From 77b86997f30799439e6dc9867bbe19a60608b1aa Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 09:37:24 -0700 Subject: [PATCH] chore: update SBOM for Python 3.10 (#4460) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 655 +++++++++++++++++++++++++++++----- sbom/cve-bin-tool-py3.10.spdx | 620 ++++++++++++++++++-------------- 2 files changed, 899 insertions(+), 376 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index b4aae9d62f..c7e51e920e 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:afb0b734-9768-4a6d-bd56-1d13406b9c61", + "serialNumber": "urn:uuid:d48f0dee-ab05-485f-b952-785d3826a1bc", "version": 1, "metadata": { - "timestamp": "2024-09-16T00:39:03Z", + "timestamp": "2024-09-23T00:37:16Z", "lifecycles": [ { "phase": "build" @@ -15,7 +15,7 @@ "components": [ { "name": "sbom4python", - "version": "0.11.1", + "version": "0.11.2", "type": "application" } ] @@ -53,7 +53,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cve-bin-tool/3.4", + "url": "https://github.com/intel/cve-bin-tool", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/cve-bin-tool/3.4/#files", "type": "distribution", "comment": "Download location for component" } @@ -87,7 +92,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohttp/3.10.5", + "url": "https://github.com/aio-libs/aiohttp", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/aiohttp/3.10.5/#files", "type": "distribution", "comment": "Download location for component" } @@ -136,7 +146,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiohappyeyeballs/2.4.0", + "url": "https://github.com/aio-libs/aiohappyeyeballs", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/aiohappyeyeballs/2.4.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -158,6 +173,7 @@ "bom-ref": "4-aiosignal", "name": "aiosignal", "version": "1.3.1", + "description": "aiosignal: a list of registered asynchronous callbacks", "hashes": [ { "alg": "SHA-1", @@ -175,7 +191,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/aiosignal/1.3.1", + "url": "https://github.com/aio-libs/aiosignal", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/aiosignal/1.3.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -189,6 +210,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2022-11-08T16:03:57.000Z" } ] }, @@ -209,7 +234,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/frozenlist/1.4.1", + "url": "https://github.com/aio-libs/frozenlist", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/frozenlist/1.4.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -223,6 +253,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2023-12-15T08:40:29.000Z" } ] }, @@ -258,7 +292,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/async-timeout/4.0.3", + "url": "https://github.com/aio-libs/async-timeout", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/async-timeout/4.0.3/#files", "type": "distribution", "comment": "Download location for component" } @@ -272,6 +311,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2023-08-10T16:35:55.000Z" } ] }, @@ -292,7 +335,7 @@ "description": "Classes Without Boilerplate", "externalReferences": [ { - "url": "https://pypi.org/project/attrs/24.2.0", + "url": "https://pypi.org/project/attrs/24.2.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -335,7 +378,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/multidict/6.1.0", + "url": "https://github.com/aio-libs/multidict", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/multidict/6.1.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -369,7 +417,7 @@ "description": "Backported and Experimental Type Hints for Python 3.8+", "externalReferences": [ { - "url": "https://pypi.org/project/typing-extensions/4.12.2", + "url": "https://pypi.org/project/typing-extensions/4.12.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -412,7 +460,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/yarl/1.11.1", + "url": "https://github.com/aio-libs/yarl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/yarl/1.11.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -446,7 +499,7 @@ "description": "Internationalized Domain Names in Applications (IDNA)", "externalReferences": [ { - "url": "https://pypi.org/project/idna/3.10", + "url": "https://pypi.org/project/idna/3.10/#files", "type": "distribution", "comment": "Download location for component" } @@ -489,7 +542,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/beautifulsoup4/4.12.3", + "url": "https://www.crummy.com/software/BeautifulSoup/bs4/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/beautifulsoup4/4.12.3/#files", "type": "distribution", "comment": "Download location for component" } @@ -503,6 +561,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-01-17T16:53:12.000Z" } ] }, @@ -515,7 +577,7 @@ "name": "Isaac Muse", "contact": [ { - "email": "use@gmail.com" + "email": "Isaac.Muse@gmail.com" } ] }, @@ -523,7 +585,12 @@ "description": "A modern CSS selector implementation for Beautiful Soup.", "externalReferences": [ { - "url": "https://pypi.org/project/soupsieve/2.6", + "url": "https://github.com/facelessuser/soupsieve", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/soupsieve/2.6/#files", "type": "distribution", "comment": "Download location for component" } @@ -566,7 +633,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cvss/3.2", + "url": "https://github.com/RedHatProductSecurity/cvss", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/cvss/3.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -615,7 +687,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/defusedxml/0.7.1", + "url": "https://github.com/tiran/defusedxml", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/defusedxml/0.7.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -629,6 +706,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2021-03-08T10:59:24.000Z" } ] }, @@ -658,7 +739,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/distro/1.9.0", + "url": "https://github.com/python-distro/distro", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/distro/1.9.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -672,6 +758,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2023-12-24T09:54:30.000Z" } ] }, @@ -707,7 +797,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/filetype/1.2.0", + "url": "https://github.com/h2non/filetype.py", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/filetype/1.2.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -721,6 +816,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2022-11-02T17:34:01.000Z" } ] }, @@ -750,7 +849,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gsutil/5.30", + "url": "https://cloud.google.com/storage/docs/gsutil", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/gsutil/5.30/#files", "type": "distribution", "comment": "Download location for component" } @@ -793,7 +897,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/argcomplete/3.5.0", + "url": "https://github.com/kislyuk/argcomplete", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/argcomplete/3.5.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -836,7 +945,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/crcmod/1.7", + "url": "http://crcmod.sourceforge.net/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/crcmod/1.7/#files", "type": "distribution", "comment": "Download location for component" } @@ -880,7 +994,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/fasteners/0.19", + "url": "https://github.com/harlowja/fasteners", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/fasteners/0.19/#files", "type": "distribution", "comment": "Download location for component" } @@ -929,7 +1048,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2", + "url": "https://developers.google.com/storage/docs/gspythonlibrary", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -943,6 +1067,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-05-02T14:37:31.000Z" } ] }, @@ -978,7 +1106,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/boto/2.49.0", + "url": "https://github.com/boto/boto/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/boto/2.49.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -992,6 +1125,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2018-07-11T20:58:55.000Z" } ] }, @@ -1027,7 +1164,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-auth/2.17.0", + "url": "https://github.com/googleapis/google-auth-library-python", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-auth/2.17.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -1070,7 +1212,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cachetools/5.5.0", + "url": "https://github.com/tkem/cachetools/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/cachetools/5.5.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -1113,7 +1260,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1-modules/0.4.1", + "url": "https://github.com/pyasn1/pyasn1-modules", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pyasn1-modules/0.4.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -1156,7 +1308,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyasn1/0.6.1", + "url": "https://github.com/pyasn1/pyasn1", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pyasn1/0.6.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -1205,7 +1362,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rsa/4.7.2", + "url": "https://stuvel.eu/rsa", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/rsa/4.7.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -1219,6 +1381,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2021-02-24T10:55:03.000Z" } ] }, @@ -1254,7 +1420,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/six/1.16.0", + "url": "https://github.com/benjaminp/six", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/six/1.16.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -1268,6 +1439,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2021-05-05T14:18:17.000Z" } ] }, @@ -1285,6 +1460,7 @@ ] }, "cpe": "cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:*", + "description": "Google Authentication Library: httplib2 transport", "hashes": [ { "alg": "SHA-1", @@ -1302,7 +1478,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-auth-httplib2/0.2.0", + "url": "https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-auth-httplib2/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -1316,6 +1497,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2023-12-12T17:40:13.000Z" } ] }, @@ -1351,7 +1536,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/httplib2/0.20.4", + "url": "https://github.com/httplib2/httplib2", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/httplib2/0.20.4/#files", "type": "distribution", "comment": "Download location for component" } @@ -1385,7 +1575,12 @@ "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "externalReferences": [ { - "url": "https://pypi.org/project/pyparsing/3.1.4", + "url": "https://github.com/pyparsing/pyparsing/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pyparsing/3.1.4/#files", "type": "distribution", "comment": "Download location for component" } @@ -1434,7 +1629,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-reauth/0.1.1", + "url": "https://github.com/Google/google-reauth-python", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-reauth/0.1.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -1448,6 +1648,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2020-12-01T17:35:45.000Z" } ] }, @@ -1483,7 +1687,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyu2f/0.1.5", + "url": "https://github.com/google/pyu2f/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pyu2f/0.1.5/#files", "type": "distribution", "comment": "Download location for component" } @@ -1497,6 +1706,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2020-10-30T20:03:07.000Z" } ] }, @@ -1532,7 +1745,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/oauth2client/4.1.3", + "url": "http://github.com/google/oauth2client/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/oauth2client/4.1.3/#files", "type": "distribution", "comment": "Download location for component" } @@ -1546,6 +1764,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2018-09-07T21:38:16.000Z" } ] }, @@ -1575,7 +1797,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyopenssl/24.2.1", + "url": "https://pyopenssl.org/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pyopenssl/24.2.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -1614,7 +1841,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cryptography/43.0.1", + "url": "https://github.com/pyca/cryptography", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/cryptography/43.0.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -1657,7 +1889,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/cffi/1.17.1", + "url": "http://cffi.readthedocs.org", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/cffi/1.17.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -1706,7 +1943,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pycparser/2.22", + "url": "https://github.com/eliben/pycparser", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pycparser/2.22/#files", "type": "distribution", "comment": "Download location for component" } @@ -1720,6 +1962,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-03-30T13:22:20.000Z" } ] }, @@ -1755,7 +2001,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/retry-decorator/1.1.1", + "url": "https://github.com/pnpnpn/retry-decorator", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/retry-decorator/1.1.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -1769,6 +2020,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2020-03-10T23:56:29.000Z" } ] }, @@ -1804,7 +2059,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/google-apitools/0.5.32", + "url": "http://github.com/google/apitools", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/google-apitools/0.5.32/#files", "type": "distribution", "comment": "Download location for component" } @@ -1818,6 +2078,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2021-05-05T22:12:58.000Z" } ] }, @@ -1853,7 +2117,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/monotonic/1.6", + "url": "https://github.com/atdt/monotonic", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/monotonic/1.6/#files", "type": "distribution", "comment": "Download location for component" } @@ -1867,6 +2136,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2021-04-09T21:58:05.000Z" } ] }, @@ -1884,7 +2157,7 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jinja2/3.1.4", + "url": "https://pypi.org/project/jinja2/3.1.4/#files", "type": "distribution", "comment": "Download location for component" } @@ -1898,6 +2171,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-05-05T23:41:59.000Z" } ] }, @@ -1924,7 +2201,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/markupsafe/2.1.5", + "url": "https://palletsprojects.com/p/markupsafe/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/markupsafe/2.1.5/#files", "type": "distribution", "comment": "Download location for component" } @@ -1938,6 +2220,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-02-02T16:30:04.000Z" } ] }, @@ -1947,7 +2233,12 @@ "name": "jsonschema", "version": "4.23.0", "supplier": { - "name": "Julian Berman" + "name": "Julian Berman", + "contact": [ + { + "email": "Julian+jsonschema@GrayVines.com" + } + ] }, "cpe": "cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*:*:*:*:*", "description": "An implementation of JSON Schema validation for Python", @@ -1962,7 +2253,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema/4.23.0", + "url": "https://github.com/python-jsonschema/jsonschema", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/jsonschema/4.23.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -1985,7 +2281,12 @@ "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { - "name": "Julian Berman" + "name": "Julian Berman", + "contact": [ + { + "email": "Julian+jsonschema-specifications@GrayVines.com" + } + ] }, "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*", "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", @@ -2006,7 +2307,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1", + "url": "https://github.com/python-jsonschema/jsonschema-specifications", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -2020,6 +2326,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2023-12-25T15:16:51.000Z" } ] }, @@ -2029,13 +2339,23 @@ "name": "referencing", "version": "0.35.1", "supplier": { - "name": "Julian Berman" + "name": "Julian Berman", + "contact": [ + { + "email": "Julian+referencing@GrayVines.com" + } + ] }, "cpe": "cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:*:*:*:*:*", "description": "JSON Referencing + Python", "externalReferences": [ { - "url": "https://pypi.org/project/referencing/0.35.1", + "url": "https://github.com/python-jsonschema/referencing", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/referencing/0.35.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -2049,6 +2369,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-05-01T20:26:02.000Z" } ] }, @@ -2058,7 +2382,12 @@ "name": "rpds-py", "version": "0.20.0", "supplier": { - "name": "Julian Berman" + "name": "Julian Berman", + "contact": [ + { + "email": "Julian+rpds@GrayVines.com" + } + ] }, "cpe": "cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:*:*:*", "description": "Python bindings to Rust's persistent data structures (rpds)", @@ -2073,7 +2402,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpds-py/0.20.0", + "url": "https://github.com/crate-py/rpds", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/rpds-py/0.20.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -2094,7 +2428,7 @@ "type": "library", "bom-ref": "49-lib4sbom", "name": "lib4sbom", - "version": "0.7.4", + "version": "0.7.5", "supplier": { "name": "Anthony Harrison", "contact": [ @@ -2103,7 +2437,7 @@ } ] }, - "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:*", "description": "Software Bill of Material (SBOM) generator and consumer library", "licenses": [ { @@ -2116,12 +2450,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4sbom/0.7.4", + "url": "https://github.com/anthonyharrison/lib4sbom", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/lib4sbom/0.7.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/lib4sbom@0.7.4", + "purl": "pkg:pypi/lib4sbom@0.7.5", "properties": [ { "name": "language", @@ -2159,7 +2498,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pyyaml/6.0.2", + "url": "https://pyyaml.org/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pyyaml/6.0.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -2208,7 +2552,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/semantic-version/2.10.0", + "url": "https://github.com/rbarrois/python-semanticversion", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/semantic-version/2.10.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -2222,6 +2571,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2022-05-26T13:35:21.000Z" } ] }, @@ -2251,7 +2604,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/lib4vex/0.2.0", + "url": "https://github.com/anthonyharrison/lib4vex", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/lib4vex/0.2.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -2300,7 +2658,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/csaf-tool/0.3.2", + "url": "https://github.com/anthonyharrison/csaf", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/csaf-tool/0.3.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -2344,7 +2707,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/packageurl-python/0.15.6", + "url": "https://github.com/package-url/packageurl-python", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/packageurl-python/0.15.6/#files", "type": "distribution", "comment": "Download location for component" } @@ -2387,7 +2755,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rich/13.8.1", + "url": "https://github.com/Textualize/rich", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/rich/13.8.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -2427,7 +2800,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/markdown-it-py/3.0.0", + "url": "https://github.com/executablebooks/markdown-it-py", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/markdown-it-py/3.0.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -2441,6 +2819,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2023-06-03T06:41:11.000Z" } ] }, @@ -2467,7 +2849,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/mdurl/0.1.2", + "url": "https://github.com/executablebooks/mdurl", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/mdurl/0.1.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -2481,6 +2868,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2022-08-14T12:40:09.000Z" } ] }, @@ -2516,7 +2907,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/pygments/2.18.0", + "url": "https://pygments.org", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/pygments/2.18.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -2530,6 +2926,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2024-05-04T13:41:57.000Z" } ] }, @@ -2550,7 +2950,7 @@ "description": "Core utilities for Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/packaging/24.1", + "url": "https://pypi.org/project/packaging/24.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -2593,7 +2993,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/plotly/5.24.1", + "url": "https://plotly.com/python/", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/plotly/5.24.1/#files", "type": "distribution", "comment": "Download location for component" } @@ -2642,7 +3047,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/tenacity/9.0.0", + "url": "https://github.com/jd/tenacity", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/tenacity/9.0.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -2663,7 +3073,7 @@ "type": "library", "bom-ref": "62-python-gnupg", "name": "python-gnupg", - "version": "0.5.2", + "version": "0.5.3", "supplier": { "name": "Vinay Sajip", "contact": [ @@ -2672,14 +3082,8 @@ } ] }, - "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:*", "description": "A wrapper for the Gnu Privacy Guard (GPG or GnuPG)", - "hashes": [ - { - "alg": "SHA-1", - "content": "cda862f8b31c2678d5691ee55797a1cf6d44fe42" - } - ], "licenses": [ { "license": { @@ -2691,12 +3095,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/python-gnupg/0.5.2", + "url": "https://github.com/vsajip/python-gnupg", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/python-gnupg/0.5.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/python-gnupg@0.5.2", + "purl": "pkg:pypi/python-gnupg@0.5.3", "properties": [ { "name": "language", @@ -2740,7 +3149,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/requests/2.32.3", + "url": "https://requests.readthedocs.io", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/requests/2.32.3/#files", "type": "distribution", "comment": "Download location for component" } @@ -2783,7 +3197,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/certifi/2024.8.30", + "url": "https://github.com/certifi/python-certifi", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/certifi/2024.8.30/#files", "type": "distribution", "comment": "Download location for component" } @@ -2832,7 +3251,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/charset-normalizer/3.3.2", + "url": "https://github.com/Ousret/charset_normalizer", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/charset-normalizer/3.3.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -2846,6 +3270,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2023-11-01T04:02:29.000Z" } ] }, @@ -2866,7 +3294,7 @@ "description": "HTTP library with thread-safe connection pooling, file post, and more.", "externalReferences": [ { - "url": "https://pypi.org/project/urllib3/2.2.3", + "url": "https://pypi.org/project/urllib3/2.2.3/#files", "type": "distribution", "comment": "Download location for component" } @@ -2915,7 +3343,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/rpmfile/2.1.0", + "url": "https://github.com/srossross/rpmfile", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/rpmfile/2.1.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -2936,7 +3369,7 @@ "type": "library", "bom-ref": "68-setuptools", "name": "setuptools", - "version": "75.0.0", + "version": "75.1.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -2945,16 +3378,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.0.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.0.0", + "url": "https://pypi.org/project/setuptools/75.1.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.0.0", + "purl": "pkg:pypi/setuptools@75.1.0", "properties": [ { "name": "language", @@ -2998,7 +3431,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/toml/0.10.2", + "url": "https://github.com/uiri/toml", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/toml/0.10.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -3012,6 +3450,10 @@ { "name": "python_version", "value": "3.10.15" + }, + { + "name": "package_release_date", + "value": "2020-11-01T01:40:20.000Z" } ] }, @@ -3019,7 +3461,7 @@ "type": "library", "bom-ref": "70-xmlschema", "name": "xmlschema", - "version": "3.4.1", + "version": "3.4.2", "supplier": { "name": "Davide Brunato", "contact": [ @@ -3028,7 +3470,7 @@ } ] }, - "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:*", "description": "An XML Schema validator and decoder", "licenses": [ { @@ -3041,12 +3483,17 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/xmlschema/3.4.1", + "url": "https://github.com/sissaschool/xmlschema", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/xmlschema/3.4.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/xmlschema@3.4.1", + "purl": "pkg:pypi/xmlschema@3.4.2", "properties": [ { "name": "language", @@ -3084,7 +3531,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/elementpath/4.5.0", + "url": "https://github.com/sissaschool/elementpath", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/elementpath/4.5.0/#files", "type": "distribution", "comment": "Download location for component" } @@ -3118,7 +3570,7 @@ "description": "Backport of pathlib-compatible object wrapper for zip files", "externalReferences": [ { - "url": "https://pypi.org/project/zipp/3.20.2", + "url": "https://pypi.org/project/zipp/3.20.2/#files", "type": "distribution", "comment": "Download location for component" } @@ -3161,7 +3613,12 @@ ], "externalReferences": [ { - "url": "https://pypi.org/project/zstandard/0.23.0", + "url": "https://github.com/indygreg/python-zstandard", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/zstandard/0.23.0/#files", "type": "distribution", "comment": "Download location for component" } diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index ee7418c2dd..57e9c735ba 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,20 +2,21 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-c2b78c5d-af2e-4ff4-8344-03b575e4932c +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-6faec0ff-af84-4dba-bf54-2b71bea6ecbb LicenseListVersion: 3.22 -Creator: Tool: sbom4python-0.11.1 -Created: 2024-09-16T00:37:43Z +Creator: Tool: sbom4python-0.11.2 +Created: 2024-09-23T00:35:54Z CreatorComment: This document has been automatically generated. ##### PackageName: cve-bin-tool -SPDXID: SPDXRef-Package-1-cve-bin-tool +SPDXID: SPDXRef-1-cve-bin-tool PackageVersion: 3.4 PrimaryPackagePurpose: APPLICATION PackageSupplier: Person: Terri Oda (terri.oda@intel.com) -PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4 +PackageDownloadLocation: https://pypi.org/project/cve-bin-tool/3.4/#files FilesAnalyzed: false +PackageHomePage: https://github.com/intel/cve-bin-tool PackageLicenseDeclared: GPL-3.0-or-later PackageLicenseConcluded: GPL-3.0-or-later PackageCopyrightText: NOASSERTION @@ -25,12 +26,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* ##### PackageName: aiohttp -SPDXID: SPDXRef-Package-2-aiohttp +SPDXID: SPDXRef-2-aiohttp PackageVersion: 3.10.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.5 +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.5/#files FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -40,12 +42,13 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.5 ##### PackageName: aiohappyeyeballs -SPDXID: SPDXRef-Package-3-aiohappyeyeballs +SPDXID: SPDXRef-3-aiohappyeyeballs PackageVersion: 2.4.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: J. Nick Koston (nick@koston.org) -PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0 +PackageDownloadLocation: https://pypi.org/project/aiohappyeyeballs/2.4.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/aiohappyeyeballs PackageChecksum: SHA1: c31b127a69bdcd7895d1a521985d918061955348 PackageLicenseDeclared: Python-2.0.1 PackageLicenseConcluded: Python-2.0.1 @@ -56,27 +59,30 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:j._nick_koston:aiohappyeyeballs:2.4.0: ##### PackageName: aiosignal -SPDXID: SPDXRef-Package-4-aiosignal +SPDXID: SPDXRef-4-aiosignal PackageVersion: 1.3.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1 +PackageDownloadLocation: https://pypi.org/project/aiosignal/1.3.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/aiosignal PackageChecksum: SHA1: 2b8907dc15f976d3747a16bd65f1681ae54249a3 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiosignal declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION +PackageSummary: aiosignal: a list of registered asynchronous callbacks ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiosignal@1.3.1 ##### PackageName: frozenlist -SPDXID: SPDXRef-Package-5-frozenlist +SPDXID: SPDXRef-5-frozenlist PackageVersion: 1.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1 +PackageDownloadLocation: https://pypi.org/project/frozenlist/1.4.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/frozenlist PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: frozenlist declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -86,12 +92,13 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/frozenlist@1.4.1 ##### PackageName: async-timeout -SPDXID: SPDXRef-Package-6-async-timeout +SPDXID: SPDXRef-6-async-timeout PackageVersion: 4.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3 +PackageDownloadLocation: https://pypi.org/project/async-timeout/4.0.3/#files FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/async-timeout PackageChecksum: SHA1: a48974404c746593f78c116faceb56a0db50309e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -103,11 +110,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:async-timeout:4.0.3:*:* ##### PackageName: attrs -SPDXID: SPDXRef-Package-7-attrs +SPDXID: SPDXRef-7-attrs PackageVersion: 24.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Hynek Schlawack (hs@ox.cx) -PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0 +PackageDownloadLocation: https://pypi.org/project/attrs/24.2.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -118,12 +125,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:hynek_schlawack:attrs:24.2.0:*:*:*:*:* ##### PackageName: multidict -SPDXID: SPDXRef-Package-8-multidict +SPDXID: SPDXRef-8-multidict PackageVersion: 6.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0 +PackageDownloadLocation: https://pypi.org/project/multidict/6.1.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/multidict PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: multidict declares Apache 2 which is not currently a valid SPDX License identifier or expression. @@ -134,11 +142,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* ##### PackageName: typing-extensions -SPDXID: SPDXRef-Package-9-typing-extensions +SPDXID: SPDXRef-9-typing-extensions PackageVersion: 4.12.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Guido van Jukka ukasz Michael (levkivskyi@gmail.com) -PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2 +PackageDownloadLocation: https://pypi.org/project/typing-extensions/4.12.2/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -149,12 +157,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e ##### PackageName: yarl -SPDXID: SPDXRef-Package-10-yarl +SPDXID: SPDXRef-10-yarl PackageVersion: 1.11.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.11.1 +PackageDownloadLocation: https://pypi.org/project/yarl/1.11.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -164,11 +173,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.11.1:*:*:*:*:*:* ##### PackageName: idna -SPDXID: SPDXRef-Package-11-idna +SPDXID: SPDXRef-11-idna PackageVersion: 3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kim Davies (kim+pypi@gumleaf.org) -PackageDownloadLocation: https://pypi.org/project/idna/3.10 +PackageDownloadLocation: https://pypi.org/project/idna/3.10/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -179,12 +188,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### PackageName: beautifulsoup4 -SPDXID: SPDXRef-Package-12-beautifulsoup4 +SPDXID: SPDXRef-12-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) -PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3 +PackageDownloadLocation: https://pypi.org/project/beautifulsoup4/4.12.3/#files FilesAnalyzed: false +PackageHomePage: https://www.crummy.com/software/BeautifulSoup/bs4/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: MIT PackageLicenseComments: beautifulsoup4 declares MIT License which is not currently a valid SPDX License identifier or expression. @@ -195,12 +205,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-Package-13-soupsieve +SPDXID: SPDXRef-13-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Isaac Muse (use@gmail.com) -PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6 +PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) +PackageDownloadLocation: https://pypi.org/project/soupsieve/2.6/#files FilesAnalyzed: false +PackageHomePage: https://github.com/facelessuser/soupsieve PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -210,12 +221,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-Package-14-cvss +SPDXID: SPDXRef-14-cvss PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) -PackageDownloadLocation: https://pypi.org/project/cvss/3.2 +PackageDownloadLocation: https://pypi.org/project/cvss/3.2/#files FilesAnalyzed: false +PackageHomePage: https://github.com/RedHatProductSecurity/cvss PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: LGPL-3.0-or-later PackageLicenseComments: cvss declares LGPLv3+ which is not currently a valid SPDX License identifier or expression. @@ -226,12 +238,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-Package-15-defusedxml +SPDXID: SPDXRef-15-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) -PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1 +PackageDownloadLocation: https://pypi.org/project/defusedxml/0.7.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/tiran/defusedxml PackageChecksum: SHA1: ebff1b493751e2f0775314bdd4188d64f07ea184 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: PSF-2.0 @@ -243,12 +256,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-Package-16-distro +SPDXID: SPDXRef-16-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) -PackageDownloadLocation: https://pypi.org/project/distro/1.9.0 +PackageDownloadLocation: https://pypi.org/project/distro/1.9.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/python-distro/distro PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: distro declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. @@ -259,12 +273,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-Package-17-filetype +SPDXID: SPDXRef-17-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) -PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0 +PackageDownloadLocation: https://pypi.org/project/filetype/1.2.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/h2non/filetype.py PackageChecksum: SHA1: 4e247fe2184c692e3b05fb5aafbe3d83cffc7585 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -275,12 +290,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-Package-18-gsutil +SPDXID: SPDXRef-18-gsutil PackageVersion: 5.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.30 +PackageDownloadLocation: https://pypi.org/project/gsutil/5.30/#files FilesAnalyzed: false +PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. @@ -291,12 +307,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-Package-19-argcomplete +SPDXID: SPDXRef-19-argcomplete PackageVersion: 3.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.0 +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/kislyuk/argcomplete PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. @@ -307,12 +324,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-Package-20-crcmod +SPDXID: SPDXRef-20-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) -PackageDownloadLocation: https://pypi.org/project/crcmod/1.7 +PackageDownloadLocation: https://pypi.org/project/crcmod/1.7/#files FilesAnalyzed: false +PackageHomePage: http://crcmod.sourceforge.net/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -322,12 +340,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-Package-21-fasteners +SPDXID: SPDXRef-21-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow -PackageDownloadLocation: https://pypi.org/project/fasteners/0.19 +PackageDownloadLocation: https://pypi.org/project/fasteners/0.19/#files FilesAnalyzed: false +PackageHomePage: https://github.com/harlowja/fasteners PackageChecksum: SHA1: 06c3f06cab4e135b8d921932019a231c180eb9f4 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 @@ -338,12 +357,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-Package-22-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-22-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) -PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2 +PackageDownloadLocation: https://pypi.org/project/gcs-oauth2-boto-plugin/3.2/#files FilesAnalyzed: false +PackageHomePage: https://developers.google.com/storage/docs/gspythonlibrary PackageChecksum: SHA1: 7dfa0149811e5617fe1428f692a18ab8b8c31ddb PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -355,12 +375,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-Package-23-boto +SPDXID: SPDXRef-23-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) -PackageDownloadLocation: https://pypi.org/project/boto/2.49.0 +PackageDownloadLocation: https://pypi.org/project/boto/2.49.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/boto/boto/ PackageChecksum: SHA1: 8fac1878734c5ac085b781f619c70ea4b6e913c3 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -371,12 +392,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-Package-24-google-auth +SPDXID: SPDXRef-24-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0 +PackageDownloadLocation: https://pypi.org/project/google-auth/2.17.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/googleapis/google-auth-library-python PackageChecksum: SHA1: f07e441fcd47f3ac16a5e59d5de5f38e7f602243 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -388,12 +410,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-Package-25-cachetools +SPDXID: SPDXRef-25-cachetools PackageVersion: 5.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) -PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0 +PackageDownloadLocation: https://pypi.org/project/cachetools/5.5.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/tkem/cachetools/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -403,12 +426,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-Package-26-pyasn1-modules +SPDXID: SPDXRef-26-pyasn1-modules PackageVersion: 0.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1 +PackageDownloadLocation: https://pypi.org/project/pyasn1-modules/0.4.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/pyasn1/pyasn1-modules PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: pyasn1-modules declares BSD which is not currently a valid SPDX License identifier or expression. @@ -419,12 +443,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-Package-27-pyasn1 +SPDXID: SPDXRef-27-pyasn1 PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1 +PackageDownloadLocation: https://pypi.org/project/pyasn1/0.6.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/pyasn1/pyasn1 PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause PackageCopyrightText: NOASSERTION @@ -434,12 +459,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-Package-28-rsa +SPDXID: SPDXRef-28-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) -PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2 +PackageDownloadLocation: https://pypi.org/project/rsa/4.7.2/#files FilesAnalyzed: false +PackageHomePage: https://stuvel.eu/rsa PackageChecksum: SHA1: 87664078fbbd8bd1f84a9dff05bb1d673b696eaa PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -451,12 +477,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-Package-29-six +SPDXID: SPDXRef-29-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) -PackageDownloadLocation: https://pypi.org/project/six/1.16.0 +PackageDownloadLocation: https://pypi.org/project/six/1.16.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/benjaminp/six PackageChecksum: SHA1: 65486e4383f9f411da95937451205d3c7b61b9e1 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -467,28 +494,31 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-Package-30-google-auth-httplib2 +SPDXID: SPDXRef-30-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) -PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0 +PackageDownloadLocation: https://pypi.org/project/google-auth-httplib2/0.2.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/GoogleCloudPlatform/google-auth-library-python-httplib2 PackageChecksum: SHA1: 932ac88800dd6de004c1bd59867831ccf033f031 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: google-auth-httplib2 declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION +PackageSummary: Google Authentication Library: httplib2 transport ExternalRef: PACKAGE_MANAGER purl pkg:pypi/google-auth-httplib2@0.2.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-httplib2:0.2.0:*:*:*:*:*:*:* ##### PackageName: httplib2 -SPDXID: SPDXRef-Package-31-httplib2 +SPDXID: SPDXRef-31-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) -PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4 +PackageDownloadLocation: https://pypi.org/project/httplib2/0.20.4/#files FilesAnalyzed: false +PackageHomePage: https://github.com/httplib2/httplib2 PackageChecksum: SHA1: 9d4501760c8ac66326d672ab5c94737d3d690ca4 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -499,12 +529,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-Package-32-pyparsing +SPDXID: SPDXRef-32-pyparsing PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4 +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4/#files FilesAnalyzed: false +PackageHomePage: https://github.com/pyparsing/pyparsing/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -514,12 +545,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-Package-33-google-reauth +SPDXID: SPDXRef-33-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) -PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1 +PackageDownloadLocation: https://pypi.org/project/google-reauth/0.1.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/Google/google-reauth-python PackageChecksum: SHA1: 4b2569e9b515fbe70523abcbdc7d736066ad531b PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -531,12 +563,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-Package-34-pyu2f +SPDXID: SPDXRef-34-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) -PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5 +PackageDownloadLocation: https://pypi.org/project/pyu2f/0.1.5/#files FilesAnalyzed: false +PackageHomePage: https://github.com/google/pyu2f/ PackageChecksum: SHA1: ca500df041b953b4048b2ed2a8e3294ff9ed6abe PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -548,12 +581,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-Package-35-oauth2client +SPDXID: SPDXRef-35-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) -PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3 +PackageDownloadLocation: https://pypi.org/project/oauth2client/4.1.3/#files FilesAnalyzed: false +PackageHomePage: http://github.com/google/oauth2client/ PackageChecksum: SHA1: 50d20532a748f18e53f7d24ccbe6647132c979a9 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -565,12 +599,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-Package-36-pyopenssl +SPDXID: SPDXRef-36-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1 +PackageDownloadLocation: https://pypi.org/project/pyopenssl/24.2.1/#files FilesAnalyzed: false +PackageHomePage: https://pyopenssl.org/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: pyopenssl declares Apache License, Version 2.0 which is not currently a valid SPDX License identifier or expression. @@ -581,12 +616,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-Package-37-cryptography +SPDXID: SPDXRef-37-cryptography PackageVersion: 43.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1 +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION @@ -596,12 +632,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-Package-38-cffi +SPDXID: SPDXRef-38-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) -PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1 +PackageDownloadLocation: https://pypi.org/project/cffi/1.17.1/#files FilesAnalyzed: false +PackageHomePage: http://cffi.readthedocs.org PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -611,12 +648,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:* ##### PackageName: pycparser -SPDXID: SPDXRef-Package-39-pycparser +SPDXID: SPDXRef-39-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pycparser/2.22 +PackageDownloadLocation: https://pypi.org/project/pycparser/2.22/#files FilesAnalyzed: false +PackageHomePage: https://github.com/eliben/pycparser PackageChecksum: SHA1: 129d32ef805d715d90a3b2035b13168c17ca63d2 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause @@ -627,12 +665,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-Package-40-retry-decorator +SPDXID: SPDXRef-40-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) -PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1 +PackageDownloadLocation: https://pypi.org/project/retry-decorator/1.1.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/pnpnpn/retry-decorator PackageChecksum: SHA1: f60f88b5baf9ca4a4fbd5a6345b3a5db66d66349 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -643,12 +682,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-Package-41-google-apitools +SPDXID: SPDXRef-41-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) -PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32 +PackageDownloadLocation: https://pypi.org/project/google-apitools/0.5.32/#files FilesAnalyzed: false +PackageHomePage: http://github.com/google/apitools PackageChecksum: SHA1: 816fb1ff4425e765c5e4e53b7ca648107ca714d1 PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -660,12 +700,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-Package-42-monotonic +SPDXID: SPDXRef-42-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) -PackageDownloadLocation: https://pypi.org/project/monotonic/1.6 +PackageDownloadLocation: https://pypi.org/project/monotonic/1.6/#files FilesAnalyzed: false +PackageHomePage: https://github.com/atdt/monotonic PackageChecksum: SHA1: 80681f6604e136e513550342f977edb98f5fc5ad PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -677,11 +718,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-Package-43-jinja2 +SPDXID: SPDXRef-43-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4 +PackageDownloadLocation: https://pypi.org/project/jinja2/3.1.4/#files FilesAnalyzed: false PackageChecksum: SHA1: dd4a8b5466d8790540c181590b14db4d4d889d57 PackageLicenseDeclared: NOASSERTION @@ -692,12 +733,13 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-Package-44-markupsafe +SPDXID: SPDXRef-44-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5 +PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5/#files FilesAnalyzed: false +PackageHomePage: https://palletsprojects.com/p/markupsafe/ PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 PackageLicenseDeclared: BSD-3-Clause PackageLicenseConcluded: BSD-3-Clause @@ -707,12 +749,13 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-Package-45-jsonschema +SPDXID: SPDXRef-45-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0 +PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) +PackageDownloadLocation: https://pypi.org/project/jsonschema/4.23.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/python-jsonschema/jsonschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -722,12 +765,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-Package-46-jsonschema-specifications +SPDXID: SPDXRef-46-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1 +PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com) +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -738,12 +782,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-Package-47-referencing +SPDXID: SPDXRef-47-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1 +PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) +PackageDownloadLocation: https://pypi.org/project/referencing/0.35.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/python-jsonschema/referencing PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION @@ -753,12 +798,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-Package-48-rpds-py +SPDXID: SPDXRef-48-rpds-py PackageVersion: 0.20.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Julian Berman -PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0 +PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) +PackageDownloadLocation: https://pypi.org/project/rpds-py/0.20.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/crate-py/rpds PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -768,27 +814,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-Package-49-lib4sbom -PackageVersion: 0.7.4 +SPDXID: SPDXRef-49-lib4sbom +PackageVersion: 0.7.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.4 +PackageDownloadLocation: https://pypi.org/project/lib4sbom/0.7.5/#files FilesAnalyzed: false +PackageHomePage: https://github.com/anthonyharrison/lib4sbom PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Software Bill of Material (SBOM) generator and consumer library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/lib4sbom@0.7.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*:*:*:*:* ##### PackageName: pyyaml -SPDXID: SPDXRef-Package-50-pyyaml +SPDXID: SPDXRef-50-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) -PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2 +PackageDownloadLocation: https://pypi.org/project/pyyaml/6.0.2/#files FilesAnalyzed: false +PackageHomePage: https://pyyaml.org/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -798,12 +846,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-Package-51-semantic-version +SPDXID: SPDXRef-51-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) -PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0 +PackageDownloadLocation: https://pypi.org/project/semantic-version/2.10.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/rbarrois/python-semanticversion PackageChecksum: SHA1: e49b5b065b845cd7798c0219e0fa8986c75f6a4a PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause @@ -815,12 +864,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-Package-52-lib4vex +SPDXID: SPDXRef-52-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0 +PackageDownloadLocation: https://pypi.org/project/lib4vex/0.2.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/anthonyharrison/lib4vex PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION @@ -830,12 +880,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-Package-53-csaf-tool +SPDXID: SPDXRef-53-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) -PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2 +PackageDownloadLocation: https://pypi.org/project/csaf-tool/0.3.2/#files FilesAnalyzed: false +PackageHomePage: https://github.com/anthonyharrison/csaf PackageChecksum: SHA1: 4decb1ba24c5832955056fe3c2b0213be034c5f4 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -846,12 +897,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-Package-54-packageurl-python +SPDXID: SPDXRef-54-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors -PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6 +PackageDownloadLocation: https://pypi.org/project/packageurl-python/0.15.6/#files FilesAnalyzed: false +PackageHomePage: https://github.com/package-url/packageurl-python PackageChecksum: SHA1: 14a11b50ab723796888133d3722b5b3e2845b084 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -862,12 +914,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-Package-55-rich +SPDXID: SPDXRef-55-rich PackageVersion: 13.8.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rich/13.8.1 +PackageDownloadLocation: https://pypi.org/project/rich/13.8.1/#files FilesAnalyzed: false +PackageHomePage: https://github.com/Textualize/rich PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -877,12 +930,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.8.1:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-Package-56-markdown-it-py +SPDXID: SPDXRef-56-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) -PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0 +PackageDownloadLocation: https://pypi.org/project/markdown-it-py/3.0.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/executablebooks/markdown-it-py PackageChecksum: SHA1: bee6d1953be75717a3f2f6a917da6f464bed421d PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -893,12 +947,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-Package-57-mdurl +SPDXID: SPDXRef-57-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) -PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2 +PackageDownloadLocation: https://pypi.org/project/mdurl/0.1.2/#files FilesAnalyzed: false +PackageHomePage: https://github.com/executablebooks/mdurl PackageChecksum: SHA1: 596bf1c8752de45fa576a52c315d6d8cc5bb1a4e PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -909,12 +964,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-Package-58-pygments +SPDXID: SPDXRef-58-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) -PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0 +PackageDownloadLocation: https://pypi.org/project/pygments/2.18.0/#files FilesAnalyzed: false +PackageHomePage: https://pygments.org PackageChecksum: SHA1: d7d11f6e6d3aa97805215c1cc833ea5f0ef1fcbb PackageLicenseDeclared: BSD-2-Clause PackageLicenseConcluded: BSD-2-Clause @@ -925,11 +981,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-Package-59-packaging +SPDXID: SPDXRef-59-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) -PackageDownloadLocation: https://pypi.org/project/packaging/24.1 +PackageDownloadLocation: https://pypi.org/project/packaging/24.1/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -940,12 +996,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-Package-60-plotly +SPDXID: SPDXRef-60-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) -PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1 +PackageDownloadLocation: https://pypi.org/project/plotly/5.24.1/#files FilesAnalyzed: false +PackageHomePage: https://plotly.com/python/ PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -955,12 +1012,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-Package-61-tenacity +SPDXID: SPDXRef-61-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) -PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0 +PackageDownloadLocation: https://pypi.org/project/tenacity/9.0.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/jd/tenacity PackageChecksum: SHA1: a662bbb487cd6d34541824589f8e8c7a1f7791bb PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: Apache-2.0 @@ -972,29 +1030,30 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-Package-62-python-gnupg -PackageVersion: 0.5.2 +SPDXID: SPDXRef-62-python-gnupg +PackageVersion: 0.5.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) -PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.2 +PackageDownloadLocation: https://pypi.org/project/python-gnupg/0.5.3/#files FilesAnalyzed: false -PackageChecksum: SHA1: cda862f8b31c2678d5691ee55797a1cf6d44fe42 +PackageHomePage: https://github.com/vsajip/python-gnupg PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: python-gnupg declares BSD which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/python-gnupg@0.5.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-Package-63-requests +SPDXID: SPDXRef-63-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) -PackageDownloadLocation: https://pypi.org/project/requests/2.32.3 +PackageDownloadLocation: https://pypi.org/project/requests/2.32.3/#files FilesAnalyzed: false +PackageHomePage: https://requests.readthedocs.io PackageChecksum: SHA1: 0e322af87745eff34caffe4df68456ebc20d9068 PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 @@ -1005,12 +1064,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-Package-64-certifi +SPDXID: SPDXRef-64-certifi PackageVersion: 2024.8.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) -PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30 +PackageDownloadLocation: https://pypi.org/project/certifi/2024.8.30/#files FilesAnalyzed: false +PackageHomePage: https://github.com/certifi/python-certifi PackageLicenseDeclared: MPL-2.0 PackageLicenseConcluded: MPL-2.0 PackageCopyrightText: NOASSERTION @@ -1020,12 +1080,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*: ##### PackageName: charset-normalizer -SPDXID: SPDXRef-Package-65-charset-normalizer +SPDXID: SPDXRef-65-charset-normalizer PackageVersion: 3.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) -PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2 +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2/#files FilesAnalyzed: false +PackageHomePage: https://github.com/Ousret/charset_normalizer PackageChecksum: SHA1: 79dce4857914fead2ffe55eb787cad6d5cf14643 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -1036,11 +1097,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:* ##### PackageName: urllib3 -SPDXID: SPDXRef-Package-66-urllib3 +SPDXID: SPDXRef-66-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) -PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3 +PackageDownloadLocation: https://pypi.org/project/urllib3/2.2.3/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -1051,12 +1112,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-Package-67-rpmfile +SPDXID: SPDXRef-67-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) -PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0 +PackageDownloadLocation: https://pypi.org/project/rpmfile/2.1.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/srossross/rpmfile PackageChecksum: SHA1: 4cd4ae2bd191d3489c95dfa540da14585670adb5 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -1067,27 +1129,28 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### PackageName: setuptools -SPDXID: SPDXRef-Package-68-setuptools -PackageVersion: 75.0.0 +SPDXID: SPDXRef-68-setuptools +PackageVersion: 75.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.0.0 +PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.0.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.0.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:* ##### PackageName: toml -SPDXID: SPDXRef-Package-69-toml +SPDXID: SPDXRef-69-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) -PackageDownloadLocation: https://pypi.org/project/toml/0.10.2 +PackageDownloadLocation: https://pypi.org/project/toml/0.10.2/#files FilesAnalyzed: false +PackageHomePage: https://github.com/uiri/toml PackageChecksum: SHA1: 3f637dba5f68db63d4b30967fedda51c82459471 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT @@ -1098,27 +1161,29 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-Package-70-xmlschema -PackageVersion: 3.4.1 +SPDXID: SPDXRef-70-xmlschema +PackageVersion: 3.4.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.1 +PackageDownloadLocation: https://pypi.org/project/xmlschema/3.4.2/#files FilesAnalyzed: false +PackageHomePage: https://github.com/sissaschool/xmlschema PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: An XML Schema validator and decoder -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/xmlschema@3.4.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-Package-71-elementpath +SPDXID: SPDXRef-71-elementpath PackageVersion: 4.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) -PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0 +PackageDownloadLocation: https://pypi.org/project/elementpath/4.5.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/sissaschool/elementpath PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION @@ -1128,11 +1193,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:* ##### PackageName: zipp -SPDXID: SPDXRef-Package-72-zipp +SPDXID: SPDXRef-72-zipp PackageVersion: 3.20.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) -PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2 +PackageDownloadLocation: https://pypi.org/project/zipp/3.20.2/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION @@ -1143,12 +1208,13 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-Package-73-zstandard +SPDXID: SPDXRef-73-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) -PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0 +PackageDownloadLocation: https://pypi.org/project/zstandard/0.23.0/#files FilesAnalyzed: false +PackageHomePage: https://github.com/indygreg/python-zstandard PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: BSD-3-Clause PackageLicenseComments: zstandard declares BSD which is not currently a valid SPDX License identifier or expression. @@ -1158,113 +1224,113 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-1-cve-bin-tool -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-12-beautifulsoup4 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-14-cvss -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-15-defusedxml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-16-distro -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-17-filetype -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-18-gsutil -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-2-aiohttp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-43-jinja2 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-45-jsonschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-49-lib4sbom -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-50-pyyaml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-52-lib4vex -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-54-packageurl-python -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-55-rich -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-59-packaging -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-60-plotly -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-62-python-gnupg -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-63-requests -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-66-urllib3 -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-67-rpmfile -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-68-setuptools -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-69-toml -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-70-xmlschema -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-72-zipp -Relationship: SPDXRef-Package-1-cve-bin-tool DEPENDS_ON SPDXRef-Package-73-zstandard -Relationship: SPDXRef-Package-10-yarl DEPENDS_ON SPDXRef-Package-11-idna -Relationship: SPDXRef-Package-10-yarl DEPENDS_ON SPDXRef-Package-8-multidict -Relationship: SPDXRef-Package-12-beautifulsoup4 DEPENDS_ON SPDXRef-Package-13-soupsieve -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-19-argcomplete -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-20-crcmod -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-21-fasteners -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-22-gcs-oauth2-boto-plugin -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-24-google-auth -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-29-six -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-30-google-auth-httplib2 -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-31-httplib2 -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-33-google-reauth -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-36-pyopenssl -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-40-retry-decorator -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-41-google-apitools -Relationship: SPDXRef-Package-18-gsutil DEPENDS_ON SPDXRef-Package-42-monotonic -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-10-yarl -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-3-aiohappyeyeballs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-4-aiosignal -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-5-frozenlist -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-6-async-timeout -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-7-attrs -Relationship: SPDXRef-Package-2-aiohttp DEPENDS_ON SPDXRef-Package-8-multidict -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-23-boto -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-24-google-auth -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-28-rsa -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-29-six -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-30-google-auth-httplib2 -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-31-httplib2 -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-33-google-reauth -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-35-oauth2client -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-36-pyopenssl -Relationship: SPDXRef-Package-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-Package-40-retry-decorator -Relationship: SPDXRef-Package-24-google-auth DEPENDS_ON SPDXRef-Package-25-cachetools -Relationship: SPDXRef-Package-24-google-auth DEPENDS_ON SPDXRef-Package-26-pyasn1-modules -Relationship: SPDXRef-Package-24-google-auth DEPENDS_ON SPDXRef-Package-28-rsa -Relationship: SPDXRef-Package-24-google-auth DEPENDS_ON SPDXRef-Package-29-six -Relationship: SPDXRef-Package-26-pyasn1-modules DEPENDS_ON SPDXRef-Package-27-pyasn1 -Relationship: SPDXRef-Package-28-rsa DEPENDS_ON SPDXRef-Package-27-pyasn1 -Relationship: SPDXRef-Package-30-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-24-google-auth -Relationship: SPDXRef-Package-30-google-auth-httplib2 DEPENDS_ON SPDXRef-Package-31-httplib2 -Relationship: SPDXRef-Package-31-httplib2 DEPENDS_ON SPDXRef-Package-32-pyparsing -Relationship: SPDXRef-Package-33-google-reauth DEPENDS_ON SPDXRef-Package-34-pyu2f -Relationship: SPDXRef-Package-34-pyu2f DEPENDS_ON SPDXRef-Package-29-six -Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-26-pyasn1-modules -Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-27-pyasn1 -Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-28-rsa -Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-29-six -Relationship: SPDXRef-Package-35-oauth2client DEPENDS_ON SPDXRef-Package-31-httplib2 -Relationship: SPDXRef-Package-36-pyopenssl DEPENDS_ON SPDXRef-Package-37-cryptography -Relationship: SPDXRef-Package-37-cryptography DEPENDS_ON SPDXRef-Package-38-cffi -Relationship: SPDXRef-Package-38-cffi DEPENDS_ON SPDXRef-Package-39-pycparser -Relationship: SPDXRef-Package-4-aiosignal DEPENDS_ON SPDXRef-Package-5-frozenlist -Relationship: SPDXRef-Package-41-google-apitools DEPENDS_ON SPDXRef-Package-21-fasteners -Relationship: SPDXRef-Package-41-google-apitools DEPENDS_ON SPDXRef-Package-29-six -Relationship: SPDXRef-Package-41-google-apitools DEPENDS_ON SPDXRef-Package-31-httplib2 -Relationship: SPDXRef-Package-41-google-apitools DEPENDS_ON SPDXRef-Package-35-oauth2client -Relationship: SPDXRef-Package-43-jinja2 DEPENDS_ON SPDXRef-Package-44-markupsafe -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-46-jsonschema-specifications -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-47-referencing -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-48-rpds-py -Relationship: SPDXRef-Package-45-jsonschema DEPENDS_ON SPDXRef-Package-7-attrs -Relationship: SPDXRef-Package-46-jsonschema-specifications DEPENDS_ON SPDXRef-Package-47-referencing -Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-48-rpds-py -Relationship: SPDXRef-Package-47-referencing DEPENDS_ON SPDXRef-Package-7-attrs -Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-15-defusedxml -Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-50-pyyaml -Relationship: SPDXRef-Package-49-lib4sbom DEPENDS_ON SPDXRef-Package-51-semantic-version -Relationship: SPDXRef-Package-52-lib4vex DEPENDS_ON SPDXRef-Package-49-lib4sbom -Relationship: SPDXRef-Package-52-lib4vex DEPENDS_ON SPDXRef-Package-53-csaf-tool -Relationship: SPDXRef-Package-52-lib4vex DEPENDS_ON SPDXRef-Package-54-packageurl-python -Relationship: SPDXRef-Package-53-csaf-tool DEPENDS_ON SPDXRef-Package-54-packageurl-python -Relationship: SPDXRef-Package-53-csaf-tool DEPENDS_ON SPDXRef-Package-55-rich -Relationship: SPDXRef-Package-55-rich DEPENDS_ON SPDXRef-Package-56-markdown-it-py -Relationship: SPDXRef-Package-55-rich DEPENDS_ON SPDXRef-Package-58-pygments -Relationship: SPDXRef-Package-56-markdown-it-py DEPENDS_ON SPDXRef-Package-57-mdurl -Relationship: SPDXRef-Package-60-plotly DEPENDS_ON SPDXRef-Package-59-packaging -Relationship: SPDXRef-Package-60-plotly DEPENDS_ON SPDXRef-Package-61-tenacity -Relationship: SPDXRef-Package-63-requests DEPENDS_ON SPDXRef-Package-11-idna -Relationship: SPDXRef-Package-63-requests DEPENDS_ON SPDXRef-Package-64-certifi -Relationship: SPDXRef-Package-63-requests DEPENDS_ON SPDXRef-Package-65-charset-normalizer -Relationship: SPDXRef-Package-63-requests DEPENDS_ON SPDXRef-Package-66-urllib3 -Relationship: SPDXRef-Package-70-xmlschema DEPENDS_ON SPDXRef-Package-71-elementpath -Relationship: SPDXRef-Package-8-multidict DEPENDS_ON SPDXRef-Package-9-typing-extensions +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-12-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-distro +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-43-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-lib4sbom +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-50-pyyaml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-lib4vex +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-rich +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-requests +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-rpmfile +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-setuptools +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-toml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-zipp +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-zstandard +Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict +Relationship: SPDXRef-12-beautifulsoup4 DEPENDS_ON SPDXRef-13-soupsieve +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-19-argcomplete +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-20-crcmod +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-21-fasteners +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-22-gcs-oauth2-boto-plugin +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-24-google-auth +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-30-google-auth-httplib2 +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-33-google-reauth +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-41-google-apitools +Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-42-monotonic +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-boto +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-google-auth +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-rsa +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-google-auth-httplib2 +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-google-reauth +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-oauth2client +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl +Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator +Relationship: SPDXRef-24-google-auth DEPENDS_ON SPDXRef-25-cachetools +Relationship: SPDXRef-24-google-auth DEPENDS_ON SPDXRef-26-pyasn1-modules +Relationship: SPDXRef-24-google-auth DEPENDS_ON SPDXRef-28-rsa +Relationship: SPDXRef-24-google-auth DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-26-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-28-rsa DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-30-google-auth-httplib2 DEPENDS_ON SPDXRef-24-google-auth +Relationship: SPDXRef-30-google-auth-httplib2 DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-31-httplib2 DEPENDS_ON SPDXRef-32-pyparsing +Relationship: SPDXRef-33-google-reauth DEPENDS_ON SPDXRef-34-pyu2f +Relationship: SPDXRef-34-pyu2f DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-26-pyasn1-modules +Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-27-pyasn1 +Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-28-rsa +Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography +Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi +Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser +Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist +Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-21-fasteners +Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-29-six +Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-31-httplib2 +Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-35-oauth2client +Relationship: SPDXRef-43-jinja2 DEPENDS_ON SPDXRef-44-markupsafe +Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-46-jsonschema-specifications +Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-47-referencing +Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-48-rpds-py +Relationship: SPDXRef-45-jsonschema DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-46-jsonschema-specifications DEPENDS_ON SPDXRef-47-referencing +Relationship: SPDXRef-47-referencing DEPENDS_ON SPDXRef-48-rpds-py +Relationship: SPDXRef-47-referencing DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-15-defusedxml +Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-50-pyyaml +Relationship: SPDXRef-49-lib4sbom DEPENDS_ON SPDXRef-51-semantic-version +Relationship: SPDXRef-52-lib4vex DEPENDS_ON SPDXRef-49-lib4sbom +Relationship: SPDXRef-52-lib4vex DEPENDS_ON SPDXRef-53-csaf-tool +Relationship: SPDXRef-52-lib4vex DEPENDS_ON SPDXRef-54-packageurl-python +Relationship: SPDXRef-53-csaf-tool DEPENDS_ON SPDXRef-54-packageurl-python +Relationship: SPDXRef-53-csaf-tool DEPENDS_ON SPDXRef-55-rich +Relationship: SPDXRef-55-rich DEPENDS_ON SPDXRef-56-markdown-it-py +Relationship: SPDXRef-55-rich DEPENDS_ON SPDXRef-58-pygments +Relationship: SPDXRef-56-markdown-it-py DEPENDS_ON SPDXRef-57-mdurl +Relationship: SPDXRef-60-plotly DEPENDS_ON SPDXRef-59-packaging +Relationship: SPDXRef-60-plotly DEPENDS_ON SPDXRef-61-tenacity +Relationship: SPDXRef-63-requests DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-63-requests DEPENDS_ON SPDXRef-64-certifi +Relationship: SPDXRef-63-requests DEPENDS_ON SPDXRef-65-charset-normalizer +Relationship: SPDXRef-63-requests DEPENDS_ON SPDXRef-66-urllib3 +Relationship: SPDXRef-70-xmlschema DEPENDS_ON SPDXRef-71-elementpath +Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool