From 3781bd37d469e58f1adc4bb29dfe51f81235834c Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 16 Sep 2024 00:39:22 +0000 Subject: [PATCH] chore: update SBOM for Python 3.8 --- sbom/cve-bin-tool-py3.8.json | 558 +++++++++++++++++------------------ sbom/cve-bin-tool-py3.8.spdx | 441 ++++++++++++++------------- 2 files changed, 489 insertions(+), 510 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index ce643b2c72..501af71199 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:9ac14f65-0f2b-4039-b303-d81b71799569", + "serialNumber": "urn:uuid:8e7100db-8d80-46e5-8caa-bf053070211a", "version": 1, "metadata": { - "timestamp": "2024-09-09T00:38:19Z", + "timestamp": "2024-09-16T00:39:20Z", "lifecycles": [ { "phase": "build" @@ -313,7 +313,7 @@ "type": "library", "bom-ref": "8-multidict", "name": "multidict", - "version": "6.0.5", + "version": "6.1.0", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -322,14 +322,8 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:*", "description": "multidict implementation", - "hashes": [ - { - "alg": "SHA-1", - "content": "a9b281b2ef4ab25d95d6b268aa88c428e75c3696" - } - ], "licenses": [ { "license": { @@ -341,12 +335,46 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/multidict/6.0.5", + "url": "https://pypi.org/project/multidict/6.1.0", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/multidict@6.1.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "9-typing-extensions", + "name": "typing-extensions", + "version": "4.12.2", + "supplier": { + "name": "Guido van Jukka ukasz Michael", + "contact": [ + { + "email": "levkivskyi@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", + "description": "Backported and Experimental Type Hints for Python 3.8+", + "externalReferences": [ + { + "url": "https://pypi.org/project/typing-extensions/4.12.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/multidict@6.0.5", + "purl": "pkg:pypi/typing-extensions@4.12.2", "properties": [ { "name": "language", @@ -360,9 +388,9 @@ }, { "type": "library", - "bom-ref": "9-yarl", + "bom-ref": "10-yarl", "name": "yarl", - "version": "1.11.0", + "version": "1.11.1", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -371,7 +399,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -384,12 +412,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/yarl/1.11.0", + "url": "https://pypi.org/project/yarl/1.11.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.11.0", + "purl": "pkg:pypi/yarl@1.11.1", "properties": [ { "name": "language", @@ -403,9 +431,9 @@ }, { "type": "library", - "bom-ref": "10-idna", + "bom-ref": "11-idna", "name": "idna", - "version": "3.8", + "version": "3.10", "supplier": { "name": "Kim Davies", "contact": [ @@ -414,22 +442,16 @@ } ] }, - "cpe": "cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:*", "description": "Internationalized Domain Names in Applications (IDNA)", - "hashes": [ - { - "alg": "SHA-1", - "content": "784c6f45c162db9709588124f2f1def5b70615ff" - } - ], "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.8", + "url": "https://pypi.org/project/idna/3.10", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/idna@3.8", + "purl": "pkg:pypi/idna@3.10", "properties": [ { "name": "language", @@ -443,7 +465,7 @@ }, { "type": "library", - "bom-ref": "11-beautifulsoup4", + "bom-ref": "12-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -486,7 +508,7 @@ }, { "type": "library", - "bom-ref": "12-soupsieve", + "bom-ref": "13-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -520,7 +542,7 @@ }, { "type": "library", - "bom-ref": "13-cvss", + "bom-ref": "14-cvss", "name": "cvss", "version": "3.2", "supplier": { @@ -563,7 +585,7 @@ }, { "type": "library", - "bom-ref": "14-defusedxml", + "bom-ref": "15-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -612,7 +634,7 @@ }, { "type": "library", - "bom-ref": "15-distro", + "bom-ref": "16-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -655,7 +677,7 @@ }, { "type": "library", - "bom-ref": "16-filetype", + "bom-ref": "17-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -704,7 +726,7 @@ }, { "type": "library", - "bom-ref": "17-gsutil", + "bom-ref": "18-gsutil", "name": "gsutil", "version": "5.30", "supplier": { @@ -747,7 +769,7 @@ }, { "type": "library", - "bom-ref": "18-argcomplete", + "bom-ref": "19-argcomplete", "name": "argcomplete", "version": "3.5.0", "supplier": { @@ -790,7 +812,7 @@ }, { "type": "library", - "bom-ref": "19-crcmod", + "bom-ref": "20-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -833,7 +855,7 @@ }, { "type": "library", - "bom-ref": "20-fasteners", + "bom-ref": "21-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -877,7 +899,7 @@ }, { "type": "library", - "bom-ref": "21-gcs-oauth2-boto-plugin", + "bom-ref": "22-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -926,7 +948,7 @@ }, { "type": "library", - "bom-ref": "22-boto", + "bom-ref": "23-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -975,7 +997,7 @@ }, { "type": "library", - "bom-ref": "23-google-auth", + "bom-ref": "24-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -1024,7 +1046,7 @@ }, { "type": "library", - "bom-ref": "24-cachetools", + "bom-ref": "25-cachetools", "name": "cachetools", "version": "5.5.0", "supplier": { @@ -1067,9 +1089,9 @@ }, { "type": "library", - "bom-ref": "25-pyasn1-modules", + "bom-ref": "26-pyasn1-modules", "name": "pyasn1-modules", - "version": "0.4.0", + "version": "0.4.1", "supplier": { "name": "Ilya Etingof", "contact": [ @@ -1078,7 +1100,7 @@ } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:*", "description": "A collection of ASN.1-based protocols modules", "licenses": [ { @@ -1091,12 +1113,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1-modules/0.4.0", + "url": "https://pypi.org/project/pyasn1-modules/0.4.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1-modules@0.4.0", + "purl": "pkg:pypi/pyasn1-modules@0.4.1", "properties": [ { "name": "language", @@ -1110,9 +1132,9 @@ }, { "type": "library", - "bom-ref": "26-pyasn1", + "bom-ref": "27-pyasn1", "name": "pyasn1", - "version": "0.6.0", + "version": "0.6.1", "supplier": { "name": "Ilya Etingof", "contact": [ @@ -1121,7 +1143,7 @@ } ] }, - "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:*", "description": "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)", "licenses": [ { @@ -1134,12 +1156,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1/0.6.0", + "url": "https://pypi.org/project/pyasn1/0.6.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyasn1@0.6.0", + "purl": "pkg:pypi/pyasn1@0.6.1", "properties": [ { "name": "language", @@ -1153,7 +1175,7 @@ }, { "type": "library", - "bom-ref": "27-rsa", + "bom-ref": "28-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1202,7 +1224,7 @@ }, { "type": "library", - "bom-ref": "28-six", + "bom-ref": "29-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1251,7 +1273,7 @@ }, { "type": "library", - "bom-ref": "29-google-auth-httplib2", + "bom-ref": "30-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1299,7 +1321,7 @@ }, { "type": "library", - "bom-ref": "30-httplib2", + "bom-ref": "31-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1348,7 +1370,7 @@ }, { "type": "library", - "bom-ref": "31-pyparsing", + "bom-ref": "32-pyparsing", "name": "pyparsing", "version": "3.1.4", "supplier": { @@ -1382,7 +1404,7 @@ }, { "type": "library", - "bom-ref": "32-google-reauth", + "bom-ref": "33-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1431,7 +1453,7 @@ }, { "type": "library", - "bom-ref": "33-pyu2f", + "bom-ref": "34-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1480,7 +1502,7 @@ }, { "type": "library", - "bom-ref": "34-oauth2client", + "bom-ref": "35-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1529,7 +1551,7 @@ }, { "type": "library", - "bom-ref": "35-pyopenssl", + "bom-ref": "36-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1572,7 +1594,7 @@ }, { "type": "library", - "bom-ref": "36-cryptography", + "bom-ref": "37-cryptography", "name": "cryptography", "version": "43.0.1", "supplier": { @@ -1611,7 +1633,7 @@ }, { "type": "library", - "bom-ref": "37-cffi", + "bom-ref": "38-cffi", "name": "cffi", "version": "1.17.1", "supplier": { @@ -1654,7 +1676,7 @@ }, { "type": "library", - "bom-ref": "38-pycparser", + "bom-ref": "39-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1703,7 +1725,7 @@ }, { "type": "library", - "bom-ref": "39-retry-decorator", + "bom-ref": "40-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1752,7 +1774,7 @@ }, { "type": "library", - "bom-ref": "40-google-apitools", + "bom-ref": "41-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1801,7 +1823,7 @@ }, { "type": "library", - "bom-ref": "41-monotonic", + "bom-ref": "42-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -1850,9 +1872,9 @@ }, { "type": "library", - "bom-ref": "42-importlib-metadata", + "bom-ref": "43-importlib-metadata", "name": "importlib-metadata", - "version": "8.4.0", + "version": "8.5.0", "supplier": { "name": "Jason R .", "contact": [ @@ -1861,16 +1883,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.4.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/importlib-metadata/8.4.0", + "url": "https://pypi.org/project/importlib-metadata/8.5.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-metadata@8.4.0", + "purl": "pkg:pypi/importlib-metadata@8.5.0", "properties": [ { "name": "language", @@ -1884,9 +1906,9 @@ }, { "type": "library", - "bom-ref": "43-zipp", + "bom-ref": "44-zipp", "name": "zipp", - "version": "3.20.1", + "version": "3.20.2", "supplier": { "name": "Jason R .", "contact": [ @@ -1895,16 +1917,16 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.1", + "url": "https://pypi.org/project/zipp/3.20.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.20.1", + "purl": "pkg:pypi/zipp@3.20.2", "properties": [ { "name": "language", @@ -1918,9 +1940,9 @@ }, { "type": "library", - "bom-ref": "44-importlib-resources", + "bom-ref": "45-importlib-resources", "name": "importlib-resources", - "version": "6.4.4", + "version": "6.4.5", "supplier": { "name": "Barry Warsaw", "contact": [ @@ -1929,16 +1951,16 @@ } ] }, - "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:*", "description": "Read resources from Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/importlib-resources/6.4.4", + "url": "https://pypi.org/project/importlib-resources/6.4.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-resources@6.4.4", + "purl": "pkg:pypi/importlib-resources@6.4.5", "properties": [ { "name": "language", @@ -1952,7 +1974,7 @@ }, { "type": "library", - "bom-ref": "45-jinja2", + "bom-ref": "46-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", @@ -1983,7 +2005,7 @@ }, { "type": "library", - "bom-ref": "46-markupsafe", + "bom-ref": "47-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -2023,7 +2045,7 @@ }, { "type": "library", - "bom-ref": "47-jsonschema", + "bom-ref": "48-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -2061,7 +2083,7 @@ }, { "type": "library", - "bom-ref": "48-jsonschema-specifications", + "bom-ref": "49-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -2105,7 +2127,7 @@ }, { "type": "library", - "bom-ref": "49-referencing", + "bom-ref": "50-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -2134,7 +2156,7 @@ }, { "type": "library", - "bom-ref": "50-rpds-py", + "bom-ref": "51-rpds-py", "name": "rpds-py", "version": "0.20.0", "supplier": { @@ -2172,7 +2194,7 @@ }, { "type": "library", - "bom-ref": "51-pkgutil-resolve-name", + "bom-ref": "52-pkgutil-resolve-name", "name": "pkgutil-resolve-name", "version": "1.3.10", "supplier": { @@ -2206,7 +2228,7 @@ }, { "type": "library", - "bom-ref": "52-lib4sbom", + "bom-ref": "53-lib4sbom", "name": "lib4sbom", "version": "0.7.4", "supplier": { @@ -2249,7 +2271,7 @@ }, { "type": "library", - "bom-ref": "53-pyyaml", + "bom-ref": "54-pyyaml", "name": "pyyaml", "version": "6.0.2", "supplier": { @@ -2292,7 +2314,7 @@ }, { "type": "library", - "bom-ref": "54-semantic-version", + "bom-ref": "55-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2341,7 +2363,7 @@ }, { "type": "library", - "bom-ref": "55-lib4vex", + "bom-ref": "56-lib4vex", "name": "lib4vex", "version": "0.2.0", "supplier": { @@ -2384,7 +2406,7 @@ }, { "type": "library", - "bom-ref": "56-csaf-tool", + "bom-ref": "57-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2433,7 +2455,7 @@ }, { "type": "library", - "bom-ref": "57-packageurl-python", + "bom-ref": "58-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2477,9 +2499,9 @@ }, { "type": "library", - "bom-ref": "58-rich", + "bom-ref": "59-rich", "name": "rich", - "version": "13.8.0", + "version": "13.8.1", "supplier": { "name": "Will McGugan", "contact": [ @@ -2488,7 +2510,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.8.1:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -2501,12 +2523,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.8.0", + "url": "https://pypi.org/project/rich/13.8.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.8.0", + "purl": "pkg:pypi/rich@13.8.1", "properties": [ { "name": "language", @@ -2520,7 +2542,7 @@ }, { "type": "library", - "bom-ref": "59-markdown-it-py", + "bom-ref": "60-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2560,7 +2582,7 @@ }, { "type": "library", - "bom-ref": "60-mdurl", + "bom-ref": "61-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2600,7 +2622,7 @@ }, { "type": "library", - "bom-ref": "61-pygments", + "bom-ref": "62-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2647,40 +2669,6 @@ } ] }, - { - "type": "library", - "bom-ref": "62-typing-extensions", - "name": "typing-extensions", - "version": "4.12.2", - "supplier": { - "name": "Guido van Jukka ukasz Michael", - "contact": [ - { - "email": "levkivskyi@gmail.com" - } - ] - }, - "cpe": "cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:*", - "description": "Backported and Experimental Type Hints for Python 3.8+", - "externalReferences": [ - { - "url": "https://pypi.org/project/typing-extensions/4.12.2", - "type": "distribution", - "comment": "Download location for component" - } - ], - "purl": "pkg:pypi/typing-extensions@4.12.2", - "properties": [ - { - "name": "language", - "value": "Python" - }, - { - "name": "python_version", - "value": "3.8.18" - } - ] - }, { "type": "library", "bom-ref": "63-packaging", @@ -2719,7 +2707,7 @@ "type": "library", "bom-ref": "64-plotly", "name": "plotly", - "version": "5.24.0", + "version": "5.24.1", "supplier": { "name": "Chris P", "contact": [ @@ -2728,7 +2716,7 @@ } ] }, - "cpe": "cpe:2.3:a:chris_p:plotly:5.24.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:*", "description": "An open-source, interactive data visualization library for Python", "licenses": [ { @@ -2741,12 +2729,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.24.0", + "url": "https://pypi.org/project/plotly/5.24.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/plotly@5.24.0", + "purl": "pkg:pypi/plotly@5.24.1", "properties": [ { "name": "language", @@ -3001,7 +2989,7 @@ "type": "library", "bom-ref": "70-urllib3", "name": "urllib3", - "version": "2.2.2", + "version": "2.2.3", "supplier": { "name": "Andrey Petrov", "contact": [ @@ -3010,16 +2998,16 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:*", "description": "HTTP library with thread-safe connection pooling, file post, and more.", "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.2", + "url": "https://pypi.org/project/urllib3/2.2.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/urllib3@2.2.2", + "purl": "pkg:pypi/urllib3@2.2.3", "properties": [ { "name": "language", @@ -3084,7 +3072,7 @@ "type": "library", "bom-ref": "72-setuptools", "name": "setuptools", - "version": "74.1.2", + "version": "75.0.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3093,16 +3081,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:74.1.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.0.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/74.1.2", + "url": "https://pypi.org/project/setuptools/75.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@74.1.2", + "purl": "pkg:pypi/setuptools@75.0.0", "properties": [ { "name": "language", @@ -3167,7 +3155,7 @@ "type": "library", "bom-ref": "74-xmlschema", "name": "xmlschema", - "version": "3.3.2", + "version": "3.4.1", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3176,14 +3164,8 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.1:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", - "hashes": [ - { - "alg": "SHA-1", - "content": "90a7233292cfe5d877110fe369869996a3a25928" - } - ], "licenses": [ { "license": { @@ -3195,12 +3177,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.3.2", + "url": "https://pypi.org/project/xmlschema/3.4.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.3.2", + "purl": "pkg:pypi/xmlschema@3.4.1", "properties": [ { "name": "language", @@ -3216,7 +3198,7 @@ "type": "library", "bom-ref": "75-elementpath", "name": "elementpath", - "version": "4.4.0", + "version": "4.5.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3225,14 +3207,8 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", - "hashes": [ - { - "alg": "SHA-1", - "content": "004fca18366974c34193176bd3a356f711330ca0" - } - ], "licenses": [ { "license": { @@ -3244,12 +3220,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/elementpath/4.4.0", + "url": "https://pypi.org/project/elementpath/4.5.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.4.0", + "purl": "pkg:pypi/elementpath@4.5.0", "properties": [ { "name": "language", @@ -3316,31 +3292,31 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "11-beautifulsoup4", - "13-cvss", - "14-defusedxml", - "15-distro", - "16-filetype", - "17-gsutil", - "42-importlib-metadata", - "44-importlib-resources", - "45-jinja2", - "47-jsonschema", - "52-lib4sbom", - "55-lib4vex", - "57-packageurl-python", + "12-beautifulsoup4", + "14-cvss", + "15-defusedxml", + "16-distro", + "17-filetype", + "18-gsutil", + "43-importlib-metadata", + "45-importlib-resources", + "46-jinja2", + "48-jsonschema", + "53-lib4sbom", + "56-lib4vex", + "58-packageurl-python", "63-packaging", "64-plotly", "66-python-gnupg", - "53-pyyaml", + "54-pyyaml", "67-requests", - "58-rich", + "59-rich", "71-rpmfile", "72-setuptools", "73-toml", "70-urllib3", "74-xmlschema", - "43-zipp", + "44-zipp", "76-zstandard" ] }, @@ -3353,7 +3329,7 @@ "7-attrs", "5-frozenlist", "8-multidict", - "9-yarl" + "10-yarl" ] }, { @@ -3363,212 +3339,218 @@ ] }, { - "ref": "9-yarl", + "ref": "8-multidict", + "dependsOn": [ + "9-typing-extensions" + ] + }, + { + "ref": "10-yarl", "dependsOn": [ - "10-idna", + "11-idna", "8-multidict" ] }, { - "ref": "11-beautifulsoup4", + "ref": "12-beautifulsoup4", "dependsOn": [ - "12-soupsieve" + "13-soupsieve" ] }, { - "ref": "17-gsutil", + "ref": "18-gsutil", "dependsOn": [ - "18-argcomplete", - "19-crcmod", - "20-fasteners", - "21-gcs-oauth2-boto-plugin", - "40-google-apitools", - "23-google-auth", - "29-google-auth-httplib2", - "32-google-reauth", - "30-httplib2", - "41-monotonic", - "35-pyopenssl", - "39-retry-decorator", - "28-six" - ] - }, - { - "ref": "21-gcs-oauth2-boto-plugin", + "19-argcomplete", + "20-crcmod", + "21-fasteners", + "22-gcs-oauth2-boto-plugin", + "41-google-apitools", + "24-google-auth", + "30-google-auth-httplib2", + "33-google-reauth", + "31-httplib2", + "42-monotonic", + "36-pyopenssl", + "40-retry-decorator", + "29-six" + ] + }, + { + "ref": "22-gcs-oauth2-boto-plugin", "dependsOn": [ - "22-boto", - "23-google-auth", - "29-google-auth-httplib2", - "32-google-reauth", - "30-httplib2", - "34-oauth2client", - "35-pyopenssl", - "39-retry-decorator", - "27-rsa", - "28-six" + "23-boto", + "24-google-auth", + "30-google-auth-httplib2", + "33-google-reauth", + "31-httplib2", + "35-oauth2client", + "36-pyopenssl", + "40-retry-decorator", + "28-rsa", + "29-six" ] }, { - "ref": "23-google-auth", + "ref": "24-google-auth", "dependsOn": [ - "24-cachetools", - "25-pyasn1-modules", - "27-rsa", - "28-six" + "25-cachetools", + "26-pyasn1-modules", + "28-rsa", + "29-six" ] }, { - "ref": "25-pyasn1-modules", + "ref": "26-pyasn1-modules", "dependsOn": [ - "26-pyasn1" + "27-pyasn1" ] }, { - "ref": "27-rsa", + "ref": "28-rsa", "dependsOn": [ - "26-pyasn1" + "27-pyasn1" ] }, { - "ref": "29-google-auth-httplib2", + "ref": "30-google-auth-httplib2", "dependsOn": [ - "23-google-auth", - "30-httplib2" + "24-google-auth", + "31-httplib2" ] }, { - "ref": "30-httplib2", + "ref": "31-httplib2", "dependsOn": [ - "31-pyparsing" + "32-pyparsing" ] }, { - "ref": "32-google-reauth", + "ref": "33-google-reauth", "dependsOn": [ - "33-pyu2f" + "34-pyu2f" ] }, { - "ref": "33-pyu2f", + "ref": "34-pyu2f", "dependsOn": [ - "28-six" + "29-six" ] }, { - "ref": "34-oauth2client", + "ref": "35-oauth2client", "dependsOn": [ - "30-httplib2", - "26-pyasn1", - "25-pyasn1-modules", - "27-rsa", - "28-six" + "31-httplib2", + "27-pyasn1", + "26-pyasn1-modules", + "28-rsa", + "29-six" ] }, { - "ref": "35-pyopenssl", + "ref": "36-pyopenssl", "dependsOn": [ - "36-cryptography" + "37-cryptography" ] }, { - "ref": "36-cryptography", + "ref": "37-cryptography", "dependsOn": [ - "37-cffi" + "38-cffi" ] }, { - "ref": "37-cffi", + "ref": "38-cffi", "dependsOn": [ - "38-pycparser" + "39-pycparser" ] }, { - "ref": "40-google-apitools", + "ref": "41-google-apitools", "dependsOn": [ - "20-fasteners", - "30-httplib2", - "34-oauth2client", - "28-six" + "21-fasteners", + "31-httplib2", + "35-oauth2client", + "29-six" ] }, { - "ref": "42-importlib-metadata", + "ref": "43-importlib-metadata", "dependsOn": [ - "43-zipp" + "44-zipp" ] }, { - "ref": "44-importlib-resources", + "ref": "45-importlib-resources", "dependsOn": [ - "43-zipp" + "44-zipp" ] }, { - "ref": "45-jinja2", + "ref": "46-jinja2", "dependsOn": [ - "46-markupsafe" + "47-markupsafe" ] }, { - "ref": "47-jsonschema", + "ref": "48-jsonschema", "dependsOn": [ "7-attrs", - "44-importlib-resources", - "48-jsonschema-specifications", - "51-pkgutil-resolve-name", - "49-referencing", - "50-rpds-py" + "45-importlib-resources", + "49-jsonschema-specifications", + "52-pkgutil-resolve-name", + "50-referencing", + "51-rpds-py" ] }, { - "ref": "48-jsonschema-specifications", + "ref": "49-jsonschema-specifications", "dependsOn": [ - "44-importlib-resources", - "49-referencing" + "45-importlib-resources", + "50-referencing" ] }, { - "ref": "49-referencing", + "ref": "50-referencing", "dependsOn": [ "7-attrs", - "50-rpds-py" + "51-rpds-py" ] }, { - "ref": "52-lib4sbom", + "ref": "53-lib4sbom", "dependsOn": [ - "14-defusedxml", - "53-pyyaml", - "54-semantic-version" + "15-defusedxml", + "54-pyyaml", + "55-semantic-version" ] }, { - "ref": "55-lib4vex", + "ref": "56-lib4vex", "dependsOn": [ - "56-csaf-tool", - "52-lib4sbom", - "57-packageurl-python" + "57-csaf-tool", + "53-lib4sbom", + "58-packageurl-python" ] }, { - "ref": "56-csaf-tool", + "ref": "57-csaf-tool", "dependsOn": [ - "57-packageurl-python", - "58-rich" + "58-packageurl-python", + "59-rich" ] }, { - "ref": "58-rich", + "ref": "59-rich", "dependsOn": [ - "59-markdown-it-py", - "61-pygments", - "62-typing-extensions" + "60-markdown-it-py", + "62-pygments", + "9-typing-extensions" ] }, { - "ref": "59-markdown-it-py", + "ref": "60-markdown-it-py", "dependsOn": [ - "60-mdurl" + "61-mdurl" ] }, { @@ -3583,7 +3565,7 @@ "dependsOn": [ "68-certifi", "69-charset-normalizer", - "10-idna", + "11-idna", "70-urllib3" ] }, diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 56ef56afa1..3ecaae7ab1 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-d7cae49c-e580-434a-9e7a-c67ec6bf03a0 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-376cec73-e320-42a5-93d0-1582b82696d8 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.1 -Created: 2024-09-09T00:36:55Z +Created: 2024-09-16T00:37:54Z CreatorComment: This document has been automatically generated. ##### @@ -119,54 +119,67 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:* PackageName: multidict SPDXID: SPDXRef-Package-8-multidict -PackageVersion: 6.0.5 +PackageVersion: 6.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/multidict/6.0.5 +PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0 FilesAnalyzed: false -PackageChecksum: SHA1: a9b281b2ef4ab25d95d6b268aa88c428e75c3696 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: multidict implementation -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.0.5 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.0.5:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/multidict@6.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:*:*:*:* +##### + +PackageName: typing-extensions +SPDXID: SPDXRef-Package-9-typing-extensions +PackageVersion: 4.12.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) +PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2 +FilesAnalyzed: false +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageCopyrightText: NOASSERTION +PackageSummary: Backported and Experimental Type Hints for Python 3.8+ +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* ##### PackageName: yarl -SPDXID: SPDXRef-Package-9-yarl -PackageVersion: 1.11.0 +SPDXID: SPDXRef-Package-10-yarl +PackageVersion: 1.11.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.11.0 +PackageDownloadLocation: https://pypi.org/project/yarl/1.11.1 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.11.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-Package-10-idna -PackageVersion: 3.8 +SPDXID: SPDXRef-Package-11-idna +PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) -PackageDownloadLocation: https://pypi.org/project/idna/3.8 +PackageDownloadLocation: https://pypi.org/project/idna/3.10 FilesAnalyzed: false -PackageChecksum: SHA1: 784c6f45c162db9709588124f2f1def5b70615ff PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Internationalized Domain Names in Applications (IDNA) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.8 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.8:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-11-beautifulsoup4 +SPDXID: SPDXRef-Package-12-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -182,7 +195,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-12-soupsieve +SPDXID: SPDXRef-Package-13-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (use@gmail.com) @@ -197,7 +210,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-13-cvss +SPDXID: SPDXRef-Package-14-cvss PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -213,7 +226,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-14-defusedxml +SPDXID: SPDXRef-Package-15-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -230,7 +243,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-15-distro +SPDXID: SPDXRef-Package-16-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -246,7 +259,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-Package-16-filetype +SPDXID: SPDXRef-Package-17-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -262,7 +275,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-Package-17-gsutil +SPDXID: SPDXRef-Package-18-gsutil PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) @@ -278,7 +291,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-18-argcomplete +SPDXID: SPDXRef-Package-19-argcomplete PackageVersion: 3.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) @@ -294,7 +307,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-19-crcmod +SPDXID: SPDXRef-Package-20-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -309,7 +322,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-20-fasteners +SPDXID: SPDXRef-Package-21-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -325,7 +338,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-21-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-Package-22-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -342,7 +355,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-Package-22-boto +SPDXID: SPDXRef-Package-23-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -358,7 +371,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-Package-23-google-auth +SPDXID: SPDXRef-Package-24-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -375,7 +388,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-Package-24-cachetools +SPDXID: SPDXRef-Package-25-cachetools PackageVersion: 5.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -390,38 +403,38 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-25-pyasn1-modules -PackageVersion: 0.4.0 +SPDXID: SPDXRef-Package-26-pyasn1-modules +PackageVersion: 0.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A collection of ASN.1-based protocols modules -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1-modules@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*:*:*:*:*:* ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-26-pyasn1 -PackageVersion: 0.6.0 +SPDXID: SPDXRef-Package-27-pyasn1 +PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.0 +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1 FilesAnalyzed: false PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyasn1@0.6.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*:* ##### PackageName: rsa -SPDXID: SPDXRef-Package-27-rsa +SPDXID: SPDXRef-Package-28-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -438,7 +451,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-28-six +SPDXID: SPDXRef-Package-29-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -454,7 +467,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-Package-29-google-auth-httplib2 +SPDXID: SPDXRef-Package-30-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -470,7 +483,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-30-httplib2 +SPDXID: SPDXRef-Package-31-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -486,7 +499,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-31-pyparsing +SPDXID: SPDXRef-Package-32-pyparsing PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -501,7 +514,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-32-google-reauth +SPDXID: SPDXRef-Package-33-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -518,7 +531,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-33-pyu2f +SPDXID: SPDXRef-Package-34-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -535,7 +548,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-34-oauth2client +SPDXID: SPDXRef-Package-35-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -552,7 +565,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-35-pyopenssl +SPDXID: SPDXRef-Package-36-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -568,7 +581,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-36-cryptography +SPDXID: SPDXRef-Package-37-cryptography PackageVersion: 43.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -583,7 +596,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-Package-37-cffi +SPDXID: SPDXRef-Package-38-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -598,7 +611,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-38-pycparser +SPDXID: SPDXRef-Package-39-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -614,7 +627,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-39-retry-decorator +SPDXID: SPDXRef-Package-40-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -630,7 +643,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-40-google-apitools +SPDXID: SPDXRef-Package-41-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -647,7 +660,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-41-monotonic +SPDXID: SPDXRef-Package-42-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -664,52 +677,52 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-metadata -SPDXID: SPDXRef-Package-42-importlib-metadata -PackageVersion: 8.4.0 +SPDXID: SPDXRef-Package-43-importlib-metadata +PackageVersion: 8.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.4.0 +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/8.5.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Read metadata from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.4.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-metadata@8.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*:*:*:*:*:* ##### PackageName: zipp -SPDXID: SPDXRef-Package-43-zipp -PackageVersion: 3.20.1 +SPDXID: SPDXRef-Package-44-zipp +PackageVersion: 3.20.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.1 +PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zipp@3.20.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* ##### PackageName: importlib-resources -SPDXID: SPDXRef-Package-44-importlib-resources -PackageVersion: 6.4.4 +SPDXID: SPDXRef-Package-45-importlib-resources +PackageVersion: 6.4.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) -PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.4 +PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.4.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Read resources from Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/importlib-resources@6.4.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-45-jinja2 +SPDXID: SPDXRef-Package-46-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -724,7 +737,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-46-markupsafe +SPDXID: SPDXRef-Package-47-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -739,7 +752,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-47-jsonschema +SPDXID: SPDXRef-Package-48-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -754,7 +767,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-48-jsonschema-specifications +SPDXID: SPDXRef-Package-49-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -770,7 +783,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-49-referencing +SPDXID: SPDXRef-Package-50-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -785,7 +798,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-50-rpds-py +SPDXID: SPDXRef-Package-51-rpds-py PackageVersion: 0.20.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman @@ -800,7 +813,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:* ##### PackageName: pkgutil-resolve-name -SPDXID: SPDXRef-Package-51-pkgutil-resolve-name +SPDXID: SPDXRef-Package-52-pkgutil-resolve-name PackageVersion: 1.3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -815,7 +828,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-52-lib4sbom +SPDXID: SPDXRef-Package-53-lib4sbom PackageVersion: 0.7.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -830,7 +843,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-53-pyyaml +SPDXID: SPDXRef-Package-54-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -845,7 +858,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-54-semantic-version +SPDXID: SPDXRef-Package-55-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -862,7 +875,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-Package-55-lib4vex +SPDXID: SPDXRef-Package-56-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -877,7 +890,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-Package-56-csaf-tool +SPDXID: SPDXRef-Package-57-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -893,7 +906,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-57-packageurl-python +SPDXID: SPDXRef-Package-58-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -909,22 +922,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-Package-58-rich -PackageVersion: 13.8.0 +SPDXID: SPDXRef-Package-59-rich +PackageVersion: 13.8.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.8.0 +PackageDownloadLocation: https://pypi.org/project/rich/13.8.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.8.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.8.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/rich@13.8.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.8.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-59-markdown-it-py +SPDXID: SPDXRef-Package-60-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -940,7 +953,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-60-mdurl +SPDXID: SPDXRef-Package-61-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -956,7 +969,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-61-pygments +SPDXID: SPDXRef-Package-62-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -971,21 +984,6 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pygments@2.18.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:*:*:* ##### -PackageName: typing-extensions -SPDXID: SPDXRef-Package-62-typing-extensions -PackageVersion: 4.12.2 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) -PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2 -FilesAnalyzed: false -PackageLicenseDeclared: NOASSERTION -PackageLicenseConcluded: NOASSERTION -PackageCopyrightText: NOASSERTION -PackageSummary: Backported and Experimental Type Hints for Python 3.8+ -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/typing-extensions@4.12.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-extensions:4.12.2:*:*:*:*:*:*:* -##### - PackageName: packaging SPDXID: SPDXRef-Package-63-packaging PackageVersion: 24.1 @@ -1003,17 +1001,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* PackageName: plotly SPDXID: SPDXRef-Package-64-plotly -PackageVersion: 5.24.0 +PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.24.0 +PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An open-source, interactive data visualization library for Python -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/plotly@5.24.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity @@ -1099,17 +1097,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* PackageName: urllib3 SPDXID: SPDXRef-Package-70-urllib3 -PackageVersion: 2.2.2 +PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.2 +PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: HTTP library with thread-safe connection pooling, file post, and more. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/urllib3@2.2.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*:*:* ##### PackageName: rpmfile @@ -1130,17 +1128,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-Package-72-setuptools -PackageVersion: 74.1.2 +PackageVersion: 75.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/74.1.2 +PackageDownloadLocation: https://pypi.org/project/setuptools/75.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@74.1.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:74.1.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.0.0:*:*:*:*:*:*:* ##### PackageName: toml @@ -1161,34 +1159,32 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: PackageName: xmlschema SPDXID: SPDXRef-Package-74-xmlschema -PackageVersion: 3.3.2 +PackageVersion: 3.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.3.2 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.1 FilesAnalyzed: false -PackageChecksum: SHA1: 90a7233292cfe5d877110fe369869996a3a25928 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.1:*:*:*:*:*:*:* ##### PackageName: elementpath SPDXID: SPDXRef-Package-75-elementpath -PackageVersion: 4.4.0 +PackageVersion: 4.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.4.0 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0 FilesAnalyzed: false -PackageChecksum: SHA1: 004fca18366974c34193176bd3a356f711330ca0 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.4.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.4.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/elementpath@4.5.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:*:*:*:*:* ##### PackageName: zstandard @@ -1208,23 +1204,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:* ##### Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-11-beautifulsoup4 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-13-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-filetype -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-17-gsutil +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-beautifulsoup4 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-cvss +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-defusedxml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-distro +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-17-filetype +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-18-gsutil Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-42-importlib-metadata -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-zipp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-importlib-resources -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-47-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-lib4vex -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-importlib-metadata +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-zipp +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-importlib-resources +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jinja2 +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-48-jsonschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-lib4vex +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-packageurl-python +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-rich Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-packaging Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-plotly Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-python-gnupg @@ -1235,92 +1231,93 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-setup Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-73-toml Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-74-xmlschema Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-76-zstandard -Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-18-argcomplete -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-19-crcmod -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-20-fasteners -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-21-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-23-google-auth -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-28-six -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-29-google-auth-httplib2 -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-30-httplib2 -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-32-google-reauth -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-35-pyopenssl -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-39-retry-decorator -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-40-google-apitools -Relationship: SPDXRef-Package-17-gsutil DEPENDS_ON SPDXRef-Package-41-monotonic +Relationship: SPDXRef-Package-10-yarl DEPENDS_ON SPDXRef-Package-11-idna +Relationship: SPDXRef-Package-10-yarl DEPENDS_ON SPDXRef-Package-8-multidict +Relationship: SPDXRef-Package-12-beautifulsoup4 DEPENDS_ON SPDXRef-Package-13-soupsieve +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-19-argcomplete +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-20-crcmod +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-21-fasteners +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-22-gcs-oauth2-boto-plugin +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-24-google-auth +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-29-six +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-30-google-auth-httplib2 +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-31-httplib2 +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-33-google-reauth +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-36-pyopenssl +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-40-retry-decorator +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-41-google-apitools +Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-42-monotonic +Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-10-yarl Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiohappyeyeballs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-aiosignal Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-frozenlist Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-async-timeout Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-attrs Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-multidict -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-9-yarl -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-22-boto -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-google-auth -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-27-rsa -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-six -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-google-auth-httplib2 -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-httplib2 -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-32-google-reauth -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-34-oauth2client -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-pyopenssl -Relationship: SPDXRef-Package-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-39-retry-decorator -Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-24-cachetools -Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-25-pyasn1-modules -Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-27-rsa -Relationship: SPDXRef-Package-23-google-auth DEPENDS_ON SPDXRef-Package-28-six -Relationship: SPDXRef-Package-25-pyasn1-modules DEPENDS_ON SPDXRef-Package-26-pyasn1 -Relationship: SPDXRef-Package-27-rsa DEPENDS_ON SPDXRef-Package-26-pyasn1 -Relationship: SPDXRef-Package-29-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-23-google-auth -Relationship: SPDXRef-Package-29-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-30-httplib2 -Relationship: SPDXRef-Package-30-httplib2 DEPENDS_ON SPDXRef-Package-31-pyparsing -Relationship: SPDXRef-Package-32-google-reauth DEPENDS_ON SPDXRef-Package-33-pyu2f -Relationship: SPDXRef-Package-33-pyu2f DEPENDS_ON SPDXRef-Package-28-six -Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-25-pyasn1-modules -Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-26-pyasn1 -Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-27-rsa -Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-28-six -Relationship: SPDXRef-Package-34-oauth2client DEPENDS_ON SPDXRef-Package-30-httplib2 -Relationship: SPDXRef-Package-35-pyopenssl DEPENDS_ON SPDXRef-Package-36-cryptography -Relationship: SPDXRef-Package-36-cryptography DEPENDS_ON SPDXRef-Package-37-cffi -Relationship: SPDXRef-Package-37-cffi DEPENDS_ON SPDXRef-Package-38-pycparser +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-boto +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-google-auth +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-rsa +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-six +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-google-auth-httplib2 +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-httplib2 +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-google-reauth +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-oauth2client +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-36-pyopenssl +Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-40-retry-decorator +Relationship: SPDXRef-Package-24-google-auth DEPENDS_ON SPDXRef-Package-25-cachetools +Relationship: SPDXRef-Package-24-google-auth DEPENDS_ON SPDXRef-Package-26-pyasn1-modules +Relationship: SPDXRef-Package-24-google-auth DEPENDS_ON SPDXRef-Package-28-rsa +Relationship: SPDXRef-Package-24-google-auth DEPENDS_ON SPDXRef-Package-29-six +Relationship: SPDXRef-Package-26-pyasn1-modules DEPENDS_ON SPDXRef-Package-27-pyasn1 +Relationship: SPDXRef-Package-28-rsa DEPENDS_ON SPDXRef-Package-27-pyasn1 +Relationship: SPDXRef-Package-30-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-24-google-auth +Relationship: SPDXRef-Package-30-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-31-httplib2 +Relationship: SPDXRef-Package-31-httplib2 DEPENDS_ON SPDXRef-Package-32-pyparsing +Relationship: SPDXRef-Package-33-google-reauth DEPENDS_ON SPDXRef-Package-34-pyu2f +Relationship: SPDXRef-Package-34-pyu2f DEPENDS_ON SPDXRef-Package-29-six +Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-26-pyasn1-modules +Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-27-pyasn1 +Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-28-rsa +Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-29-six +Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-31-httplib2 +Relationship: SPDXRef-Package-36-pyopenssl DEPENDS_ON SPDXRef-Package-37-cryptography +Relationship: SPDXRef-Package-37-cryptography DEPENDS_ON SPDXRef-Package-38-cffi +Relationship: SPDXRef-Package-38-cffi DEPENDS_ON SPDXRef-Package-39-pycparser Relationship: SPDXRef-Package-4-aiosignal DEPENDS_ON SPDXRef-Package-5-frozenlist -Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-20-fasteners -Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-28-six -Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-30-httplib2 -Relationship: SPDXRef-Package-40-google-apitools DEPENDS_ON SPDXRef-Package-34-oauth2client -Relationship: SPDXRef-Package-42-importlib-metadata DEPENDS_ON SPDXRef-Package-43-zipp -Relationship: SPDXRef-Package-44-importlib-resources DEPENDS_ON SPDXRef-Package-43-zipp -Relationship: SPDXRef-Package-45-jinja2 DEPENDS_ON SPDXRef-Package-46-markupsafe -Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-44-importlib-resources -Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-48-jsonschema-specifications -Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-49-referencing -Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-50-rpds-py -Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-51-pkgutil-resolve-name -Relationship: SPDXRef-Package-47-jsonschema DEPENDS_ON SPDXRef-Package-7-attrs -Relationship: SPDXRef-Package-48-jsonschema-specifications DEPENDS_ON SPDXRef-Package-44-importlib-resources -Relationship: SPDXRef-Package-48-jsonschema-specifications DEPENDS_ON SPDXRef-Package-49-referencing -Relationship: SPDXRef-Package-49-referencing DEPENDS_ON SPDXRef-Package-50-rpds-py -Relationship: SPDXRef-Package-49-referencing DEPENDS_ON SPDXRef-Package-7-attrs -Relationship: SPDXRef-Package-52-lib4sbom DEPENDS_ON SPDXRef-Package-14-defusedxml -Relationship: SPDXRef-Package-52-lib4sbom DEPENDS_ON SPDXRef-Package-53-pyyaml -Relationship: SPDXRef-Package-52-lib4sbom DEPENDS_ON SPDXRef-Package-54-semantic-version -Relationship: SPDXRef-Package-55-lib4vex DEPENDS_ON SPDXRef-Package-52-lib4sbom -Relationship: SPDXRef-Package-55-lib4vex DEPENDS_ON SPDXRef-Package-56-csaf-tool -Relationship: SPDXRef-Package-55-lib4vex DEPENDS_ON SPDXRef-Package-57-packageurl-python -Relationship: SPDXRef-Package-56-csaf-tool DEPENDS_ON SPDXRef-Package-57-packageurl-python -Relationship: SPDXRef-Package-56-csaf-tool DEPENDS_ON SPDXRef-Package-58-rich -Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-59-markdown-it-py -Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-61-pygments -Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-62-typing-extensions -Relationship: SPDXRef-Package-59-markdown-it-py DEPENDS_ON SPDXRef-Package-60-mdurl +Relationship: SPDXRef-Package-41-google-apitools DEPENDS_ON SPDXRef-Package-21-fasteners +Relationship: SPDXRef-Package-41-google-apitools DEPENDS_ON SPDXRef-Package-29-six +Relationship: SPDXRef-Package-41-google-apitools DEPENDS_ON SPDXRef-Package-31-httplib2 +Relationship: SPDXRef-Package-41-google-apitools DEPENDS_ON SPDXRef-Package-35-oauth2client +Relationship: SPDXRef-Package-43-importlib-metadata DEPENDS_ON SPDXRef-Package-44-zipp +Relationship: SPDXRef-Package-45-importlib-resources DEPENDS_ON SPDXRef-Package-44-zipp +Relationship: SPDXRef-Package-46-jinja2 DEPENDS_ON SPDXRef-Package-47-markupsafe +Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-45-importlib-resources +Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-49-jsonschema-specifications +Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-50-referencing +Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-51-rpds-py +Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-52-pkgutil-resolve-name +Relationship: SPDXRef-Package-48-jsonschema DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-49-jsonschema-specifications DEPENDS_ON SPDXRef-Package-45-importlib-resources +Relationship: SPDXRef-Package-49-jsonschema-specifications DEPENDS_ON SPDXRef-Package-50-referencing +Relationship: SPDXRef-Package-50-referencing DEPENDS_ON SPDXRef-Package-51-rpds-py +Relationship: SPDXRef-Package-50-referencing DEPENDS_ON SPDXRef-Package-7-attrs +Relationship: SPDXRef-Package-53-lib4sbom DEPENDS_ON SPDXRef-Package-15-defusedxml +Relationship: SPDXRef-Package-53-lib4sbom DEPENDS_ON SPDXRef-Package-54-pyyaml +Relationship: SPDXRef-Package-53-lib4sbom DEPENDS_ON SPDXRef-Package-55-semantic-version +Relationship: SPDXRef-Package-56-lib4vex DEPENDS_ON SPDXRef-Package-53-lib4sbom +Relationship: SPDXRef-Package-56-lib4vex DEPENDS_ON SPDXRef-Package-57-csaf-tool +Relationship: SPDXRef-Package-56-lib4vex DEPENDS_ON SPDXRef-Package-58-packageurl-python +Relationship: SPDXRef-Package-57-csaf-tool DEPENDS_ON SPDXRef-Package-58-packageurl-python +Relationship: SPDXRef-Package-57-csaf-tool DEPENDS_ON SPDXRef-Package-59-rich +Relationship: SPDXRef-Package-59-rich DEPENDS_ON SPDXRef-Package-60-markdown-it-py +Relationship: SPDXRef-Package-59-rich DEPENDS_ON SPDXRef-Package-62-pygments +Relationship: SPDXRef-Package-59-rich DEPENDS_ON SPDXRef-Package-9-typing-extensions +Relationship: SPDXRef-Package-60-markdown-it-py DEPENDS_ON SPDXRef-Package-61-mdurl Relationship: SPDXRef-Package-64-plotly DEPENDS_ON SPDXRef-Package-63-packaging Relationship: SPDXRef-Package-64-plotly DEPENDS_ON SPDXRef-Package-65-tenacity -Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-11-idna Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-68-certifi Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-69-charset-normalizer Relationship: SPDXRef-Package-67-requests DEPENDS_ON SPDXRef-Package-70-urllib3 Relationship: SPDXRef-Package-74-xmlschema DEPENDS_ON SPDXRef-Package-75-elementpath -Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict +Relationship: SPDXRef-Package-8-multidict DEPENDS_ON SPDXRef-Package-9-typing-extensions