From 0840eb3e75287d2aa3fa5d52e03f3acc66eb4c4a Mon Sep 17 00:00:00 2001 From: GitHub Date: Mon, 7 Aug 2023 00:57:18 +0000 Subject: [PATCH] chore: update SBOM for Python 3.8 --- sbom/cve-bin-tool-py3.8.json | 374 +++++++++++++++++++++-------------- sbom/cve-bin-tool-py3.8.spdx | 308 ++++++++++++++++------------- 2 files changed, 393 insertions(+), 289 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index 1680cdef09..42640d2dc8 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -1,17 +1,20 @@ { "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", "bomFormat": "CycloneDX", - "specVersion": "1.4", - "serialNumber": "urn:uuidf1a858d4-ba16-484e-80c3-8006d5c45b0c", + "specVersion": "1.5", + "serialNumber": "urn:uuidd61bfc1a-7c68-419a-b198-6791fc4f153e", "version": 1, "metadata": { - "timestamp": "2023-07-03T00:33:14Z", - "tools": [ - { - "name": "sbom4python", - "version": "0.9.2" - } - ], + "timestamp": "2023-08-07T00:57:17Z", + "tools": { + "components": [ + { + "name": "sbom4python", + "version": "0.10.0", + "type": "application" + } + ] + }, "component": { "type": "application", "bom-ref": "CDXRef-DOCUMENT", @@ -55,7 +58,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.8.4", + "version": "3.8.5", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -67,12 +70,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.8.4", + "url": "https://pypi.org/project/aiohttp/3.8.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.8.4", + "purl": "pkg:pypi/aiohttp@3.8.5", "properties": [ { "name": "License Comments", @@ -112,7 +115,7 @@ "type": "library", "bom-ref": "4-frozenlist", "name": "frozenlist", - "version": "1.3.3", + "version": "1.4.0", "description": "A list-like structure which implements collections.abc.MutableSequence", "licenses": [ { @@ -124,12 +127,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/frozenlist/1.3.3", + "url": "https://pypi.org/project/frozenlist/1.4.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/frozenlist@1.3.3", + "purl": "pkg:pypi/frozenlist@1.4.0", "properties": [ { "name": "License Comments", @@ -203,7 +206,7 @@ "type": "library", "bom-ref": "7-charset-normalizer", "name": "charset-normalizer", - "version": "3.1.0", + "version": "3.2.0", "supplier": { "name": "Ahmed TAHRI", "contact": [ @@ -212,7 +215,7 @@ } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:*", "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", "licenses": [ { @@ -224,12 +227,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/charset-normalizer/3.1.0", + "url": "https://pypi.org/project/charset-normalizer/3.2.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/charset-normalizer@3.1.0" + "purl": "pkg:pypi/charset-normalizer@3.2.0" }, { "type": "library", @@ -842,7 +845,7 @@ "type": "library", "bom-ref": "26-pyparsing", "name": "pyparsing", - "version": "3.1.0", + "version": "3.1.1", "supplier": { "name": "Paul McGuire", "contact": [ @@ -851,16 +854,16 @@ } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:*", "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.0", + "url": "https://pypi.org/project/pyparsing/3.1.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.0" + "purl": "pkg:pypi/pyparsing@3.1.1" }, { "type": "library", @@ -1050,7 +1053,7 @@ "type": "library", "bom-ref": "32-cryptography", "name": "cryptography", - "version": "41.0.1", + "version": "41.0.3", "supplier": { "name": "The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1059,7 +1062,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1070,12 +1073,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/41.0.1", + "url": "https://pypi.org/project/cryptography/41.0.3", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@41.0.1" + "purl": "pkg:pypi/cryptography@41.0.3" }, { "type": "library", @@ -1221,7 +1224,7 @@ "type": "library", "bom-ref": "37-google-auth", "name": "google-auth", - "version": "2.21.0", + "version": "2.22.0", "supplier": { "name": "Google Cloud Platform", "contact": [ @@ -1230,7 +1233,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_cloud_platform:google-auth:2.22.0:*:*:*:*:*:*:*", "description": "Google Authentication Library", "licenses": [ { @@ -1242,12 +1245,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-auth/2.21.0", + "url": "https://pypi.org/project/google-auth/2.22.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/google-auth@2.21.0", + "purl": "pkg:pypi/google-auth@2.22.0", "properties": [ { "name": "License Comments", @@ -1361,7 +1364,7 @@ "type": "library", "bom-ref": "41-importlib-metadata", "name": "importlib-metadata", - "version": "6.7.0", + "version": "6.8.0", "supplier": { "name": "Jason R. Coombs", "contact": [ @@ -1370,22 +1373,22 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.7.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r._coombs:importlib-metadata:6.8.0:*:*:*:*:*:*:*", "description": "Read metadata from Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/importlib-metadata/6.7.0", + "url": "https://pypi.org/project/importlib-metadata/6.8.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-metadata@6.7.0" + "purl": "pkg:pypi/importlib-metadata@6.8.0" }, { "type": "library", "bom-ref": "42-zipp", "name": "zipp", - "version": "3.15.0", + "version": "3.16.2", "supplier": { "name": "Jason R. Coombs", "contact": [ @@ -1394,22 +1397,22 @@ } ] }, - "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.15.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:jason_r._coombs:zipp:3.16.2:*:*:*:*:*:*:*", "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.15.0", + "url": "https://pypi.org/project/zipp/3.16.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/zipp@3.15.0" + "purl": "pkg:pypi/zipp@3.16.2" }, { "type": "library", "bom-ref": "43-importlib-resources", "name": "importlib-resources", - "version": "5.12.0", + "version": "6.0.0", "supplier": { "name": "Barry Warsaw", "contact": [ @@ -1418,16 +1421,16 @@ } ] }, - "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:5.12.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:barry_warsaw:importlib-resources:6.0.0:*:*:*:*:*:*:*", "description": "Read resources from Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/importlib-resources/5.12.0", + "url": "https://pypi.org/project/importlib-resources/6.0.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/importlib-resources@5.12.0" + "purl": "pkg:pypi/importlib-resources@6.0.0" }, { "type": "library", @@ -1488,11 +1491,11 @@ "type": "library", "bom-ref": "46-jsonschema", "name": "jsonschema", - "version": "4.17.3", + "version": "4.18.6", "supplier": { "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", "licenses": [ { @@ -1504,52 +1507,77 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.17.3", + "url": "https://pypi.org/project/jsonschema/4.18.6", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema@4.17.3" + "purl": "pkg:pypi/jsonschema@4.18.6" }, { "type": "library", - "bom-ref": "47-pkgutil-resolve-name", - "name": "pkgutil-resolve-name", - "version": "1.3.10", + "bom-ref": "47-jsonschema-specifications", + "name": "jsonschema-specifications", + "version": "2023.7.1", "supplier": { - "name": "Vinay Sajip", - "contact": [ - { - "email": "vinay_sajip@yahoo.co.uk" - } - ] + "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*", - "description": "Resolve a name to an object.", + "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.7.1:*:*:*:*:*:*:*", + "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" + } + } + ], "externalReferences": [ { - "url": "https://pypi.org/project/pkgutil_resolve_name/1.3.10", + "url": "https://pypi.org/project/jsonschema-specifications/2023.7.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10" + "purl": "pkg:pypi/jsonschema-specifications@2023.7.1" }, { "type": "library", - "bom-ref": "48-pyrsistent", - "name": "pyrsistent", - "version": "0.19.3", + "bom-ref": "48-referencing", + "name": "referencing", + "version": "0.30.2", "supplier": { - "name": "Tobias Gustafsson", - "contact": [ - { - "email": "tobias.l.gustafsson@gmail.com" + "name": "Julian Berman" + }, + "cpe": "cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:*", + "description": "JSON Referencing + Python", + "licenses": [ + { + "license": { + "id": "MIT", + "url": "https://opensource.org/licenses/MIT" } - ] + } + ], + "externalReferences": [ + { + "url": "https://pypi.org/project/referencing/0.30.2", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/referencing@0.30.2" + }, + { + "type": "library", + "bom-ref": "49-rpds-py", + "name": "rpds-py", + "version": "0.9.2", + "supplier": { + "name": "Julian Berman" }, - "cpe": "cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:*", - "description": "Persistent/Functional/Immutable data structures", + "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:*:*", + "description": "Python bindings to Rust's persistent data structures (rpds)", "licenses": [ { "license": { @@ -1560,18 +1588,42 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyrsistent/0.19.3", + "url": "https://pypi.org/project/rpds-py/0.9.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyrsistent@0.19.3" + "purl": "pkg:pypi/rpds-py@0.9.2" }, { "type": "library", - "bom-ref": "49-lib4sbom", + "bom-ref": "50-pkgutil-resolve-name", + "name": "pkgutil-resolve-name", + "version": "1.3.10", + "supplier": { + "name": "Vinay Sajip", + "contact": [ + { + "email": "vinay_sajip@yahoo.co.uk" + } + ] + }, + "cpe": "cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:*", + "description": "Resolve a name to an object.", + "externalReferences": [ + { + "url": "https://pypi.org/project/pkgutil_resolve_name/1.3.10", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/pkgutil-resolve-name@1.3.10" + }, + { + "type": "library", + "bom-ref": "51-lib4sbom", "name": "lib4sbom", - "version": "0.3.1", + "version": "0.4.1", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -1580,7 +1632,7 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "licenses": [ { @@ -1592,18 +1644,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.3.1", + "url": "https://pypi.org/project/lib4sbom/0.4.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.3.1" + "purl": "pkg:pypi/lib4sbom@0.4.1" }, { "type": "library", - "bom-ref": "50-pyyaml", + "bom-ref": "52-pyyaml", "name": "pyyaml", - "version": "6.0", + "version": "6.0.1", "supplier": { "name": "Kirill Simonov", "contact": [ @@ -1612,7 +1664,7 @@ } ] }, - "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:*", "description": "YAML parser and emitter for Python", "licenses": [ { @@ -1624,16 +1676,16 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/PyYAML/6.0", + "url": "https://pypi.org/project/PyYAML/6.0.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyyaml@6.0" + "purl": "pkg:pypi/pyyaml@6.0.1" }, { "type": "library", - "bom-ref": "51-semantic-version", + "bom-ref": "53-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -1671,7 +1723,7 @@ }, { "type": "library", - "bom-ref": "52-packaging", + "bom-ref": "54-packaging", "name": "packaging", "version": "21.3", "supplier": { @@ -1708,7 +1760,7 @@ }, { "type": "library", - "bom-ref": "53-plotly", + "bom-ref": "55-plotly", "name": "plotly", "version": "5.15.0", "supplier": { @@ -1740,7 +1792,7 @@ }, { "type": "library", - "bom-ref": "54-tenacity", + "bom-ref": "56-tenacity", "name": "tenacity", "version": "8.2.2", "supplier": { @@ -1778,9 +1830,9 @@ }, { "type": "library", - "bom-ref": "55-python-gnupg", + "bom-ref": "57-python-gnupg", "name": "python-gnupg", - "version": "0.5.0", + "version": "0.5.1", "supplier": { "name": "Vinay Sajip", "contact": [ @@ -1789,7 +1841,7 @@ } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", "licenses": [ { @@ -1801,12 +1853,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/python-gnupg/0.5.0", + "url": "https://pypi.org/project/python-gnupg/0.5.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.0", + "purl": "pkg:pypi/python-gnupg@0.5.1", "properties": [ { "name": "License Comments", @@ -1816,7 +1868,7 @@ }, { "type": "library", - "bom-ref": "56-requests", + "bom-ref": "58-requests", "name": "requests", "version": "2.31.0", "supplier": { @@ -1854,9 +1906,9 @@ }, { "type": "library", - "bom-ref": "57-certifi", + "bom-ref": "59-certifi", "name": "certifi", - "version": "2023.5.7", + "version": "2023.7.22", "supplier": { "name": "Kenneth Reitz", "contact": [ @@ -1865,7 +1917,7 @@ } ] }, - "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:*:*:*:*", "description": "Python package for providing Mozilla's CA Bundle.", "licenses": [ { @@ -1877,18 +1929,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/certifi/2023.5.7", + "url": "https://pypi.org/project/certifi/2023.7.22", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/certifi@2023.5.7" + "purl": "pkg:pypi/certifi@2023.7.22" }, { "type": "library", - "bom-ref": "58-rich", + "bom-ref": "60-rich", "name": "rich", - "version": "13.4.2", + "version": "13.5.2", "supplier": { "name": "Will McGugan", "contact": [ @@ -1897,7 +1949,7 @@ } ] }, - "cpe": "cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:*", "description": "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal", "licenses": [ { @@ -1909,16 +1961,16 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.4.2", + "url": "https://pypi.org/project/rich/13.5.2", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/rich@13.4.2" + "purl": "pkg:pypi/rich@13.5.2" }, { "type": "library", - "bom-ref": "59-markdown-it-py", + "bom-ref": "61-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -1942,7 +1994,7 @@ }, { "type": "library", - "bom-ref": "60-mdurl", + "bom-ref": "62-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -1966,9 +2018,9 @@ }, { "type": "library", - "bom-ref": "61-pygments", + "bom-ref": "63-pygments", "name": "pygments", - "version": "2.15.1", + "version": "2.16.1", "supplier": { "name": "Georg Brandl", "contact": [ @@ -1977,7 +2029,7 @@ } ] }, - "cpe": "cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:*", "description": "Pygments is a syntax highlighting package written in Python.", "licenses": [ { @@ -1989,16 +2041,16 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/Pygments/2.15.1", + "url": "https://pypi.org/project/Pygments/2.16.1", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pygments@2.15.1" + "purl": "pkg:pypi/pygments@2.16.1" }, { "type": "library", - "bom-ref": "62-typing-extensions", + "bom-ref": "64-typing-extensions", "name": "typing-extensions", "version": "4.7.1", "supplier": { @@ -2022,7 +2074,7 @@ }, { "type": "library", - "bom-ref": "63-rpmfile", + "bom-ref": "65-rpmfile", "name": "rpmfile", "version": "1.1.1", "supplier": { @@ -2054,7 +2106,7 @@ }, { "type": "library", - "bom-ref": "64-toml", + "bom-ref": "66-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -2086,9 +2138,9 @@ }, { "type": "library", - "bom-ref": "65-xmlschema", + "bom-ref": "67-xmlschema", "name": "xmlschema", - "version": "2.3.1", + "version": "2.4.0", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2097,7 +2149,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -2109,18 +2161,18 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/2.3.1", + "url": "https://pypi.org/project/xmlschema/2.4.0", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@2.3.1" + "purl": "pkg:pypi/xmlschema@2.4.0" }, { "type": "library", - "bom-ref": "66-elementpath", + "bom-ref": "68-elementpath", "name": "elementpath", - "version": "4.1.4", + "version": "4.1.5", "supplier": { "name": "Davide Brunato", "contact": [ @@ -2129,7 +2181,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:*", "description": "XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml", "licenses": [ { @@ -2141,16 +2193,16 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/elementpath/4.1.4", + "url": "https://pypi.org/project/elementpath/4.1.5", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/elementpath@4.1.4" + "purl": "pkg:pypi/elementpath@4.1.5" }, { "type": "library", - "bom-ref": "67-zstandard", + "bom-ref": "69-zstandard", "name": "zstandard", "version": "0.21.0", "supplier": { @@ -2207,18 +2259,18 @@ "43-importlib-resources", "44-jinja2", "46-jsonschema", - "49-lib4sbom", - "52-packaging", - "53-plotly", - "55-python-gnupg", - "50-pyyaml", - "56-requests", - "58-rich", - "63-rpmfile", - "64-toml", + "51-lib4sbom", + "54-packaging", + "55-plotly", + "57-python-gnupg", + "52-pyyaml", + "58-requests", + "60-rich", + "65-rpmfile", + "66-toml", "39-urllib3", - "65-xmlschema", - "67-zstandard" + "67-xmlschema", + "69-zstandard" ] }, { @@ -2382,57 +2434,73 @@ "dependsOn": [ "6-attrs", "43-importlib-resources", - "47-pkgutil-resolve-name", - "48-pyrsistent" + "47-jsonschema-specifications", + "50-pkgutil-resolve-name", + "48-referencing", + "49-rpds-py" + ] + }, + { + "ref": "47-jsonschema-specifications", + "dependsOn": [ + "43-importlib-resources", + "48-referencing" + ] + }, + { + "ref": "48-referencing", + "dependsOn": [ + "6-attrs", + "49-rpds-py" ] }, { - "ref": "49-lib4sbom", + "ref": "51-lib4sbom", "dependsOn": [ - "50-pyyaml", - "51-semantic-version" + "52-pyyaml", + "53-semantic-version" ] }, { - "ref": "52-packaging", + "ref": "54-packaging", "dependsOn": [ "26-pyparsing" ] }, { - "ref": "53-plotly", + "ref": "55-plotly", "dependsOn": [ - "52-packaging", - "54-tenacity" + "54-packaging", + "56-tenacity" ] }, { - "ref": "56-requests", + "ref": "58-requests", "dependsOn": [ - "57-certifi", + "59-certifi", "7-charset-normalizer", "10-idna", "39-urllib3" ] }, { - "ref": "58-rich", + "ref": "60-rich", "dependsOn": [ - "59-markdown-it-py", - "61-pygments", - "62-typing-extensions" + "61-markdown-it-py", + "63-pygments", + "64-typing-extensions" ] }, { - "ref": "59-markdown-it-py", + "ref": "61-markdown-it-py", "dependsOn": [ - "60-mdurl" + "62-mdurl" ] }, { - "ref": "65-xmlschema", + "ref": "67-xmlschema", "dependsOn": [ - "66-elementpath" + "68-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index f5a19f80af..dff672d3ee 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-4732d2f2-a347-435b-bd9c-44bf3bee61de -LicenseListVersion: 3.20 -Creator: Tool: sbom4python-0.9.2 -Created: 2023-07-03T00:31:32Z +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f3aa055e-bd6f-4280-a403-ca873d0b3505 +LicenseListVersion: 3.21 +Creator: Tool: sbom4python-0.10.0 +Created: 2023-08-07T00:55:43Z CreatorComment: This document has been automatically generated. ##### @@ -26,17 +26,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.2.2.dev0:*:*: PackageName: aiohttp SPDXID: SPDXRef-Package-2-aiohttp -PackageVersion: 3.8.4 +PackageVersion: 3.8.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.4 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.8.5 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.4 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiohttp@3.8.5 ##### PackageName: aiosignal @@ -55,17 +55,17 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/aiosignal@1.3.1 PackageName: frozenlist SPDXID: SPDXRef-Package-4-frozenlist -PackageVersion: 1.3.3 +PackageVersion: 1.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.3.3 +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A list-like structure which implements collections.abc.MutableSequence -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.3.3 +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/frozenlist@1.4.0 ##### PackageName: async-timeout @@ -101,17 +101,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:23.1.0:*:*:*:*:* PackageName: charset-normalizer SPDXID: SPDXRef-Package-7-charset-normalizer -PackageVersion: 3.1.0 +PackageVersion: 3.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) -PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.1.0 +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.2.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/charset-normalizer@3.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.2.0:*:*:*:*:*:*:* ##### PackageName: multidict @@ -396,17 +396,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* PackageName: pyparsing SPDXID: SPDXRef-Package-26-pyparsing -PackageVersion: 3.1.0 +PackageVersion: 3.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.0 +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyparsing@3.1.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.1:*:*:*:*:*:*:* ##### PackageName: oauth2client @@ -490,17 +490,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:23. PackageName: cryptography SPDXID: SPDXRef-Package-32-cryptography -PackageVersion: 41.0.1 +PackageVersion: 41.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.1 +PackageDownloadLocation: https://pypi.org/project/cryptography/41.0.3 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/cryptography@41.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_python_cryptographic_authority_and_individual_contributors:cryptography:41.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -567,18 +567,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* PackageName: google-auth SPDXID: SPDXRef-Package-37-google-auth -PackageVersion: 2.21.0 +PackageVersion: 2.22.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.21.0 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.22.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Google Authentication Library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.21.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.21.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/google-auth@2.22.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.22.0:*:*:*:*:*:*:* ##### PackageName: cachetools @@ -629,47 +629,47 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* PackageName: importlib-metadata SPDXID: SPDXRef-Package-41-importlib-metadata -PackageVersion: 6.7.0 +PackageVersion: 6.8.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.7.0 +PackageDownloadLocation: https://pypi.org/project/importlib-metadata/6.8.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Read metadata from Python packages -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.7.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.7.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-metadata@6.8.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:importlib-metadata:6.8.0:*:*:*:*:*:*:* ##### PackageName: zipp SPDXID: SPDXRef-Package-42-zipp -PackageVersion: 3.15.0 +PackageVersion: 3.16.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. Coombs (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.15.0 +PackageDownloadLocation: https://pypi.org/project/zipp/3.16.2 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Backport of pathlib-compatible object wrapper for zip files -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.15.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.15.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/zipp@3.16.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r._coombs:zipp:3.16.2:*:*:*:*:*:*:* ##### PackageName: importlib-resources SPDXID: SPDXRef-Package-43-importlib-resources -PackageVersion: 5.12.0 +PackageVersion: 6.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) -PackageDownloadLocation: https://pypi.org/project/importlib-resources/5.12.0 +PackageDownloadLocation: https://pypi.org/project/importlib-resources/6.0.0 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Read resources from Python packages -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@5.12.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:5.12.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/importlib-resources@6.0.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.0.0:*:*:*:*:*:*:* ##### PackageName: jinja2 @@ -703,21 +703,66 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/markupsafe@2.1.3 PackageName: jsonschema SPDXID: SPDXRef-Package-46-jsonschema -PackageVersion: 4.17.3 +PackageVersion: 4.18.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.17.3 +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.18.6 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An implementation of JSON Schema validation for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.17.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.17.3:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema@4.18.6 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.18.6:*:*:*:*:*:*:* +##### + +PackageName: jsonschema-specifications +SPDXID: SPDXRef-Package-47-jsonschema-specifications +PackageVersion: 2023.7.1 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.7.1 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/jsonschema-specifications@2023.7.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.7.1:*:*:*:*:*:*:* +##### + +PackageName: referencing +SPDXID: SPDXRef-Package-48-referencing +PackageVersion: 0.30.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/referencing/0.30.2 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: JSON Referencing + Python +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/referencing@0.30.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.30.2:*:*:*:*:*:*:* +##### + +PackageName: rpds-py +SPDXID: SPDXRef-Package-49-rpds-py +PackageVersion: 0.9.2 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Julian Berman +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.9.2 +FilesAnalyzed: false +PackageLicenseDeclared: MIT +PackageLicenseConcluded: MIT +PackageCopyrightText: NOASSERTION +PackageSummary: Python bindings to Rust's persistent data structures (rpds) +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rpds-py@0.9.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.9.2:*:*:*:*:*:*:* ##### PackageName: pkgutil-resolve-name -SPDXID: SPDXRef-Package-47-pkgutil-resolve-name +SPDXID: SPDXRef-Package-50-pkgutil-resolve-name PackageVersion: 1.3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -731,53 +776,38 @@ ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pkgutil-resolve-name@1.3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.10:*:*:*:*:*:*:* ##### -PackageName: pyrsistent -SPDXID: SPDXRef-Package-48-pyrsistent -PackageVersion: 0.19.3 -PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Tobias Gustafsson (tobias.l.gustafsson@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyrsistent/0.19.3 -FilesAnalyzed: false -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT -PackageCopyrightText: NOASSERTION -PackageSummary: Persistent/Functional/Immutable data structures -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyrsistent@0.19.3 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:tobias_gustafsson:pyrsistent:0.19.3:*:*:*:*:*:*:* -##### - PackageName: lib4sbom -SPDXID: SPDXRef-Package-49-lib4sbom -PackageVersion: 0.3.1 +SPDXID: SPDXRef-Package-51-lib4sbom +PackageVersion: 0.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.3.1 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.4.1 FilesAnalyzed: false PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/lib4sbom@0.4.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.4.1:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-50-pyyaml -PackageVersion: 6.0 +SPDXID: SPDXRef-Package-52-pyyaml +PackageVersion: 6.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0 +PackageDownloadLocation: https://pypi.org/project/PyYAML/6.0.1 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: YAML parser and emitter for Python -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pyyaml@6.0.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.1:*:*:*:*:*:*:* ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-51-semantic-version +SPDXID: SPDXRef-Package-53-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -793,7 +823,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: packaging -SPDXID: SPDXRef-Package-52-packaging +SPDXID: SPDXRef-Package-54-packaging PackageVersion: 21.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Donald Stufft and individual contributors (donald@stufft.io) @@ -809,7 +839,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft_and_individual_contribut ##### PackageName: plotly -SPDXID: SPDXRef-Package-53-plotly +SPDXID: SPDXRef-Package-55-plotly PackageVersion: 5.15.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -824,7 +854,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.15.0:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-54-tenacity +SPDXID: SPDXRef-Package-56-tenacity PackageVersion: 8.2.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) @@ -840,23 +870,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:8.2.2:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-55-python-gnupg -PackageVersion: 0.5.0 +SPDXID: SPDXRef-Package-57-python-gnupg +PackageVersion: 0.5.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.0 +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.1 FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/python-gnupg@0.5.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.1:*:*:*:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-56-requests +SPDXID: SPDXRef-Package-58-requests PackageVersion: 2.31.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -872,37 +902,37 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.31.0:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-57-certifi -PackageVersion: 2023.5.7 +SPDXID: SPDXRef-Package-59-certifi +PackageVersion: 2023.7.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2023.5.7 +PackageDownloadLocation: https://pypi.org/project/certifi/2023.7.22 FilesAnalyzed: false PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Python package for providing Mozilla's CA Bundle. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.5.7 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.5.7:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/certifi@2023.7.22 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2023.7.22:*:*:*:*:*:*:* ##### PackageName: rich -SPDXID: SPDXRef-Package-58-rich -PackageVersion: 13.4.2 +SPDXID: SPDXRef-Package-60-rich +PackageVersion: 13.5.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.4.2 +PackageDownloadLocation: https://pypi.org/project/rich/13.5.2 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.4.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.4.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/rich@13.5.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.5.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-59-markdown-it-py +SPDXID: SPDXRef-Package-61-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -917,7 +947,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-60-mdurl +SPDXID: SPDXRef-Package-62-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -932,22 +962,22 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-61-pygments -PackageVersion: 2.15.1 +SPDXID: SPDXRef-Package-63-pygments +PackageVersion: 2.16.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/Pygments/2.15.1 +PackageDownloadLocation: https://pypi.org/project/Pygments/2.16.1 FilesAnalyzed: false PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION PackageSummary: Pygments is a syntax highlighting package written in Python. -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.15.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.15.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/pygments@2.16.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.16.1:*:*:*:*:*:*:* ##### PackageName: typing-extensions -SPDXID: SPDXRef-Package-62-typing-extensions +SPDXID: SPDXRef-Package-64-typing-extensions PackageVersion: 4.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) @@ -962,7 +992,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-63-rpmfile +SPDXID: SPDXRef-Package-65-rpmfile PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -977,7 +1007,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:1.1.1:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-64-toml +SPDXID: SPDXRef-Package-66-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -992,37 +1022,37 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-65-xmlschema -PackageVersion: 2.3.1 +SPDXID: SPDXRef-Package-67-xmlschema +PackageVersion: 2.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/2.3.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/2.4.0 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.3.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.3.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/xmlschema@2.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:2.4.0:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-66-elementpath -PackageVersion: 4.1.4 +SPDXID: SPDXRef-Package-68-elementpath +PackageVersion: 4.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.4 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.1.5 FilesAnalyzed: false PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: XPath 1.0/2.0/3.0/3.1 parsers and selectors for ElementTree and lxml -ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE-MANAGER purl pkg:pypi/elementpath@4.1.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.1.5:*:*:*:*:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-67-zstandard +SPDXID: SPDXRef-Package-69-zstandard PackageVersion: 0.21.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1049,17 +1079,17 @@ Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-41-impor Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-importlib-resources Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-44-jinja2 Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-46-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-53-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-56-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-64-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-zstandard +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-51-lib4sbom +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-pyyaml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packaging +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-plotly +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-57-python-gnupg +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-58-requests +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-rich +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-65-rpmfile +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-toml +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-xmlschema +Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-zstandard Relationship: SPDXRef-Package-11-beautifulsoup4 DEPENDS_ON SPDXRef-Package-12-soupsieve Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-17-argcomplete Relationship: SPDXRef-Package-16-gsutil DEPENDS_ON SPDXRef-Package-18-crcmod @@ -1115,22 +1145,28 @@ Relationship: SPDXRef-Package-41-importlib-metadata DEPENDS_ON SPDXRef-Package-4 Relationship: SPDXRef-Package-43-importlib-resources DEPENDS_ON SPDXRef-Package-42-zipp Relationship: SPDXRef-Package-44-jinja2 DEPENDS_ON SPDXRef-Package-45-markupsafe Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-43-importlib-resources -Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-47-pkgutil-resolve-name -Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-48-pyrsistent +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-47-jsonschema-specifications +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-48-referencing +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-49-rpds-py +Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-50-pkgutil-resolve-name Relationship: SPDXRef-Package-46-jsonschema DEPENDS_ON SPDXRef-Package-6-attrs -Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-50-pyyaml -Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-51-semantic-version -Relationship: SPDXRef-Package-52-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing -Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-52-packaging -Relationship: SPDXRef-Package-53-plotly DEPENDS_ON SPDXRef-Package-54-tenacity -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-10-idna -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-39-urllib3 -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-57-certifi -Relationship: SPDXRef-Package-56-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer -Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-59-markdown-it-py -Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-61-pygments -Relationship: SPDXRef-Package-58-rich DEPENDS_ON SPDXRef-Package-62-typing-extensions -Relationship: SPDXRef-Package-59-markdown-it-py DEPENDS_ON SPDXRef-Package-60-mdurl -Relationship: SPDXRef-Package-65-xmlschema DEPENDS_ON SPDXRef-Package-66-elementpath +Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-43-importlib-resources +Relationship: SPDXRef-Package-47-jsonschema-specifications DEPENDS_ON SPDXRef-Package-48-referencing +Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-49-rpds-py +Relationship: SPDXRef-Package-48-referencing DEPENDS_ON SPDXRef-Package-6-attrs +Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-52-pyyaml +Relationship: SPDXRef-Package-51-lib4sbom DEPENDS_ON SPDXRef-Package-53-semantic-version +Relationship: SPDXRef-Package-54-packaging DEPENDS_ON SPDXRef-Package-26-pyparsing +Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-54-packaging +Relationship: SPDXRef-Package-55-plotly DEPENDS_ON SPDXRef-Package-56-tenacity +Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-10-idna +Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-39-urllib3 +Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-59-certifi +Relationship: SPDXRef-Package-58-requests DEPENDS_ON SPDXRef-Package-7-charset-normalizer +Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-61-markdown-it-py +Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-63-pygments +Relationship: SPDXRef-Package-60-rich DEPENDS_ON SPDXRef-Package-64-typing-extensions +Relationship: SPDXRef-Package-61-markdown-it-py DEPENDS_ON SPDXRef-Package-62-mdurl +Relationship: SPDXRef-Package-67-xmlschema DEPENDS_ON SPDXRef-Package-68-elementpath Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-10-idna Relationship: SPDXRef-Package-9-yarl DEPENDS_ON SPDXRef-Package-8-multidict