From d127326e7d691d2bec087e916bbf443684f7e972 Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 2 Sep 2024 00:35:36 +0000 Subject: [PATCH] chore: update SBOM for Python 3.10 --- sbom/cve-bin-tool-py3.10.json | 100 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.10.spdx | 80 +++++++++++++-------------- 2 files changed, 90 insertions(+), 90 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index c9c8fe6f03..f3c781b2b4 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:7eff258d-ffbd-4ef3-8572-1791b27b4ba9", + "serialNumber": "urn:uuid:54f89c33-a2a1-4926-b839-2599401ff6fe", "version": 1, "metadata": { - "timestamp": "2024-08-26T00:33:42Z", + "timestamp": "2024-09-02T00:35:34Z", "lifecycles": [ { "phase": "build" @@ -31,7 +31,7 @@ "type": "application", "bom-ref": "1-cve-bin-tool", "name": "cve-bin-tool", - "version": "3.4rc0", + "version": "3.4rc1", "supplier": { "name": "Terri Oda", "contact": [ @@ -40,7 +40,7 @@ } ] }, - "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:*", "description": "CVE Binary Checker Tool", "licenses": [ { @@ -53,12 +53,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cve-bin-tool/3.4rc0", + "url": "https://pypi.org/project/cve-bin-tool/3.4rc1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cve-bin-tool@3.4rc0", + "purl": "pkg:pypi/cve-bin-tool@3.4rc1", "properties": [ { "name": "language", @@ -119,6 +119,12 @@ }, "cpe": "cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0:*:*:*:*:*:*:*", "description": "Happy Eyeballs for asyncio", + "hashes": [ + { + "alg": "SHA-1", + "content": "c31b127a69bdcd7895d1a521985d918061955348" + } + ], "licenses": [ { "license": { @@ -356,7 +362,7 @@ "type": "library", "bom-ref": "9-yarl", "name": "yarl", - "version": "1.9.4", + "version": "1.9.7", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -365,14 +371,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:*", "description": "Yet another URL library", - "hashes": [ - { - "alg": "SHA-1", - "content": "6362ff155ba02964a5e773927412f7cf4ca23cd1" - } - ], "licenses": [ { "license": { @@ -384,12 +384,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/yarl/1.9.4", + "url": "https://pypi.org/project/yarl/1.9.7", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.9.4", + "purl": "pkg:pypi/yarl@1.9.7", "properties": [ { "name": "language", @@ -416,6 +416,12 @@ }, "cpe": "cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", + "hashes": [ + { + "alg": "SHA-1", + "content": "784c6f45c162db9709588124f2f1def5b70615ff" + } + ], "externalReferences": [ { "url": "https://pypi.org/project/idna/3.8", @@ -2072,7 +2078,7 @@ "type": "library", "bom-ref": "48-lib4sbom", "name": "lib4sbom", - "version": "0.7.3", + "version": "0.7.4", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2081,7 +2087,7 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "licenses": [ { @@ -2094,12 +2100,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.7.3", + "url": "https://pypi.org/project/lib4sbom/0.7.4", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.3", + "purl": "pkg:pypi/lib4sbom@0.7.4", "properties": [ { "name": "language", @@ -2207,7 +2213,7 @@ "type": "library", "bom-ref": "51-lib4vex", "name": "lib4vex", - "version": "0.1.0", + "version": "0.2.0", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2216,14 +2222,8 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:*", "description": "VEX generator and consumer library", - "hashes": [ - { - "alg": "SHA-1", - "content": "84229c7770dd95cf887d6874e0203da4c8aa809b" - } - ], "licenses": [ { "license": { @@ -2235,12 +2235,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4vex/0.1.0", + "url": "https://pypi.org/project/lib4vex/0.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4vex@0.1.0", + "purl": "pkg:pypi/lib4vex@0.2.0", "properties": [ { "name": "language", @@ -2349,7 +2349,7 @@ "type": "library", "bom-ref": "54-rich", "name": "rich", - "version": "13.7.1", + "version": "13.8.0", "supplier": { "name": "Will McGugan", "contact": [ @@ -2358,7 +2358,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.0:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2371,12 +2371,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.7.1", + "url": "https://pypi.org/project/rich/13.8.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.7.1", + "purl": "pkg:pypi/rich@13.8.0", "properties": [ { "name": "language", @@ -2555,7 +2555,7 @@ "type": "library", "bom-ref": "59-plotly", "name": "plotly", - "version": "5.23.0", + "version": "5.24.0", "supplier": { "name": "Chris P", "contact": [ @@ -2564,7 +2564,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.24.0:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -2577,12 +2577,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.23.0", + "url": "https://pypi.org/project/plotly/5.24.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.23.0", + "purl": "pkg:pypi/plotly@5.24.0", "properties": [ { "name": "language", @@ -2745,7 +2745,7 @@ "type": "library", "bom-ref": "63-certifi", "name": "certifi", - "version": "2024.7.4", + "version": "2024.8.30", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -2754,7 +2754,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { @@ -2767,12 +2767,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/certifi/2024.7.4", + "url": "https://pypi.org/project/certifi/2024.8.30", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/certifi@2024.7.4", + "purl": "pkg:pypi/certifi@2024.8.30", "properties": [ { "name": "language", @@ -2920,7 +2920,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "73.0.1", + "version": "74.0.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -2929,16 +2929,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/73.0.1", + "url": "https://pypi.org/project/setuptools/74.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@73.0.1", + "purl": "pkg:pypi/setuptools@74.0.0", "properties": [ { "name": "language", @@ -3101,7 +3101,7 @@ "type": "library", "bom-ref": "71-zipp", "name": "zipp", - "version": "3.20.0", + "version": "3.20.1", "supplier": { "name": "Jason R .", "contact": [ @@ -3110,16 +3110,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.1:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.0", + "url": "https://pypi.org/project/zipp/3.20.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.0", + "purl": "pkg:pypi/zipp@3.20.1", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 75884edc00..a7547c119c 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,26 +2,26 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-52daf87b-56da-4893-b447-66d3a4fe8925 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a62995ad-3aeb-4e13-9e6a-812e4226470c LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.1 -Created: 2024-08-26T00:32:36Z +Created: 2024-09-02T00:34:20Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool SPDXID: SPDXRef-Package-1-cve-bin-tool -PackageVersion: 3.4rc0 +PackageVersion: 3.4rc1 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc0 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4rc1 FilesAnalyzed: false PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION PackageSummary: CVE Binary Checker Tool -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cve-bin-tool@3.4rc1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4rc1:*:*:*:*:*:*:* ##### PackageName: aiohttp @@ -46,6 +46,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0 FilesAnalyzed: false +PackageChecksum: SHA1: c31b127a69bdcd7895d1a521985d918061955348 PackageLicenseDeclared: Python-2.0.1 PackageLicenseConcluded: Python-2.0.1 PackageCopyrightText: NOASSERTION @@ -135,18 +136,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:* PackageName: yarl SPDXID: SPDXRef-Package-9-yarl -PackageVersion: 1.9.4 +PackageVersion: 1.9.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.9.4 +PackageDownloadLocation: https://pypi.org/project/yarl/1.9.7 FilesAnalyzed: false -PackageChecksum: SHA1: 6362ff155ba02964a5e773927412f7cf4ca23cd1 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.9.7 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.9.7:*:*:*:*:*:*:* ##### PackageName: idna @@ -156,6 +156,7 @@ PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) PackageDownloadLocation: https://pypi.org/project/idna/3.8 FilesAnalyzed: false +PackageChecksum: SHA1: 784c6f45c162db9709588124f2f1def5b70615ff PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -756,17 +757,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:* PackageName: lib4sbom SPDXID: SPDXRef-Package-48-lib4sbom -PackageVersion: 0.7.3 +PackageVersion: 0.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.3 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.4 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.4 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*:*:*:*:* ##### PackageName: pyyaml @@ -803,18 +804,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. PackageName: lib4vex SPDXID: SPDXRef-Package-51-lib4vex -PackageVersion: 0.1.0 +PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4vex/0.1.0 +PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0 FilesAnalyzed: false -PackageChecksum: SHA1: 84229c7770dd95cf887d6874e0203da4c8aa809b PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: VEX generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4vex@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:*:*:*:* ##### PackageName: csaf-tool @@ -851,17 +851,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 PackageName: rich SPDXID: SPDXRef-Package-54-rich -PackageVersion: 13.7.1 +PackageVersion: 13.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.7.1 +PackageDownloadLocation: https://pypi.org/project/rich/13.8.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.7.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.7.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.8.0:*:*:*:*:*:*:* ##### PackageName: markdown-it-py @@ -929,17 +929,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* PackageName: plotly SPDXID: SPDXRef-Package-59-plotly -PackageVersion: 5.23.0 +PackageVersion: 5.24.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.23.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.24.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.23.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.23.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.0:*:*:*:*:*:*:* ##### PackageName: tenacity @@ -994,17 +994,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: PackageName: certifi SPDXID: SPDXRef-Package-63-certifi -PackageVersion: 2024.7.4 +PackageVersion: 2024.8.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.7.4 +PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30 FilesAnalyzed: false PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.7.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.7.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/certifi@2024.8.30 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*:*:*:*:* ##### PackageName: charset-normalizer @@ -1056,17 +1056,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-Package-67-setuptools -PackageVersion: 73.0.1 +PackageVersion: 74.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/73.0.1 +PackageDownloadLocation: https://pypi.org/project/setuptools/74.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@73.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:73.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.0.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1119,17 +1119,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:* PackageName: zipp SPDXID: SPDXRef-Package-71-zipp -PackageVersion: 3.20.0 +PackageVersion: 3.20.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.0 +PackageDownloadLocation: https://pypi.org/project/zipp/3.20.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.1:*:*:*:*:*:*:* ##### PackageName: zstandard