From 28a4dd4aee9411bbcdd66c8827db8237d73c8db4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 09:51:36 -0700 Subject: [PATCH 1/5] chore: update SBOM for Python 3.8 (#4518) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 20 ++++++++++---------- sbom/cve-bin-tool-py3.8.spdx | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index c9e2fd66cc..a664a2838d 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:83ff8d54-242d-458c-bf11-2b5ea6e02d5c", + "serialNumber": "urn:uuid:bc112257-5e89-4898-95bc-ba411056a8d5", "version": 1, "metadata": { - "timestamp": "2024-10-14T00:41:41Z", + "timestamp": "2024-10-21T00:38:42Z", "lifecycles": [ { "phase": "build" @@ -1865,7 +1865,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "43.0.1", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1874,7 +1874,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1888,12 +1888,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.1/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.1", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -3564,7 +3564,7 @@ "type": "library", "bom-ref": "73-setuptools", "name": "setuptools", - "version": "75.1.0", + "version": "75.2.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3573,16 +3573,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.1.0/#files", + "url": "https://pypi.org/project/setuptools/75.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.1.0", + "purl": "pkg:pypi/setuptools@75.2.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index 867ffd8108..87e23e8dac 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0c7d24a8-300c-48d3-bd3c-d8512d945bd4 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-31326d6d-bbe6-44f9-b106-9f12af5fb249 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-14T00:39:45Z +Created: 2024-10-21T00:37:49Z CreatorComment: This document has been automatically generated. ##### @@ -632,18 +632,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 43.0.1 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -1208,17 +1208,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-73-setuptools -PackageVersion: 75.1.0 +PackageVersion: 75.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* ##### PackageName: toml From 19583aa75848908a60862a6864e16a3ac13472f8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 10:07:27 -0700 Subject: [PATCH 2/5] chore: update SBOM for Python 3.9 (#4516) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.9.json | 34 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.9.spdx | 34 +++++++++++++++++----------------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/sbom/cve-bin-tool-py3.9.json b/sbom/cve-bin-tool-py3.9.json index 776edb7529..79f4383c38 100644 --- a/sbom/cve-bin-tool-py3.9.json +++ b/sbom/cve-bin-tool-py3.9.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:830ada42-625f-4aab-a5fe-a0a3581e1e5b", + "serialNumber": "urn:uuid:446914dd-c18a-4e5a-8c75-a21664d12eb9", "version": 1, "metadata": { - "timestamp": "2024-10-14T00:40:11Z", + "timestamp": "2024-10-21T00:38:06Z", "lifecycles": [ { "phase": "build" @@ -432,7 +432,7 @@ "type": "library", "bom-ref": "10-yarl", "name": "yarl", - "version": "1.15.2", + "version": "1.15.5", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -441,7 +441,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -459,12 +459,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.2/#files", + "url": "https://pypi.org/project/yarl/1.15.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.2", + "purl": "pkg:pypi/yarl@1.15.5", "properties": [ { "name": "language", @@ -1865,7 +1865,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "43.0.1", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1874,7 +1874,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1888,12 +1888,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.1/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.1", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -2292,16 +2292,16 @@ "type": "library", "bom-ref": "47-markupsafe", "name": "markupsafe", - "version": "3.0.1", + "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", "externalReferences": [ { - "url": "https://pypi.org/project/markupsafe/3.0.1/#files", + "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@3.0.1", + "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ { "name": "language", @@ -3450,7 +3450,7 @@ "type": "library", "bom-ref": "71-setuptools", "name": "setuptools", - "version": "75.1.0", + "version": "75.2.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3459,16 +3459,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.1.0/#files", + "url": "https://pypi.org/project/setuptools/75.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.1.0", + "purl": "pkg:pypi/setuptools@75.2.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.9.spdx b/sbom/cve-bin-tool-py3.9.spdx index d7c0e8ef58..d4bb770ec9 100644 --- a/sbom/cve-bin-tool-py3.9.spdx +++ b/sbom/cve-bin-tool-py3.9.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-e4486aea-13eb-4981-be76-1677436a925a +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-fb473dd3-9d06-4045-8446-8b94d55b0135 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-14T00:39:13Z +Created: 2024-10-21T00:37:14Z CreatorComment: This document has been automatically generated. ##### @@ -157,18 +157,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: yarl SPDXID: SPDXRef-10-yarl -PackageVersion: 1.15.2 +PackageVersion: 1.15.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* ##### PackageName: idna @@ -632,18 +632,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 43.0.1 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -779,17 +779,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 PackageName: markupsafe SPDXID: SPDXRef-47-markupsafe -PackageVersion: 3.0.1 +PackageVersion: 3.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files +PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### PackageName: jsonschema @@ -1176,17 +1176,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-71-setuptools -PackageVersion: 75.1.0 +PackageVersion: 75.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* ##### PackageName: toml From 0f3021509428aafc6ab90ca20d4733bcc31d48ce Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 10:07:55 -0700 Subject: [PATCH 3/5] chore: update SBOM for Python 3.10 (#4514) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.10.json | 34 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.10.spdx | 34 +++++++++++++++++----------------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/sbom/cve-bin-tool-py3.10.json b/sbom/cve-bin-tool-py3.10.json index f479b4073c..86ec5733d2 100644 --- a/sbom/cve-bin-tool-py3.10.json +++ b/sbom/cve-bin-tool-py3.10.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:a5e0c026-91a3-4855-9af9-1ce110a8c7a6", + "serialNumber": "urn:uuid:56360034-11b1-4e31-8643-843d5a966243", "version": 1, "metadata": { - "timestamp": "2024-10-14T00:37:59Z", + "timestamp": "2024-10-21T00:38:03Z", "lifecycles": [ { "phase": "build" @@ -432,7 +432,7 @@ "type": "library", "bom-ref": "10-yarl", "name": "yarl", - "version": "1.15.2", + "version": "1.15.5", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -441,7 +441,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -459,12 +459,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.2/#files", + "url": "https://pypi.org/project/yarl/1.15.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.2", + "purl": "pkg:pypi/yarl@1.15.5", "properties": [ { "name": "language", @@ -1865,7 +1865,7 @@ "type": "library", "bom-ref": "38-cryptography", "name": "cryptography", - "version": "43.0.1", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1874,7 +1874,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1888,12 +1888,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.1/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.1", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -2224,16 +2224,16 @@ "type": "library", "bom-ref": "45-markupsafe", "name": "markupsafe", - "version": "3.0.1", + "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", "externalReferences": [ { - "url": "https://pypi.org/project/markupsafe/3.0.1/#files", + "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@3.0.1", + "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ { "name": "language", @@ -3382,7 +3382,7 @@ "type": "library", "bom-ref": "69-setuptools", "name": "setuptools", - "version": "75.1.0", + "version": "75.2.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3391,16 +3391,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.1.0/#files", + "url": "https://pypi.org/project/setuptools/75.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.1.0", + "purl": "pkg:pypi/setuptools@75.2.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.10.spdx b/sbom/cve-bin-tool-py3.10.spdx index 0f2e589a44..b90ba2c350 100644 --- a/sbom/cve-bin-tool-py3.10.spdx +++ b/sbom/cve-bin-tool-py3.10.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-ff67aa04-d128-488e-a249-c4c783ec6756 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-31c41ad2-71db-4400-b6a9-3897d659df61 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-14T00:36:51Z +Created: 2024-10-21T00:37:15Z CreatorComment: This document has been automatically generated. ##### @@ -157,18 +157,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: yarl SPDXID: SPDXRef-10-yarl -PackageVersion: 1.15.2 +PackageVersion: 1.15.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* ##### PackageName: idna @@ -632,18 +632,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. PackageName: cryptography SPDXID: SPDXRef-38-cryptography -PackageVersion: 43.0.1 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -749,17 +749,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 PackageName: markupsafe SPDXID: SPDXRef-45-markupsafe -PackageVersion: 3.0.1 +PackageVersion: 3.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files +PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### PackageName: jsonschema @@ -1146,17 +1146,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-69-setuptools -PackageVersion: 75.1.0 +PackageVersion: 75.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* ##### PackageName: toml From 31540aa11d0c09f951851579c704c3181c2731e4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 10:08:28 -0700 Subject: [PATCH 4/5] chore: update SBOM for Python 3.11 (#4517) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.11.json | 34 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.11.spdx | 34 +++++++++++++++++----------------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/sbom/cve-bin-tool-py3.11.json b/sbom/cve-bin-tool-py3.11.json index 7f7b710fd9..df44fa0767 100644 --- a/sbom/cve-bin-tool-py3.11.json +++ b/sbom/cve-bin-tool-py3.11.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:5f8b0ff8-2835-4eef-868a-1d5a08b3d324", + "serialNumber": "urn:uuid:d5e538e5-15fc-467b-9af5-fdbadcd9bc9e", "version": 1, "metadata": { - "timestamp": "2024-10-14T00:37:17Z", + "timestamp": "2024-10-21T00:38:07Z", "lifecycles": [ { "phase": "build" @@ -340,7 +340,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.15.2", + "version": "1.15.5", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -349,7 +349,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -367,12 +367,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.2/#files", + "url": "https://pypi.org/project/yarl/1.15.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.2", + "purl": "pkg:pypi/yarl@1.15.5", "properties": [ { "name": "language", @@ -1773,7 +1773,7 @@ "type": "library", "bom-ref": "36-cryptography", "name": "cryptography", - "version": "43.0.1", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1782,7 +1782,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1796,12 +1796,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.1/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.1", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -2132,16 +2132,16 @@ "type": "library", "bom-ref": "43-markupsafe", "name": "markupsafe", - "version": "3.0.1", + "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", "externalReferences": [ { - "url": "https://pypi.org/project/markupsafe/3.0.1/#files", + "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@3.0.1", + "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ { "name": "language", @@ -3290,7 +3290,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.1.0", + "version": "75.2.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3299,16 +3299,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.1.0/#files", + "url": "https://pypi.org/project/setuptools/75.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.1.0", + "purl": "pkg:pypi/setuptools@75.2.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.11.spdx b/sbom/cve-bin-tool-py3.11.spdx index d99468e1d4..27c84d6e71 100644 --- a/sbom/cve-bin-tool-py3.11.spdx +++ b/sbom/cve-bin-tool-py3.11.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-83273c1a-c2a7-4932-bcfd-c8afe2b06d17 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-a9a33c0b-ebd3-45ac-a9ec-32d3d43f6e62 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-14T00:36:22Z +Created: 2024-10-21T00:37:27Z CreatorComment: This document has been automatically generated. ##### @@ -124,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.15.2 +PackageVersion: 1.15.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* ##### PackageName: idna @@ -599,18 +599,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. PackageName: cryptography SPDXID: SPDXRef-36-cryptography -PackageVersion: 43.0.1 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -716,17 +716,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 PackageName: markupsafe SPDXID: SPDXRef-43-markupsafe -PackageVersion: 3.0.1 +PackageVersion: 3.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files +PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### PackageName: jsonschema @@ -1113,17 +1113,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.1.0 +PackageVersion: 75.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* ##### PackageName: xmlschema From 17dd10132e3b2d9b28d0272b753b035aed853a05 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 10:08:51 -0700 Subject: [PATCH 5/5] chore: update SBOM for Python 3.12 (#4515) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 34 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.12.spdx | 34 +++++++++++++++++----------------- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 8cf8aa5cc7..0eef678b0b 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:d8aac678-af82-4834-9824-7ea0ca1c5aad", + "serialNumber": "urn:uuid:0f75c410-49c3-4b71-9350-9079ef768e63", "version": 1, "metadata": { - "timestamp": "2024-10-14T00:37:36Z", + "timestamp": "2024-10-21T00:38:03Z", "lifecycles": [ { "phase": "build" @@ -340,7 +340,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.15.2", + "version": "1.15.5", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -349,7 +349,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -367,12 +367,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.15.2/#files", + "url": "https://pypi.org/project/yarl/1.15.5/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.15.2", + "purl": "pkg:pypi/yarl@1.15.5", "properties": [ { "name": "language", @@ -1773,7 +1773,7 @@ "type": "library", "bom-ref": "36-cryptography", "name": "cryptography", - "version": "43.0.1", + "version": "43.0.3", "supplier": { "name": "The cryptography developers The Python Cryptographic Authority and individual contributors", "contact": [ @@ -1782,7 +1782,7 @@ } ] }, - "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:*", "description": "cryptography is a package which provides cryptographic recipes and primitives to Python developers.", "licenses": [ { @@ -1796,12 +1796,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/cryptography/43.0.1/#files", + "url": "https://pypi.org/project/cryptography/43.0.3/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/cryptography@43.0.1", + "purl": "pkg:pypi/cryptography@43.0.3", "properties": [ { "name": "language", @@ -2132,16 +2132,16 @@ "type": "library", "bom-ref": "43-markupsafe", "name": "markupsafe", - "version": "3.0.1", + "version": "3.0.2", "description": "Safely add untrusted strings to HTML/XML markup.", "externalReferences": [ { - "url": "https://pypi.org/project/markupsafe/3.0.1/#files", + "url": "https://pypi.org/project/markupsafe/3.0.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@3.0.1", + "purl": "pkg:pypi/markupsafe@3.0.2", "properties": [ { "name": "language", @@ -3290,7 +3290,7 @@ "type": "library", "bom-ref": "67-setuptools", "name": "setuptools", - "version": "75.1.0", + "version": "75.2.0", "supplier": { "name": "Python Packaging Authority", "contact": [ @@ -3299,16 +3299,16 @@ } ] }, - "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:*", "description": "Easily download, build, install, upgrade, and uninstall Python packages", "externalReferences": [ { - "url": "https://pypi.org/project/setuptools/75.1.0/#files", + "url": "https://pypi.org/project/setuptools/75.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/setuptools@75.1.0", + "purl": "pkg:pypi/setuptools@75.2.0", "properties": [ { "name": "language", diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 7b00545fc2..ae93fe6415 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5d63da73-221d-4efd-a80c-366b2d0c9435 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-b2973599-018f-42ec-9c3a-664a3e5f75a2 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-14T00:36:36Z +Created: 2024-10-21T00:37:15Z CreatorComment: This document has been automatically generated. ##### @@ -124,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.15.2 +PackageVersion: 1.15.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.15.5/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.5 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.5:*:*:*:*:*:*:* ##### PackageName: idna @@ -599,18 +599,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. PackageName: cryptography SPDXID: SPDXRef-36-cryptography -PackageVersion: 43.0.1 +PackageVersion: 43.0.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) -PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.1/#files +PackageDownloadLocation: https://pypi.org/project/cryptography/43.0.3/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyca/cryptography PackageLicenseDeclared: Apache-2.0 OR BSD-3-Clause PackageLicenseConcluded: Apache-2.0 OR BSD-3-Clause PackageCopyrightText: NOASSERTION PackageSummary: cryptography is a package which provides cryptographic recipes and primitives to Python developers. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/cryptography@43.0.3 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python_cryptographic_authority_and_individual_contributors:cryptography:43.0.3:*:*:*:*:*:*:* ##### PackageName: cffi @@ -716,17 +716,17 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 PackageName: markupsafe SPDXID: SPDXRef-43-markupsafe -PackageVersion: 3.0.1 +PackageVersion: 3.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files +PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.2/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.1 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.2 ##### PackageName: jsonschema @@ -1113,17 +1113,17 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* PackageName: setuptools SPDXID: SPDXRef-67-setuptools -PackageVersion: 75.1.0 +PackageVersion: 75.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) -PackageDownloadLocation: https://pypi.org/project/setuptools/75.1.0/#files +PackageDownloadLocation: https://pypi.org/project/setuptools/75.2.0/#files FilesAnalyzed: false PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: Easily download, build, install, upgrade, and uninstall Python packages -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.1.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.1.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/setuptools@75.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools:75.2.0:*:*:*:*:*:*:* ##### PackageName: xmlschema