From 5f5152f805ad170a2f59c80136c117c9528c2d33 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 13:46:30 -0700 Subject: [PATCH] chore: update SBOM for Python 3.8 (#4503) Co-authored-by: GitHub --- sbom/cve-bin-tool-py3.8.json | 501 +++++++++++++++++++---------------- sbom/cve-bin-tool-py3.8.spdx | 402 ++++++++++++++-------------- 2 files changed, 479 insertions(+), 424 deletions(-) diff --git a/sbom/cve-bin-tool-py3.8.json b/sbom/cve-bin-tool-py3.8.json index dfdcfea7cd..c9e2fd66cc 100644 --- a/sbom/cve-bin-tool-py3.8.json +++ b/sbom/cve-bin-tool-py3.8.json @@ -2,10 +2,10 @@ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", - "serialNumber": "urn:uuid:e9a90c0d-57bf-43a3-aa85-b952ebf9e653", + "serialNumber": "urn:uuid:83ff8d54-242d-458c-bf11-2b5ea6e02d5c", "version": 1, "metadata": { - "timestamp": "2024-10-07T00:38:47Z", + "timestamp": "2024-10-14T00:41:41Z", "lifecycles": [ { "phase": "build" @@ -79,7 +79,7 @@ "type": "library", "bom-ref": "2-aiohttp", "name": "aiohttp", - "version": "3.10.9", + "version": "3.10.10", "description": "Async http client/server framework (asyncio)", "licenses": [ { @@ -97,12 +97,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/aiohttp/3.10.9/#files", + "url": "https://pypi.org/project/aiohttp/3.10.10/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/aiohttp@3.10.9", + "purl": "pkg:pypi/aiohttp@3.10.10", "properties": [ { "name": "language", @@ -432,7 +432,7 @@ "type": "library", "bom-ref": "10-yarl", "name": "yarl", - "version": "1.13.1", + "version": "1.15.2", "supplier": { "name": "Andrew Svetlov", "contact": [ @@ -441,7 +441,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:*", "description": "Yet another URL library", "licenses": [ { @@ -459,12 +459,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/yarl/1.13.1/#files", + "url": "https://pypi.org/project/yarl/1.15.2/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/yarl@1.13.1", + "purl": "pkg:pypi/yarl@1.15.2", "properties": [ { "name": "language", @@ -512,7 +512,55 @@ }, { "type": "library", - "bom-ref": "12-beautifulsoup4", + "bom-ref": "12-propcache", + "name": "propcache", + "version": "0.2.0", + "supplier": { + "name": "Andrew Svetlov", + "contact": [ + { + "email": "andrew.svetlov@gmail.com" + } + ] + }, + "cpe": "cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:*", + "description": "Accelerated property cache", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0", + "acknowledgement": "concluded" + } + } + ], + "externalReferences": [ + { + "url": "https://github.com/aio-libs/propcache", + "type": "website", + "comment": "Home page for project" + }, + { + "url": "https://pypi.org/project/propcache/0.2.0/#files", + "type": "distribution", + "comment": "Download location for component" + } + ], + "purl": "pkg:pypi/propcache@0.2.0", + "properties": [ + { + "name": "language", + "value": "Python" + }, + { + "name": "python_version", + "value": "3.8.18" + } + ] + }, + { + "type": "library", + "bom-ref": "13-beautifulsoup4", "name": "beautifulsoup4", "version": "4.12.3", "supplier": { @@ -564,7 +612,7 @@ }, { "type": "library", - "bom-ref": "13-soupsieve", + "bom-ref": "14-soupsieve", "name": "soupsieve", "version": "2.6", "supplier": { @@ -603,7 +651,7 @@ }, { "type": "library", - "bom-ref": "14-cvss", + "bom-ref": "15-cvss", "name": "cvss", "version": "3.2", "supplier": { @@ -651,7 +699,7 @@ }, { "type": "library", - "bom-ref": "15-defusedxml", + "bom-ref": "16-defusedxml", "name": "defusedxml", "version": "0.7.1", "supplier": { @@ -709,7 +757,7 @@ }, { "type": "library", - "bom-ref": "16-distro", + "bom-ref": "17-distro", "name": "distro", "version": "1.9.0", "supplier": { @@ -761,7 +809,7 @@ }, { "type": "library", - "bom-ref": "17-filetype", + "bom-ref": "18-filetype", "name": "filetype", "version": "1.2.0", "supplier": { @@ -819,9 +867,9 @@ }, { "type": "library", - "bom-ref": "18-gsutil", + "bom-ref": "19-gsutil", "name": "gsutil", - "version": "5.30", + "version": "5.31", "supplier": { "name": "Google Inc .", "contact": [ @@ -830,7 +878,7 @@ } ] }, - "cpe": "cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:*", "description": "A command line tool for interacting with cloud storage services.", "licenses": [ { @@ -848,12 +896,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/gsutil/5.30/#files", + "url": "https://pypi.org/project/gsutil/5.31/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/gsutil@5.30", + "purl": "pkg:pypi/gsutil@5.31", "properties": [ { "name": "language", @@ -867,9 +915,9 @@ }, { "type": "library", - "bom-ref": "19-argcomplete", + "bom-ref": "20-argcomplete", "name": "argcomplete", - "version": "3.5.0", + "version": "3.5.1", "supplier": { "name": "Andrey Kislyuk", "contact": [ @@ -878,7 +926,7 @@ } ] }, - "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:*", "description": "Bash tab completion for argparse", "licenses": [ { @@ -896,12 +944,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/argcomplete/3.5.0/#files", + "url": "https://pypi.org/project/argcomplete/3.5.1/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/argcomplete@3.5.0", + "purl": "pkg:pypi/argcomplete@3.5.1", "properties": [ { "name": "language", @@ -915,7 +963,7 @@ }, { "type": "library", - "bom-ref": "20-crcmod", + "bom-ref": "21-crcmod", "name": "crcmod", "version": "1.7", "supplier": { @@ -963,7 +1011,7 @@ }, { "type": "library", - "bom-ref": "21-fasteners", + "bom-ref": "22-fasteners", "name": "fasteners", "version": "0.19", "supplier": { @@ -1012,7 +1060,7 @@ }, { "type": "library", - "bom-ref": "22-gcs-oauth2-boto-plugin", + "bom-ref": "23-gcs-oauth2-boto-plugin", "name": "gcs-oauth2-boto-plugin", "version": "3.2", "supplier": { @@ -1070,7 +1118,7 @@ }, { "type": "library", - "bom-ref": "23-boto", + "bom-ref": "24-boto", "name": "boto", "version": "2.49.0", "supplier": { @@ -1128,7 +1176,7 @@ }, { "type": "library", - "bom-ref": "24-google-auth", + "bom-ref": "25-google-auth", "name": "google-auth", "version": "2.17.0", "supplier": { @@ -1182,7 +1230,7 @@ }, { "type": "library", - "bom-ref": "25-cachetools", + "bom-ref": "26-cachetools", "name": "cachetools", "version": "5.5.0", "supplier": { @@ -1230,7 +1278,7 @@ }, { "type": "library", - "bom-ref": "26-pyasn1-modules", + "bom-ref": "27-pyasn1-modules", "name": "pyasn1-modules", "version": "0.4.1", "supplier": { @@ -1278,7 +1326,7 @@ }, { "type": "library", - "bom-ref": "27-pyasn1", + "bom-ref": "28-pyasn1", "name": "pyasn1", "version": "0.6.1", "supplier": { @@ -1326,7 +1374,7 @@ }, { "type": "library", - "bom-ref": "28-rsa", + "bom-ref": "29-rsa", "name": "rsa", "version": "4.7.2", "supplier": { @@ -1384,7 +1432,7 @@ }, { "type": "library", - "bom-ref": "29-six", + "bom-ref": "30-six", "name": "six", "version": "1.16.0", "supplier": { @@ -1442,7 +1490,7 @@ }, { "type": "library", - "bom-ref": "30-google-auth-httplib2", + "bom-ref": "31-google-auth-httplib2", "name": "google-auth-httplib2", "version": "0.2.0", "supplier": { @@ -1500,7 +1548,7 @@ }, { "type": "library", - "bom-ref": "31-httplib2", + "bom-ref": "32-httplib2", "name": "httplib2", "version": "0.20.4", "supplier": { @@ -1554,7 +1602,7 @@ }, { "type": "library", - "bom-ref": "32-pyparsing", + "bom-ref": "33-pyparsing", "name": "pyparsing", "version": "3.1.4", "supplier": { @@ -1593,7 +1641,7 @@ }, { "type": "library", - "bom-ref": "33-google-reauth", + "bom-ref": "34-google-reauth", "name": "google-reauth", "version": "0.1.1", "supplier": { @@ -1651,7 +1699,7 @@ }, { "type": "library", - "bom-ref": "34-pyu2f", + "bom-ref": "35-pyu2f", "name": "pyu2f", "version": "0.1.5", "supplier": { @@ -1709,7 +1757,7 @@ }, { "type": "library", - "bom-ref": "35-oauth2client", + "bom-ref": "36-oauth2client", "name": "oauth2client", "version": "4.1.3", "supplier": { @@ -1767,7 +1815,7 @@ }, { "type": "library", - "bom-ref": "36-pyopenssl", + "bom-ref": "37-pyopenssl", "name": "pyopenssl", "version": "24.2.1", "supplier": { @@ -1815,7 +1863,7 @@ }, { "type": "library", - "bom-ref": "37-cryptography", + "bom-ref": "38-cryptography", "name": "cryptography", "version": "43.0.1", "supplier": { @@ -1859,7 +1907,7 @@ }, { "type": "library", - "bom-ref": "38-cffi", + "bom-ref": "39-cffi", "name": "cffi", "version": "1.17.1", "supplier": { @@ -1907,7 +1955,7 @@ }, { "type": "library", - "bom-ref": "39-pycparser", + "bom-ref": "40-pycparser", "name": "pycparser", "version": "2.22", "supplier": { @@ -1965,7 +2013,7 @@ }, { "type": "library", - "bom-ref": "40-retry-decorator", + "bom-ref": "41-retry-decorator", "name": "retry-decorator", "version": "1.1.1", "supplier": { @@ -2023,7 +2071,7 @@ }, { "type": "library", - "bom-ref": "41-google-apitools", + "bom-ref": "42-google-apitools", "name": "google-apitools", "version": "0.5.32", "supplier": { @@ -2081,7 +2129,7 @@ }, { "type": "library", - "bom-ref": "42-monotonic", + "bom-ref": "43-monotonic", "name": "monotonic", "version": "1.6", "supplier": { @@ -2139,7 +2187,7 @@ }, { "type": "library", - "bom-ref": "43-importlib-metadata", + "bom-ref": "44-importlib-metadata", "name": "importlib-metadata", "version": "8.5.0", "supplier": { @@ -2173,7 +2221,7 @@ }, { "type": "library", - "bom-ref": "44-zipp", + "bom-ref": "45-zipp", "name": "zipp", "version": "3.20.2", "supplier": { @@ -2207,7 +2255,7 @@ }, { "type": "library", - "bom-ref": "45-importlib-resources", + "bom-ref": "46-importlib-resources", "name": "importlib-resources", "version": "6.4.5", "supplier": { @@ -2241,7 +2289,7 @@ }, { "type": "library", - "bom-ref": "46-jinja2", + "bom-ref": "47-jinja2", "name": "jinja2", "version": "3.1.4", "description": "A very fast and expressive template engine.", @@ -2276,7 +2324,7 @@ }, { "type": "library", - "bom-ref": "47-markupsafe", + "bom-ref": "48-markupsafe", "name": "markupsafe", "version": "2.1.5", "description": "Safely add untrusted strings to HTML/XML markup.", @@ -2325,7 +2373,7 @@ }, { "type": "library", - "bom-ref": "48-jsonschema", + "bom-ref": "49-jsonschema", "name": "jsonschema", "version": "4.23.0", "supplier": { @@ -2373,7 +2421,7 @@ }, { "type": "library", - "bom-ref": "49-jsonschema-specifications", + "bom-ref": "50-jsonschema-specifications", "name": "jsonschema-specifications", "version": "2023.12.1", "supplier": { @@ -2431,7 +2479,7 @@ }, { "type": "library", - "bom-ref": "50-referencing", + "bom-ref": "51-referencing", "name": "referencing", "version": "0.35.1", "supplier": { @@ -2480,7 +2528,7 @@ }, { "type": "library", - "bom-ref": "51-rpds-py", + "bom-ref": "52-rpds-py", "name": "rpds-py", "version": "0.20.0", "supplier": { @@ -2534,7 +2582,7 @@ }, { "type": "library", - "bom-ref": "52-pkgutil-resolve-name", + "bom-ref": "53-pkgutil-resolve-name", "name": "pkgutil-resolve-name", "version": "1.3.10", "supplier": { @@ -2577,7 +2625,7 @@ }, { "type": "library", - "bom-ref": "53-lib4sbom", + "bom-ref": "54-lib4sbom", "name": "lib4sbom", "version": "0.7.5", "supplier": { @@ -2625,7 +2673,7 @@ }, { "type": "library", - "bom-ref": "54-pyyaml", + "bom-ref": "55-pyyaml", "name": "pyyaml", "version": "6.0.2", "supplier": { @@ -2673,7 +2721,7 @@ }, { "type": "library", - "bom-ref": "55-semantic-version", + "bom-ref": "56-semantic-version", "name": "semantic-version", "version": "2.10.0", "supplier": { @@ -2731,7 +2779,7 @@ }, { "type": "library", - "bom-ref": "56-lib4vex", + "bom-ref": "57-lib4vex", "name": "lib4vex", "version": "0.2.0", "supplier": { @@ -2785,7 +2833,7 @@ }, { "type": "library", - "bom-ref": "57-csaf-tool", + "bom-ref": "58-csaf-tool", "name": "csaf-tool", "version": "0.3.2", "supplier": { @@ -2839,7 +2887,7 @@ }, { "type": "library", - "bom-ref": "58-packageurl-python", + "bom-ref": "59-packageurl-python", "name": "packageurl-python", "version": "0.15.6", "supplier": { @@ -2888,7 +2936,7 @@ }, { "type": "library", - "bom-ref": "59-rich", + "bom-ref": "60-rich", "name": "rich", "version": "13.9.2", "supplier": { @@ -2936,7 +2984,7 @@ }, { "type": "library", - "bom-ref": "60-markdown-it-py", + "bom-ref": "61-markdown-it-py", "name": "markdown-it-py", "version": "3.0.0", "supplier": { @@ -2985,7 +3033,7 @@ }, { "type": "library", - "bom-ref": "61-mdurl", + "bom-ref": "62-mdurl", "name": "mdurl", "version": "0.1.2", "supplier": { @@ -3034,7 +3082,7 @@ }, { "type": "library", - "bom-ref": "62-pygments", + "bom-ref": "63-pygments", "name": "pygments", "version": "2.18.0", "supplier": { @@ -3092,7 +3140,7 @@ }, { "type": "library", - "bom-ref": "63-packaging", + "bom-ref": "64-packaging", "name": "packaging", "version": "24.1", "supplier": { @@ -3126,7 +3174,7 @@ }, { "type": "library", - "bom-ref": "64-plotly", + "bom-ref": "65-plotly", "name": "plotly", "version": "5.24.1", "supplier": { @@ -3174,7 +3222,7 @@ }, { "type": "library", - "bom-ref": "65-tenacity", + "bom-ref": "66-tenacity", "name": "tenacity", "version": "9.0.0", "supplier": { @@ -3228,7 +3276,7 @@ }, { "type": "library", - "bom-ref": "66-python-gnupg", + "bom-ref": "67-python-gnupg", "name": "python-gnupg", "version": "0.5.3", "supplier": { @@ -3276,7 +3324,7 @@ }, { "type": "library", - "bom-ref": "67-requests", + "bom-ref": "68-requests", "name": "requests", "version": "2.32.3", "supplier": { @@ -3330,7 +3378,7 @@ }, { "type": "library", - "bom-ref": "68-certifi", + "bom-ref": "69-certifi", "name": "certifi", "version": "2024.8.30", "supplier": { @@ -3378,25 +3426,19 @@ }, { "type": "library", - "bom-ref": "69-charset-normalizer", + "bom-ref": "70-charset-normalizer", "name": "charset-normalizer", - "version": "3.3.2", + "version": "3.4.0", "supplier": { "name": "Ahmed TAHRI", "contact": [ { - "email": "ahmed.tahri@cloudnursery.dev" + "email": "tahri.ahmed@proton.me" } ] }, - "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:*", + "cpe": "cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:*", "description": "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet.", - "hashes": [ - { - "alg": "SHA-1", - "content": "79dce4857914fead2ffe55eb787cad6d5cf14643" - } - ], "licenses": [ { "license": { @@ -3413,12 +3455,12 @@ "comment": "Home page for project" }, { - "url": "https://pypi.org/project/charset-normalizer/3.3.2/#files", + "url": "https://pypi.org/project/charset-normalizer/3.4.0/#files", "type": "distribution", "comment": "Download location for component" } ], - "purl": "pkg:pypi/charset-normalizer@3.3.2", + "purl": "pkg:pypi/charset-normalizer@3.4.0", "properties": [ { "name": "language", @@ -3427,16 +3469,12 @@ { "name": "python_version", "value": "3.8.18" - }, - { - "name": "package_release_date", - "value": "2023-11-01T04:02:29.000Z" } ] }, { "type": "library", - "bom-ref": "70-urllib3", + "bom-ref": "71-urllib3", "name": "urllib3", "version": "2.2.3", "supplier": { @@ -3470,7 +3508,7 @@ }, { "type": "library", - "bom-ref": "71-rpmfile", + "bom-ref": "72-rpmfile", "name": "rpmfile", "version": "2.1.0", "supplier": { @@ -3524,7 +3562,7 @@ }, { "type": "library", - "bom-ref": "72-setuptools", + "bom-ref": "73-setuptools", "name": "setuptools", "version": "75.1.0", "supplier": { @@ -3558,7 +3596,7 @@ }, { "type": "library", - "bom-ref": "73-toml", + "bom-ref": "74-toml", "name": "toml", "version": "0.10.2", "supplier": { @@ -3616,7 +3654,7 @@ }, { "type": "library", - "bom-ref": "74-xmlschema", + "bom-ref": "75-xmlschema", "name": "xmlschema", "version": "3.4.2", "supplier": { @@ -3664,7 +3702,7 @@ }, { "type": "library", - "bom-ref": "75-elementpath", + "bom-ref": "76-elementpath", "name": "elementpath", "version": "4.5.0", "supplier": { @@ -3712,7 +3750,7 @@ }, { "type": "library", - "bom-ref": "76-zstandard", + "bom-ref": "77-zstandard", "name": "zstandard", "version": "0.23.0", "supplier": { @@ -3770,32 +3808,32 @@ "ref": "1-cve-bin-tool", "dependsOn": [ "2-aiohttp", - "12-beautifulsoup4", - "14-cvss", - "15-defusedxml", - "16-distro", - "17-filetype", - "18-gsutil", - "43-importlib-metadata", - "45-importlib-resources", - "46-jinja2", - "48-jsonschema", - "53-lib4sbom", - "56-lib4vex", - "58-packageurl-python", - "63-packaging", - "64-plotly", - "66-python-gnupg", - "54-pyyaml", - "67-requests", - "59-rich", - "71-rpmfile", - "72-setuptools", - "73-toml", - "70-urllib3", - "74-xmlschema", - "44-zipp", - "76-zstandard" + "13-beautifulsoup4", + "15-cvss", + "16-defusedxml", + "17-distro", + "18-filetype", + "19-gsutil", + "44-importlib-metadata", + "46-importlib-resources", + "47-jinja2", + "49-jsonschema", + "54-lib4sbom", + "57-lib4vex", + "59-packageurl-python", + "64-packaging", + "65-plotly", + "67-python-gnupg", + "55-pyyaml", + "68-requests", + "60-rich", + "72-rpmfile", + "73-setuptools", + "74-toml", + "71-urllib3", + "75-xmlschema", + "45-zipp", + "77-zstandard" ] }, { @@ -3826,231 +3864,232 @@ "ref": "10-yarl", "dependsOn": [ "11-idna", - "8-multidict" + "8-multidict", + "12-propcache" ] }, { - "ref": "12-beautifulsoup4", + "ref": "13-beautifulsoup4", "dependsOn": [ - "13-soupsieve" + "14-soupsieve" ] }, { - "ref": "18-gsutil", + "ref": "19-gsutil", "dependsOn": [ - "19-argcomplete", - "20-crcmod", - "21-fasteners", - "22-gcs-oauth2-boto-plugin", - "41-google-apitools", - "24-google-auth", - "30-google-auth-httplib2", - "33-google-reauth", - "31-httplib2", - "42-monotonic", - "36-pyopenssl", - "40-retry-decorator", - "29-six" - ] - }, - { - "ref": "22-gcs-oauth2-boto-plugin", + "20-argcomplete", + "21-crcmod", + "22-fasteners", + "23-gcs-oauth2-boto-plugin", + "42-google-apitools", + "25-google-auth", + "31-google-auth-httplib2", + "34-google-reauth", + "32-httplib2", + "43-monotonic", + "37-pyopenssl", + "41-retry-decorator", + "30-six" + ] + }, + { + "ref": "23-gcs-oauth2-boto-plugin", "dependsOn": [ - "23-boto", - "24-google-auth", - "30-google-auth-httplib2", - "33-google-reauth", - "31-httplib2", - "35-oauth2client", - "36-pyopenssl", - "40-retry-decorator", - "28-rsa", - "29-six" + "24-boto", + "25-google-auth", + "31-google-auth-httplib2", + "34-google-reauth", + "32-httplib2", + "36-oauth2client", + "37-pyopenssl", + "41-retry-decorator", + "29-rsa", + "30-six" ] }, { - "ref": "24-google-auth", + "ref": "25-google-auth", "dependsOn": [ - "25-cachetools", - "26-pyasn1-modules", - "28-rsa", - "29-six" + "26-cachetools", + "27-pyasn1-modules", + "29-rsa", + "30-six" ] }, { - "ref": "26-pyasn1-modules", + "ref": "27-pyasn1-modules", "dependsOn": [ - "27-pyasn1" + "28-pyasn1" ] }, { - "ref": "28-rsa", + "ref": "29-rsa", "dependsOn": [ - "27-pyasn1" + "28-pyasn1" ] }, { - "ref": "30-google-auth-httplib2", + "ref": "31-google-auth-httplib2", "dependsOn": [ - "24-google-auth", - "31-httplib2" + "25-google-auth", + "32-httplib2" ] }, { - "ref": "31-httplib2", + "ref": "32-httplib2", "dependsOn": [ - "32-pyparsing" + "33-pyparsing" ] }, { - "ref": "33-google-reauth", + "ref": "34-google-reauth", "dependsOn": [ - "34-pyu2f" + "35-pyu2f" ] }, { - "ref": "34-pyu2f", + "ref": "35-pyu2f", "dependsOn": [ - "29-six" + "30-six" ] }, { - "ref": "35-oauth2client", + "ref": "36-oauth2client", "dependsOn": [ - "31-httplib2", - "27-pyasn1", - "26-pyasn1-modules", - "28-rsa", - "29-six" + "32-httplib2", + "28-pyasn1", + "27-pyasn1-modules", + "29-rsa", + "30-six" ] }, { - "ref": "36-pyopenssl", + "ref": "37-pyopenssl", "dependsOn": [ - "37-cryptography" + "38-cryptography" ] }, { - "ref": "37-cryptography", + "ref": "38-cryptography", "dependsOn": [ - "38-cffi" + "39-cffi" ] }, { - "ref": "38-cffi", + "ref": "39-cffi", "dependsOn": [ - "39-pycparser" + "40-pycparser" ] }, { - "ref": "41-google-apitools", + "ref": "42-google-apitools", "dependsOn": [ - "21-fasteners", - "31-httplib2", - "35-oauth2client", - "29-six" + "22-fasteners", + "32-httplib2", + "36-oauth2client", + "30-six" ] }, { - "ref": "43-importlib-metadata", + "ref": "44-importlib-metadata", "dependsOn": [ - "44-zipp" + "45-zipp" ] }, { - "ref": "45-importlib-resources", + "ref": "46-importlib-resources", "dependsOn": [ - "44-zipp" + "45-zipp" ] }, { - "ref": "46-jinja2", + "ref": "47-jinja2", "dependsOn": [ - "47-markupsafe" + "48-markupsafe" ] }, { - "ref": "48-jsonschema", + "ref": "49-jsonschema", "dependsOn": [ "7-attrs", - "45-importlib-resources", - "49-jsonschema-specifications", - "52-pkgutil-resolve-name", - "50-referencing", - "51-rpds-py" + "46-importlib-resources", + "50-jsonschema-specifications", + "53-pkgutil-resolve-name", + "51-referencing", + "52-rpds-py" ] }, { - "ref": "49-jsonschema-specifications", + "ref": "50-jsonschema-specifications", "dependsOn": [ - "45-importlib-resources", - "50-referencing" + "46-importlib-resources", + "51-referencing" ] }, { - "ref": "50-referencing", + "ref": "51-referencing", "dependsOn": [ "7-attrs", - "51-rpds-py" + "52-rpds-py" ] }, { - "ref": "53-lib4sbom", + "ref": "54-lib4sbom", "dependsOn": [ - "15-defusedxml", - "54-pyyaml", - "55-semantic-version" + "16-defusedxml", + "55-pyyaml", + "56-semantic-version" ] }, { - "ref": "56-lib4vex", + "ref": "57-lib4vex", "dependsOn": [ - "57-csaf-tool", - "53-lib4sbom", - "58-packageurl-python" + "58-csaf-tool", + "54-lib4sbom", + "59-packageurl-python" ] }, { - "ref": "57-csaf-tool", + "ref": "58-csaf-tool", "dependsOn": [ - "58-packageurl-python", - "59-rich" + "59-packageurl-python", + "60-rich" ] }, { - "ref": "59-rich", + "ref": "60-rich", "dependsOn": [ - "60-markdown-it-py", - "62-pygments", + "61-markdown-it-py", + "63-pygments", "9-typing-extensions" ] }, { - "ref": "60-markdown-it-py", + "ref": "61-markdown-it-py", "dependsOn": [ - "61-mdurl" + "62-mdurl" ] }, { - "ref": "64-plotly", + "ref": "65-plotly", "dependsOn": [ - "63-packaging", - "65-tenacity" + "64-packaging", + "66-tenacity" ] }, { - "ref": "67-requests", + "ref": "68-requests", "dependsOn": [ - "68-certifi", - "69-charset-normalizer", + "69-certifi", + "70-charset-normalizer", "11-idna", - "70-urllib3" + "71-urllib3" ] }, { - "ref": "74-xmlschema", + "ref": "75-xmlschema", "dependsOn": [ - "75-elementpath" + "76-elementpath" ] } ] diff --git a/sbom/cve-bin-tool-py3.8.spdx b/sbom/cve-bin-tool-py3.8.spdx index a4364771ac..867ffd8108 100644 --- a/sbom/cve-bin-tool-py3.8.spdx +++ b/sbom/cve-bin-tool-py3.8.spdx @@ -2,10 +2,10 @@ SPDXVersion: SPDX-2.3 DataLicense: CC0-1.0 SPDXID: SPDXRef-DOCUMENT DocumentName: Python-cve-bin-tool -DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-dc9c460e-f653-4394-a9de-b9bfdf557f55 +DocumentNamespace: http://spdx.org/spdxdocs/Python-cve-bin-tool-0c7d24a8-300c-48d3-bd3c-d8512d945bd4 LicenseListVersion: 3.22 Creator: Tool: sbom4python-0.11.3 -Created: 2024-10-07T00:37:22Z +Created: 2024-10-14T00:39:45Z CreatorComment: This document has been automatically generated. ##### @@ -27,10 +27,10 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:terri_oda:cve-bin-tool:3.4:*:*:*:*:*:* PackageName: aiohttp SPDXID: SPDXRef-2-aiohttp -PackageVersion: 3.10.9 +PackageVersion: 3.10.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION -PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.9/#files +PackageDownloadLocation: https://pypi.org/project/aiohttp/3.10.10/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/aiohttp PackageLicenseDeclared: NOASSERTION @@ -38,7 +38,7 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: aiohttp declares Apache 2 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Async http client/server framework (asyncio) -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.9 +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/aiohttp@3.10.10 ##### PackageName: aiohappyeyeballs @@ -157,18 +157,18 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:guido_van_jukka_ukasz_michael:typing-e PackageName: yarl SPDXID: SPDXRef-10-yarl -PackageVersion: 1.13.1 +PackageVersion: 1.15.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) -PackageDownloadLocation: https://pypi.org/project/yarl/1.13.1/#files +PackageDownloadLocation: https://pypi.org/project/yarl/1.15.2/#files FilesAnalyzed: false PackageHomePage: https://github.com/aio-libs/yarl PackageLicenseDeclared: Apache-2.0 PackageLicenseConcluded: Apache-2.0 PackageCopyrightText: NOASSERTION PackageSummary: Yet another URL library -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.13.1 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.13.1:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/yarl@1.15.2 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:yarl:1.15.2:*:*:*:*:*:*:* ##### PackageName: idna @@ -186,8 +186,24 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/idna@3.10 ExternalRef: SECURITY cpe23Type cpe:2.3:a:kim_davies:idna:3.10:*:*:*:*:*:*:* ##### +PackageName: propcache +SPDXID: SPDXRef-12-propcache +PackageVersion: 0.2.0 +PrimaryPackagePurpose: LIBRARY +PackageSupplier: Person: Andrew Svetlov (andrew.svetlov@gmail.com) +PackageDownloadLocation: https://pypi.org/project/propcache/0.2.0/#files +FilesAnalyzed: false +PackageHomePage: https://github.com/aio-libs/propcache +PackageLicenseDeclared: Apache-2.0 +PackageLicenseConcluded: Apache-2.0 +PackageCopyrightText: NOASSERTION +PackageSummary: Accelerated property cache +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/propcache@0.2.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrew_svetlov:propcache:0.2.0:*:*:*:*:*:*:* +##### + PackageName: beautifulsoup4 -SPDXID: SPDXRef-12-beautifulsoup4 +SPDXID: SPDXRef-13-beautifulsoup4 PackageVersion: 4.12.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Leonard Richardson (leonardr@segfault.org) @@ -204,7 +220,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:leonard_richardson:beautifulsoup4:4.12 ##### PackageName: soupsieve -SPDXID: SPDXRef-13-soupsieve +SPDXID: SPDXRef-14-soupsieve PackageVersion: 2.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Isaac Muse (Isaac.Muse@gmail.com) @@ -220,7 +236,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:isaac_muse:soupsieve:2.6:*:*:*:*:*:*:* ##### PackageName: cvss -SPDXID: SPDXRef-14-cvss +SPDXID: SPDXRef-15-cvss PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Stanislav Red Hat Product Security (skontar@redhat.com) @@ -237,7 +253,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:stanislav_red_hat_product_security:cvs ##### PackageName: defusedxml -SPDXID: SPDXRef-15-defusedxml +SPDXID: SPDXRef-16-defusedxml PackageVersion: 0.7.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Christian Heimes (christian@python.org) @@ -255,7 +271,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:christian_heimes:defusedxml:0.7.1:*:*: ##### PackageName: distro -SPDXID: SPDXRef-16-distro +SPDXID: SPDXRef-17-distro PackageVersion: 1.9.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Nir Cohen (nir36g@gmail.com) @@ -272,7 +288,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:nir_cohen:distro:1.9.0:*:*:*:*:*:*:* ##### PackageName: filetype -SPDXID: SPDXRef-17-filetype +SPDXID: SPDXRef-18-filetype PackageVersion: 1.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Tomas Aparicio (tomas@aparicio.me) @@ -289,11 +305,11 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:tomas_aparicio:filetype:1.2.0:*:*:*:*: ##### PackageName: gsutil -SPDXID: SPDXRef-18-gsutil -PackageVersion: 5.30 +SPDXID: SPDXRef-19-gsutil +PackageVersion: 5.31 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (buganizer-system+187143@google.com) -PackageDownloadLocation: https://pypi.org/project/gsutil/5.30/#files +PackageDownloadLocation: https://pypi.org/project/gsutil/5.31/#files FilesAnalyzed: false PackageHomePage: https://cloud.google.com/storage/docs/gsutil PackageLicenseDeclared: NOASSERTION @@ -301,16 +317,16 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: gsutil declares Apache 2.0 which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: A command line tool for interacting with cloud storage services. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.30 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.30:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/gsutil@5.31 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gsutil:5.31:*:*:*:*:*:*:* ##### PackageName: argcomplete -SPDXID: SPDXRef-19-argcomplete -PackageVersion: 3.5.0 +SPDXID: SPDXRef-20-argcomplete +PackageVersion: 3.5.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Kislyuk (kislyuk@gmail.com) -PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.0/#files +PackageDownloadLocation: https://pypi.org/project/argcomplete/3.5.1/#files FilesAnalyzed: false PackageHomePage: https://github.com/kislyuk/argcomplete PackageLicenseDeclared: NOASSERTION @@ -318,12 +334,12 @@ PackageLicenseConcluded: Apache-2.0 PackageLicenseComments: argcomplete declares Apache Software License which is not currently a valid SPDX License identifier or expression. PackageCopyrightText: NOASSERTION PackageSummary: Bash tab completion for argparse -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.0 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.0:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/argcomplete@3.5.1 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_kislyuk:argcomplete:3.5.1:*:*:*:*:*:*:* ##### PackageName: crcmod -SPDXID: SPDXRef-20-crcmod +SPDXID: SPDXRef-21-crcmod PackageVersion: 1.7 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ray Buvel (rlbuvel@gmail.com) @@ -339,7 +355,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ray_buvel:crcmod:1.7:*:*:*:*:*:*:* ##### PackageName: fasteners -SPDXID: SPDXRef-21-fasteners +SPDXID: SPDXRef-22-fasteners PackageVersion: 0.19 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joshua Harlow @@ -356,7 +372,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joshua_harlow:fasteners:0.19:*:*:*:*:* ##### PackageName: gcs-oauth2-boto-plugin -SPDXID: SPDXRef-22-gcs-oauth2-boto-plugin +SPDXID: SPDXRef-23-gcs-oauth2-boto-plugin PackageVersion: 3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (gs-team@google.com) @@ -374,7 +390,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:gcs-oauth2-boto-plugin:3.2 ##### PackageName: boto -SPDXID: SPDXRef-23-boto +SPDXID: SPDXRef-24-boto PackageVersion: 2.49.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Mitch Garnaat (mitch@garnaat.com) @@ -391,7 +407,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:mitch_garnaat:boto:2.49.0:*:*:*:*:*:*: ##### PackageName: google-auth -SPDXID: SPDXRef-24-google-auth +SPDXID: SPDXRef-25-google-auth PackageVersion: 2.17.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -409,7 +425,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth:2.17 ##### PackageName: cachetools -SPDXID: SPDXRef-25-cachetools +SPDXID: SPDXRef-26-cachetools PackageVersion: 5.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Thomas Kemmer (tkemmer@computer.org) @@ -425,7 +441,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:thomas_kemmer:cachetools:5.5.0:*:*:*:* ##### PackageName: pyasn1-modules -SPDXID: SPDXRef-26-pyasn1-modules +SPDXID: SPDXRef-27-pyasn1-modules PackageVersion: 0.4.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -442,7 +458,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1-modules:0.4.1:*:*: ##### PackageName: pyasn1 -SPDXID: SPDXRef-27-pyasn1 +SPDXID: SPDXRef-28-pyasn1 PackageVersion: 0.6.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ilya Etingof (etingof@gmail.com) @@ -458,7 +474,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ilya_etingof:pyasn1:0.6.1:*:*:*:*:*:*: ##### PackageName: rsa -SPDXID: SPDXRef-28-rsa +SPDXID: SPDXRef-29-rsa PackageVersion: 4.7.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Sybren A. Stuvel (sybren@stuvel.eu) @@ -476,7 +492,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sybren_a._stuvel:rsa:4.7.2:*:*:*:*:*:* ##### PackageName: six -SPDXID: SPDXRef-29-six +SPDXID: SPDXRef-30-six PackageVersion: 1.16.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Benjamin Peterson (benjamin@python.org) @@ -493,7 +509,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:benjamin_peterson:six:1.16.0:*:*:*:*:* ##### PackageName: google-auth-httplib2 -SPDXID: SPDXRef-30-google-auth-httplib2 +SPDXID: SPDXRef-31-google-auth-httplib2 PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Google Cloud Platform (googleapis-packages@google.com) @@ -511,7 +527,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_cloud_platform:google-auth-http ##### PackageName: httplib2 -SPDXID: SPDXRef-31-httplib2 +SPDXID: SPDXRef-32-httplib2 PackageVersion: 0.20.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Joe Gregorio (joe@bitworking.org) @@ -528,7 +544,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:joe_gregorio:httplib2:0.20.4:*:*:*:*:* ##### PackageName: pyparsing -SPDXID: SPDXRef-32-pyparsing +SPDXID: SPDXRef-33-pyparsing PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Paul McGuire (ptmcg.gm+pyparsing@gmail.com) @@ -544,7 +560,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:paul_mcguire:pyparsing:3.1.4:*:*:*:*:* ##### PackageName: google-reauth -SPDXID: SPDXRef-33-google-reauth +SPDXID: SPDXRef-34-google-reauth PackageVersion: 0.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google (googleapis-publisher@google.com) @@ -562,7 +578,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google:google-reauth:0.1.1:*:*:*:*:*:* ##### PackageName: pyu2f -SPDXID: SPDXRef-34-pyu2f +SPDXID: SPDXRef-35-pyu2f PackageVersion: 0.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (pyu2f-team@google.com) @@ -580,7 +596,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:pyu2f:0.1.5:*:*:*:*:*:*:* ##### PackageName: oauth2client -SPDXID: SPDXRef-35-oauth2client +SPDXID: SPDXRef-36-oauth2client PackageVersion: 4.1.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Google Inc. (jonwayne+oauth2client@google.com) @@ -598,7 +614,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:google_inc.:oauth2client:4.1.3:*:*:*:* ##### PackageName: pyopenssl -SPDXID: SPDXRef-36-pyopenssl +SPDXID: SPDXRef-37-pyopenssl PackageVersion: 24.2.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The pyOpenSSL developers (cryptography-dev@python.org) @@ -615,7 +631,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_pyopenssl_developers:pyopenssl:24. ##### PackageName: cryptography -SPDXID: SPDXRef-37-cryptography +SPDXID: SPDXRef-38-cryptography PackageVersion: 43.0.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: The cryptography developers The Python Cryptographic Authority and individual contributors (cryptography-dev@python.org) @@ -631,7 +647,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_cryptography_developers_the_python ##### PackageName: cffi -SPDXID: SPDXRef-38-cffi +SPDXID: SPDXRef-39-cffi PackageVersion: 1.17.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Armin Maciej Fijalkowski (python-cffi@googlegroups.com) @@ -647,7 +663,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:armin_maciej_fijalkowski:cffi:1.17.1:* ##### PackageName: pycparser -SPDXID: SPDXRef-39-pycparser +SPDXID: SPDXRef-40-pycparser PackageVersion: 2.22 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Eli Bendersky (eliben@gmail.com) @@ -664,7 +680,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:eli_bendersky:pycparser:2.22:*:*:*:*:* ##### PackageName: retry-decorator -SPDXID: SPDXRef-40-retry-decorator +SPDXID: SPDXRef-41-retry-decorator PackageVersion: 1.1.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Patrick Ng (pn.appdev@gmail.com) @@ -681,7 +697,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:patrick_ng:retry-decorator:1.1.1:*:*:* ##### PackageName: google-apitools -SPDXID: SPDXRef-41-google-apitools +SPDXID: SPDXRef-42-google-apitools PackageVersion: 0.5.32 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Craig Citro (craigcitro@google.com) @@ -699,7 +715,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:craig_citro:google-apitools:0.5.32:*:* ##### PackageName: monotonic -SPDXID: SPDXRef-42-monotonic +SPDXID: SPDXRef-43-monotonic PackageVersion: 1.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Ori Livneh (ori@wikimedia.org) @@ -717,7 +733,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:ori_livneh:monotonic:1.6:*:*:*:*:*:*:* ##### PackageName: importlib-metadata -SPDXID: SPDXRef-43-importlib-metadata +SPDXID: SPDXRef-44-importlib-metadata PackageVersion: 8.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) @@ -732,7 +748,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:importlib-metadata:8.5.0:*:*: ##### PackageName: zipp -SPDXID: SPDXRef-44-zipp +SPDXID: SPDXRef-45-zipp PackageVersion: 3.20.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Jason R. (jaraco@jaraco.com) @@ -747,7 +763,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:jason_r.:zipp:3.20.2:*:*:*:*:*:*:* ##### PackageName: importlib-resources -SPDXID: SPDXRef-45-importlib-resources +SPDXID: SPDXRef-46-importlib-resources PackageVersion: 6.4.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Barry Warsaw (barry@python.org) @@ -762,7 +778,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:barry_warsaw:importlib-resources:6.4.5 ##### PackageName: jinja2 -SPDXID: SPDXRef-46-jinja2 +SPDXID: SPDXRef-47-jinja2 PackageVersion: 3.1.4 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -777,7 +793,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/jinja2@3.1.4 ##### PackageName: markupsafe -SPDXID: SPDXRef-47-markupsafe +SPDXID: SPDXRef-48-markupsafe PackageVersion: 2.1.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: NOASSERTION @@ -793,7 +809,7 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/markupsafe@2.1.5 ##### PackageName: jsonschema -SPDXID: SPDXRef-48-jsonschema +SPDXID: SPDXRef-49-jsonschema PackageVersion: 4.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema@GrayVines.com) @@ -809,7 +825,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema:4.23.0:*:*:*: ##### PackageName: jsonschema-specifications -SPDXID: SPDXRef-49-jsonschema-specifications +SPDXID: SPDXRef-50-jsonschema-specifications PackageVersion: 2023.12.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+jsonschema-specifications@GrayVines.com) @@ -826,7 +842,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:jsonschema-specification ##### PackageName: referencing -SPDXID: SPDXRef-50-referencing +SPDXID: SPDXRef-51-referencing PackageVersion: 0.35.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+referencing@GrayVines.com) @@ -843,7 +859,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:referencing:0.35.1:*:*:* ##### PackageName: rpds-py -SPDXID: SPDXRef-51-rpds-py +SPDXID: SPDXRef-52-rpds-py PackageVersion: 0.20.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julian Berman (Julian+rpds@GrayVines.com) @@ -860,7 +876,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julian_berman:rpds-py:0.20.0:*:*:*:*:* ##### PackageName: pkgutil-resolve-name -SPDXID: SPDXRef-52-pkgutil-resolve-name +SPDXID: SPDXRef-53-pkgutil-resolve-name PackageVersion: 1.3.10 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -876,7 +892,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:pkgutil-resolve-name:1.3.1 ##### PackageName: lib4sbom -SPDXID: SPDXRef-53-lib4sbom +SPDXID: SPDXRef-54-lib4sbom PackageVersion: 0.7.5 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -892,7 +908,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4sbom:0.7.5:*:*:*: ##### PackageName: pyyaml -SPDXID: SPDXRef-54-pyyaml +SPDXID: SPDXRef-55-pyyaml PackageVersion: 6.0.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kirill Simonov (xi@resolvent.net) @@ -908,7 +924,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kirill_simonov:pyyaml:6.0.2:*:*:*:*:*: ##### PackageName: semantic-version -SPDXID: SPDXRef-55-semantic-version +SPDXID: SPDXRef-56-semantic-version PackageVersion: 2.10.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Raphael Barrois (raphael.barrois+semver@polytechnique.org) @@ -926,7 +942,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:raphael_barrois:semantic-version:2.10. ##### PackageName: lib4vex -SPDXID: SPDXRef-56-lib4vex +SPDXID: SPDXRef-57-lib4vex PackageVersion: 0.2.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -943,7 +959,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:lib4vex:0.2.0:*:*:*:* ##### PackageName: csaf-tool -SPDXID: SPDXRef-57-csaf-tool +SPDXID: SPDXRef-58-csaf-tool PackageVersion: 0.3.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Anthony Harrison (anthony.p.harrison@gmail.com) @@ -960,7 +976,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:anthony_harrison:csaf-tool:0.3.2:*:*:* ##### PackageName: packageurl-python -SPDXID: SPDXRef-58-packageurl-python +SPDXID: SPDXRef-59-packageurl-python PackageVersion: 0.15.6 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: the purl authors @@ -977,7 +993,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:the_purl_authors:packageurl-python:0.1 ##### PackageName: rich -SPDXID: SPDXRef-59-rich +SPDXID: SPDXRef-60-rich PackageVersion: 13.9.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Will McGugan (willmcgugan@gmail.com) @@ -993,7 +1009,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:will_mcgugan:rich:13.9.2:*:*:*:*:*:*:* ##### PackageName: markdown-it-py -SPDXID: SPDXRef-60-markdown-it-py +SPDXID: SPDXRef-61-markdown-it-py PackageVersion: 3.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris Sewell (chrisj_sewell@hotmail.com) @@ -1010,7 +1026,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_sewell:markdown-it-py:3.0.0:*:*: ##### PackageName: mdurl -SPDXID: SPDXRef-61-mdurl +SPDXID: SPDXRef-62-mdurl PackageVersion: 0.1.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Taneli Hukkinen (hukkin@users.noreply.github.com) @@ -1027,7 +1043,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:taneli_hukkinen:mdurl:0.1.2:*:*:*:*:*: ##### PackageName: pygments -SPDXID: SPDXRef-62-pygments +SPDXID: SPDXRef-63-pygments PackageVersion: 2.18.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Georg Brandl (georg@python.org) @@ -1044,7 +1060,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:georg_brandl:pygments:2.18.0:*:*:*:*:* ##### PackageName: packaging -SPDXID: SPDXRef-63-packaging +SPDXID: SPDXRef-64-packaging PackageVersion: 24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Donald Stufft (donald@stufft.io) @@ -1059,7 +1075,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:donald_stufft:packaging:24.1:*:*:*:*:* ##### PackageName: plotly -SPDXID: SPDXRef-64-plotly +SPDXID: SPDXRef-65-plotly PackageVersion: 5.24.1 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Chris P (chris@plot.ly) @@ -1075,7 +1091,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:chris_p:plotly:5.24.1:*:*:*:*:*:*:* ##### PackageName: tenacity -SPDXID: SPDXRef-65-tenacity +SPDXID: SPDXRef-66-tenacity PackageVersion: 9.0.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Julien Danjou (julien@danjou.info) @@ -1093,7 +1109,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:julien_danjou:tenacity:9.0.0:*:*:*:*:* ##### PackageName: python-gnupg -SPDXID: SPDXRef-66-python-gnupg +SPDXID: SPDXRef-67-python-gnupg PackageVersion: 0.5.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Vinay Sajip (vinay_sajip@yahoo.co.uk) @@ -1110,7 +1126,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:vinay_sajip:python-gnupg:0.5.3:*:*:*:* ##### PackageName: requests -SPDXID: SPDXRef-67-requests +SPDXID: SPDXRef-68-requests PackageVersion: 2.32.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.org) @@ -1127,7 +1143,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:requests:2.32.3:*:*:*:*: ##### PackageName: certifi -SPDXID: SPDXRef-68-certifi +SPDXID: SPDXRef-69-certifi PackageVersion: 2024.8.30 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Kenneth Reitz (me@kennethreitz.com) @@ -1143,24 +1159,23 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:kenneth_reitz:certifi:2024.8.30:*:*:*: ##### PackageName: charset-normalizer -SPDXID: SPDXRef-69-charset-normalizer -PackageVersion: 3.3.2 +SPDXID: SPDXRef-70-charset-normalizer +PackageVersion: 3.4.0 PrimaryPackagePurpose: LIBRARY -PackageSupplier: Person: Ahmed TAHRI (ahmed.tahri@cloudnursery.dev) -PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.3.2/#files +PackageSupplier: Person: Ahmed TAHRI (tahri.ahmed@proton.me) +PackageDownloadLocation: https://pypi.org/project/charset-normalizer/3.4.0/#files FilesAnalyzed: false PackageHomePage: https://github.com/Ousret/charset_normalizer -PackageChecksum: SHA1: 79dce4857914fead2ffe55eb787cad6d5cf14643 PackageLicenseDeclared: MIT PackageLicenseConcluded: MIT PackageCopyrightText: NOASSERTION PackageSummary: The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet. -ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.3.2 -ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.3.2:*:*:*:*:*:*:* +ExternalRef: PACKAGE_MANAGER purl pkg:pypi/charset-normalizer@3.4.0 +ExternalRef: SECURITY cpe23Type cpe:2.3:a:ahmed_tahri:charset-normalizer:3.4.0:*:*:*:*:*:*:* ##### PackageName: urllib3 -SPDXID: SPDXRef-70-urllib3 +SPDXID: SPDXRef-71-urllib3 PackageVersion: 2.2.3 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Andrey Petrov (andrey.petrov@shazow.net) @@ -1175,7 +1190,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:andrey_petrov:urllib3:2.2.3:*:*:*:*:*: ##### PackageName: rpmfile -SPDXID: SPDXRef-71-rpmfile +SPDXID: SPDXRef-72-rpmfile PackageVersion: 2.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Sean Ross (srossross@gmail.com) @@ -1192,7 +1207,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:sean_ross:rpmfile:2.1.0:*:*:*:*:*:*:* ##### PackageName: setuptools -SPDXID: SPDXRef-72-setuptools +SPDXID: SPDXRef-73-setuptools PackageVersion: 75.1.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Organization: Python Packaging Authority (distutils-sig@python.org) @@ -1207,7 +1222,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:python_packaging_authority:setuptools: ##### PackageName: toml -SPDXID: SPDXRef-73-toml +SPDXID: SPDXRef-74-toml PackageVersion: 0.10.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: William Pearson (uiri@xqz.ca) @@ -1224,7 +1239,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:william_pearson:toml:0.10.2:*:*:*:*:*: ##### PackageName: xmlschema -SPDXID: SPDXRef-74-xmlschema +SPDXID: SPDXRef-75-xmlschema PackageVersion: 3.4.2 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1240,7 +1255,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:xmlschema:3.4.2:*:*:*:* ##### PackageName: elementpath -SPDXID: SPDXRef-75-elementpath +SPDXID: SPDXRef-76-elementpath PackageVersion: 4.5.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Davide Brunato (brunato@sissa.it) @@ -1256,7 +1271,7 @@ ExternalRef: SECURITY cpe23Type cpe:2.3:a:davide_brunato:elementpath:4.5.0:*:*:* ##### PackageName: zstandard -SPDXID: SPDXRef-76-zstandard +SPDXID: SPDXRef-77-zstandard PackageVersion: 0.23.0 PrimaryPackagePurpose: LIBRARY PackageSupplier: Person: Gregory Szorc (gregory.szorc@gmail.com) @@ -1272,49 +1287,50 @@ ExternalRef: PACKAGE_MANAGER purl pkg:pypi/zstandard@0.23.0 ExternalRef: SECURITY cpe23Type cpe:2.3:a:gregory_szorc:zstandard:0.23.0:*:*:*:*:*:*:* ##### -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-12-beautifulsoup4 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-14-cvss -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-defusedxml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-distro -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-filetype -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-gsutil +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-13-beautifulsoup4 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-15-cvss +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-16-defusedxml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-17-distro +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-18-filetype +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-19-gsutil Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-2-aiohttp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-43-importlib-metadata -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-zipp -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-importlib-resources -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-jinja2 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-48-jsonschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-53-lib4sbom -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-pyyaml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-56-lib4vex -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-58-packageurl-python -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-rich -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-63-packaging -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-plotly -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-66-python-gnupg -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-requests -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-70-urllib3 -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-rpmfile -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-setuptools -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-toml -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-xmlschema -Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-76-zstandard +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-44-importlib-metadata +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-45-zipp +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-46-importlib-resources +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-47-jinja2 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-49-jsonschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-54-lib4sbom +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-55-pyyaml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-57-lib4vex +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-59-packageurl-python +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-60-rich +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-64-packaging +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-65-plotly +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-67-python-gnupg +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-68-requests +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-71-urllib3 +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-72-rpmfile +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-73-setuptools +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-74-toml +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-75-xmlschema +Relationship: SPDXRef-1-cve-bin-tool DEPENDS_ON SPDXRef-77-zstandard Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-12-propcache Relationship: SPDXRef-10-yarl DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-12-beautifulsoup4 DEPENDS_ON SPDXRef-13-soupsieve -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-19-argcomplete -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-20-crcmod -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-21-fasteners -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-22-gcs-oauth2-boto-plugin -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-24-google-auth -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-29-six -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-30-google-auth-httplib2 -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-31-httplib2 -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-33-google-reauth -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-36-pyopenssl -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-40-retry-decorator -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-41-google-apitools -Relationship: SPDXRef-18-gsutil DEPENDS_ON SPDXRef-42-monotonic +Relationship: SPDXRef-13-beautifulsoup4 DEPENDS_ON SPDXRef-14-soupsieve +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-20-argcomplete +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-21-crcmod +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-22-fasteners +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-23-gcs-oauth2-boto-plugin +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-25-google-auth +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-31-google-auth-httplib2 +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-34-google-reauth +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-37-pyopenssl +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-41-retry-decorator +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-42-google-apitools +Relationship: SPDXRef-19-gsutil DEPENDS_ON SPDXRef-43-monotonic Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-10-yarl Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-3-aiohappyeyeballs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-4-aiosignal @@ -1322,71 +1338,71 @@ Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-5-frozenlist Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-6-async-timeout Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-7-attrs Relationship: SPDXRef-2-aiohttp DEPENDS_ON SPDXRef-8-multidict -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-23-boto -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-google-auth -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-28-rsa -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-six -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-google-auth-httplib2 -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-httplib2 -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-33-google-reauth -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-35-oauth2client -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-pyopenssl -Relationship: SPDXRef-22-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-40-retry-decorator -Relationship: SPDXRef-24-google-auth DEPENDS_ON SPDXRef-25-cachetools -Relationship: SPDXRef-24-google-auth DEPENDS_ON SPDXRef-26-pyasn1-modules -Relationship: SPDXRef-24-google-auth DEPENDS_ON SPDXRef-28-rsa -Relationship: SPDXRef-24-google-auth DEPENDS_ON SPDXRef-29-six -Relationship: SPDXRef-26-pyasn1-modules DEPENDS_ON SPDXRef-27-pyasn1 -Relationship: SPDXRef-28-rsa DEPENDS_ON SPDXRef-27-pyasn1 -Relationship: SPDXRef-30-google-auth-httplib2 DEPENDS_ON SPDXRef-24-google-auth -Relationship: SPDXRef-30-google-auth-httplib2 DEPENDS_ON SPDXRef-31-httplib2 -Relationship: SPDXRef-31-httplib2 DEPENDS_ON SPDXRef-32-pyparsing -Relationship: SPDXRef-33-google-reauth DEPENDS_ON SPDXRef-34-pyu2f -Relationship: SPDXRef-34-pyu2f DEPENDS_ON SPDXRef-29-six -Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-26-pyasn1-modules -Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-27-pyasn1 -Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-28-rsa -Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-29-six -Relationship: SPDXRef-35-oauth2client DEPENDS_ON SPDXRef-31-httplib2 -Relationship: SPDXRef-36-pyopenssl DEPENDS_ON SPDXRef-37-cryptography -Relationship: SPDXRef-37-cryptography DEPENDS_ON SPDXRef-38-cffi -Relationship: SPDXRef-38-cffi DEPENDS_ON SPDXRef-39-pycparser +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-24-boto +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-25-google-auth +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-29-rsa +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-31-google-auth-httplib2 +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-34-google-reauth +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-36-oauth2client +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-37-pyopenssl +Relationship: SPDXRef-23-gcs-oauth2-boto-plugin DEPENDS_ON SPDXRef-41-retry-decorator +Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-26-cachetools +Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-27-pyasn1-modules +Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-29-rsa +Relationship: SPDXRef-25-google-auth DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-27-pyasn1-modules DEPENDS_ON SPDXRef-28-pyasn1 +Relationship: SPDXRef-29-rsa DEPENDS_ON SPDXRef-28-pyasn1 +Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-25-google-auth +Relationship: SPDXRef-31-google-auth-httplib2 DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-32-httplib2 DEPENDS_ON SPDXRef-33-pyparsing +Relationship: SPDXRef-34-google-reauth DEPENDS_ON SPDXRef-35-pyu2f +Relationship: SPDXRef-35-pyu2f DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-27-pyasn1-modules +Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-28-pyasn1 +Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-29-rsa +Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-36-oauth2client DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-37-pyopenssl DEPENDS_ON SPDXRef-38-cryptography +Relationship: SPDXRef-38-cryptography DEPENDS_ON SPDXRef-39-cffi +Relationship: SPDXRef-39-cffi DEPENDS_ON SPDXRef-40-pycparser Relationship: SPDXRef-4-aiosignal DEPENDS_ON SPDXRef-5-frozenlist -Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-21-fasteners -Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-29-six -Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-31-httplib2 -Relationship: SPDXRef-41-google-apitools DEPENDS_ON SPDXRef-35-oauth2client -Relationship: SPDXRef-43-importlib-metadata DEPENDS_ON SPDXRef-44-zipp -Relationship: SPDXRef-45-importlib-resources DEPENDS_ON SPDXRef-44-zipp -Relationship: SPDXRef-46-jinja2 DEPENDS_ON SPDXRef-47-markupsafe -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-45-importlib-resources -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-49-jsonschema-specifications -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-50-referencing -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-51-rpds-py -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-52-pkgutil-resolve-name -Relationship: SPDXRef-48-jsonschema DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-45-importlib-resources -Relationship: SPDXRef-49-jsonschema-specifications DEPENDS_ON SPDXRef-50-referencing -Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-51-rpds-py -Relationship: SPDXRef-50-referencing DEPENDS_ON SPDXRef-7-attrs -Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-15-defusedxml -Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-54-pyyaml -Relationship: SPDXRef-53-lib4sbom DEPENDS_ON SPDXRef-55-semantic-version -Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-53-lib4sbom -Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-57-csaf-tool -Relationship: SPDXRef-56-lib4vex DEPENDS_ON SPDXRef-58-packageurl-python -Relationship: SPDXRef-57-csaf-tool DEPENDS_ON SPDXRef-58-packageurl-python -Relationship: SPDXRef-57-csaf-tool DEPENDS_ON SPDXRef-59-rich -Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-60-markdown-it-py -Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-62-pygments -Relationship: SPDXRef-59-rich DEPENDS_ON SPDXRef-9-typing-extensions -Relationship: SPDXRef-60-markdown-it-py DEPENDS_ON SPDXRef-61-mdurl -Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-63-packaging -Relationship: SPDXRef-64-plotly DEPENDS_ON SPDXRef-65-tenacity -Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-11-idna -Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-68-certifi -Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-69-charset-normalizer -Relationship: SPDXRef-67-requests DEPENDS_ON SPDXRef-70-urllib3 -Relationship: SPDXRef-74-xmlschema DEPENDS_ON SPDXRef-75-elementpath +Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-22-fasteners +Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-30-six +Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-32-httplib2 +Relationship: SPDXRef-42-google-apitools DEPENDS_ON SPDXRef-36-oauth2client +Relationship: SPDXRef-44-importlib-metadata DEPENDS_ON SPDXRef-45-zipp +Relationship: SPDXRef-46-importlib-resources DEPENDS_ON SPDXRef-45-zipp +Relationship: SPDXRef-47-jinja2 DEPENDS_ON SPDXRef-48-markupsafe +Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-46-importlib-resources +Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-50-jsonschema-specifications +Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-51-referencing +Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-52-rpds-py +Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-53-pkgutil-resolve-name +Relationship: SPDXRef-49-jsonschema DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-46-importlib-resources +Relationship: SPDXRef-50-jsonschema-specifications DEPENDS_ON SPDXRef-51-referencing +Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-52-rpds-py +Relationship: SPDXRef-51-referencing DEPENDS_ON SPDXRef-7-attrs +Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-16-defusedxml +Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-55-pyyaml +Relationship: SPDXRef-54-lib4sbom DEPENDS_ON SPDXRef-56-semantic-version +Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-54-lib4sbom +Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-58-csaf-tool +Relationship: SPDXRef-57-lib4vex DEPENDS_ON SPDXRef-59-packageurl-python +Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-59-packageurl-python +Relationship: SPDXRef-58-csaf-tool DEPENDS_ON SPDXRef-60-rich +Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-61-markdown-it-py +Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-63-pygments +Relationship: SPDXRef-60-rich DEPENDS_ON SPDXRef-9-typing-extensions +Relationship: SPDXRef-61-markdown-it-py DEPENDS_ON SPDXRef-62-mdurl +Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-64-packaging +Relationship: SPDXRef-65-plotly DEPENDS_ON SPDXRef-66-tenacity +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-11-idna +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-69-certifi +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-70-charset-normalizer +Relationship: SPDXRef-68-requests DEPENDS_ON SPDXRef-71-urllib3 +Relationship: SPDXRef-75-xmlschema DEPENDS_ON SPDXRef-76-elementpath Relationship: SPDXRef-8-multidict DEPENDS_ON SPDXRef-9-typing-extensions Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-1-cve-bin-tool