content": "ee30ce132ae252bd72f3a74c86d9314a2214d0b4"
- }
- ],
"licenses": [
{
"license": {
@@ -2724,12 +2757,12 @@
],
"externalReferences": [
{
- "url": "https://pypi.org/project/Pygments/2.17.2",
+ "url": "https://pypi.org/project/Pygments/2.18.0",
"type": "distribution",
"comment": "Download location for component"
}
],
- "purl": "pkg:pypi/pygments@2.17.2",
+ "purl": "pkg:pypi/pygments@2.18.0",
"properties": [
{
"name": "language",
@@ -2743,7 +2776,7 @@
},
{
"type": "library",
- "bom-ref": "64-rpmfile",
+ "bom-ref": "65-rpmfile",
"name": "rpmfile",
"version": "2.0.0",
"supplier": {
@@ -2785,7 +2818,7 @@
},
{
"type": "library",
- "bom-ref": "65-toml",
+ "bom-ref": "66-toml",
"name": "toml",
"version": "0.10.2",
"supplier": {
@@ -2833,7 +2866,7 @@
},
{
"type": "library",
- "bom-ref": "66-xmlschema",
+ "bom-ref": "67-xmlschema",
"name": "xmlschema",
"version": "3.3.1",
"supplier": {
@@ -2875,7 +2908,7 @@
},
{
"type": "library",
- "bom-ref": "67-elementpath",
+ "bom-ref": "68-elementpath",
"name": "elementpath",
"version": "4.4.0",
"supplier": {
@@ -2917,7 +2950,7 @@
},
{
"type": "library",
- "bom-ref": "68-zstandard",
+ "bom-ref": "69-zstandard",
"name": "zstandard",
"version": "0.22.0",
"supplier": {
@@ -2981,22 +3014,22 @@
"14-distro",
"15-filetype",
"16-gsutil",
- "40-importlib-metadata",
- "42-jinja2",
- "44-jsonschema",
- "48-lib4sbom",
- "51-packageurl-python",
- "52-packaging",
- "53-plotly",
- "55-python-gnupg",
- "49-pyyaml",
- "56-requests",
- "60-rich",
- "64-rpmfile",
- "65-toml",
- "59-urllib3",
- "66-xmlschema",
- "68-zstandard"
+ "41-importlib-metadata",
+ "43-jinja2",
+ "45-jsonschema",
+ "49-lib4sbom",
+ "52-packageurl-python",
+ "53-packaging",
+ "54-plotly",
+ "56-python-gnupg",
+ "50-pyyaml",
+ "57-requests",
+ "61-rich",
+ "65-rpmfile",
+ "66-toml",
+ "60-urllib3",
+ "67-xmlschema",
+ "69-zstandard"
]
},
{
@@ -3036,179 +3069,190 @@
"18-crcmod",
"19-fasteners",
"20-gcs-oauth2-boto-plugin",
- "36-google-apitools",
- "37-google-auth",
- "22-google-reauth",
- "25-httplib2",
- "39-monotonic",
- "31-pyopenssl",
- "35-retry-decorator",
- "24-six"
+ "39-google-apitools",
+ "22-google-auth",
+ "28-google-auth-httplib2",
+ "31-google-reauth",
+ "29-httplib2",
+ "40-monotonic",
+ "34-pyopenssl",
+ "38-retry-decorator",
+ "27-six"
]
},
{
"ref": "20-gcs-oauth2-boto-plugin",
"dependsOn": [
"21-boto",
- "22-google-reauth",
- "25-httplib2",
- "27-oauth2client",
- "31-pyopenssl",
- "35-retry-decorator",
- "30-rsa",
- "24-six"
+ "22-google-auth",
+ "28-google-auth-httplib2",
+ "31-google-reauth",
+ "29-httplib2",
+ "33-oauth2client",
+ "34-pyopenssl",
+ "38-retry-decorator",
+ "26-rsa",
+ "27-six"
]
},
{
- "ref": "22-google-reauth",
+ "ref": "22-google-auth",
"dependsOn": [
- "23-pyu2f"
+ "23-cachetools",
+ "24-pyasn1-modules",
+ "26-rsa",
+ "27-six"
]
},
{
- "ref": "23-pyu2f",
+ "ref": "24-pyasn1-modules",
"dependsOn": [
- "24-six"
+ "25-pyasn1"
]
},
{
- "ref": "25-httplib2",
+ "ref": "26-rsa",
"dependsOn": [
- "26-pyparsing"
+ "25-pyasn1"
]
},
{
- "ref": "27-oauth2client",
+ "ref": "28-google-auth-httplib2",
"dependsOn": [
- "25-httplib2",
- "28-pyasn1",
- "29-pyasn1-modules",
- "30-rsa",
- "24-six"
+ "22-google-auth",
+ "29-httplib2"
]
},
{
- "ref": "29-pyasn1-modules",
+ "ref": "29-httplib2",
"dependsOn": [
- "28-pyasn1"
+ "30-pyparsing"
]
},
{
- "ref": "30-rsa",
+ "ref": "31-google-reauth",
"dependsOn": [
- "28-pyasn1"
+ "32-pyu2f"
]
},
{
- "ref": "31-pyopenssl",
+ "ref": "32-pyu2f",
"dependsOn": [
- "32-cryptography"
+ "27-six"
]
},
{
- "ref": "32-cryptography",
+ "ref": "33-oauth2client",
"dependsOn": [
- "33-cffi"
+ "29-httplib2",
+ "25-pyasn1",
+ "24-pyasn1-modules",
+ "26-rsa",
+ "27-six"
]
},
{
- "ref": "33-cffi",
+ "ref": "34-pyopenssl",
"dependsOn": [
- "34-pycparser"
+ "35-cryptography"
]
},
{
- "ref": "36-google-apitools",
+ "ref": "35-cryptography",
"dependsOn": [
- "19-fasteners",
- "25-httplib2",
- "27-oauth2client",
- "24-six"
+ "36-cffi"
+ ]
+ },
+ {
+ "ref": "36-cffi",
+ "dependsOn": [
+ "37-pycparser"
]
},
{
- "ref": "37-google-auth",
+ "ref": "39-google-apitools",
"dependsOn": [
- "38-cachetools",
- "29-pyasn1-modules",
- "30-rsa"
+ "19-fasteners",
+ "29-httplib2",
+ "33-oauth2client",
+ "27-six"
]
},
{
- "ref": "40-importlib-metadata",
+ "ref": "41-importlib-metadata",
"dependsOn": [
- "41-zipp"
+ "42-zipp"
]
},
{
- "ref": "42-jinja2",
+ "ref": "43-jinja2",
"dependsOn": [
- "43-markupsafe"
+ "44-markupsafe"
]
},
{
- "ref": "44-jsonschema",
+ "ref": "45-jsonschema",
"dependsOn": [
"6-attrs",
- "45-jsonschema-specifications",
- "46-referencing",
- "47-rpds-py"
+ "46-jsonschema-specifications",
+ "47-referencing",
+ "48-rpds-py"
]
},
{
- "ref": "45-jsonschema-specifications",
+ "ref": "46-jsonschema-specifications",
"dependsOn": [
- "46-referencing"
+ "47-referencing"
]
},
{
- "ref": "46-referencing",
+ "ref": "47-referencing",
"dependsOn": [
"6-attrs",
- "47-rpds-py"
+ "48-rpds-py"
]
},
{
- "ref": "48-lib4sbom",
+ "ref": "49-lib4sbom",
"dependsOn": [
"13-defusedxml",
- "49-pyyaml",
- "50-semantic-version"
+ "50-pyyaml",
+ "51-semantic-version"
]
},
{
- "ref": "53-plotly",
+ "ref": "54-plotly",
"dependsOn": [
- "52-packaging",
- "54-tenacity"
+ "53-packaging",
+ "55-tenacity"
]
},
{
- "ref": "56-requests",
+ "ref": "57-requests",
"dependsOn": [
- "57-certifi",
- "58-charset-normalizer",
+ "58-certifi",
+ "59-charset-normalizer",
"9-idna",
- "59-urllib3"
+ "60-urllib3"
]
},
{
- "ref": "60-rich",
+ "ref": "61-rich",
"dependsOn": [
- "61-markdown-it-py",
- "63-pygments"
+ "62-markdown-it-py",
+ "64-pygments"
]
},
{
- "ref": "61-markdown-it-py",
+ "ref": "62-markdown-it-py",
"dependsOn": [
- "62-mdurl"
+ "63-mdurl"
]
},
{
- "ref": "66-xmlschema",
+ "ref": "67-xmlschema",
"dependsOn": [
- "67-elementpath"
+ "68-elementpath"
]
}
]
diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx
index 11220947a2..12e41c5e88 100644
--- a/sbom/cve-bin-tool-py3.9.spdx
+++ b/sbom/cve-bin-tool-py3.9.spdx
@@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: Python-cve-bin-tool
-DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d846f646-b3c4-47f1-9203-1e44d5b210f1
+DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-146f1efc-97ef-4b16-b568-084fa08abc52
LicenseListVersion: 3.22
Creator: Tool: sbom4python-0.10.4
-Created: 2024-04-29T00:25:49Z
+Created: 2024-05-06T00:26:45Z
CreatorComment: This document has been automatically generated.
#####
@@ -249,18 +249,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*:
PackageName: gsutil
SPDXID: SPDXRef-Package-16-gsutil
-PackageVersion: 5.27
+PackageVersion: 5.28
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com)
-PackageDownloadLocation: https://pypi.org/project/gsutil/5.27
+PackageDownloadLocation: https://pypi.org/project/gsutil/5.28
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: A command line tool for interacting with cloud storage services.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.27
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.27:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.28
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.28:*:*:*:*:*:*:*
#####
PackageName: argcomplete
@@ -313,18 +313,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:*
PackageName: gcs-oauth2-boto-plugin
SPDXID: SPDXRef-Package-20-gcs-oauth2-boto-plugin
-PackageVersion: 3.0
+PackageVersion: 3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Google Inc. (gs-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.0
+PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
PackageLicenseComments: gcs-oauth2-boto-plugin declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
PackageSummary: Auth plugin allowing use the use of OAuth 2.0 credentials for Google Cloud Storage in the Boto library.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gcs-oauth2-boto-plugin@3.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2:*:*:*:*:*:*:*
#####
PackageName: boto
@@ -343,42 +343,88 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/boto@2.49.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*:*
#####
-PackageName: google-reauth
-SPDXID: SPDXRef-Package-22-google-reauth
-PackageVersion: 0.1.1
+PackageName: google-auth
+SPDXID: SPDXRef-Package-22-google-auth
+PackageVersion: 2.17.0
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google (googleapis-publisher@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0
FilesAnalyzed: false
-PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
+PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Google Reauth Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
+PackageSummary: Google Authentication Library
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.17.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17.0:*:*:*:*:*:*:*
#####
-PackageName: pyu2f
-SPDXID: SPDXRef-Package-23-pyu2f
-PackageVersion: 0.1.5
+PackageName: cachetools
+SPDXID: SPDXRef-Package-23-cachetools
+PackageVersion: 5.3.3
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
-PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5
+PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
+PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3
FilesAnalyzed: false
-PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
+PackageLicenseDeclared: MIT
+PackageLicenseConcluded: MIT
+PackageCopyrightText: NOASSERTION
+PackageSummary: Extensible memoizing collections and decorators
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*
+#####
+
+PackageName: pyasn1-modules
+SPDXID: SPDXRef-Package-24-pyasn1-modules
+PackageVersion: 0.4.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0
+FilesAnalyzed: false
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+PackageSummary: A collection of ASN.1-based protocols modules
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*
+#####
+
+PackageName: pyasn1
+SPDXID: SPDXRef-Package-25-pyasn1
+PackageVersion: 0.6.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
+PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0
+FilesAnalyzed: false
+PackageLicenseDeclared: BSD-2-Clause
+PackageLicenseConcluded: BSD-2-Clause
+PackageCopyrightText: NOASSERTION
+PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*
+#####
+
+PackageName: rsa
+SPDXID: SPDXRef-Package-26-rsa
+PackageVersion: 4.7.2
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
+PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2
+FilesAnalyzed: false
+PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: U2F host library for interacting with a U2F device over USB.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
+PackageSummary: Pure-Python RSA implementation
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
#####
PackageName: six
-SPDXID: SPDXRef-Package-24-six
+SPDXID: SPDXRef-Package-27-six
PackageVersion: 1.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Benjamin Peterson (benjamin@python.org)
@@ -393,8 +439,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/six@1.16.0
ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:*:*:*
#####
+PackageName: google-auth-httplib2
+SPDXID: SPDXRef-Package-28-google-auth-httplib2
+PackageVersion: 0.2.0
+PrimaryPackagePurpose: LIBRARY
+PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0
+FilesAnalyzed: false
+PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
+PackageCopyrightText: NOASSERTION
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*
+#####
+
PackageName: httplib2
-SPDXID: SPDXRef-Package-25-httplib2
+SPDXID: SPDXRef-Package-29-httplib2
PackageVersion: 0.20.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Joe Gregorio (joe@bitworking.org)
@@ -410,7 +472,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:*
#####
PackageName: pyparsing
-SPDXID: SPDXRef-Package-26-pyparsing
+SPDXID: SPDXRef-Package-30-pyparsing
PackageVersion: 3.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com)
@@ -425,73 +487,59 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.2
ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.2:*:*:*:*:*:*:*
#####
-PackageName: oauth2client
-SPDXID: SPDXRef-Package-27-oauth2client
-PackageVersion: 4.1.3
+PackageName: google-reauth
+SPDXID: SPDXRef-Package-31-google-reauth
+PackageVersion: 0.1.1
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
-PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3
+PackageSupplier: Person: Google (googleapis-publisher@google.com)
+PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1
FilesAnalyzed: false
-PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
+PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: OAuth 2.0 client library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
-#####
-
-PackageName: pyasn1
-SPDXID: SPDXRef-Package-28-pyasn1
-PackageVersion: 0.6.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0
-FilesAnalyzed: false
-PackageLicenseDeclared: BSD-2-Clause
-PackageLicenseConcluded: BSD-2-Clause
+PackageLicenseComments: google-reauth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*
+PackageSummary: Google Reauth Library
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-reauth@0.1.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:*:*
#####
-PackageName: pyasn1-modules
-SPDXID: SPDXRef-Package-29-pyasn1-modules
-PackageVersion: 0.4.0
+PackageName: pyu2f
+SPDXID: SPDXRef-Package-32-pyu2f
+PackageVersion: 0.1.5
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Ilya Etingof (etingof@gmail.com)
-PackageDownloadLocation: https://pypi.org/project/pyasn1_modules/0.4.0
+PackageSupplier: Person: Google Inc. (pyu2f-team@google.com)
+PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5
FilesAnalyzed: false
+PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe
PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: BSD-3-Clause
-PackageLicenseComments: pyasn1_modules declares BSD which is not currently a valid SPDX License identifier or expression.
+PackageLicenseConcluded: Apache-2.0
+PackageLicenseComments: pyu2f declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: A collection of ASN.1-based protocols modules
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*
+PackageSummary: U2F host library for interacting with a U2F device over USB.
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyu2f@0.1.5
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:*
#####
-PackageName: rsa
-SPDXID: SPDXRef-Package-30-rsa
-PackageVersion: 4.7.2
+PackageName: oauth2client
+SPDXID: SPDXRef-Package-33-oauth2client
+PackageVersion: 4.1.3
PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu)
-PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2
+PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com)
+PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3
FilesAnalyzed: false
-PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa
+PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: rsa declares ASL 2 which is not currently a valid SPDX License identifier or expression.
+PackageLicenseComments: oauth2client declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
PackageCopyrightText: NOASSERTION
-PackageSummary: Pure-Python RSA implementation
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rsa@4.7.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:*:*
+PackageSummary: OAuth 2.0 client library
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/oauth2client@4.1.3
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:*:*:*:*
#####
PackageName: pyopenssl
-SPDXID: SPDXRef-Package-31-pyopenssl
+SPDXID: SPDXRef-Package-34-pyopenssl
PackageVersion: 24.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org)
@@ -508,23 +556,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24.
#####
PackageName: cryptography
-SPDXID: SPDXRef-Package-32-cryptography
-PackageVersion: 42.0.5
+SPDXID: SPDXRef-Package-35-cryptography
+PackageVersion: 42.0.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org)
-PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.5
+PackageDownloadLocation: https://pypi.org/project/cryptography/42.0.6
FilesAnalyzed: false
-PackageChecksum: SHA1: 33833f031d9d36234e11d9671be150d53b9e598d
PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause
PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.5
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.5:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@42.0.6
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:42.0.6:*:*:*:*:*:*:*
#####
PackageName: cffi
-SPDXID: SPDXRef-Package-33-cffi
+SPDXID: SPDXRef-Package-36-cffi
PackageVersion: 1.16.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com)
@@ -540,7 +587,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.16.0:*
#####
PackageName: pycparser
-SPDXID: SPDXRef-Package-34-pycparser
+SPDXID: SPDXRef-Package-37-pycparser
PackageVersion: 2.22
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Eli Bendersky (eliben@gmail.com)
@@ -556,7 +603,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:*
#####
PackageName: retry-decorator
-SPDXID: SPDXRef-Package-35-retry-decorator
+SPDXID: SPDXRef-Package-38-retry-decorator
PackageVersion: 1.1.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com)
@@ -572,7 +619,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:*
#####
PackageName: google-apitools
-SPDXID: SPDXRef-Package-36-google-apitools
+SPDXID: SPDXRef-Package-39-google-apitools
PackageVersion: 0.5.32
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Craig Citro (craigcitro@google.com)
@@ -588,39 +635,8 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-apitools@0.5.32
ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:*:*:*:*:*:*
#####
-PackageName: google-auth
-SPDXID: SPDXRef-Package-37-google-auth
-PackageVersion: 2.29.0
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com)
-PackageDownloadLocation: https://pypi.org/project/google-auth/2.29.0
-FilesAnalyzed: false
-PackageLicenseDeclared: NOASSERTION
-PackageLicenseConcluded: Apache-2.0
-PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression.
-PackageCopyrightText: NOASSERTION
-PackageSummary: Google Authentication Library
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth@2.29.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.29.0:*:*:*:*:*:*:*
-#####
-
-PackageName: cachetools
-SPDXID: SPDXRef-Package-38-cachetools
-PackageVersion: 5.3.3
-PrimaryPackagePurpose: LIBRARY
-PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org)
-PackageDownloadLocation: https://pypi.org/project/cachetools/5.3.3
-FilesAnalyzed: false
-PackageLicenseDeclared: MIT
-PackageLicenseConcluded: MIT
-PackageCopyrightText: NOASSERTION
-PackageSummary: Extensible memoizing collections and decorators
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cachetools@5.3.3
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.3.3:*:*:*:*:*:*:*
-#####
-
PackageName: monotonic
-SPDXID: SPDXRef-Package-39-monotonic
+SPDXID: SPDXRef-Package-40-monotonic
PackageVersion: 1.6
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ori Livneh (ori@wikimedia.org)
@@ -637,7 +653,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:*
#####
PackageName: importlib-metadata
-SPDXID: SPDXRef-Package-40-importlib-metadata
+SPDXID: SPDXRef-Package-41-importlib-metadata
PackageVersion: 7.1.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
@@ -653,7 +669,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:7.1
#####
PackageName: zipp
-SPDXID: SPDXRef-Package-41-zipp
+SPDXID: SPDXRef-Package-42-zipp
PackageVersion: 3.18.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com)
@@ -669,22 +685,21 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.18.1:*:*:*:*:*:
#####
PackageName: jinja2
-SPDXID: SPDXRef-Package-42-jinja2
-PackageVersion: 3.1.3
+SPDXID: SPDXRef-Package-43-jinja2
+PackageVersion: 3.1.4
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
-PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.3
+PackageDownloadLocation: https://pypi.org/project/Jinja2/3.1.4
FilesAnalyzed: false
-PackageChecksum: SHA1: d9de4bb215fd1cc8092a410fb834c7c4060b1fc1
-PackageLicenseDeclared: BSD-3-Clause
-PackageLicenseConcluded: BSD-3-Clause
+PackageLicenseDeclared: NOASSERTION
+PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: A very fast and expressive template engine.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.3
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4
#####
PackageName: markupsafe
-SPDXID: SPDXRef-Package-43-markupsafe
+SPDXID: SPDXRef-Package-44-markupsafe
PackageVersion: 2.1.5
PrimaryPackagePurpose: LIBRARY
PackageSupplier: NOASSERTION
@@ -699,22 +714,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5
#####
PackageName: jsonschema
-SPDXID: SPDXRef-Package-44-jsonschema
-PackageVersion: 4.21.1
+SPDXID: SPDXRef-Package-45-jsonschema
+PackageVersion: 4.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/jsonschema/4.21.1
+PackageDownloadLocation: https://pypi.org/project/jsonschema/4.22.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An implementation of JSON Schema validation for Python
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.21.1
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.21.1:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema@4.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.22.0:*:*:*:*:*:*:*
#####
PackageName: jsonschema-specifications
-SPDXID: SPDXRef-Package-45-jsonschema-specifications
+SPDXID: SPDXRef-Package-46-jsonschema-specifications
PackageVersion: 2023.12.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
@@ -730,22 +745,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification
#####
PackageName: referencing
-SPDXID: SPDXRef-Package-46-referencing
-PackageVersion: 0.35.0
+SPDXID: SPDXRef-Package-47-referencing
+PackageVersion: 0.35.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
-PackageDownloadLocation: https://pypi.org/project/referencing/0.35.0
+PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1
FilesAnalyzed: false
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageCopyrightText: NOASSERTION
PackageSummary: JSON Referencing + Python
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/referencing@0.35.1
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*
#####
PackageName: rpds-py
-SPDXID: SPDXRef-Package-47-rpds-py
+SPDXID: SPDXRef-Package-48-rpds-py
PackageVersion: 0.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julian Berman
@@ -760,12 +775,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.18.0:*:*:*:*:*
#####
PackageName: lib4sbom
-SPDXID: SPDXRef-Package-48-lib4sbom
+SPDXID: SPDXRef-Package-49-lib4sbom
PackageVersion: 0.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com)
PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.1
FilesAnalyzed: false
+PackageChecksum: SHA1: 4acc6e53fef71b007dc63bac2d407a0d2bbf3bd4
PackageLicenseDeclared: Apache-2.0
PackageLicenseConcluded: Apache-2.0
PackageCopyrightText: NOASSERTION
@@ -775,7 +791,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.1:*:*:*:
#####
PackageName: pyyaml
-SPDXID: SPDXRef-Package-49-pyyaml
+SPDXID: SPDXRef-Package-50-pyyaml
PackageVersion: 6.0.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kirill Simonov (xi@resolvent.net)
@@ -791,7 +807,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:
#####
PackageName: semantic-version
-SPDXID: SPDXRef-Package-50-semantic-version
+SPDXID: SPDXRef-Package-51-semantic-version
PackageVersion: 2.10.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org)
@@ -808,7 +824,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10.
#####
PackageName: packageurl-python
-SPDXID: SPDXRef-Package-51-packageurl-python
+SPDXID: SPDXRef-Package-52-packageurl-python
PackageVersion: 0.15.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: the purl authors
@@ -824,7 +840,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1
#####
PackageName: packaging
-SPDXID: SPDXRef-Package-52-packaging
+SPDXID: SPDXRef-Package-53-packaging
PackageVersion: 24.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Donald Stufft (donald@stufft.io)
@@ -839,22 +855,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.0:*:*:*:*:*
#####
PackageName: plotly
-SPDXID: SPDXRef-Package-53-plotly
-PackageVersion: 5.21.0
+SPDXID: SPDXRef-Package-54-plotly
+PackageVersion: 5.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris P (chris@plot.ly)
-PackageDownloadLocation: https://pypi.org/project/plotly/5.21.0
+PackageDownloadLocation: https://pypi.org/project/plotly/5.22.0
FilesAnalyzed: false
PackageLicenseDeclared: MIT
PackageLicenseConcluded: MIT
PackageCopyrightText: NOASSERTION
PackageSummary: An open-source, interactive data visualization library for Python
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.21.0
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.21.0:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.22.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.22.0:*:*:*:*:*:*:*
#####
PackageName: tenacity
-SPDXID: SPDXRef-Package-54-tenacity
+SPDXID: SPDXRef-Package-55-tenacity
PackageVersion: 8.2.3
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Julien Danjou (julien@danjou.info)
@@ -871,7 +887,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.3:*:*:*:*:*
#####
PackageName: python-gnupg
-SPDXID: SPDXRef-Package-55-python-gnupg
+SPDXID: SPDXRef-Package-56-python-gnupg
PackageVersion: 0.5.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk)
@@ -888,7 +904,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*
#####
PackageName: requests
-SPDXID: SPDXRef-Package-56-requests
+SPDXID: SPDXRef-Package-57-requests
PackageVersion: 2.31.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org)
@@ -905,7 +921,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*:
#####
PackageName: certifi
-SPDXID: SPDXRef-Package-57-certifi
+SPDXID: SPDXRef-Package-58-certifi
PackageVersion: 2024.2.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com)
@@ -920,7 +936,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.2.2:*:*:*:*
#####
PackageName: charset-normalizer
-SPDXID: SPDXRef-Package-58-charset-normalizer
+SPDXID: SPDXRef-Package-59-charset-normalizer
PackageVersion: 3.3.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev)
@@ -936,7 +952,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*
#####
PackageName: urllib3
-SPDXID: SPDXRef-Package-59-urllib3
+SPDXID: SPDXRef-Package-60-urllib3
PackageVersion: 2.2.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net)
@@ -951,7 +967,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.1:*:*:*:*:*:
#####
PackageName: rich
-SPDXID: SPDXRef-Package-60-rich
+SPDXID: SPDXRef-Package-61-rich
PackageVersion: 13.7.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com)
@@ -966,7 +982,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*
#####
PackageName: markdown-it-py
-SPDXID: SPDXRef-Package-61-markdown-it-py
+SPDXID: SPDXRef-Package-62-markdown-it-py
PackageVersion: 3.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com)
@@ -982,7 +998,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*:
#####
PackageName: mdurl
-SPDXID: SPDXRef-Package-62-mdurl
+SPDXID: SPDXRef-Package-63-mdurl
PackageVersion: 0.1.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com)
@@ -998,23 +1014,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*:
#####
PackageName: pygments
-SPDXID: SPDXRef-Package-63-pygments
-PackageVersion: 2.17.2
+SPDXID: SPDXRef-Package-64-pygments
+PackageVersion: 2.18.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Georg Brandl (georg@python.org)
-PackageDownloadLocation: https://pypi.org/project/Pygments/2.17.2
+PackageDownloadLocation: https://pypi.org/project/Pygments/2.18.0
FilesAnalyzed: false
-PackageChecksum: SHA1: ee30ce132ae252bd72f3a74c86d9314a2214d0b4
PackageLicenseDeclared: BSD-2-Clause
PackageLicenseConcluded: BSD-2-Clause
PackageCopyrightText: NOASSERTION
PackageSummary: Pygments is a syntax highlighting package written in Python.
-ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.17.2
-ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.17.2:*:*:*:*:*:*:*
+ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0
+ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:*
#####
PackageName: rpmfile
-SPDXID: SPDXRef-Package-64-rpmfile
+SPDXID: SPDXRef-Package-65-rpmfile
PackageVersion: 2.0.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Sean Ross (srossross@gmail.com)
@@ -1029,7 +1044,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.0.0:*:*:*:*:*:*:*
#####
PackageName: toml
-SPDXID: SPDXRef-Package-65-toml
+SPDXID: SPDXRef-Package-66-toml
PackageVersion: 0.10.2
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: William Pearson (uiri@xqz.ca)
@@ -1045,7 +1060,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*:
#####
PackageName: xmlschema
-SPDXID: SPDXRef-Package-66-xmlschema
+SPDXID: SPDXRef-Package-67-xmlschema
PackageVersion: 3.3.1
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
@@ -1060,7 +1075,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.1:*:*:*:*
#####
PackageName: elementpath
-SPDXID: SPDXRef-Package-67-elementpath
+SPDXID: SPDXRef-Package-68-elementpath
PackageVersion: 4.4.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Davide Brunato (brunato@sissa.it)
@@ -1075,7 +1090,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*
#####
PackageName: zstandard
-SPDXID: SPDXRef-Package-68-zstandard
+SPDXID: SPDXRef-Package-69-zstandard
PackageVersion: 0.22.0
PrimaryPackagePurpose: LIBRARY
PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com)
@@ -1099,35 +1114,36 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-distr
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-filetype
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-gsutil
Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-40-importlib-metadata
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-jinja2
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jsonschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-lib4sbom
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-pyyaml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-packageurl-python
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packaging
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-plotly
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-python-gnupg
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-requests
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-urllib3
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rich
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-rpmfile
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-toml
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-xmlschema
-Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-zstandard
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-importlib-metadata
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja2
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4sbom
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-pyyaml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packageurl-python
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-packaging
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-plotly
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-python-gnupg
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-requests
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-urllib3
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-61-rich
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-toml
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema
+Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard
Relationship: SPDXRef-Package-10-beautifulsoup4 DEPENDS_ON SPDXRef-Package-11-soupsieve
Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete
Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod
Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-19-fasteners
Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-20-gcs-oauth2-boto-plugin
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-reauth
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-25-httplib2
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-pyopenssl
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-35-retry-decorator
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-36-google-apitools
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-37-google-auth
-Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-monotonic
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-22-google-auth
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-27-six
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-29-httplib2
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-31-google-reauth
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-34-pyopenssl
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-38-retry-decorator
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-39-google-apitools
+Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-40-monotonic
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiosignal
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-frozenlist
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-async-timeout
@@ -1135,55 +1151,60 @@ Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-attrs
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-multidict
Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-yarl
Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-21-boto
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-reauth
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-25-httplib2
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-oauth2client
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-rsa
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-pyopenssl
-Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-retry-decorator
-Relationship: SPDXRef-Package-22-google-reauth DEPENDS_ON SPDXRef-Package-23-pyu2f
-Relationship: SPDXRef-Package-23-pyu2f DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-25-httplib2 DEPENDS_ON SPDXRef-Package-26-pyparsing
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-25-httplib2
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-28-pyasn1
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-29-pyasn1-modules
-Relationship: SPDXRef-Package-27-oauth2client DEPENDS_ON SPDXRef-Package-30-rsa
-Relationship: SPDXRef-Package-29-pyasn1-modules DEPENDS_ON SPDXRef-Package-28-pyasn1
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-google-auth
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-26-rsa
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-six
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-google-auth-httplib2
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-httplib2
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-google-reauth
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-oauth2client
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-pyopenssl
+Relationship: SPDXRef-Package-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-38-retry-decorator
+Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-23-cachetools
+Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-24-pyasn1-modules
+Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-26-rsa
+Relationship: SPDXRef-Package-22-google-auth DEPENDS_ON SPDXRef-Package-27-six
+Relationship: SPDXRef-Package-24-pyasn1-modules DEPENDS_ON SPDXRef-Package-25-pyasn1
+Relationship: SPDXRef-Package-26-rsa DEPENDS_ON SPDXRef-Package-25-pyasn1
+Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-22-google-auth
+Relationship: SPDXRef-Package-28-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-29-httplib2
+Relationship: SPDXRef-Package-29-httplib2 DEPENDS_ON SPDXRef-Package-30-pyparsing
Relationship: SPDXRef-Package-3-aiosignal DEPENDS_ON SPDXRef-Package-4-frozenlist
-Relationship: SPDXRef-Package-30-rsa DEPENDS_ON SPDXRef-Package-28-pyasn1
-Relationship: SPDXRef-Package-31-pyopenssl DEPENDS_ON SPDXRef-Package-32-cryptography
-Relationship: SPDXRef-Package-32-cryptography DEPENDS_ON SPDXRef-Package-33-cffi
-Relationship: SPDXRef-Package-33-cffi DEPENDS_ON SPDXRef-Package-34-pycparser
-Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners
-Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-24-six
-Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-25-httplib2
-Relationship: SPDXRef-Package-36-google-apitools DEPENDS_ON SPDXRef-Package-27-oauth2client
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-29-pyasn1-modules
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-30-rsa
-Relationship: SPDXRef-Package-37-google-auth DEPENDS_ON SPDXRef-Package-38-cachetools
-Relationship: SPDXRef-Package-40-importlib-metadata DEPENDS_ON SPDXRef-Package-41-zipp
-Relationship: SPDXRef-Package-42-jinja2 DEPENDS_ON SPDXRef-Package-43-markupsafe
-Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-45-jsonschema-specifications
-Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-46-referencing
-Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-47-rpds-py
-Relationship: SPDXRef-Package-44-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs
-Relationship: SPDXRef-Package-45-jsonschema-specifications DEPENDS_ON SPDXRef-Package-46-referencing
-Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-47-rpds-py
-Relationship: SPDXRef-Package-46-referencing DEPENDS_ON SPDXRef-Package-6-attrs
-Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml
-Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-49-pyyaml
-Relationship: SPDXRef-Package-48-lib4sbom DEPENDS_ON SPDXRef-Package-50-semantic-version
-Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-52-packaging
-Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-54-tenacity
-Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-57-certifi
-Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-58-charset-normalizer
-Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-59-urllib3
-Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-9-idna
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-61-markdown-it-py
-Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-63-pygments
-Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-62-mdurl
-Relationship: SPDXRef-Package-66-xmlschema DEPENDS_ON SPDXRef-Package-67-elementpath
+Relationship: SPDXRef-Package-31-google-reauth DEPENDS_ON SPDXRef-Package-32-pyu2f
+Relationship: SPDXRef-Package-32-pyu2f DEPENDS_ON SPDXRef-Package-27-six
+Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-24-pyasn1-modules
+Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1
+Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-26-rsa
+Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-27-six
+Relationship: SPDXRef-Package-33-oauth2client DEPENDS_ON SPDXRef-Package-29-httplib2
+Relationship: SPDXRef-Package-34-pyopenssl DEPENDS_ON SPDXRef-Package-35-cryptography
+Relationship: SPDXRef-Package-35-cryptography DEPENDS_ON SPDXRef-Package-36-cffi
+Relationship: SPDXRef-Package-36-cffi DEPENDS_ON SPDXRef-Package-37-pycparser
+Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-19-fasteners
+Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-27-six
+Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-29-httplib2
+Relationship: SPDXRef-Package-39-google-apitools DEPENDS_ON SPDXRef-Package-33-oauth2client
+Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-42-zipp
+Relationship: SPDXRef-Package-43-jinja2 DEPENDS_ON SPDXRef-Package-44-markupsafe
+Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-46-jsonschema-specifications
+Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-47-referencing
+Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-48-rpds-py
+Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs
+Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-47-referencing
+Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-48-rpds-py
+Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-6-attrs
+Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-13-defusedxml
+Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-50-pyyaml
+Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-51-semantic-version
+Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-53-packaging
+Relationship: SPDXRef-Package-54-plotly DEPENDS_ON SPDXRef-Package-55-tenacity
+Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-58-certifi
+Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-59-charset-normalizer
+Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-60-urllib3
+Relationship: SPDXRef-Package-57-requests DEPENDS_ON SPDXRef-Package-9-idna
+Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-62-markdown-it-py
+Relationship: SPDXRef-Package-61-rich DEPENDS_ON SPDXRef-Package-64-pygments
+Relationship: SPDXRef-Package-62-markdown-it-py DEPENDS_ON SPDXRef-Package-63-mdurl
+Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath
Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-7-multidict
Relationship: SPDXRef-Package-8-yarl DEPENDS_ON SPDXRef-Package-9-idna