From 81a15cf607db792de731d8a334985634d0d2baac Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 13:49:21 -0700 Subject: [PATCH] chore: update SBOM for Python 3.12 (#4500) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.12.json | 534 +++++++++++++++++----------------- sbom/cve-bin-tool-py3.12.spdx | 411 +++++++++++++------------- 2 files changed, 481 insertions(+), 464 deletions(-) diff --git a/sbom/cve-bin-tool-py3.12.json b/sbom/cve-bin-tool-py3.12.json index 499314a906..8cf8aa5cc7 100644 --- a/sbom/cve-bin-tool-py3.12.json +++ b/sbom/cve-bin-tool-py3.12.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:1b080187-0b47-47eb-b27c-c519e99e3045", + "serialNumber": "urn:uuid:d8aac678-af82-4834-9824-7ea0ca1c5aad", "version": 1, "metadata": { - "timestamp": "2024-10-07T00:38:16Z", + "timestamp": "2024-10-14T00:37:36Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.9", + "version": "3.10.10", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.9/#files", + "url": "https://pypi.org/project/aiohttp/3.10.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.9", + "purl": "pkg:pypi/aiohttp@3.10.10", "properties": [ { "name": "language", @@ -340,7 +340,7 @@ "type": "library", "bom-ref": "8-yarl", "name": "yarl", - "version": "1.13.1", + "version": "1.15.2", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -349,7 +349,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -367,12 +367,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.13.1/#files", + "url": "https://pypi.org/project/yarl/1.15.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.13.1", + "purl": "pkg:pypi/yarl@1.15.2", "properties": [ { "name": "language", @@ -420,7 +420,55 @@ }, { "type": "library", - "bom-ref": "10-beautifulsoup4", + "bom-ref": "10-propcache", + "name": "propcache", + "version": "0.2.0", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/propcache", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/propcache/0.2.0/#files", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/propcache@0.2.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.12.7" + } + ] + }, + { + "type": "library", + "bom-ref": "11-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -472,7 +520,7 @@ }, { "type": "library", - "bom-ref": "11-soupsieve", + "bom-ref": "12-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -511,7 +559,7 @@ }, { "type": "library", - "bom-ref": "12-cvss", + "bom-ref": "13-cvss", "name": "cvss", "version": "3.2", "supplier": { @@ -559,7 +607,7 @@ }, { "type": "library", - "bom-ref": "13-defusedxml", + "bom-ref": "14-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -617,7 +665,7 @@ }, { "type": "library", - "bom-ref": "14-distro", + "bom-ref": "15-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -669,7 +717,7 @@ }, { "type": "library", - "bom-ref": "15-filetype", + "bom-ref": "16-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -727,9 +775,9 @@ }, { "type": "library", - "bom-ref": "16-gsutil", + "bom-ref": "17-gsutil", "name": "gsutil", - "version": "5.30", + "version": "5.31", "supplier": { "name": "Google Inc .", "contact": [ @@ -738,7 +786,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -756,12 +804,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.30/#files", + "url": "https://pypi.org/project/gsutil/5.31/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.30", + "purl": "pkg:pypi/gsutil@5.31", "properties": [ { "name": "language", @@ -775,9 +823,9 @@ }, { "type": "library", - "bom-ref": "17-argcomplete", + "bom-ref": "18-argcomplete", "name": "argcomplete", - "version": "3.5.0", + "version": "3.5.1", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -786,7 +834,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", "licenses": [ { @@ -804,12 +852,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/argcomplete/3.5.0/#files", + "url": "https://pypi.org/project/argcomplete/3.5.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.5.0", + "purl": "pkg:pypi/argcomplete@3.5.1", "properties": [ { "name": "language", @@ -823,7 +871,7 @@ }, { "type": "library", - "bom-ref": "18-crcmod", + "bom-ref": "19-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -871,7 +919,7 @@ }, { "type": "library", - "bom-ref": "19-fasteners", + "bom-ref": "20-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -920,7 +968,7 @@ }, { "type": "library", - "bom-ref": "20-gcs-oauth2-boto-plugin", + "bom-ref": "21-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -978,7 +1026,7 @@ }, { "type": "library", - "bom-ref": "21-boto", + "bom-ref": "22-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -1036,7 +1084,7 @@ }, { "type": "library", - "bom-ref": "22-google-auth", + "bom-ref": "23-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -1090,7 +1138,7 @@ }, { "type": "library", - "bom-ref": "23-cachetools", + "bom-ref": "24-cachetools", "name": "cachetools", "version": "5.5.0", "supplier": { @@ -1138,7 +1186,7 @@ }, { "type": "library", - "bom-ref": "24-pyasn1-modules", + "bom-ref": "25-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.1", "supplier": { @@ -1186,7 +1234,7 @@ }, { "type": "library", - "bom-ref": "25-pyasn1", + "bom-ref": "26-pyasn1", "name": "pyasn1", "version": "0.6.1", "supplier": { @@ -1234,7 +1282,7 @@ }, { "type": "library", - "bom-ref": "26-rsa", + "bom-ref": "27-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1292,7 +1340,7 @@ }, { "type": "library", - "bom-ref": "27-six", + "bom-ref": "28-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1350,7 +1398,7 @@ }, { "type": "library", - "bom-ref": "28-google-auth-httplib2", + "bom-ref": "29-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1408,7 +1456,7 @@ }, { "type": "library", - "bom-ref": "29-httplib2", + "bom-ref": "30-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1462,9 +1510,9 @@ }, { "type": "library", - "bom-ref": "30-pyparsing", + "bom-ref": "31-pyparsing", "name": "pyparsing", - "version": "3.1.4", + "version": "3.2.0", "supplier": { "name": "Paul McGuire", "contact": [ @@ -1473,7 +1521,7 @@ } ] }, - "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:*", "description": "pyparsing module - Classes and methods to define and execute parsing grammars", "externalReferences": [ { @@ -1482,12 +1530,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/pyparsing/3.1.4/#files", + "url": "https://pypi.org/project/pyparsing/3.2.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/pyparsing@3.1.4", + "purl": "pkg:pypi/pyparsing@3.2.0", "properties": [ { "name": "language", @@ -1501,7 +1549,7 @@ }, { "type": "library", - "bom-ref": "31-google-reauth", + "bom-ref": "32-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1559,7 +1607,7 @@ }, { "type": "library", - "bom-ref": "32-pyu2f", + "bom-ref": "33-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1617,7 +1665,7 @@ }, { "type": "library", - "bom-ref": "33-oauth2client", + "bom-ref": "34-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1675,7 +1723,7 @@ }, { "type": "library", - "bom-ref": "34-pyopenssl", + "bom-ref": "35-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1723,7 +1771,7 @@ }, { "type": "library", - "bom-ref": "35-cryptography", + "bom-ref": "36-cryptography", "name": "cryptography", "version": "43.0.1", "supplier": { @@ -1767,7 +1815,7 @@ }, { "type": "library", - "bom-ref": "36-cffi", + "bom-ref": "37-cffi", "name": "cffi", "version": "1.17.1", "supplier": { @@ -1815,7 +1863,7 @@ }, { "type": "library", - "bom-ref": "37-pycparser", + "bom-ref": "38-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1873,7 +1921,7 @@ }, { "type": "library", - "bom-ref": "38-retry-decorator", + "bom-ref": "39-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -1931,7 +1979,7 @@ }, { "type": "library", - "bom-ref": "39-google-apitools", + "bom-ref": "40-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -1989,7 +2037,7 @@ }, { "type": "library", - "bom-ref": "40-monotonic", + "bom-ref": "41-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -2047,7 +2095,7 @@ }, { "type": "library", - "bom-ref": "41-jinja2", + "bom-ref": "42-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", @@ -2082,38 +2130,18 @@ }, { "type": "library", - "bom-ref": "42-markupsafe", + "bom-ref": "43-markupsafe", "name": "markupsafe", - "version": "2.1.5", + "version": "3.0.1", "description": "Safely add untrusted strings to HTML/XML markup.", - "hashes": [ - { - "alg": "SHA-1", - "content": "fbba4acd0312826cec9cfe18371c7df07962cb65" - } - ], - "licenses": [ - { - "license": { - "id": "BSD-3-Clause", - "url": "https://opensource.org/licenses/BSD-3-Clause", - "acknowledgement": "concluded" - } - } - ], "externalReferences": [ { - "url": "https://palletsprojects.com/p/markupsafe/", - "type": "website", - "comment": "Home page for project" - }, - { - "url": "https://pypi.org/project/markupsafe/2.1.5/#files", + "url": "https://pypi.org/project/markupsafe/3.0.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/markupsafe@2.1.5", + "purl": "pkg:pypi/markupsafe@3.0.1", "properties": [ { "name": "language", @@ -2122,16 +2150,12 @@ { "name": "python_version", "value": "3.12.7" - }, - { - "name": "package_release_date", - "value": "2024-02-02T16:30:04.000Z" } ] }, { "type": "library", - "bom-ref": "43-jsonschema", + "bom-ref": "44-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -2179,9 +2203,9 @@ }, { "type": "library", - "bom-ref": "44-jsonschema-specifications", + "bom-ref": "45-jsonschema-specifications", "name": "jsonschema-specifications", - "version": "2023.12.1", + "version": "2024.10.1", "supplier": { "name": "Julian Berman", "contact": [ @@ -2190,21 +2214,12 @@ } ] }, - "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:*", "description": "The JSON Schema meta-schemas and vocabularies, exposed as a Registry", "hashes": [ { "alg": "SHA-1", - "content": "544e0ff86850af1c6d9e533c4b58b76c59542a76" - } - ], - "licenses": [ - { - "license": { - "id": "MIT", - "url": "https://opensource.org/licenses/MIT", - "acknowledgement": "concluded" - } + "content": "09f6f17a46ecf03e314df0e6fa14d57db210a549" } ], "externalReferences": [ @@ -2214,12 +2229,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/jsonschema-specifications/2023.12.1/#files", + "url": "https://pypi.org/project/jsonschema-specifications/2024.10.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/jsonschema-specifications@2023.12.1", + "purl": "pkg:pypi/jsonschema-specifications@2024.10.1", "properties": [ { "name": "language", @@ -2228,16 +2243,12 @@ { "name": "python_version", "value": "3.12.7" - }, - { - "name": "package_release_date", - "value": "2023-12-25T15:16:51.000Z" } ] }, { "type": "library", - "bom-ref": "45-referencing", + "bom-ref": "46-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -2286,7 +2297,7 @@ }, { "type": "library", - "bom-ref": "46-rpds-py", + "bom-ref": "47-rpds-py", "name": "rpds-py", "version": "0.20.0", "supplier": { @@ -2340,7 +2351,7 @@ }, { "type": "library", - "bom-ref": "47-lib4sbom", + "bom-ref": "48-lib4sbom", "name": "lib4sbom", "version": "0.7.5", "supplier": { @@ -2388,7 +2399,7 @@ }, { "type": "library", - "bom-ref": "48-pyyaml", + "bom-ref": "49-pyyaml", "name": "pyyaml", "version": "6.0.2", "supplier": { @@ -2436,7 +2447,7 @@ }, { "type": "library", - "bom-ref": "49-semantic-version", + "bom-ref": "50-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2494,7 +2505,7 @@ }, { "type": "library", - "bom-ref": "50-lib4vex", + "bom-ref": "51-lib4vex", "name": "lib4vex", "version": "0.2.0", "supplier": { @@ -2548,7 +2559,7 @@ }, { "type": "library", - "bom-ref": "51-csaf-tool", + "bom-ref": "52-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2602,7 +2613,7 @@ }, { "type": "library", - "bom-ref": "52-packageurl-python", + "bom-ref": "53-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2651,7 +2662,7 @@ }, { "type": "library", - "bom-ref": "53-rich", + "bom-ref": "54-rich", "name": "rich", "version": "13.9.2", "supplier": { @@ -2699,7 +2710,7 @@ }, { "type": "library", - "bom-ref": "54-markdown-it-py", + "bom-ref": "55-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2748,7 +2759,7 @@ }, { "type": "library", - "bom-ref": "55-mdurl", + "bom-ref": "56-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -2797,7 +2808,7 @@ }, { "type": "library", - "bom-ref": "56-pygments", + "bom-ref": "57-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -2855,7 +2866,7 @@ }, { "type": "library", - "bom-ref": "57-packaging", + "bom-ref": "58-packaging", "name": "packaging", "version": "24.1", "supplier": { @@ -2889,7 +2900,7 @@ }, { "type": "library", - "bom-ref": "58-plotly", + "bom-ref": "59-plotly", "name": "plotly", "version": "5.24.1", "supplier": { @@ -2937,7 +2948,7 @@ }, { "type": "library", - "bom-ref": "59-tenacity", + "bom-ref": "60-tenacity", "name": "tenacity", "version": "9.0.0", "supplier": { @@ -2991,7 +3002,7 @@ }, { "type": "library", - "bom-ref": "60-python-gnupg", + "bom-ref": "61-python-gnupg", "name": "python-gnupg", "version": "0.5.3", "supplier": { @@ -3039,7 +3050,7 @@ }, { "type": "library", - "bom-ref": "61-requests", + "bom-ref": "62-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -3093,7 +3104,7 @@ }, { "type": "library", - "bom-ref": "62-certifi", + "bom-ref": "63-certifi", "name": "certifi", "version": "2024.8.30", "supplier": { @@ -3141,25 +3152,19 @@ }, { "type": "library", - "bom-ref": "63-charset-normalizer", + "bom-ref": "64-charset-normalizer", "name": "charset-normalizer", - "version": "3.3.2", + "version": "3.4.0", "supplier": { "name": "Ahmed TAHRI", "contact": [ { - "email": "ahmed.tahri@cloudnursery.dev" + "email": "tahri.ahmed@proton.me" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "hashes": [ - { - "alg": "SHA-1", - "content": "79dce4857914fead2ffe55eb787cad6d5cf14643" - } - ], "licenses": [ { "license": { @@ -3176,12 +3181,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/charset-normalizer/3.3.2/#files", + "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/charset-normalizer@3.3.2", + "purl": "pkg:pypi/charset-normalizer@3.4.0", "properties": [ { "name": "language", @@ -3190,16 +3195,12 @@ { "name": "python_version", "value": "3.12.7" - }, - { - "name": "package_release_date", - "value": "2023-11-01T04:02:29.000Z" } ] }, { "type": "library", - "bom-ref": "64-urllib3", + "bom-ref": "65-urllib3", "name": "urllib3", "version": "2.2.3", "supplier": { @@ -3233,7 +3234,7 @@ }, { "type": "library", - "bom-ref": "65-rpmfile", + "bom-ref": "66-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -3287,7 +3288,7 @@ }, { "type": "library", - "bom-ref": "66-setuptools", + "bom-ref": "67-setuptools", "name": "setuptools", "version": "75.1.0", "supplier": { @@ -3321,7 +3322,7 @@ }, { "type": "library", - "bom-ref": "67-xmlschema", + "bom-ref": "68-xmlschema", "name": "xmlschema", "version": "3.4.2", "supplier": { @@ -3369,7 +3370,7 @@ }, { "type": "library", - "bom-ref": "68-elementpath", + "bom-ref": "69-elementpath", "name": "elementpath", "version": "4.5.0", "supplier": { @@ -3417,7 +3418,7 @@ }, { "type": "library", - "bom-ref": "69-zipp", + "bom-ref": "70-zipp", "name": "zipp", "version": "3.20.2", "supplier": { @@ -3451,7 +3452,7 @@ }, { "type": "library", - "bom-ref": "70-zstandard", + "bom-ref": "71-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -3509,29 +3510,29 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "10-beautifulsoup4", - "12-cvss", - "13-defusedxml", - "14-distro", - "15-filetype", - "16-gsutil", - "41-jinja2", - "43-jsonschema", - "47-lib4sbom", - "50-lib4vex", - "52-packageurl-python", - "57-packaging", - "58-plotly", - "60-python-gnupg", - "48-pyyaml", - "61-requests", - "53-rich", - "65-rpmfile", - "66-setuptools", - "64-urllib3", - "67-xmlschema", - "69-zipp", - "70-zstandard" + "11-beautifulsoup4", + "13-cvss", + "14-defusedxml", + "15-distro", + "16-filetype", + "17-gsutil", + "42-jinja2", + "44-jsonschema", + "48-lib4sbom", + "51-lib4vex", + "53-packageurl-python", + "58-packaging", + "59-plotly", + "61-python-gnupg", + "49-pyyaml", + "62-requests", + "54-rich", + "66-rpmfile", + "67-setuptools", + "65-urllib3", + "68-xmlschema", + "70-zipp", + "71-zstandard" ] }, { @@ -3555,215 +3556,216 @@ "ref": "8-yarl", "dependsOn": [ "9-idna", - "7-multidict" + "7-multidict", + "10-propcache" ] }, { - "ref": "10-beautifulsoup4", + "ref": "11-beautifulsoup4", "dependsOn": [ - "11-soupsieve" + "12-soupsieve" ] }, { - "ref": "16-gsutil", + "ref": "17-gsutil", "dependsOn": [ - "17-argcomplete", - "18-crcmod", - "19-fasteners", - "20-gcs-oauth2-boto-plugin", - "39-google-apitools", - "22-google-auth", - "28-google-auth-httplib2", - "31-google-reauth", - "29-httplib2", - "40-monotonic", - "34-pyopenssl", - "38-retry-decorator", - "27-six" - ] - }, - { - "ref": "20-gcs-oauth2-boto-plugin", + "18-argcomplete", + "19-crcmod", + "20-fasteners", + "21-gcs-oauth2-boto-plugin", + "40-google-apitools", + "23-google-auth", + "29-google-auth-httplib2", + "32-google-reauth", + "30-httplib2", + "41-monotonic", + "35-pyopenssl", + "39-retry-decorator", + "28-six" + ] + }, + { + "ref": "21-gcs-oauth2-boto-plugin", "dependsOn": [ - "21-boto", - "22-google-auth", - "28-google-auth-httplib2", - "31-google-reauth", - "29-httplib2", - "33-oauth2client", - "34-pyopenssl", - "38-retry-decorator", - "26-rsa", - "27-six" + "22-boto", + "23-google-auth", + "29-google-auth-httplib2", + "32-google-reauth", + "30-httplib2", + "34-oauth2client", + "35-pyopenssl", + "39-retry-decorator", + "27-rsa", + "28-six" ] }, { - "ref": "22-google-auth", + "ref": "23-google-auth", "dependsOn": [ - "23-cachetools", - "24-pyasn1-modules", - "26-rsa", - "27-six" + "24-cachetools", + "25-pyasn1-modules", + "27-rsa", + "28-six" ] }, { - "ref": "24-pyasn1-modules", + "ref": "25-pyasn1-modules", "dependsOn": [ - "25-pyasn1" + "26-pyasn1" ] }, { - "ref": "26-rsa", + "ref": "27-rsa", "dependsOn": [ - "25-pyasn1" + "26-pyasn1" ] }, { - "ref": "28-google-auth-httplib2", + "ref": "29-google-auth-httplib2", "dependsOn": [ - "22-google-auth", - "29-httplib2" + "23-google-auth", + "30-httplib2" ] }, { - "ref": "29-httplib2", + "ref": "30-httplib2", "dependsOn": [ - "30-pyparsing" + "31-pyparsing" ] }, { - "ref": "31-google-reauth", + "ref": "32-google-reauth", "dependsOn": [ - "32-pyu2f" + "33-pyu2f" ] }, { - "ref": "32-pyu2f", + "ref": "33-pyu2f", "dependsOn": [ - "27-six" + "28-six" ] }, { - "ref": "33-oauth2client", + "ref": "34-oauth2client", "dependsOn": [ - "29-httplib2", - "25-pyasn1", - "24-pyasn1-modules", - "26-rsa", - "27-six" + "30-httplib2", + "26-pyasn1", + "25-pyasn1-modules", + "27-rsa", + "28-six" ] }, { - "ref": "34-pyopenssl", + "ref": "35-pyopenssl", "dependsOn": [ - "35-cryptography" + "36-cryptography" ] }, { - "ref": "35-cryptography", + "ref": "36-cryptography", "dependsOn": [ - "36-cffi" + "37-cffi" ] }, { - "ref": "36-cffi", + "ref": "37-cffi", "dependsOn": [ - "37-pycparser" + "38-pycparser" ] }, { - "ref": "39-google-apitools", + "ref": "40-google-apitools", "dependsOn": [ - "19-fasteners", - "29-httplib2", - "33-oauth2client", - "27-six" + "20-fasteners", + "30-httplib2", + "34-oauth2client", + "28-six" ] }, { - "ref": "41-jinja2", + "ref": "42-jinja2", "dependsOn": [ - "42-markupsafe" + "43-markupsafe" ] }, { - "ref": "43-jsonschema", + "ref": "44-jsonschema", "dependsOn": [ "6-attrs", - "44-jsonschema-specifications", - "45-referencing", - "46-rpds-py" + "45-jsonschema-specifications", + "46-referencing", + "47-rpds-py" ] }, { - "ref": "44-jsonschema-specifications", + "ref": "45-jsonschema-specifications", "dependsOn": [ - "45-referencing" + "46-referencing" ] }, { - "ref": "45-referencing", + "ref": "46-referencing", "dependsOn": [ "6-attrs", - "46-rpds-py" + "47-rpds-py" ] }, { - "ref": "47-lib4sbom", + "ref": "48-lib4sbom", "dependsOn": [ - "13-defusedxml", - "48-pyyaml", - "49-semantic-version" + "14-defusedxml", + "49-pyyaml", + "50-semantic-version" ] }, { - "ref": "50-lib4vex", + "ref": "51-lib4vex", "dependsOn": [ - "51-csaf-tool", - "47-lib4sbom", - "52-packageurl-python" + "52-csaf-tool", + "48-lib4sbom", + "53-packageurl-python" ] }, { - "ref": "51-csaf-tool", + "ref": "52-csaf-tool", "dependsOn": [ - "52-packageurl-python", - "53-rich" + "53-packageurl-python", + "54-rich" ] }, { - "ref": "53-rich", + "ref": "54-rich", "dependsOn": [ - "54-markdown-it-py", - "56-pygments" + "55-markdown-it-py", + "57-pygments" ] }, { - "ref": "54-markdown-it-py", + "ref": "55-markdown-it-py", "dependsOn": [ - "55-mdurl" + "56-mdurl" ] }, { - "ref": "58-plotly", + "ref": "59-plotly", "dependsOn": [ - "57-packaging", - "59-tenacity" + "58-packaging", + "60-tenacity" ] }, { - "ref": "61-requests", + "ref": "62-requests", "dependsOn": [ - "62-certifi", - "63-charset-normalizer", + "63-certifi", + "64-charset-normalizer", "9-idna", - "64-urllib3" + "65-urllib3" ] }, { - "ref": "67-xmlschema", + "ref": "68-xmlschema", "dependsOn": [ - "68-elementpath" + "69-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.12.spdx b/sbom/cve-bin-tool-py3.12.spdx index 6fe85a9c3d..7b00545fc2 100644 --- a/sbom/cve-bin-tool-py3.12.spdx +++ b/sbom/cve-bin-tool-py3.12.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-f02694a3-d5df-4a14-a5a2-1122d7c905f2 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-5d63da73-221d-4efd-a80c-366b2d0c9435 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-07T00:37:22Z +Created: 2024-10-14T00:36:36Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.9 +PackageVersion: 3.10.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.9/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.9 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 ##### PackageName: aiohappyeyeballs @@ -124,18 +124,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:multidict:6.1.0:*:*:*:* PackageName: yarl SPDXID: SPDXRef-8-yarl -PackageVersion: 1.13.1 +PackageVersion: 1.15.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.13.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.13.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* ##### PackageName: idna @@ -153,8 +153,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-10-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: beautifulsoup4 -SPDXID: SPDXRef-10-beautifulsoup4 +SPDXID: SPDXRef-11-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -171,7 +187,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-11-soupsieve +SPDXID: SPDXRef-12-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) @@ -187,7 +203,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-12-cvss +SPDXID: SPDXRef-13-cvss PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -204,7 +220,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-13-defusedxml +SPDXID: SPDXRef-14-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -222,7 +238,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-14-distro +SPDXID: SPDXRef-15-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -239,7 +255,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-15-filetype +SPDXID: SPDXRef-16-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -256,11 +272,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-16-gsutil -PackageVersion: 5.30 +SPDXID: SPDXRef-17-gsutil +PackageVersion: 5.31 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.30/#files +PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION @@ -268,16 +284,16 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.30 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-17-argcomplete -PackageVersion: 3.5.0 +SPDXID: SPDXRef-18-argcomplete +PackageVersion: 3.5.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.0/#files +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete PackageLicenseDeclared: NOASSERTION @@ -285,12 +301,12 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-18-crcmod +SPDXID: SPDXRef-19-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -306,7 +322,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-19-fasteners +SPDXID: SPDXRef-20-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -323,7 +339,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-20-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-21-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -341,7 +357,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-21-boto +SPDXID: SPDXRef-22-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -358,7 +374,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-22-google-auth +SPDXID: SPDXRef-23-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -376,7 +392,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-23-cachetools +SPDXID: SPDXRef-24-cachetools PackageVersion: 5.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -392,7 +408,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-24-pyasn1-modules +SPDXID: SPDXRef-25-pyasn1-modules PackageVersion: 0.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -409,7 +425,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-25-pyasn1 +SPDXID: SPDXRef-26-pyasn1 PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -425,7 +441,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-26-rsa +SPDXID: SPDXRef-27-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -443,7 +459,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-27-six +SPDXID: SPDXRef-28-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -460,7 +476,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-28-google-auth-httplib2 +SPDXID: SPDXRef-29-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -478,7 +494,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-29-httplib2 +SPDXID: SPDXRef-30-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -495,23 +511,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-30-pyparsing -PackageVersion: 3.1.4 +SPDXID: SPDXRef-31-pyparsing +PackageVersion: 3.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) -PackageDownloadLocation: https://pypi.org/project/pyparsing/3.1.4/#files +PackageDownloadLocation: https://pypi.org/project/pyparsing/3.2.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/pyparsing/pyparsing/ PackageLicenseDeclared: NOASSERTION PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: pyparsing module - Classes and methods to define and execute parsing grammars -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.1.4 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/pyparsing@3.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.2.0:*:*:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-31-google-reauth +SPDXID: SPDXRef-32-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -529,7 +545,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-32-pyu2f +SPDXID: SPDXRef-33-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -547,7 +563,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-33-oauth2client +SPDXID: SPDXRef-34-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -565,7 +581,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-34-pyopenssl +SPDXID: SPDXRef-35-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -582,7 +598,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-35-cryptography +SPDXID: SPDXRef-36-cryptography PackageVersion: 43.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -598,7 +614,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-36-cffi +SPDXID: SPDXRef-37-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -614,7 +630,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:* ##### PackageName: pycparser -SPDXID: SPDXRef-37-pycparser +SPDXID: SPDXRef-38-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -631,7 +647,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-38-retry-decorator +SPDXID: SPDXRef-39-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -648,7 +664,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-39-google-apitools +SPDXID: SPDXRef-40-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -666,7 +682,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-40-monotonic +SPDXID: SPDXRef-41-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -684,7 +700,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: jinja2 -SPDXID: SPDXRef-41-jinja2 +SPDXID: SPDXRef-42-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -699,23 +715,22 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-42-markupsafe -PackageVersion: 2.1.5 +SPDXID: SPDXRef-43-markupsafe +PackageVersion: 3.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/markupsafe/2.1.5/#files +PackageDownloadLocation: https://pypi.org/project/markupsafe/3.0.1/#files FilesAnalyzed: false -PackageHomePage: https://palletsprojects.com/p/markupsafe/ -PackageChecksum: SHA1: fbba4acd0312826cec9cfe18371c7df07962cb65 -PackageLicenseDeclared: BSD-3-Clause -PackageLicenseConcluded: BSD-3-Clause +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION +PackageLicenseComments: markupsafe declares Copyright 2010 Pallets which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Safely add untrusted strings to HTML/XML markup. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@3.0.1 ##### PackageName: jsonschema -SPDXID: SPDXRef-43-jsonschema +SPDXID: SPDXRef-44-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) @@ -731,24 +746,24 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-44-jsonschema-specifications -PackageVersion: 2023.12.1 +SPDXID: SPDXRef-45-jsonschema-specifications +PackageVersion: 2024.10.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com) -PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2023.12.1/#files +PackageDownloadLocation: https://pypi.org/project/jsonschema-specifications/2024.10.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/python-jsonschema/jsonschema-specifications -PackageChecksum: SHA1: 544e0ff86850af1c6d9e533c4b58b76c59542a76 -PackageLicenseDeclared: MIT -PackageLicenseConcluded: MIT +PackageChecksum: SHA1: 09f6f17a46ecf03e314df0e6fa14d57db210a549 +PackageLicenseDeclared: NOASSERTION +PackageLicenseConcluded: NOASSERTION PackageCopyrightText: NOASSERTION PackageSummary: The JSON Schema meta-schemas and vocabularies, exposed as a Registry -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2023.12.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2023.12.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jsonschema-specifications@2024.10.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specifications:2024.10.1:*:*:*:*:*:*:* ##### PackageName: referencing -SPDXID: SPDXRef-45-referencing +SPDXID: SPDXRef-46-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) @@ -765,7 +780,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-46-rpds-py +SPDXID: SPDXRef-47-rpds-py PackageVersion: 0.20.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) @@ -782,7 +797,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:* ##### PackageName: lib4sbom -SPDXID: SPDXRef-47-lib4sbom +SPDXID: SPDXRef-48-lib4sbom PackageVersion: 0.7.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -798,7 +813,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-48-pyyaml +SPDXID: SPDXRef-49-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -814,7 +829,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-49-semantic-version +SPDXID: SPDXRef-50-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -832,7 +847,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-50-lib4vex +SPDXID: SPDXRef-51-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -849,7 +864,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-51-csaf-tool +SPDXID: SPDXRef-52-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -866,7 +881,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-52-packageurl-python +SPDXID: SPDXRef-53-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -883,7 +898,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-53-rich +SPDXID: SPDXRef-54-rich PackageVersion: 13.9.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -899,7 +914,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-54-markdown-it-py +SPDXID: SPDXRef-55-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -916,7 +931,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-55-mdurl +SPDXID: SPDXRef-56-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -933,7 +948,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-56-pygments +SPDXID: SPDXRef-57-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -950,7 +965,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-57-packaging +SPDXID: SPDXRef-58-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -965,7 +980,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-58-plotly +SPDXID: SPDXRef-59-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -981,7 +996,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-59-tenacity +SPDXID: SPDXRef-60-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) @@ -999,7 +1014,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-60-python-gnupg +SPDXID: SPDXRef-61-python-gnupg PackageVersion: 0.5.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -1016,7 +1031,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-61-requests +SPDXID: SPDXRef-62-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -1033,7 +1048,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-62-certifi +SPDXID: SPDXRef-63-certifi PackageVersion: 2024.8.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -1049,24 +1064,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*: ##### PackageName: charset-normalizer -SPDXID: SPDXRef-63-charset-normalizer -PackageVersion: 3.3.2 +SPDXID: SPDXRef-64-charset-normalizer +PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) -PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2/#files +PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Ousret/charset_normalizer -PackageChecksum: SHA1: 79dce4857914fead2ffe55eb787cad6d5cf14643 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-64-urllib3 +SPDXID: SPDXRef-65-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1081,7 +1095,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-65-rpmfile +SPDXID: SPDXRef-66-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1098,7 +1112,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### PackageName: setuptools -SPDXID: SPDXRef-66-setuptools +SPDXID: SPDXRef-67-setuptools PackageVersion: 75.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) @@ -1113,7 +1127,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools: ##### PackageName: xmlschema -SPDXID: SPDXRef-67-xmlschema +SPDXID: SPDXRef-68-xmlschema PackageVersion: 3.4.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1129,7 +1143,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-68-elementpath +SPDXID: SPDXRef-69-elementpath PackageVersion: 4.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1145,7 +1159,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:* ##### PackageName: zipp -SPDXID: SPDXRef-69-zipp +SPDXID: SPDXRef-70-zipp PackageVersion: 3.20.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) @@ -1160,7 +1174,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-70-zstandard +SPDXID: SPDXRef-71-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1176,110 +1190,111 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-10-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-12-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-11-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-distro +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-gsutil Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-41-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-43-jsonschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-lib4sbom -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-pyyaml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-50-lib4vex -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-52-packageurl-python -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-plotly -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-python-gnupg -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-urllib3 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-rpmfile -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-xmlschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-69-zipp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-zstandard -Relationship: SPDXRef-10-beautifulsoup4 DEPENDS_ON SPDXRef-11-soupsieve -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-17-argcomplete -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-18-crcmod -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-19-fasteners -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-20-gcs-oauth2-boto-plugin -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-22-google-auth -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-27-six -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-28-google-auth-httplib2 -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-29-httplib2 -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-31-google-reauth -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-34-pyopenssl -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-38-retry-decorator -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-39-google-apitools -Relationship: SPDXRef-16-gsutil DEPENDS_ON SPDXRef-40-monotonic +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-42-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-lib4sbom +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-pyyaml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-51-lib4vex +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-rich +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-61-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-62-requests +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-rpmfile +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-setuptools +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-zipp +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-zstandard +Relationship: SPDXRef-11-beautifulsoup4 DEPENDS_ON SPDXRef-12-soupsieve +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-18-argcomplete +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-19-crcmod +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-20-fasteners +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-21-gcs-oauth2-boto-plugin +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-23-google-auth +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-29-google-auth-httplib2 +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-32-google-reauth +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-35-pyopenssl +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-39-retry-decorator +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-40-google-apitools +Relationship: SPDXRef-17-gsutil DEPENDS_ON SPDXRef-41-monotonic Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-attrs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-multidict Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-yarl -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-21-boto -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-google-auth -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-26-rsa -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-six -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-google-auth-httplib2 -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-httplib2 -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-reauth -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-oauth2client -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-pyopenssl -Relationship: SPDXRef-20-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-38-retry-decorator -Relationship: SPDXRef-22-google-auth DEPENDS_ON SPDXRef-23-cachetools -Relationship: SPDXRef-22-google-auth DEPENDS_ON SPDXRef-24-pyasn1-modules -Relationship: SPDXRef-22-google-auth DEPENDS_ON SPDXRef-26-rsa -Relationship: SPDXRef-22-google-auth DEPENDS_ON SPDXRef-27-six -Relationship: SPDXRef-24-pyasn1-modules DEPENDS_ON SPDXRef-25-pyasn1 -Relationship: SPDXRef-26-rsa DEPENDS_ON SPDXRef-25-pyasn1 -Relationship: SPDXRef-28-google-auth-httplib2 DEPENDS_ON SPDXRef-22-google-auth -Relationship: SPDXRef-28-google-auth-httplib2 DEPENDS_ON SPDXRef-29-httplib2 -Relationship: SPDXRef-29-httplib2 DEPENDS_ON SPDXRef-30-pyparsing -Relationship: SPDXRef-31-google-reauth DEPENDS_ON SPDXRef-32-pyu2f -Relationship: SPDXRef-32-pyu2f DEPENDS_ON SPDXRef-27-six -Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-24-pyasn1-modules -Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-25-pyasn1 -Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-26-rsa -Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-27-six -Relationship: SPDXRef-33-oauth2client DEPENDS_ON SPDXRef-29-httplib2 -Relationship: SPDXRef-34-pyopenssl DEPENDS_ON SPDXRef-35-cryptography -Relationship: SPDXRef-35-cryptography DEPENDS_ON SPDXRef-36-cffi -Relationship: SPDXRef-36-cffi DEPENDS_ON SPDXRef-37-pycparser -Relationship: SPDXRef-39-google-apitools DEPENDS_ON SPDXRef-19-fasteners -Relationship: SPDXRef-39-google-apitools DEPENDS_ON SPDXRef-27-six -Relationship: SPDXRef-39-google-apitools DEPENDS_ON SPDXRef-29-httplib2 -Relationship: SPDXRef-39-google-apitools DEPENDS_ON SPDXRef-33-oauth2client +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-22-boto +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-google-auth +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-27-rsa +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-google-auth-httplib2 +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-google-reauth +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-pyopenssl +Relationship: SPDXRef-21-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-39-retry-decorator +Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-24-cachetools +Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-25-pyasn1-modules +Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-27-rsa +Relationship: SPDXRef-23-google-auth DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-25-pyasn1-modules DEPENDS_ON SPDXRef-26-pyasn1 +Relationship: SPDXRef-27-rsa DEPENDS_ON SPDXRef-26-pyasn1 +Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-23-google-auth +Relationship: SPDXRef-29-google-auth-httplib2 DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-30-httplib2 DEPENDS_ON SPDXRef-31-pyparsing +Relationship: SPDXRef-32-google-reauth DEPENDS_ON SPDXRef-33-pyu2f +Relationship: SPDXRef-33-pyu2f DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-25-pyasn1-modules +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-26-pyasn1 +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-27-rsa +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-34-oauth2client DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-35-pyopenssl DEPENDS_ON SPDXRef-36-cryptography +Relationship: SPDXRef-36-cryptography DEPENDS_ON SPDXRef-37-cffi +Relationship: SPDXRef-37-cffi DEPENDS_ON SPDXRef-38-pycparser Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-41-jinja2 DEPENDS_ON SPDXRef-42-markupsafe -Relationship: SPDXRef-43-jsonschema DEPENDS_ON SPDXRef-44-jsonschema-specifications -Relationship: SPDXRef-43-jsonschema DEPENDS_ON SPDXRef-45-referencing -Relationship: SPDXRef-43-jsonschema DEPENDS_ON SPDXRef-46-rpds-py -Relationship: SPDXRef-43-jsonschema DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-44-jsonschema-specifications DEPENDS_ON SPDXRef-45-referencing -Relationship: SPDXRef-45-referencing DEPENDS_ON SPDXRef-46-rpds-py -Relationship: SPDXRef-45-referencing DEPENDS_ON SPDXRef-6-attrs -Relationship: SPDXRef-47-lib4sbom DEPENDS_ON SPDXRef-13-defusedxml -Relationship: SPDXRef-47-lib4sbom DEPENDS_ON SPDXRef-48-pyyaml -Relationship: SPDXRef-47-lib4sbom DEPENDS_ON SPDXRef-49-semantic-version -Relationship: SPDXRef-50-lib4vex DEPENDS_ON SPDXRef-47-lib4sbom -Relationship: SPDXRef-50-lib4vex DEPENDS_ON SPDXRef-51-csaf-tool -Relationship: SPDXRef-50-lib4vex DEPENDS_ON SPDXRef-52-packageurl-python -Relationship: SPDXRef-51-csaf-tool DEPENDS_ON SPDXRef-52-packageurl-python -Relationship: SPDXRef-51-csaf-tool DEPENDS_ON SPDXRef-53-rich -Relationship: SPDXRef-53-rich DEPENDS_ON SPDXRef-54-markdown-it-py -Relationship: SPDXRef-53-rich DEPENDS_ON SPDXRef-56-pygments -Relationship: SPDXRef-54-markdown-it-py DEPENDS_ON SPDXRef-55-mdurl -Relationship: SPDXRef-58-plotly DEPENDS_ON SPDXRef-57-packaging -Relationship: SPDXRef-58-plotly DEPENDS_ON SPDXRef-59-tenacity -Relationship: SPDXRef-61-requests DEPENDS_ON SPDXRef-62-certifi -Relationship: SPDXRef-61-requests DEPENDS_ON SPDXRef-63-charset-normalizer -Relationship: SPDXRef-61-requests DEPENDS_ON SPDXRef-64-urllib3 -Relationship: SPDXRef-61-requests DEPENDS_ON SPDXRef-9-idna -Relationship: SPDXRef-67-xmlschema DEPENDS_ON SPDXRef-68-elementpath +Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-20-fasteners +Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-28-six +Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-30-httplib2 +Relationship: SPDXRef-40-google-apitools DEPENDS_ON SPDXRef-34-oauth2client +Relationship: SPDXRef-42-jinja2 DEPENDS_ON SPDXRef-43-markupsafe +Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-45-jsonschema-specifications +Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-46-referencing +Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-47-rpds-py +Relationship: SPDXRef-44-jsonschema DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-45-jsonschema-specifications DEPENDS_ON SPDXRef-46-referencing +Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-47-rpds-py +Relationship: SPDXRef-46-referencing DEPENDS_ON SPDXRef-6-attrs +Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-14-defusedxml +Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-49-pyyaml +Relationship: SPDXRef-48-lib4sbom DEPENDS_ON SPDXRef-50-semantic-version +Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-48-lib4sbom +Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-52-csaf-tool +Relationship: SPDXRef-51-lib4vex DEPENDS_ON SPDXRef-53-packageurl-python +Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-53-packageurl-python +Relationship: SPDXRef-52-csaf-tool DEPENDS_ON SPDXRef-54-rich +Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-55-markdown-it-py +Relationship: SPDXRef-54-rich DEPENDS_ON SPDXRef-57-pygments +Relationship: SPDXRef-55-markdown-it-py DEPENDS_ON SPDXRef-56-mdurl +Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-58-packaging +Relationship: SPDXRef-59-plotly DEPENDS_ON SPDXRef-60-tenacity +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-63-certifi +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-64-charset-normalizer +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-65-urllib3 +Relationship: SPDXRef-62-requests DEPENDS_ON SPDXRef-9-idna +Relationship: SPDXRef-68-xmlschema DEPENDS_ON SPDXRef-69-elementpath +Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-10-propcache Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-7-multidict Relationship: SPDXRef-8-yarl DEPENDS_ON SPDXRef-9-idna Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool